Email Domain Policy

Title

UNC-Chapel Hill Email Domain Policy

Introduction

Purpose

Some University business units operate their own email systems. Email accounts used to conduct the business of the University require that appropriate security, backup, and records-retention measures be in place. Departments may wish to host or contract for separate email systems using either unc.edu sub-domains (such as "physics.unc.edu") or entirely separate domains (such as "unclatindepartment.org"). This policy balances that option with the University obligation to ensure that public records and sensitive information are protected appropriately. Registration and management of University domain names is not covered by this policy, arrangements (including Memoranda of Understanding) related to domain name registration are separate from arrangements to host an email system on an affiliated domain.

Scope of Applicability

Departments or University Units who manage an Affiliated Domain email system with user accounts provided to University Affiliates to conduct University business.

Policy Statement

Email systems used to conduct the business of the University require that appropriate security, backup, and records-retention measures be in place. The Information Technology Services (ITS) unit provides a default campus email service. In compliance with applicable policies, standards and procedures, some University departments and organizations currently manage their own email systems. If the department system hosts accounts for University affiliates who use those accounts to conduct the business of the University, its domain is considered an email "affiliated domain." Because unauthorized access to accounts on that system would jeopardize information assets and the reputation of the University, a Memorandum of Understanding (MOU) between the department or organization and ITS is required. The MOU must be renewed at least every three years, or when substantial changes are made to the system architecture or service. The department or organization owner must ensure and demonstrate that its system can comply with legal hold, e-Discovery, public records requests, transfers to University Archives, release of data under the Electronic Privacy policies, and other practices required by the University.

Affiliated Domain email accounts may be considered an affiliate's "University account" and be listed in the University Directory by the department or affiliate. Affiliates may auto- forward email between accounts on an affiliated domain system and other University accounts.

Compliance

Departments or organizations that have established an Affiliated Domain and subsequently fail to comply with their respective MOU will have their authorization rescinded. Accounts will be removed from the UNC Directory, and affiliates will no longer be permitted to conduct any University business using the email account.

Failure to comply with this policy may put University information assets at risk and may have disciplinary consequences for employees, up to and including termination of employment. Students who fail to adhere to this policy may be referred to the UNC- Chapel Hill Office of Student Conduct. Contractors, vendors, and others who fail to adhere to this policy may face termination of their business relationships with UNC- Chapel Hill.

Violation of this policy may also carry the risk of civil or criminal penalties.

Roles and Responsibilities

Office of the CIO - Deputy Chief Information Officer – Prepare, finalize and maintain a valid MOU.

Unit head of the University department or organization or designee – Initiate an MOU, adhere to the terms of the MOU, renew the MOU as required.

Definitions

  • Affiliated Domain: An email domain which shares business processes with the University and whose owners agree to provide required safeguards. Safeguard details are defined in the Memorandum of Understanding for affiliated domains.
  • Domain: An internet namespace usually associated with a particular web site or email system. A domain name is the portion of an email address that directly follows the "@" sign (e.g., unc.edu, email.unc.edu, med.unc.edu).
  • Email Domain: A domain with an associated email system. (This policy is only concerned with domains which are email domains).
  • Memorandum of Understanding (MOU) for Affiliated Domains: An agreement between University entities and ITS that certain standards will be maintained in order to safeguard University information assets.
  • Public Record: Any record created or received in conducting University business, in whatever format, including but not limited to paper, photographs, recordings, emails or digital images, unless an exception applies under federal or state law.

Related Requirements

Contact Information

Subject Contact Telephone Online
MOU (New or Update) ITS Information Security Office 919-445-9393 security@unc.edu
Policy Questions ITS Policy Office 919-962-HELP help.unc.edu

Document History

  • Effective Date and title of Approver: March 1, 2011, Vice Chancellor of IT and CIO
  • Revision and Review Dates, Change notes, title of Reviewer or Approver: September 16, 2011 June 29, 2016, Updated format and definitions, added clarifications about when MOU is required and purpose of the policy, Vice Chancellor for IT and CIO

Details

Article ID: 131261
Created
Thu 4/8/21 9:05 PM
Modified
Wed 7/14/21 11:11 AM
Effective Date
If the date on which this document became/becomes enforceable differs from the Origination or Last Revision, this attribute reflects the date on which it is/was enforcable.
12/07/2020 2:14 PM
Issuing Officer
Name of the document Issuing Officer. This is the individual whose organizational authority covers the policy scope and who is primarily responsible for the policy.
Issuing Officer Title
Title of the person who is primarily responsible for issuing this policy.
Vice Chancellor for Information Technology and Chief Information Officer
Last Review
Date on which the most recent document review was completed.
12/07/2020 2:14 PM
Last Revised
Date on which the most recent changes to this document were approved.
06/29/2016 12:00 AM
Origination
Date on which the original version of this document was first made official.
03/01/2011 11:00 PM
Responsible Unit
School, Department, or other organizational unit issuing this document.
Information Technology Services