Acceptable use of technology
UVic provides technology resources for educational, research and administrative purposes. Technology resources include UVic computers, licensed software, online services and campus infrastructure.
When you create a NetLink ID, you must agree to University Policy IM7200. This policy outlines the acceptable use of UVic technology. It applies to all NetLink ID users at UVic, including federated or trusted affiliates.
You can also read our statements on data privacy and transparency.
What is IM7200?
Acceptable Use of Electronic Information Resources (IM7200) describes the appropriate use of electronic information resources. “Electronic information resources” encompasses all the equipment, systems and infrastructure used to work with information at UVic.
UVic equipment includes:
- computers, smartphones, tablets and printers
- classroom, computer lab and meeting room technology
UVic systems and infrastructure includes:
- online services and administrative systems (like Online tools, Banner and FAST)
- campus wired, wireless and virtual private networks
- calling and messaging systems (like email, telephone, Teams and Zoom)
- teaching and learning systems (like Brightspace and Echo360)
This page is intended to help you understand IM7200 and its related procedures. We'll be referencing specific sections of the policy document as necessary.
Your responsibilities
This information is covered in IM7200 Section 12.00, which defines appropriate use of electronic information resources.
Appropriate use means you are responsible for the following:
Your NetLink ID is your personal username and passphrase that you’ll use throughout your time at UVic. You’ll need your NetLink ID to access all of UVic’s online tools and resources.
- Never share your NetLink ID and passphrase with anyone
- Use a strong passphrase and Duo MFA
- Don't save your account credentials on shared computers
- If you suspect someone else has accessed your account, report it
We take precautions to protect UVic's digital campus from malicious software like viruses and ransomware. This includes blocking insecure devices from accessing services like Wi-Fi or email.
- Keep your devices updated
- Only use supported email clients for UVic email
- Employees should use UVic devices whenever possible
Protecting UVic data is a responsibility shared by all employees, including student employees. UVic data includes the information you send, receive and store.
- Use UVic-supported data storage options
- Use a UVic email address for all work-related communication
- Send files securely
- Share files securely
- Employees should use UVic devices whenever possible
UVic's digital resources should be used for learning, teaching, research and work. Commercial use is limited to activities sponsored by UVic.
You're expected to respect the rights and property of others. This includes privacy, confidentiality and intellectual property.
This includes, but is not limited to:
If you work for UVic, you must also comply with University Policy IM7800 Information Security.
When you leave UVic, you'll lose access to UVic systems and anything you have stored on them. This includes:
- UVic email
- OneDrive
- network home storage
Please report information security incidents as soon as possible. These include:
- unauthorised access to your NetLink account or UVic services
- lost or stolen UVic devices
- mishandling of confidential data
- finding vulnerabilities in UVic systems
Your UVic email is intended for UVic-related work, teaching, learning and research. You’ll only have access as long as you’re working or studying at UVic. We recommend you keep a separate email address for personal use.
If you're a UVic employee, there is additional policy and procedure information related to your email use that you should be aware of:
Employees in academic and administrative roles get a UVic email address for their work. An email may be a university record for the purposes of an information access request.
IM7200 includes procedures regarding the use of broadcast email and other mass communications. It covers the types of permitted communications and areas of responsibilities.
You can find this information on page 7 of the IM7200 document.
IM7200 includes procedures regarding the deprovisioning of email for former employees in academic and administrative positions. They do not apply to UVic Faculty Association members who retire from UVic.
It covers information for different types of email accounts, and the responsibilities of supervisors and IT Support.
You can find this information on page 9 of the IM7200 document.
Misconduct
This information is covered in IM7200 Section 13.00, which defines unacceptable or unauthorised use of electronic information resources.
Some examples of unacceptable or unauthorised use include:
It is unacceptable to share your NetLink account credentials with others.
- Do not give someone access to your Online Tools profile to pay tuition. If someone else is paying your tuition, they can use a tuition fee payment method without signing in to your account.
- Do not give someone access to your Online Tools profile to check your tuition balance or grades, or to retrieve tax forms.
- Do not approve Duo MFA pushes for someone signing in with your credentials or using saved browser passwords.
- Do not set up a second Duo MFA factor on another person's phone (like a parent or roommate).
- Do not let people use your account to access UVic resources like Wi-Fi, library databases or UVic computers.
It is unacceptable to use someone else's NetLink account credentials. This includes:
- accessing someone's personal information or data storage
- accessing services or data you're not authorised to see
- impersonating others to send emails or chat messages, or to make phone calls
It is unacceptable to use your access to information systems to look up other users without permission or authorised work duties. This includes:
- using your access to copy information or resources to unauthorised people
- monitoring services without authorisation
It is unacceptable to use UVic resources to discriminate, harass, defame, offend or threaten other people. These resources include:
- communication services like email, mailing lists and Microsoft Teams
- online platforms like Brightspace, Online Academic Community sites and web hosting
See UVic's Discrimination & Harassment policy for more information.
It is unacceptable to compromise or attempt to compromise UVic data or digital infrastructure. This includes disrupting, degrading or interfering with the regular operation of any electronic information resource. For example:
- finding and exploiting a vulnerability
- if you find a vulnerability, you should report it
- installing malicious software (viruses, malware, ransomware) or devices like keyloggers on UVic devices
- exposing confidential data either by viewing or copying it
- monitoring services without authorisation
It is unacceptable to use UVic resources for unauthorised personal or commercial use. This includes, but is not limited to:
- using UVic email to run a personal business
- getting an affiliate ID for non-UVic related reasons
It is unacceptable to use UVic resources to break policies and laws. This includes, but is not limited to:
- pirating software or media over the UVic network
- mass downloads of licensed journal articles
- making illegal copies of UVic licensed software
- displaying or transmitting information that violates provincial and federal laws
- spamming on UVic-provided communication platforms (such as email, listservs or class discussion boards)
Additional conduct & policy resources:
Our responsibilities
Just like you're responsible for appropriate use of UVic's digital resources, University Systems is responsible for making them reliable and safe. This information is outlined in UVic Policy IM7800 Information Security
In summary, UVic will:
- keep systems that we manage available 24 hours a day, 7 days a week, except for service outages
- work with vendors to resolve problems that are outside of the scope of what we manage
- regularly patch and update the systems we manage to avoid vulnerabilities
- report known issues and outages
- not access personal data stored in UVic systems unless it’s necessary for our work
- personal data is any data that is not related to UVic business
- share personal information with third-party software and service vendors only as required
- protect personal information from unauthorised access, use, disclosure and disposal
Find more detail about how we protect UVic's digital campus on our transparency page.
See our data privacy statement for more information about what we share and how we share it.
UVic policies and procedures
UVic’s institutional policies and procedures are all public. University Systems is heavily involved in compliance and execution of:
- Information Security Policy (IM7800) and its associated procedures. This policy defines the authorities, responsibilities and accountabilities for Information Resources and Information Systems security.
- Institutional Acquisition and Standardization of Information Technology Devices (AD2515). This policy outlines our responsibility for establishing technology standards and reviewing non-standard technology purchases.
Other policies that have a major impact on University Systems operations and procedures include:
- Records Management (IM7700) and its associated procedures. University Systems provides infrastructure and applications designed to securely store and dispose of digital records.
- Protection of Privacy (GV0235) and its associated procedures. University Systems is involved with:
- protecting digital personal information by developing technical standards, managing devices and systems, and providing education
- monitoring systems to detect, report and stop potential incidents
- responding to incidents where private information may have been exposed
- assisting the Privacy and Access office
- Resolution of Non-Academic Misconduct Allegations (AC1300). University Systems may help investigate misconduct allegations related to the use of UVic’s electronic information resources.
Definitions
Role-based groups
Most services are made available to people either:
- individually on an as-needed basis
- this is typical of administrative systems that contain highly specialized or confidential data
- based on someone’s role or roles at UVic
Most UVic systems have access rules that are based on defined roles.
Students includes:
- undergraduate students
- graduate students
- students in Continuing Studies courses
Some services need students to be enrolled in at least one course.
If you’ve graduated or stopped taking courses, you’ll lose your student status and lose access to UVic electronic systems. Learn more about what happens when you leave UVic.
Employees includes:
- staff
- faculty members
- librarians
Affiliates and emeritus have most of the same access to core systems as employees. We explicitly note the exceptions on service pages.
If you retire, resign or otherwise stop working at UVic, you’ll lose your employee status and lose access to UVic electronic systems. Learn more about what happens when you leave UVic.
Administrative systems
Administrative systems include all the applications and databases used to store and access student, employee and financial information for UVic.
These include:
- all Banner modules
- Human Resources or HR, Finance, Student, Document Management System or BDMS, Workflow, Advisor Services
- all FAST applications
- Finance, Web Requisition or WebReq, Human Resources or HR, Journal Voucher or JV, Accounts Receivable or AR
- Raiser’s Edge
- Continuing Studies information system
- ONECard
- Cascade CMS
- other specialized applications that interface with these systems
- AIRS, AIMS, DCU, Viewcat and others
Department administrators
Department administrators refers to anyone who has authority over the budget of a department or has been delegated approval authority. This can include people in a range of positions such as:
- deans
- directors
- administrative officers
- managers
- project managers
- faculty members who administer research funds
If you’re not a department admin, that doesn’t mean you can’t request these services. If you want to request these services, a department admin will need to provide a FAST account code and authorise any expenses and service level agreements (SLAs) that are associated with the service.
Get help
If you have any questions about the information on this page, contact the Computer Help Desk.