Excessive Use of Information Technology Resources
IT-11
About This Policy
- Effective Date:
- 05-23-2006
- Date of Last Review/Update:
- 08-11-2011
- Responsible University Office:
- Information Policy Office
- Responsible University Administrator:
- Office of the Vice President for Information Technology & Chief Information Officer
- Policy Contact:
University Information Policy Office, uipo@iu.edu
- Policy Feedback:
- If you have comments or questions about this policy, let us know with the policy feedback form.
Scope
This policy applies to all users of Indiana University information technology resources regardless of affiliation, and irrespective of whether those resources are accessed from on-campus or off-campus locations.
Policy Statement
Excessive use of university information technology resources, especially when it impedes the mission-related activities of other users, or adversely affects system availability or performance, must cease or be reduced to an appropriate level. The Office of the Vice President for Information Technology will work with users and relevant administrators to identify, assess, and address issues of excessive use of resources, and to allocate information technology resources. The process will work in such a way that prioritizes uses that directly serve the university mission, avoids or eliminates service degradation, and enables the most effective overall use of university information technology resources.
Reason for Policy
Excessive use of information technology resources by a particular user, or for a particular activity, reduces the amount of resource available to satisfy the needs of other users. Excessive use may degrade or jeopardize system functionality, and can result in significant costs to the university. It is important to allocate information technology resources in such a way that prioritizes uses that directly serve the university mission, avoids or eliminates service degradation, and enables the most effective overall use of university information technology resources.
Procedures
- Identifying excessive use:
- The service manager or responsible technician of an information technology resource or service is responsible, along with the management of the unit owning the resource or service, for establishing metrics for gauging excessive use. Controls to limit excessive use may include, but are not limited to, established per-user limits for the service that allow for shared use of limited resources; limitations on the types of processes that can be run on a service or resource; or identification of certain uses as adversely affecting the activities of others or adversely affecting system availability or performance. In instances where availability of a resource is constrained and where resource augmentation is not feasible or possible, service managers in consultation with the owner of the resource may place limits or remove resources to protect and allow for shared use of the information technology infrastructure.
- Notification of excessive use:
- The service manager or responsible technician of the affected information technology resource will notify the user that he or she is consuming an excessive share of the resource. Upon request, users will be provided information from which they can compare their use with normal usage patterns.
- Mission-related activities:
- If the user's senior management or academic sponsor determines that the excessive use serves the mission of Indiana University, the service manager or administrator should attempt to accommodate the needs. Accommodation may involve augmenting resources or identifying adequate alternate arrangements for fulfilling the requirements in order to find a solution that does not adversely affect other users. The user may find it necessary to cease the activity, reduce the activity to an appropriate level, or find other options.
- Non-mission-related activities:
- If the user's senior management or academic sponsor determines that the excessive use does not serve the mission of Indiana University, the user will be notified to cease the activity.
- Emergency actions:
- Service managers, system administrators, and security and network engineers may temporarily suspend or block access to an information technology resource, or stop active processes in an account, when it reasonably appears necessary to protect the integrity, security, or functionality of the resource, or to protect other computing resources, or to protect the university from potential liability.
- Repeated notifications:
- Users who are repeatedly notified of excessive use may be subject to sanctions.
- Consultation:
- The University Information Policy Office (UIPO) and/or regional Chief Information Officers (CIOs) are available to provide consultation or advice related to technology use or abuse to any university, campus, or department administrators or staff.
Definitions
- Excessive use:
- exists when a user or process has exceeded established limits placed on the service, or is consuming a resource to a level such that service to other users is degraded, or where the actions of a user could cause degradation if the user is permitted to continue the practice or activity. Service managers, system administrators, and security and network engineers must use experience and knowledge of normal service usage patterns in consultation with the management of the unit owning the service or resource, and exercise judgment in making decisions about excessive use.
- Information technology resources
- includes all university-owned computers, peripherals, and related equipment and software; voice communications infrastructure, peripherals, and related equipment and software; data communications infrastructure, peripherals, and related equipment and software; all other associated tools, instruments, and facilities; and the services that make use of any of these technology resources. The components may be individually controlled (i.e., assigned to an employee) or shared single-user or multi-user; they may be stand-alone or networked; and they may be stationary or mobile.
Sanctions
Indiana University will handle reports of misuse and abuse of information and information technology resources in accordance with existing policies and procedures issued by appropriate authorities. Depending on the individual and circumstances involved this could include the offices of Human Resources, Vice Provost or Vice Chancellor of Faculties (or campus equivalent), Dean of Students (or campus equivalent), Office of the General Counsel, and/or appropriate law enforcement agencies. See policy IT-02, Misuse and Abuse of Information Technology Resources for more detail.
Failure to comply with Indiana University information technology policies may result in sanctions relating to the individual's use of information technology resources (such as suspension or termination of access, or removal of online material); the individual's employment (up to and including immediate termination of employment in accordance with applicable university policy); the individual's studies within the university (such as student discipline in accordance with applicable university policy); civil or criminal liability; or any combination of these.
History
- Reviewed December 2011.
- Revised August 17, 2011: changed titles in Sanctions section to more accurately reflect current usage.
- Revised March 4, 2010: enhancing language in Sanctions section
- Approved May 23, 2006
- Approved September 2, 1999