112 Information Security Acceptable Use
Note: Policy 112: Information Security Acceptable Use replaced the Computer Use Policy on November 8, 2024.
The following table shows who is responsible for ensuring compliance with the policy requirements listed below.
| Requirement/Expectation | All Users | Data/System Owners | System Custodians/Administrators | OIS | Departments, Schools, and Units |
|---|---|---|---|---|---|
| Access to WashU resources is limited to authorized users. | ✔ | ✔ | ✔ | ✔ | ✔ |
| WashU matters should be handled using WashU accounts (i.e., not personal accounts) | ✔ | ✔ | ✔ | ✔ | ✔ |
| Personal files should not be stored on WashU systems. | ✔ | ✔ | ✔ | ✔ | ✔ |
| WashU resources will not be used for personal commercial or personal political gain. | ✔ | ✔ | ✔ | ✔ | ✔ |
| All university policies must be followed when using a personal device for WashU activities. | ✔ | ✔ | ✔ | ✔ | ✔ |
| Ensure basic security features enabled for any devices connecting to WashU networks, systems, and services | ✔ | ✔ | ✔ | ✔ | ✔ |
| Use AI in accordance with all applicable laws, regulations, and university policies. | ✔ | ✔ | ✔ | ✔ | ✔ |
| WashU Community members will not use the WashU systems or networks to cause harm or perform illegal activities | ✔ | ✔ | ✔ | ✔ | ✔ |
| The OIS will review and document exceptions to this policy on a case-by-case basis. | ✔ |
Summary of Policy
The Information Security Acceptable Use Policy outlines expectations for the appropriate use of WashU-provided information resources, ensuring that all WashU Community members understand their responsibilities. This policy synthesizes information from other policies, consolidating expectations for acceptable use into one document. Policy 112 expands upon and replaces the widely shared policy, Computer Use, and includes details about the following topics:
- Appropriate access to WashU information resources
- Expectations surrounding personal use of WashU resources (e.g., computer systems, cloud storage, and e-mail accounts, etc.)
- Expectations for using personal devices in WashU activities
- Appropriate use of Artificial Intelligence
- Misuse of WashU resources
- Monitoring and enforcement of acceptable use
Full Text of Policy
Policy 112 Information Security Acceptable Use
The Information Security Acceptable Use Policy outlines expectations for the appropriate use of WashU-provided information resources, ensuring that all WashU Community members understand their responsibilities.
Related Information
100 Information Security Program
This policy is the foundation of the policy library and provides a rationale for the directives communicated in all other information security policies.
102 Information Security Authentication, Authorization, and Audit
This policy outlines the process for granting, managing, and reviewing access to university systems and data based on user roles during normal and emergency operations at Washington University in St. Louis (WashU).
103 Information Security Device Management
This policy outlines security expectations for all devices (e.g., laptops, mobile phones, thumb drives, external hard drives, etc.) that access the information resources of Washington University in St. Louis (WashU) and includes specific details for devices handling WashU Protected Data and Information.
105 Information Security Risk Management
This policy describes how the Office of Information Security (OIS) helps manage technical and process risks to the Confidentiality, Integrity, and Availability (CIA) of information resources at Washington University in St. Louis (WashU).
115 Notice of Monitoring and Information Security Investigative Practices
This policy conveys the commitment of the OIS to the responsible collection, use, and safeguarding of personal information.
200 Information Security Classification, Labeling, and Handling
This standard defines classification categories and control zones for data, information, and systems at Washington University in St. Louis (WashU).
201 Information Security Logging and Event Monitoring
This standard describes logging practices for events occurring within networks and systems of Washington University in St. Louis (WashU).
203 Universal Device Management
DRAFT This standard is designed to mitigate risk, protect sensitive data, and maintain the overall security posture of Washington University in St. Louis (WashU) by ensuring all devices used for university activities are properly configured, secured, and maintained.
205 Information Security Risk Management
DRAFT This standard supports Policy 105: Information Security Risk Management by providing a detailed framework for identifying, assessing, mitigating, and managing security risks to the university.