Policy on Terms of Use for Administrative Systems

University Policy


University of North Carolina at Chapel Hill Policy on Terms of Use for Administrative Systems



This policy describes the terms required for use of ConnectCarolina, InfoPorte, associated reporting tools, and other University business applications (“Administrative Systems”).

Scope of Applicability

University Constituents (including faculty, staff, authorized affiliates, and others) who are users of the University’s Administrative Systems. The policy does not apply to faculty, staff or affiliates who use only the “self-service” components of the ConnectCarolina System in order to access information or transact business regarding themselves (e.g., employee paystub access, student registration, viewing/modifying personal UNC Directory entry, etc.) and who have no other role requiring access to University Administrative Systems.


Policy Statement

UNC-Chapel Hill (the “University”) requires its faculty, staff and other constituents (including UNC System Office, UNC Healthcare, and other non-University affiliates) to access and use the Administrative Systems in a responsible manner and for legitimate business purposes only. (Any University system which requires users to acknowledge this policy as a condition of access authorization is considered an “Administrative System.”)

In accordance with the Enterprise Data Governance Policy and Acceptable Use Policy all users who access enterprise data or University systems in performance of their assigned duties, including, but not limited to, viewing, entering, downloading, copying, querying, storing, disclosing, or updating data or information must adhere to the following tenets:

  • Confidentiality: Respecting the confidentiality and privacy rights of individuals whose records they may access. Reporting any known or suspected breaches of University Information in a timely manner according to procedures defined in the Information Security Incident Management Standard and the Privacy of Protected Health Information Policy.
  • Ethics: Observing the ethical restrictions that apply to information to which they have access.
  • Policy Adherence: Abiding by applicable laws and University policies with respect to access, use, protection, proper disposal, storage, and disclosure of information.
  • Responsible Access: Accessing and using enterprise data only as required in their conduct of University business.

Specifically, for Administrative Systems, the following requirements apply:

Information Access and Sharing

Users are granted access to Administrative Systems based on their individual job responsibilities and University business need, and this access must be approved by the appropriate Major Organizational Unit or School/Division authority.

Users will only access information in Administrative Systems that they are authorized to use, and which is specifically necessary to perform their assigned duties, even if the system does not explicitly prevent other access. Likewise, users will neither share their access to Administrative Systems, nor information from these systems, with others who do not have authority to view this information. Sharing information from Administrative Systems is only authorized when the receiver has both the appropriate access authorization and a demonstrated business need for the information. Sharing passwords or allowing an individual to use Administrative Systems while signed on as someone else is prohibited.

Information accessed with appropriate authorization from an Administrative System may only be downloaded for authorized business use, and the downloader must have the appropriate authorization for use. Care must be taken to appropriately secure downloaded information, including any printed, written, or stored information.


Federal and State laws require the University to protect certain records and information contained within the University’s Administrative Systems. Administrative Systems users are also required to comply with the provisions of the University’s policies, standards, and procedures at all times in their use of these systems including but not limited to confidentiality of personnel information, protected health information, personally identifiable information, and student records.

Accessing, using, storing or disclosing of information contained within Administrative Systems is forbidden other than for University business purposes by authorized individuals for appropriate and authorized purposes. Users must ensure that they adhere to all applicable requirements for obtaining required approval for accessing, using, storing or disclosing the information (e.g. from Data Stewards or applicable committees), securing the information in transit, and for sharing the information only with authorized and approved recipients who need the information for University business purposes.

Information Security

When not connected directly to a University network, users must only access Administrative Systems using the University’s virtual private network (VPN) functionality or other mechanism approved for secure connectivity. Using remote access to connect to a machine that is connected to Administrative Systems without connecting first to the University’s approved VPN is prohibited. The only exception is when a user is accessing only his/her own information through “self-service” functions.

Users must not access Administrative Systems in a location that might permit University information to be compromised or viewed by unauthorized individuals. Specific care and sound judgment must be exercised at all times in using devices to access Administrative Systems in public locations.

Users must not access Administrative Systems on any unsecure wireless (“Wi-Fi”) network. Users may only use secure wireless networks that require authentication to the network by a password. The University provides a secure wireless network that is acceptable for connecting to Administrative Systems.


Users are required to report any known or suspected violations of this policy immediately to the Information Technology Services (ITS) Information Security Office by calling the UNC ITS Helpdesk (919-962-HELP).

All use of Administrative Systems is subject to random review at any time by ITS or the responsible University office to confirm that any individual use is in accord with this and other University policies. Users are expected to cooperate fully with any such review as a condition of use of the Administrative Systems.

Public Records

Public records requests for University information stored in Administrative Systems must be referred to and handled by the Public Records Office, Office of University Counsel, and/or the relevant University central office. Individual users outside of these offices are not permitted on their own to extract and provide information from Administrative Systems in response to public records requests unless specifically directed to do so by one of these offices in writing.

For more information about public records requests, refer to the University’s Public Records Office and Public Records Policy.


Every Administrative System user is required to read this policy. ITS requires users to acknowledge receipt of this policy, either by written signature or by electronic signature. All users must attest in writing that they have read and understood this policy before receiving access to Administrative Systems.

Roles and Responsibilities

Information Technology Services: receives reports of potential policy violations; conducts reviews of system use; maintains records of user receipt of this policy.

Major Organizational Unit/School/Division Authority: approves access for designated users.

Office of University Counsel and Public Records Office: receive referrals of public records requests.

University central offices: receives reports of potential policy violations; conducts reviews of system use; responds to public records requests.

User (of Administrative Systems): accesses information in accordance with this policy and as needed to perform their job responsibilities.


  • Administrative System: Designated University systems containing University Enterprise Data including ConnectCarolina (and related systems), InfoPorte, and other systems used to conduct University business which require acknowledgement of this policy for access authorization.
  • ConnectCarolina System: the integrated administrative portal for University business processes related to student services, human resources, payroll and finance.
  • InfoPorte System: InfoPorte provides a consolidated view of financial, human resources, and student administrative information from various enterprise University systems. The purpose of InfoPorte is to allow a variety of users a simplified way to access the information they need to perform their job functions on a day-to-day basis.
  • University central office: an administrative office of the University whose information is accessible through ConnectCarolina (e.g., Office of Human Resources, Finance Division, Office of the University Registrar, etc.).
  • University Information: University-owned information, or information made or received in connection with the transaction of University business by an Affiliate of UNC-Chapel Hill. Data, information, or records maintained by the University in any medium or form.
  • User (of Administrative Systems): any faculty, staff or other affiliate granted access to the ConnectCarolina system or another Administrative System
  • Virtual Private Network (VPN): Virtual Private Network (VPN): A virtual network, built on top of existing physical networks, which provides a secure communications tunnel for data and other information transmitted between networks.
  • Wi-Fi: technology allowing wireless access to a private or public network.

Related Requirements

External Regulations and Consequences

  • Family Educational Rights and Privacy Act, 20 U.S.C. § 1232g; 34 C.F.R. § 99.1 et seq.
  • North Carolina Identity Theft Protection Act of 2005, N.C. G.S. § 75-60 et seq.
  • Gramm-Leach-Bliley Act, 15 U.S.C. § 6801 et seq.; 16 C.F.R. § 313.1 et. seq. (privacy), 16 C.F.R § 314.1 et seq. (safeguarding)
  • Red Flags Rule, based on Sections 114 and 315 of the Fair and Accurate Credit Transactions Act of 2003, 15 U.S.C. § 1601 et seq. and 15 U.S.C. § 1681 et seq.
  • North Carolina Public Records Act, N.C.G.S. Chapter 132
  • North Carolina State Personnel Act, N.C.G.S. Chapter 126 
  • Health Insurance Portability and Accountability Act of 1996, 42 U.S.C. 1320d et seq.; 45 C.F.R. § 160 et seq. (general administrative requirements), 45 C.F.R. § 162 (administrative requirements), 45 C.F.R. § 164 et seq. (security and privacy)
  • HITECH Act (The Health Information Technology for Economic and Clinical Health Act)
  • Failure to adhere to this policy may have disciplinary consequences for employees, up to and including termination of employment. Students who fail to adhere to this policy may be referred to the UNC-Chapel Hill Office of Student Conduct. Contractors and vendors who fail to adhere to this policy may face termination of their business relationships with UNC-Chapel Hill.
  • Violation of this policy may also carry the risk of civil or criminal penalties.

University Policies, Standards, and Procedures

Contact Information

Policy Contact


Other Contacts
Subject Contact Telephone Email
Technical questions ITS Service Desk or Business Systems Help Desk 919-962-HELP (4357)  
Reporting an information security incident or violation ITS HELP Desk (Ask that your Request be marked “critical” for the Information Security Office (ISO) and do not provide detail on the incident until called back by an ISO incident handler) 919-962-HELP (4357)  
Use of Administrative System Human Resources data Senior Director, Human Resources Information Management, Office of Human Resources 919-843-2300 hr@unc.edu
Use of Administrative System Finance data Director and Finance Liaison, Enterprise Applications 919-962-7242 avcfinance@unc.edu
Use of Administrative System student data University Registrar 919-962-3594 registrationservices@unc.edu
Records requests Refer to the University’s Public Records policy   publicrecords@unc.edu
Use of full or partial SSN Data Governance Oversight Group (DGOG) 919-962-HELP (4357) help.unc.edu

Document History

  • Effective Date and title of Approver:  10/14/2014, Chief Information Officer
  • Revision and Review Dates, Change notes, title of Reviewer or Approver: 3/25/2015, Chief Information Officer
  • Previous versions titled: Policy on Faculty, Staff and Affiliate Terms of Use for UNC-Chapel Hill Administrative Systems
96% helpful - 50 reviews


Article ID: 131259
Thu 4/8/21 9:04 PM
Tue 12/6/22 2:38 PM
Effective Date
If the date on which this document became/becomes enforceable differs from the Origination or Last Revision, this attribute reflects the date on which it is/was enforcable.
12/07/2020 2:14 PM
Issuing Officer
Name of the document Issuing Officer. This is the individual whose organizational authority covers the policy scope and who is primarily responsible for the policy.
Issuing Officer Title
Title of the person who is primarily responsible for issuing this policy.
Vice Chancellor for Information Technology and Chief Information Officer
Last Review
Date on which the most recent document review was completed.
12/07/2020 2:14 PM
Last Revised
Date on which the most recent changes to this document were approved.
09/18/2018 12:00 AM
Next Review
Date on which the next document review is due.
12/06/2023 12:00 AM
Date on which the original version of this document was first made official.
10/01/2014 12:00 AM
Responsible Unit
School, Department, or other organizational unit issuing this document.
Information Technology Services

Related Articles (1)

All members of the University community who engage with any University information technology (including wireless or other networks) must adhere to this Acceptable Use Policy.