Policy on Terms of Use for Administrative Systems

Title

University of North Carolina at Chapel Hill Policy on Terms of Use for Administrative Systems

Introduction

Purpose

This policy describes the terms required for people to use the University of North Carolina at Chapel Hill’s (“UNC-Chapel Hill” or “University”) administrative systems. These systems include: 

  • ConnectCarolina,  
  • InfoPorte, Tarheel Reports, Ram Reports, 
  • Other reporting tools, and 
  • Other kinds of University business applications. 

Scope

This policy applies to people who use the University’s Administrative Systems.  

This policy does not apply to:  

  • People who use only the “self-service” parts of administrative systems to access information or transact business for themselves. For example:  
    • Employee paystub access,  
    • Student registration,  
    • Viewing or changing personal UNC Directory entry, or 
    • Similar activities  
  • People who have no other role requiring access to University Administrative Systems.

Policy

Policy Statement

UNC-Chapel Hill (the “University”) requires its faculty, staff and other constituents (including UNC System Office, UNC Healthcare, and other non-University affiliates) to access and use the

Anyone who accesses and uses University Administrative Systems must use them responsibly and only for legitimate business purposes.  

People who access University data or systems to perform their work must follow the University Data Governance Policy Acceptable Use Policy and the following principles:   

  • Confidentiality: Protecting the confidentiality and privacy of people whose records they may access. Reporting any known or suspected breaches of University Information in a timely way, following policy, particularly the Information Security Incident Management Policy and the Privacy of Protected Health Information Policy
  • Ethics: Applying ethical considerations to the information they can access.  
  • Compliance: Following applicable laws and University policies covering access, use, protection, proper disposal, storage, and disclosure of information. 
  • Responsible Access: Only accessing and using University data as needed to conduct University business. 

Information Access and Sharing

People are granted access to Administrative Systems based on their individual job responsibilities and University business needs. This access must be approved by the proper Major Organizational Unit or School/Division authority. 

Users with access to Administrative Systems must:   

  • Only access information in Administrative Systems you are authorized to use even if you can access other information.  
  • Only use information necessary to perform your assigned duties, even if you are not prevented from other access or use. 
  • Only share information from Administrative Systems when the receiver has both authorization and a demonstrated business need for the information.  
  • Only download information from an Administrative System for authorized business use. The person downloading must have that authorization.  
  • Take care to appropriately secure downloaded information, including any printed, written, or stored information. 

Users with access to Administrative Systems must not:  

  • Use or access information beyond what is needed for your assigned duties, even if the system doesn’t prevent you from accessing other information. 
  • Share your access to Administrative Systems, including password sharing. 
  • Share information from these systems with anyone who isn’t authorized to view the information.  
  • Allow an individual to use Administrative Systems while signed on as someone else.  
  • Share information from Administrative Systems with someone who isn’t authorized and has business need for the information.  

Confidentiality

Federal and State laws require the University to protect certain records and information contained in the University’s Administrative Systems. People using Administrative Systems must always follow University policy using these systems. Take particular care with the confidentiality of personnel information, protected health information, personally identifiable information, and student records

Do not access, use, store or disclose information contained within Administrative Systems other than for authorized University business purposes. You must follow all applicable requirements to get necessary approval to access, use, store or disclose the information. (For example, getting authorization from Data Stewards or responsible groups.) Secure the information in transit and share the information only with authorized and approved recipients who need the information for University business purposes. 

Information Security

When not connected directly to a University network, only access Administrative Systems using the University’s virtual private network (VPN) or other mechanism approved for secure connectivity. Do not use an insecure way to connect to a machine connected to Administrative Systems. You may make an exception only to access your own information through “self-service” functions. 

Do not access Administrative Systems on any insecure wireless (“Wi-Fi”) network. Only use secure wireless networks that require authentication to the network by a password. The University provides a secure wireless network that is acceptable for connecting to Administrative Systems. 

You must not access Administrative Systems from a place that might allow University information to be compromised or viewed by unauthorized people. Use care and sound judgment at all times if accessing Administrative Systems from public places. 

Violations

You must report any possible violation of this policy immediately to the Information Technology Services (ITS) Information Security Office by calling the UNC ITS service desk (919-962-HELP). 

ITS and/or the University responsible for an Administrative System may review all use of Administrative Systems to confirm that any use follows this and all other relevant University policies. Users must cooperate fully with such reviews as a condition of Administrative System use. 

Public Records

Anyone using an Administrative System who receives a public records request for University information stored in Administrative Systems must refer the request to the Public Records Office, Office of University Counsel, or an authorized University central office. People outside of these offices are not allowed on their own to extract and provide information from Administrative Systems in response to public records requests unless specifically directed to do so by one of these offices in writing. 

For more information about public records requests, refer to the University’s Public Records Office and Public Records Policy. 

Acknowledgement

Every Administrative System user must read this policy. ITS requires you to acknowledge you received this policy through an electronic verification. Everyone using Administrative Systems must attest in writing (electronically) that they have read and understood this policy before receiving access to these systems. 

Roles and Responsibilities

  • ITS: Receives reports of potential policy violations; conducts reviews of system use; keeps records of user receipt of this policy. 
  • Major Organizational Unit/School/Division Authority: Approves access for designated users. 
  • Office of University Counsel and Public Records Office: Receives referrals of public records requests. 
  • University central offices: Receives reports of potential policy violations: Conducts reviews of system use; responds to public records requests. 
  • User (of Administrative Systems): Accesses information following this policy as needed to perform their job responsibilities. 

Definitions

  • Access: Includes viewing, entering, downloading, copying, querying, storing, disclosing, or updating data or information. 
  • Administrative System: Any University system requiring people to acknowledge this policy to gain authorized access. Designated University systems holding University (Enterprise) Data including ConnectCarolina (and related systems), InfoPorte, and other systems used to conduct University business which require acknowledgement of this policy for access authorization. 
  • ConnectCarolina System: the integrated administrative portal for University business processes related to student services, human resources, payroll, and finance. 
  • University central office: an administrative office of the University whose information is accessible through ConnectCarolina (e.g., Office of Human Resources, Finance Division, Office of the University Registrar, etc.). 
  • University Information: University-owned information, or information made or received in connection with the transaction of University business by someone affiliated with UNC-Chapel Hill. Data, information, or records kept by the University in any medium or form. 
  • Virtual Private Network (VPN): A virtual network, built on top of existing physical networks, which provides a secure communications tunnel for data and other information transmitted between networks. 
  • Wi-Fi: Technology allowing wireless access to a private or public network. 

Related Requirements

External Regulations and Consequences

Failure to adhere to this policy may have disciplinary consequences for employees, up to and including termination of employment. Students who fail to adhere to this policy may be referred to the UNC-Chapel Hill Office of Student Conduct. Contractors and vendors who fail to adhere to this policy may face termination of their business relationships with UNC-Chapel Hill.

Violation of this policy may also carry the risk of civil or criminal penalties.

University Policies, Standards, and Procedures

Contact Information

Policy Contact

ITS_Policy@unc.edu

Other Contacts
Subject Contact Telephone Online
Technical questions ITS Service Desk or Business Systems Help Desk 919-962-HELP (4357) help.unc.edu
Reporting an information security incident or violation ITS HELP Desk (Ask that your Request be marked “critical” for the Information Security Office (ISO) and do not provide detail on the incident until called back by an ISO incident handler) 919-962-HELP (4357) help.unc.edu
Use of Administrative System Human Resources data Senior Director, Human Resources Information Management, Office of Human Resources 919-843-2300 hr@unc.edu
Use of Administrative System Finance data Director and Finance Liaison, Enterprise Applications 919-962-7242 avcfinance@unc.edu
Use of Administrative System student data University Registrar 919-962-3594 registrationservices@unc.edu
Records requests Refer to the University’s Public Records policy   publicrecords@unc.edu
Use of full or partial SSN or other data use guidance Data Governance Oversight Group (DGOG) 919-962-HELP (4357) help.unc.edu

Document History

  • Effective Date and title of Approver:  10/14/2014, Chief Information Officer
  • Revision and Review Dates, Change notes, title of Reviewer or Approver: 3/25/2015, Chief Information Officer
  • Previous versions titled: Policy on Faculty, Staff and Affiliate Terms of Use for UNC-Chapel Hill Administrative Systems
94% helpful - 110 reviews
Print Article

Details

Article ID: 131259
Created
Thu 4/8/21 9:04 PM
Modified
Wed 1/10/24 2:10 PM
Responsible Unit
School, Department, or other organizational unit issuing this document.
Information Technology Services
Issuing Officer
Name of the document Issuing Officer. This is the individual whose organizational authority covers the policy scope and who is primarily responsible for the policy.
Issuing Officer Title
Title of the person who is primarily responsible for issuing this policy.
Vice Chancellor for Information Technology and Chief Information Officer
Next Review
Date on which the next document review is due.
12/13/2026 12:00 AM
Last Review
Date on which the most recent document review was completed.
12/13/2023 12:00 AM
Last Revised
Date on which the most recent changes to this document were approved.
09/18/2018 12:00 AM
Effective Date
If the date on which this document became/becomes enforceable differs from the Origination or Last Revision, this attribute reflects the date on which it is/was enforcable.
12/07/2020 2:14 PM
Origination
Date on which the original version of this document was first made official.
10/01/2014 12:00 AM

Related Articles (1)

All members of the University community who engage with any University information technology (including wireless or other networks) must adhere to this Acceptable Use Policy.