Email Domain Policy

Title

UNC-Chapel Hill Email Domain Policy

Introduction

Purpose

Some University business units operate their own email systems. Email accounts used to conduct the business of the University require that appropriate security, backup, and records-retention measures be in place. Departments may wish to host or contract for separate email systems using either unc.edu sub-domains (such as "physics.unc.edu") or entirely separate domains (such as "unclatindepartment.org"). This policy balances that option with the University obligation to ensure that public records and sensitive information are protected appropriately. Registration and management of University domain names is not covered by this policy, arrangements (including Memoranda of Understanding) related to domain name registration are separate from arrangements to host an email system on an affiliated domain.

Scope of Applicability

Departments or University Units who manage an Affiliated Domain email system with user accounts provided to University Affiliates to conduct University business.

Policy Statement

Email systems used to conduct the business of the University require that appropriate security, backup, and records-retention measures be in place. The Information Technology Services (ITS) unit provides a default campus email service. In compliance with applicable policies, standards and procedures, some University departments and organizations currently manage their own email systems. If the department system hosts accounts for University affiliates who use those accounts to conduct the business of the University, its domain is considered an email "affiliated domain." Because unauthorized access to accounts on that system would jeopardize information assets and the reputation of the University, a Memorandum of Understanding (MOU) between the department or organization and ITS is required. The MOU must be renewed at least every three years, or when substantial changes are made to the system architecture or service. The department or organization owner must ensure and demonstrate that its system can comply with legal hold, e-Discovery, public records requests, transfers to University Archives, release of data under the Electronic Privacy policies, and other practices required by the University.

Affiliated Domain email accounts may be considered an affiliate's "University account" and be listed in the University Directory by the department or affiliate. Affiliates may auto- forward email between accounts on an affiliated domain system and other University accounts.

Compliance

Departments or organizations that have established an Affiliated Domain and subsequently fail to comply with their respective MOU will have their authorization rescinded. Accounts will be removed from the UNC Directory, and affiliates will no longer be permitted to conduct any University business using the email account.

Failure to comply with this policy may put University information assets at risk and may have disciplinary consequences for employees, up to and including termination of employment. Students who fail to adhere to this policy may be referred to the UNC- Chapel Hill Office of Student Conduct. Contractors, vendors, and others who fail to adhere to this policy may face termination of their business relationships with UNC- Chapel Hill.

Violation of this policy may also carry the risk of civil or criminal penalties.

Roles and Responsibilities

Office of the CIO - Deputy Chief Information Officer – Prepare, finalize and maintain a valid MOU.

Unit head of the University department or organization or designee – Initiate an MOU, adhere to the terms of the MOU, renew the MOU as required.

Definitions

• Affiliated Domain: An email domain which shares business processes with the University and whose owners agree to provide required safeguards. Safeguard details are defined in the Memorandum of Understanding for affiliated domains.
• Domain: An internet namespace usually associated with a particular web site or email system. A domain name is the portion of an email address that directly follows the "@" sign (e.g., unc.edu, email.unc.edu, med.unc.edu).
• Email Domain: A domain with an associated email system. (This policy is only concerned with domains which are email domains).
• Memorandum of Understanding (MOU) for Affiliated Domains: An agreement between University entities and ITS that certain standards will be maintained in order to safeguard University information assets.
• Public Record: Any record created or received in conducting University business, in whatever format, including but not limited to paper, photographs, recordings, emails or digital images, unless an exception applies under federal or state law.

Related Requirements

• North Carolina General Statutes Chapter 132: Public Records
• UNC-Chapel Hill General Records Retention and Disposition Schedule
• UNC-Chapel Hill Information Classification Standard
• Public Records Policy

Contact Information

Document History

• Effective Date and title of Approver: March 1, 2011, Vice Chancellor of IT and CIO
• Revision and Review Dates, Change notes, title of Reviewer or Approver: September 16, 2011 June 29, 2016, Updated format and definitions, added clarifications about when MOU is required and purpose of the policy, Vice Chancellor for IT and CIO