Information Technology Services
IT Policies and Practices
Rutgers, OIT, and Bloustein Policies and Practices
The Bloustein School follows the Policies contained in the Rutgers Policy Library as well as best practices set by the Rutgers Office of Information Technology (OIT). The Bloustein School may create additional polices, practices, and procedures that apply to affiliates of the School. Several key policies and practices are listed below, with added context for Bloustein.
Acceptable Use Policy
All Rutgers affiliates are expected to practice safe and responsible use of IT resources at the University, an expectation formalized by the University’s Acceptable Use Policy for Information Technology Resources. Below are selected portions of the policy with added context…
-
- University IT resources, including hardware, software, and online services, are to be used primarily in support of University work, projects, and objectives
- Hardware includes items such as University-provided laptops, desktops, tablets, and more
- Software includes items such as University-provided desktop software, browser add-ons, mobile apps, and more
- Online services include University-provided email, videoconferencing, web hosting, and more
- Personal use is acceptable, so long as that use is incidental and does not interfere with University projects or tasks
- If a specific personal use case is detected as a security concern, IT staff may recommend targeted restrictions
- To best protect your personal privacy, we highly advise against any comingling of University and personal data
- As an example, when IT staff responds to an IT security alert on a University-provided device, we may need to disclose the data found on the device as part of the investigation, which may include personal data if stored on the device
- “Circumventing, disabling, or attempting to circumvent or disable security mechanisms” when using University IT resources is specifically prohibited
- IT staff regularly monitor University IT resources for threats, intrusions, and misuse, and Bloustein ITS is required to report to OIT when this monitoring detects a potential high severity incident
- Use of these University IT resources for “private advertising or other private commercial purposes” is specifically prohibited
- University IT resources, including hardware, software, and online services, are to be used primarily in support of University work, projects, and objectives
Artificial Intelligence (AI)
Artificial Intelligence (AI) use and research is subject to the same IT policies and practices as other software and online services. This includes policies regarding data security, purchasing, risk assessment, and responsible use. For more information, visit Artificial Intelligence at Rutgers.
Disposition of Used IT Equipment
In general, Bloustein does not allow faculty or staff to purchase their previously-assigned IT equipment upon retirement or departure from the School. Bloustein IT will, upon request, provide a consult to identify potential retail purchase options and assist in configuring the new machine to have the same look and feel as the previously-assigned machine (as licensing and data security allows).
Machines returned to Bloustein IT will be evaluated for potential re-deployment, salvage, or surplus. Items designated as surplus are considered to have reached the end of their usable life and will be disposed through Rutgers Surplus Operations. Any equipment that contains University data is either wiped or destroyed before disposal.
Email and Calendaring Systems
As detailed in Email and Calendaring Systems: Standards and Guidelines by the Rutgers Office of Information Technology, Rutgers Connect is the official email and calendaring system for faculty and staff, and ScarletApps is the official email and calendaring system for students.
Faculty and staff must use their official University email address through Rutgers Connect for all University business. The automatic forwarding of Rutgers Connect email to an email system outside of Rutgers Connect is not allowed. Example use cases of email communication that must be conducted via Rutgers Connect include…
-
-
- Advisors and Instructors communicating with students
- Student Workers communicating with their supervisor and colleagues regarding work tasks
- Employees submitting timesheets to the Business Office
- Faculty and staff communicating with prospective and current vendors
-
Freeze Period for IT Projects
To better ensure stability and reliability of Bloustein IT services, the ITS department does not schedule special projects or major changes during the following freeze periods. IT staff will respond to regular support requests during this time, however, there may an increase in wait time due to high demand.
- Dec 15 through Jan 31
- May 1 through May 21
- Aug 15 through Sep 30
IT Security and Training
IT security is a shared responsibility, and all Bloustein School staff, faculty, and student workers are expected to complete assigned security training and report potential IT security incidents. Bloustein ITS provides a separate Security Policies & Recommendations page with more specific IT Security recommendations, as well as a detailed Non Public Personal Information Policy.
Bloustein uses the KnowBe4 platform for IT security training, with an initial security training upon hiring and refresher security training each year. Supervisors may request additional security training for users with access to protected data, users with privileged system access, and any other users in need of additional training. When logging into the KnowBe4 platform, please remember to use your @ejb.rutgers.edu email account to access the system.
For more information please visit Bloustein’s Security Policies & Recommendations page and OIT’s Security page.
New Professor Research/Startup Account Technology Purchasing Policy
-
-
- Information Technology (“IT”) equipment associated with a home office that is in direct support of research and teaching is permitted.
- Non-IT equipment is not permitted, except where required by an disability finding or an REHS Ergonomic Assessment, such as a standing desk.
- Exceptions to restrictions on home-office purchases may be considered with the approval of the Associate Dean of the Faculty and Director of Business/Budget.
- All equipment purchased by Rutgers University is owned by Rutgers University. All Rutgers owned equipment designated for off-site use, must be signed out through the Bloustein School Information Technology Services Office using the official Rutgers sign out form for equipment removed from University premises. Employees that separate from Rutgers University must return all off site equipment prior to their last official date of employment with Rutgers University. Equipment that is no longer needed or has reached an end of life must also be returned to Rutgers University for re-allocation or disposal.
-
Policy Last Revised: 30 Jun 2022
Non-Public Personal Information (NPPI) Policy
Non-Public Personal Information (NPPI) is personal, private information that is not available to the general public through public records or widely distributed in media. This includes, but is not limited to…
-
-
- Social Security numbers
- Driver’s license numbers or state identification card numbers
- Credit or debit card numbers
- Medical records
- Student records
- Financial records
- Legal Records
- Police Records
- Studies or surveys using confidential or personally identifiable data
-
Bloustein School affiliates that make use of NPPI must register as a data custodian with Bloustein ITS, complete IT security training upon request, follow any applicable data security plans, comply with security audits, and report any suspected breach of data security. Bloustein ITS provides training for data custodians, assistance with the creation of data security plans, and scanning of systems for potentially unprotected NPPI data.
For more detailed information, please see the “Non-Public Personal Information Policy” section on the Bloustein Security Policies & Recommendations page.
Ownership of University-Purchased Equipment
All equipment purchased by Rutgers University is owned by Rutgers University.
All University-Purchased equipment designated for off-site use must be signed out through Bloustein School ITS using the official Rutgers sign out form for equipment removed from University premises.
Employees that separate from Rutgers University must return all assigned equipment prior to their last official date of employment with Rutgers University.
Equipment that is no longer needed, or has reached end of life, must be returned to Rutgers University for re-allocation or disposal. Rutgers Surplus Operations must be used for the disposal of applicable IT equipment.
Purchasing Hardware, Software, and Online Services
Purchases involving IT hardware and/or software (including cloud and online services) must be reviewed by Bloustein ITS. Whenever possible, these purchases are to be processed via purchase order. If an IT purchase cannot be processed via purchase order, purchase via P-Card or check request must be approved by the Business Office. IT purchases are not eligible for reimbursement if charged to a personal payment method except in very limited circumstances, which must be approved before purchase by both the Business Director and IT Director. Failure to follow this guidance may result in rejection of an expense reimbursement request.
All IT software purchases (including cloud and online services) that are not ordered through the Rutgers Software Portal must undergo risk assessment by OIT Risk Assurance. The individual requesting the purchase must fill out the Third Party Vendor Risk Assessment form if the purchase is a new use case or if a risk assessment has not been performed previously. Afterwards, individuals may fill out the shorter Third Party Vendor Recertification each year upon license or service renewal. The individual will receive, as two separate email messages, a receipt followed by the risk assessment report. The Business Office will need the risk assessment report (also known as “Risk Memo”) to proceed with the purchase.
Remote and Work-From-Home Support Requests
If an individual working remotely has computing or other equipment problems interfering with the performance of their duties, and if IT staff are not able to quickly solve the problem or provide a temporary workaround, the individual must come into the office to perform their work tasks.
Bloustein IT staff do not provide in-person support outside of Bloustein School on-campus locations; only remote support is provided to remote users. Unless approved in writing by the IT Director, no Bloustein equipment shall be taken to a non-Rutgers technician for diagnosis, repair, or data recovery. Users are expected to bring their equipment to Civic Square for repair if remote support does not suffice.
IT support for individuals working remotely will be viewed as best effort. IT staff will endeavor to address remote support requests as soon as possible, but there may be delays in providing service if there are other needs or emergencies at the Bloustein School. On-site support requests, particularly classroom support, are prioritized over remote support requests.
Software and Online Service Risk Assessment
Any use of software or online service that utilizes or stores University data, including administrative records, student records, research data, and more, must be approved by Bloustein ITS and/or Rutgers OIT. If a software or online service is not yet approved by Bloustein ITS or Rutgers OIT, it must be brought to Bloustein ITS for review, who may then submit a request to OIT for a Third Party Vendor Risk Assessment. If necessary, Bloustein ITS will assist in the creation of a data security plan.
University-Wide IT Policies and Practices
Select University-Wide IT polices and practices, for reference and further reading…
-
-
- Email and Calendaring Systems: Standards and Guidelines
- Guidance on the use of AI at Rutgers
- Guidelines for Use of Email for Official Purposes (over 50 recipients)
- Rutgers University Policy 20.1.12: Surplus Property
- Rutgers University Policy 50.3.18: Data Breach Management
- Rutgers University Policy 70.1.1: Acceptable Use Policy for Information Technology Resources
- Rutgers University Policy 70.1.2: Information Classification
- Rutgers University Policy 70.1.3: Incident Management
- Rutgers University Policy 70.1.4: Information Security Awareness, Training, and Education
- Rutgers University Policy 70.1.5: Rutgers University World Wide Web Accessibility Policy
- Rutgers University Policy 70.1.6: Email and Calendar Policy
-