Acceptable Use Policy

December 14, 2018


The purpose of this Acceptable Use Policy is to establish minimum criteria for acceptable use of St. George’s University, University Support Services, and any other operating units of Medforth Global Healthcare Education Group LP identified by management (collectively, the Enterprise) information systems.


This policy applies to all users across the Enterprise’s technological environment and represents the minimum requirements for acceptable system use. Individual facilities and business units may require additional security controls, as needed. Users of Enterprise systems include faculty, staff, and students.


  • Information System – A set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information
  • Information System Abuse – Intentional or reckless misuse, alteration, disruption, or destruction of information processing resources
  • Network – Any information system implemented with a collection of interconnected components
  • Password – A string of characters (letters, numbers, and other symbols) used to authenticate an identity or to verify access authorization
  • Authorization – Access privileges that are granted to an entity, conveying an “official” sanction to perform a technological function or activity

Roles and Responsibilities

  • Office of Information Technology (IT): The Office of Information Technology is responsible for maintaining this Acceptable Use Policy and implementing controls to prevent and detect abuse of Enterprise systems and resources.
  • Executive Director of IT: The Executive Director of IT is responsible for setting overall policy regarding Enterprise computers, networks, and information systems use and protection.
  • Security Division: The Security Division is responsible for advising IT on what controls and technologies must be used to monitor and detect unacceptable system use, and for performing monitoring and detection of system misuse.
  • Cyber Security Committee: The Cyber Security Committee is responsible for periodically reviewing this policy and for educating the user community about ethical and secure use of Enterprise information systems as outlined in the Enterprise’s Security Governance Policy.
  • Directors, Supervisors, and Department Heads: Management must ensure that all system users within their area of accountability are aware of the responsibilities defined in this policy and must demonstrate a commitment to secure and acceptable system use.

Policy Statement

Acceptable Use

  • Any connection between the Enterprise’s network and the Internet presents an opportunity for outside adversaries to access Enterprise systems and information. With this in mind, all users must interact with the Internet safely and in compliance with this policy.
  • All use of Internet communication methods, including E-Mail and instant messaging must comply with the Enterprise Electronic Communications Policy. Users communicating via E-Mail may not forward chain letters, send sensitive information by E-Mail, or use “auto-forward” rules to send E-Mail to a non-Enterprise account.
  • Any files downloaded from the Internet must be scanned for viruses. Users may only download software approved by IT, and for which they have approval to purchase any required license to use that software.
  • Any user with approved access to E-Mail mailing lists may access those mailing lists, provided such access is for business or educational purposes.
  • Rules and requirements for use of social media are outlined in the Enterprise’s Electronic Communications Policy.

Unacceptable Use of Enterprise Resources

All of the actions below are considered unacceptable use of the Enterprise’s information systems, and the Enterprise maintains the right to undertake disciplinary action against any user found to be performing any of the following actions or any additional actions that constitute unacceptable use. Users of Enterprise information systems must not:

  • Store Enterprise data on personal devices. Enterprise reserves the right to access any personal device to remove Enterprise data. Enterprise also reserves the right to remotely delete any Enterprise data from a personal device.
  • Perform any act intentionally, which may impair the operation of Enterprise information systems.
  • Make unauthorized alterations of the security or network configuration of any Enterprise information system.
  • Share passwords, PINs, tokens, or other authentication information with anyone, including coworkers or administrative staff.
  • Solicit passwords, PINs, tokens, or other authentication information from anyone, including coworkers or administrative staff.
  • Utilize Enterprise systems to gain unauthorized access to remote systems or attempt to circumvent any security protections or authentication systems.
  • Run or install any piece of software on any information system, whether intentionally or unintentionally, without prior written authorization from IT.
  • Use Enterprise information systems for personal financial gain.
  • Deliberately perform acts that are wasteful of computing resources.
  • Use Enterprise systems in a manner that would constitute harassment, invasion of privacy, threat, defamation, or intimidation.
  • Provide false or misleading information for the purpose of obtaining additional access rights or manipulating access rights in any way that violates the Enterprise Access Management Policy.
  • Place any of the following types of information or software on any Enterprise information systems:
    • Material which infringes upon the rights of another person or organization
    • Abusive, profane, or sexually offensive material
    • Pirated software, destructive software, pornographic materials, libelous statements, or any material which may be injurious to another
    • Advertisements for commercial purposes
    • Threatening, libelous, or offensive messages
  • Play any game using Enterprise information systems, unless that game is instructional, and has been specifically approved by IT.
  • Connect to websites related to sex, illegal drugs, criminal skills, hate speech, online gambling, sports, entertainment, or job searching.

Ignorance of this policy does not excuse violations.

Policy Disclaimers

Enterprise information systems and data stored therein are the property of the Enterprise. The Enterprise reserves the right to limit, restrict, or terminate any user’s account and inspect, copy, remove, or otherwise alter any software, data, or file on any Enterprise information system. The Enterprise also reserves, and will exercise, the right to review, audit, intercept, access, and disclose all communications or data on Enterprise information systems at any time.

The Enterprise will not be liable for any personal data loss resulting from efforts to maintain the privacy and security of Enterprise information systems.

The Enterprise views the misuse of information systems as a serious matter and will make no ad-hoc exceptions to this policy. Exceptions to this Acceptable Use Policy must be formally requested, in accordance with the Enterprise Policy Lifecycle and Governance Policy.

Related Documents