Peer-to-Peer Policy
Version 1.3
For Students, Faculty, Staff, Guests, Alumni
Purpose
The purpose of this policy is to protect the University’s IT Resources by prohibiting and blocking the use of Peer-to-Peer Applications.
Scope
This IT security policy, and all policies referenced herein, shall apply to all members of the University community, including faculty, students, administrators, staff, alumni, authorized guests, delegates, and independent contractors (the “User(s)” or “you”) who use, access, or otherwise employ, locally or remotely, the University’s IT Resources, whether individually controlled, shared, stand-alone, or networked.
Policy Statement
- The University prohibits using Peer-to-Peer Applications; however, the University understands there are legitimate academic uses for Peer-to-Peer Applications and will review requests on a per-need basis.
- The University mandates that all IT Resources be used consistently with the Acceptable Uses of IT Infrastructure and Resources Policy and comply with applicable laws and regulations.
- The University is not obligated to protect a User from a complaint or action arising from any violation or alleged violation of the law, including infringement of any intellectual property right due to the use of Peer-to-Peer Applications or any other type of file-sharing, software, or networks.
- Users should understand that material accessible through the internet does not mean that accessing such material is authorized by third-party rights holders. Content may only be accessible after a User pays for it and may not be authorized for distribution by those with rights to it.
- The University implements safeguards against the illegal exchange, unauthorized use, or distribution of copyrighted materials that violate the Acceptable Uses of IT Infrastructure and Resources Policy.
- Users should know that the University employs deterrent controls, such as bandwidth management technology, to ensure peer-to-peer programs do not degrade network speeds or any other portion of the IT Resources.
- The Office of Information Technology uses tools to perform this work and reserves the right to install or change packet shaping and traffic monitoring technologies at any time.
- Users should be aware that Peer-to-Peer Applications are not necessarily harmless, and using them, in addition to potentially degrading the IT Resources’ performance, may:
- Violate copyright, patent, trademark, or other rights;
- May result in the disclosure of confidential information; and
- May jeopardize the security of the IT Resources.
- If peer-to-peer programs degrade the performance of the IT Resources, appropriate action will be taken against the User or Users responsible for such degradation or other negative impact.
Definitions
IT Resources include computing, networking, communications, application, and telecommunications systems, infrastructure, hardware, software, data, databases, personnel, procedures, physical facilities, cloud-based vendors, Software as a Service (SaaS) vendors, and related materials and services.Peer-to-peer Applications allow computers to share data in music, movies, games, or any computer file or software over a local network and the internet without accessing a centralized distribution server or set of servers.
Related Policies and Procedures
Acceptable Uses of IT Infrastructure and Resources Policy StatementImplementation Information
Review Frequency | Triennial |
---|---|
Responsible Person | Senior Director of IT Security and Assurance |
Approved By | CISO |
Approval Date | 09/12/2018 |
Revision History
Version: | Date: | Description: |
---|---|---|
1.0 | 09/12/2018 | Initial document |
1.0.1 | 02/05/2020 | Update to the policy statement |
1.2 | 09/23/2023 | Updated policy statement, scope, and policy disclaimer |
1.3 | 10/01/2024 | Removed outdated HEOA link |
Policy Disclaimer Statement
Deviations from policies, procedures, or guidelines published and approved by Information Security and Assurance (ISA) will only be considered cooperatively between ISA and the requesting entity with sufficient notice to allow for conducting appropriate risk analysis, documentation, review, and notification to authorized University representatives where necessary. Failure to adhere to ISA written policies may be met with University sanctions up to and including dismissal.