Electronic Mail (Email)

PURPOSE
Bryant University’s email services support the educational and administrative activities of the University and serve as a means of official communication by and between users and Bryant. The purpose of these guidelines is to ensure that this critical service remains available and reliable, and is used for purposes appropriate to the University's mission.

SCOPE
These guidelines apply to all members of the Bryant community who are entitled to email services.

GUIDELINES AND RECOMMENDATIONS

1.0 Email Services

  • Bryant University's electronic mail services are University facilities and are intended for teaching, learning, research, and administration in support of Bryant University's mission. Employees of the University must use their University-issued email account for University business, and may not use personal email accounts for University business.
  • Email is considered an official means for communication within Bryant University. Email users are required to comply with state and federal law, University policies, and normal standards of professional and personal courtesy and conduct. Access to University email services is a privilege that may be wholly or partially restricted by the University without prior notice and without the consent of the email user: a) when required by and consistent with applicable law or policy; b) when there is a reasonable suspicion that violations of policy or law have occurred or may occur; or c) when required to meet time-dependent, critical operational needs. Such access restrictions are subject to the approval of the appropriate University supervisory or management authority (e.g., department heads, systems managers, etc.).
  • All use of email, including use for sensitive or confidential information, will be consistent with the University policy. Confidentiality regarding student records is protected under the Family Educational Rights and Privacy Act of 1974 (FERPA). All use of email, including use for sensitive or confidential information, will be consistent with FERPA.
  • On termination, resignation, or graduation, the individual's email account will be disabled and all information retained for a period of ninety (90) days before deleted.
  • In the event of a compromised email account, the account will be disabled and the password credential changed. The appropriate user support service will be notified of the situation and in turn will inform the account owner. Should the account be exploited for spamming purposes, appropriate measures will be taken to mitigate the damage to the bryant.edu domain name. Outbound mail leaving the Bryant domain from the account may be restricted for up to 72-hours or until all offending email is purged from the system.

2.0 Secure Email Service
The Secure Email service is designed for faculty and staff who need to use email to send sensitive information as defined by the University’s data classification guidelines, to a non-Bryant email account.

The University’s Secure Email service is designed as an opt-in service. The service assumes that a Bryant community member can identify whether they need to use the service when sending to a non-Bryant email account. The service will encrypt the sensitive information before releasing it to the non-Bryant account. The receiver will be provided the necessary information to easily decrypt the information.

To get started all you need to do is put “Bryant//Secure” somewhere in the subject line of the message. Contact the Helpdesk for more information.

3.0 Restrictions Using Email Services

  1. Persons given access to Bryant University's email system are expected to be familiar with and abide by the policies stated in the Bryant University Employee Handbook and the guidelines in this document.
  2. Bryant University email services may not be used for personal business or personal gain except as permitted by other University policies.
  3. It is a violation of this policy to use email to libel, threaten, or harass other individuals.
  4. Unsolicited email messages to multiple users are prohibited unless explicitly approved by the appropriate University authority.
  5. All messages must show the genuine sender information (i.e., from where and from whom the message originated). Users are not allowed to impersonate other users or user groups, real or fabricated, by modifying email header information in an effort to deceive the recipient(s); e.g., email spoofing is specifically prohibited.

Offensive Material - Use of University owned or provided equipment for viewing, accessing, or transmitting offensive material is strictly forbidden. This applies to any screen display or printing of images, sounds, or messages that could reasonably be considered unlawful, threatening, abusive, libelous, defamatory, obscene, pornographic, profane, or otherwise objectionable. Any attempt, whether by student, employee, or guest of the University, to access, view, or transmit such material using University-owned equipment or network resources will result in disciplinary action and possible loss of network privileges.

Users of campus communications are subject to all applicable local, state, and federal laws and regulations, and Bryant University policies and procedures.

4.0 Retention and Disposal
Most emails are NOT records. Most emails are simply electronically stored information without a lasting legal, operational, or historic value. Only emails that serve a legal, operational, or historic value are records, and should be managed in conjunction with any other records related to that function or activity. Refer to your organization’s records retention policy. For further guidance on the disposition of email messages and attachments see Email Retention and Disposition Schedule.

5.0 Enforcement
Any violation of University standards and/or directives may subject the violator to disciplinary actions in accordance with appropriate University processes.

6.0 Exceptions
Any exceptions to directives outlined within this document are to be reviewed and approved by the Information Security Program Committee as needed.

7.0 Enacted and Revisions
Date Enacted: 9/28/2012
Revision: 1.4
Last Reviewed: 6/13/2017
Next Review: June 2018

7.0 Standards and Reference Categories
ISO 27002: 7.1.3 – Acceptable use of assets
PCI DSS 2.0: 12.3 – Develop usage policies for critical employee facing technologies