Email Management Policy

UM System Policy Number: 12006

Scope

This policy applies to all employees, students and other users of the University of Missouri’s (UM) electronic mail (email) system and to all email sent from or received by the UM email system.

Purpose

To provide email services in support of the missions of the University while also reducing associated risks

Policy

University employees must use the University provided email account assigned to them when using email to conduct University teaching, learning research or other University-related business activities. Former employees, retirees, volunteers, consultants and others acting for or on behalf of the University may be eligible for a University email account.  See Electronic Mail (Email) Use and Management Procedures for eligibility requirements.

Conditions and obligations for access to and use of the UM email services include:

  1. Email is primarily a transactional communication tool and should not be used as a system of record or for long-term storage of files. When appropriate or necessary, emails and/or email attachments should be transitioned to appropriate electronic storage systems consistent with the University’s record management policies.
  2. The use of a University e-mail account for personal business should be limited as per CRR 110.00, UM Acceptable Use Policy.
  3. The use of University passwords on non-University systems is strictly prohibited. This includes all personal online accounts/systems as well as work-related systems provided by non-UM entities.
  4. Automatic forwarding of University email to a non-university email account is prohibited.
  5. A device personal identification number (PIN) must be enabled in order to receive University email on a mobile device.
  6. Email transmission of highly restrictive DCL4 data (SSNs, patient information, credit card numbers, etc.), as defined in the UM Data Classification System, to an external email account is strictly prohibited except through encrypted means.
  7. Highly restrictive DCL4 data, as defined in the UM Data Classification System, shall not be stored in a University email account. Email messages and/or attachments containing DCL4 data must be deleted or moved to an appropriate storage location as soon as possible or within 30 days of receipt or transmission.
  8. Emails will automatically be deleted from Inboxes, Sent Items, and Deleted Items after defined periods of time as documented in the Electronic Mail Use and Management Procedures. Emails moved to a subfolder will not be automatically deleted.
  9. University email accounts will be deactivated and ultimately deleted when the individual to whom the account was assigned, is no longer approved to have UM email.
  10. Supervisors must work with their employees, prior to their departure, to transfer any emails necessary for business continuity, particularly those that include University legal correspondence, proprietary or confidential information, compliance related correspondence and any records to an appropriate custodian prior to their last day of employment.

Procedures

The UM Office of Information Technology is responsible for publishing procedures related to the ongoing management this policy. Email management procedures will include but are not limited to email account retention, exception procedures and account deletion timelines.

Enforcement

Violation of this policy may result in a denial of access to University information technology resources and other appropriate disciplinary actions up to and including termination.

References

Reviewed 2021-06-30

Source: umsystem.edu

Windows 7 End of Life Migration Policy

October 2019

Microsoft announced the Windows 7 operating system will become end of life January 14,
2020. This means Microsoft will no longer provide updates for Windows 7. Computers still
using it will become more vulnerable and pose a security threat to the network. Windows 10
operating systems must be installed in order to be in compliance.

To assist in the transition away from Windows 7 the following policies have been developed.
  • Computers with Windows 7 operating systems will need to be updated to Windows 10. Visit Cherwell to request an upgrade.
  • Most computers that are less than 6 years old as of August 1, 2020 should be able to be re-imaged with the Windows 10 operating system.
  • Computers that will be 6 years old and/or running Windows 7 as of August 1, 2020 will have to be replaced and disconnected from the UMSL network, per the UMSL computer system support and end of life policy.

Exceptions to the above will require business case justification along with Information Security and CIO approval.

University of Missouri-St. Louis Information Technology Network Usage Policy

The University of Missouri-St. Louis (UMSL) campus network provides access to the campus computing facilities. All users of the UMSL network must conform to the University of Missouri-St. Louis Acceptable Use Policy. Upon connecting a computer to the UMSL network, there are additional policies that must be followed. Violation of any of the following policies may result in immediate disconnection from the network.


Network Usage:

  • All UMSL network traffic to and from the Internet must go through the firewall. Any network traffic going around the firewall must be accounted for and explicitly allowed by the Computer Security Incident Response Team (CSIRT).

  • Computer Security Incidents and Abuses can be reported to the CSIRT at abuse@umsl.edu, or call the Technology Support Center at 314-516-6034.

  • Applications which transmit sensitive information over the network in clear text, such as telnet and ftp, are prohibited and will be blocked. Exceptions must be accounted for and explicitly allowed by the CSIRT. Secure free replacements to telnet and ftp are SSH and SFTP.

  • UMSL has enabled port locking which locks a specific PC to a specific network port. Moving a PC to another port, or plugging a new PC into an old PC's port will result in an automatic disabling of that port. The Technology Support Center will have to reset the port.

  • Users may not go outside UMSL for network connectivity, such as signing up for a connection to an outside Internet Service Provider, without the consent of Information Technology Services (ITS).

  • Activities that inhibit the ability of others to connect to or use the network are prohibited. This includes, but is not limited to: unauthorized file-sharing, initiating denial of service attacks, initiating viruses or worms, and network scanning.

  • ITS will attempt to satisfy all requests for special network topologies that are needed for research or teaching. There may be costs associated with these accommodations.


Workstation Configuration and Network Administration:

  • Only UMSL approved and updated Operating Systems will be allowed to access the UMSL network.

  • Windows based Faculty and Staff systems must be joined to the UMSL Domain. Exceptions must be approved by ITS.

  • Faculty and Staff Windows based systems must run the current campus anti-virus software.

  • All systems on the UMSL network must be registered through our Network Access Control System (NAC).Faculty and Staff Windows and Macintosh systems must have the NAC Persistent Agent installed.

  • Faculty and Staff are responsible for the servers they manage and for keeping them in compliance with campus rules.

  • Students may not provide accounts, disk storage, or web pages for other users.

  • Users may not set up servers without first notifying ITS. This includes but is not limited to DHCP, DNS, WINS, FTP, Web, or Mail servers.

  • By default, IP addresses are automatically assigned by Dynamic Host Configuration Protocol (DHCP). The use of a hard-coded or non-approved IP address is prohibited. IP addresses can change without notice unless arrangements are made with ITS to assign a static IP.

  • A computer should not be connected to the network via wired connection and wireless connection at the same time.

  • Network administration tools are not allowed without the consent of ITS. This includes, but is not limited to:
    • Network monitors
    • Sniffers
    • Vulnerability scanners
    • Port scanners
    • SNMP tools


Network Hardware:

  • University computing equipment must not be tampered with in any way.

  • Wiring may not be split, re-wired, or re-configured.

  • Mini-hubs, routers, switches, bridges, wireless access points, wireless bridges, or other network hardware are not allowed.

  • Only one computer at a time may connect to each in-room jack.

  • A PC with multiple network cards is not allowed to function as a network address translation gateway. For example, Windows Internet Connection Sharing is prohibited. No device other than an ITS device will be permitted to route or bridge packets.

  • A PC with a wireless card may not be configured to act as a wireless access point.

  • Game Systems as well as Video/Audio streaming devices such as Roku, Google Chromecast and AppleTV are not allowed on the wireless network. If the device is able, it can be connected to the wired network after it’s been registered in NAC.


Network Maintenance Window:

Sunday mornings (midnight thru noon), 1st and 3rd Wednesday of the month (4:00a.m. thru 7:00a.m.) and 2nd and 4th Friday of the month (5:30p.m. thru Sat 6:00a.m.) are reserved for network maintenance. Every effort will be made to give prior notice. The network and or servers may be unavailable during this time so updates can be made. Access to the network may be suspended to preserve the integrity of the network.


Temporary Guest Accounts:

Non-UMSL users may be granted a temporary guest account with approval by ITS to help facilitate collaboration with researchers at other Universities and sites. These accounts will be allowed to VPN into UMSL. A faculty member must request the account, fill out a form, and be responsible for the account's usage.


Individual Responsibility for Security on the Student Network:

Users in UMSL student housing are expected to take reasonable steps to ensure that their computer systems do not create a security risk when connected to the network. This includes but is not be limited to the following steps:

  • Users must register their computer on the student network using an SSO/ MyGateway username and password.

  • Windows based systems must run a current and updated anti-virus software.

  • Operating systems and software must be kept current with the latest patches and service packs offered by the vendors.

  • Wired Windows and Macintosh student systems must have the NAC Persistent Agent installed.

  • All accounts on student owned machines should have passwords.

  • It is recommended that individual computers be protected by a personal firewall.

  • It is recommended that users perform regular scans for malware using anti- spyware software.

For more information, visit ITS Security.

Standard Equipment included with the UCP

ITS has developed computer standards in order to keep hardware and support costs down. By using standard hardware, operating systems and applications, ITS can reduce the total cost of ownership, the time it takes to deploy a computer to a user, and the time it takes to fix and support issues related to the system. 

A Windows based laptop is the standard computer provided to users allowing workplace flexibility and mobility. Users will have the option to obtain one external monitor, docking station allowing for external monitor support, wireless keyboard/mouse, and carrying case.

Computers and associated peripherals will be refreshed after a minimum of 5 years or when they have reached end-of-life as determined by ITS.  

When ITS determines a system needs to be replaced, ITS will contact the end-user assigned to the computer via email to begin the multi-step replacement process. ITS staff will provide guidance on preparing for setting up the new computer.

ITS is unable to delay replacement or hold equipment. Once the equipment is ready an appointment will be scheduled for replacement. All systems and peripherals that have reached their end of life as determined by ITS must be surrendered to the Technology Support Center to be prepared for surplus. All systems will have their hard drives securely wiped. It is the responsibility of the UCP contact and/or Unit Business Managers to ensure the return of all equipment.

Systems purchased from university surplus are not allowed to be connected to the UMSL network and will not receive support from the Technology Support Center.

Exceptions to the Standard Computer

Exceptions to the standard computer can be reviewed under the following conditions:

  1. Documented requirements for the need for a different operating system, special hardware configurations, or other special needs not afforded under the standard option.
  2. Unit Business manager approves of the request.
  3. College, School or Division lead approves the need.

If the above 3 requirements are fulfilled, then the following must be observed:

  1. Technology Purchase Request including the above criteria is submitted, and CFO/CIO or their delegate approves the exception.
  2. The end user's unit/department will be financially responsible for any difference in cost above the current provided standard offering.
  3. The department acknowledges that support may be limited on the device and may not receive the full extent of support offered by ITS.

Departments shall assume the cost of any computers, upgrades, or additional peripherals beyond the standard workstation that is provided as part of the UCP.

Standard Services Included with the UCP

Support for UCP system shall be provided through the Technology Support Center. These support services include, but may not be limited to:

  • Initial installation and setup of system
  • Connection to the campus network, phone system, and network printers
  • Connection to cloud resource offerings such as OneDrive
  • System diagnosis and resolution of reported problems
  • Evaluation to determine when components are eligible for replacement

 

 5/26/2021

Audience

All members of the University of Missouri–St. Louis community including prospective and
current students.

Statement

SMS text messaging is an efficient and effective way of communicating with current and future
members of the university community. The University of Missouri–St. Louis (UMSL) will only
distribute text messages to users that opt-in to receiving our text message while providing the
ability to opt-out at any point by changing their communication options related to SMS text
messaging. Those who opt-out will be marked as such and not receive text messages until they
opt back in.

Background

The University of Missouri–St. Louis recognizes that text messaging can be a highly effective
means of communication, but the university is also aware of the need to protect user’s data
and limit what information may be sent through a text. As a university, UMSL will follow all
guidelines for FERPA, The Privacy Act of 1974 and the Telephone Consumer Protection Act. No
information in violation of these laws may be sent via text. The university will not share any
information via SMS text-messaging apps with any 3rd parties without allowing users to opt-out
before sharing. The university must protect user data to ensure a positive communication
experience.

Guidelines and Procedures

UMSL has developed and implemented an SMS Text-Messaging Management system to
manage the opt-in or opt-out of users for text messaging. Users should visit
MyGateway.umsl.edu and use the SMS text-messaging app to verify their cell phone number is
correct and to opt-in or opt-out of different message categories. All new students applying to
UMSL are automatically opted-in when submitting an application for admission to the
university. (Please note: If a student does not want to receive text messages, they can reply to a
text message with STOP, or visit the MyGateway portal to opt-out. These guidelines and
procedures must be followed by each department / office responsible for sending SMS text
communications).

There are currently five different text-messaging categories.

  1. Academic Messages – Users may receive messages about advising, tutoring, class scheduling academic support services, etc.
  2. Student Affairs – Users may receive messages about student affairs related resources and programming.
  3. Finance – Users may receive messages about payments, student financial aid and scholarships.
  4. Information Technology – Users may receive messages about Helpdesk work orders and possible security issues with your accounts.
  5. Enrollment Management - Users may receive messages related to admissions information, registration and information related to enrollment.

Students can expect to receive:

  • Guidelines for student success and support
  • Reminders of important dates and deadlines
  • Inquiries for providing assistance

Students can respond with:

  • Questions
  • Comments
  • Responses

User Privacy:

Due to privacy laws, such as FERPA, certain information may not be able to be discussed via text
messages, (such as grades, GPA, etc.). If the conversation evolves to the need to discuss
sensitive information, the student may be asked to check their email account.

Email remains the official form of communication

Text messaging will be utilized to enhance communication. Email to a user’s university email
account is and will remain the official form of university communications. Students should
check their university email account on a regular basis for official and important university
communications.

Frequency of SMS text communications

Participating departments will send an average of one to two text messages per month. During
key times, such as registration, text messages may be sent more often.

Note: UMSL departments interested in utilizing text messaging for student communications should submit a Cherwell ticket.

Original Issue Date: August 2019

Revised Date: December 2020