Back to top

Employee Computer Use and Data Security

CAFE Policy: Employee Computer Use and Data Security

This is a review of essential rules for employee computer and internet usage. All employees of CAFE and its units are required to comply with all UMass computer usage and security rules and the specific rules listed on this page. In addition to reviewing the information listed here, please familiarize yourself with the University’s “Acceptable Use of Technology Resources Policy Interpretation Guidelines”

https://www.umass.edu/it/policies/it-policy-acceptable-use-interpretation-guidelines

Use UMass-owned Computers and Devices Appropriately

  • Do not download illegally.
  • Do not install software without advance authorization from CAFE IT staff.
  • Stay current with UMIT posted malware threats and utilize safe browsing habits. Do this by making sure to read related email messages from CAFE IT and UMIT when you receive them. Please do not ignore these emails. Follow the links in those messages to learn more about specific threats.

Use a UMass-owned PC or Laptop for working with UMass data

Use a CAFE IT-managed UMass-owned computer or device when working with UMass data. ‘UMass data’ means any work-related data, information, or documents except for the exceptions listed in the next section, below.

  • If you are required to work with UMass data off-site, use a UMass laptop. Speak to your supervisor if you believe you need a UMass laptop and you don’t have one.
  • Do not use non-UMass computers or devices to create, store, or send UMass data.
  • Keep UMass data on your UMass device. Do not copy or email UMass data for access on a non-UMass device.

Exceptions when working with non-UMass devices

  • You may login to your UMass email and calendar.
  • You may login to your UMass Cloud storage (BOX, Google, or Onedrive).
  • Do not download UMass data from email or cloud storage to a non-UMass device.
  • You may access and print UMass data from within your web browser but you may not download it.

Computer Security Training

  • Supervisors and their employees are responsible for knowing and complying with UMass policies related to computer use.
  • Orientation on computer security for new staff should occur during an employee’s first week of employment.
  • For staff who have access to sensitive data and material, an annual test and certification regarding security practices will be required annually, beginning in 2020.

Purchasing UMass Computers or Devices

  • Computers purchased by employees of CAFE and its units utilizing CAFE funds or the funds of its units, including grant funds, MUST be purchased through CNS Administrative Services, using purchase orders. NO other purchasing mechanism is allowed.
  • Supervisors must approve the choice of and purchasing of all UMass internet-enabled devices, ensuring employees follow UMass and CAFE purchasing procedures.
  • Program units must keep inventory records of their UMass-owned computing devices utilizing shared CAFE inventory spreadsheets hosted on BOX and made available by CAFE IT.
  • To dispose of UMass-owned computing devices return them to CAFE IT for secure disposal.
  • UMass-owned computing devices cannot be transferred to other units without properly notifying CAFE IT and Procurement.

Questions: Contact Jason Jordanides, 413-577-1811, jasonj@cns.umass.edu

Download PDF version of page cafe_computer_security_policy_9-19.pdf

September 2019