Device Responsibility Policy
To ensure the stable, secure and efficient operation of the campus network, it is required that software applications and network connected devices (henceforth collectively referred to as "devices") that operate on the campus network have an identified owner who is responsible for the proper operation of the device. It is the responsibility of this owner to register the device with Information Technology (IT), ensure that it operates properly, and update it with applicable patches. If the registered owner is no longer affiliated with the University, it will be the responsibility of the department where the device is located or the department the device services to accept ownership until new contact information can be established. Removing network access for a particular device is usually a last resort. However, IT will remove network access for all devices without registered owners operating on the campus network if a proper owner cannot be located. IT will also deactivate any device that:
- Has inaccurate or incomplete contact information.
- Belongs to an owner who is unreachable for an extended period of time or does not respond to communications from IT.
- Fails security scans.
- Exhibits abnormal behavior.
- Jeopardizes the efficiency, stability, or security of the campus network.
Registering of Devices
Devices are required to be registered with an identified owner and contact information. It is necessary to have all devices registered with IT so that the proper individual can be contacted with security vulnerabilities are discovered, the device is operating improperly, changes are required for better network performance, etc. If contact is not maintained, when problems occur the only recourse is to deactivate or remove the device from the network and wait for someone to contact IT. This can greatly hinder others that may be relying on the device.
Responsibility of Owner
It is the responsibility of the registered owner to maintain proper operation of the device, keeping up-to-date on security patches, and updating all registered contact information of the device. IT reserves the right to scan devices for vulnerabilities, examine for proper and secure operation, monitor network usage and install any necessary filters to ensure stable interaction with the campus network. The registered owner of the devices that fail any scan or operating abnormally will be contact via e-mail. If e-mail contact fails and time permits, telephone contact will be attempted. Reasonable time will be given to correct the situation unless it is a critical incident.
Failure to Maintain Registration
Devices found not to be registered will be reported to the Director of Networks and Computing Systems. Efforts will be made to try to identify the owner, but if no owner is found within a reasonable time, the device will be removed from the network.
Actions which could affect the user:
Misuse of University computing facilities will be dealt with on a case by case basis. The users subject to charges of misuse will be dealt with in a manner consistent with the laws of the state of Missouri, the policies of the University of Missouri and the Bylaws of the Missouri S&T General Faculty. The Chief Information Officer is responsible for making these misuses known to the appropriate University administrators. The Chief Information Officer may impose temporary restrictions on the offender's computer access in order to ensure that the network remains stable and secure for all university users.
Note: All IT policies and procedures are subject to annual review.