Skip to main content Skip to main content

Email and Electronic Communications Security

Information and Information Technology


Contents


Policy Statement

The purpose of this policy is to govern usage of MSU Denver’s email and other electronic communications services. As email is the official means of communications at MSU Denver, it is critical that appropriate use of these services be defined and enforced.

Electronic Mail (email) Access

All users of University computing systems will be provided an email address and email functionality based on their role on campus. Official email communications should be addressed to the University-issued email address.

Users have the option of accessing their email accounts from University-issued devices using University-licensed software, but may opt to utilize personal devices and personally licensed software to access their mailbox. MSU Denver IT Services is responsible for maintaining University-issued devices and software and will exercise best efforts to support personal devices. Users may choose to forward their email from their University mailbox to an external personal mailbox, but MSU Denver IT Services is only responsible for guaranteeing delivery to MSU Denver mailboxes.

Systems maintained by MSU Denver IT Services which are used to generate email must abide by the Email and Electronic Communications Security Policy. These systems include but are not limited to:

  • Lyris
  • Blackboard Learn 

Use of Email for Transmission of Confidential Data

Inappropriate Usage

Use of MSU Denver email services should follow standards of normal academic and professional ethics, and is governed by University policies and applicable law. Inappropriate use may result in revocation of access to University computing systems, and could result in disciplinary action pursuant to the Student Handbook, Faculty Handbook, and Staff Handbook.

Inappropriate use examples include, but are not limited to:

  • Unauthorized attempts to access or use another person’s email account
  • Sharing MSU Denver account NetID and password with other individuals
  • Using email in a harassing, obscene, or violent manner
  • Using email in a manner that is illegal, violates University policy, or which could adversely impact the University’s computing systems resources

Incidental personal use is permitted as long as this use does not adversely affect the functionality of University computing systems, incur additional costs, interfere with the performance of job duties, or violate applicable laws or University policies.

Email Privacy

MSU Denver email services are subject to disclosure per the Colorado Open Records Act and other e-discovery requests. Computer activity may be monitored by authorized individuals for purposes of maintaining system performance and security. In instances when individuals are suspected of abuse of computer usage, the contents of user files may also be inspected upon the approval of the Office of General Counsel, in addition to one or more of the following offices: Human Resources, Equal Opportunity, or the Dean of Students. Any such monitoring or inspection must be formally requested and approved through IT Services HelpDesk tickets to ensure that the request and any related activities are appropriately documented.

Mass Communications Tools

Use of mass communications tools, such as Listserves, global distribution lists, or mass marketing services, are governed by the Global Email Policy.


Background and Purpose

Background: MSU Denver's Information Security Policies were created by the IT Strategic Oversight Committee (ITSOC) Information and Instructional Technology Policies Subcommittee and reviewed by the University’s Policy Advisory Committee. Review of these policies will be made on an annual basis, with any changes or additions being submitted through the University’s policy review and approval process.

Purpose: MSU Denver’s Information Security Policies are focused on protecting critical data and information systems of Metropolitan State University of Denver from loss, damage or inappropriate modification or disclosure. The policies contained in this document are designed to ensure that the University adheres to security standards commensurate with the data and systems referenced, while maintaining appropriate functional access for students, faculty, and staff.

Scope: These policies apply to all individuals, including students, faculty, and staff, provided access to university data and information technology systems. Contractors and otherwise affiliated individuals must agree to abide by the Information Security Policies before accessing university systems and data. Role-based policies and procedures that apply to specific groups of users will be provided where applicable, in accordance with functional requirements and data classification.


Roles and Responsibilities

Approval Authority: President

Responsible Executive: Chief Information Officer

Responsible Administrator: Chief Information Security Officer

Responsible Office: Information Technology Services

Policy Contact: IT Services, msudenver.edu/technology, 303-352-7548


Enforcement and Reporting

Adherence to Information Security Policies is mandatory and may be based on State or Federal statute, contract language, or information security standards. These policies are not intended to unreasonably interfere with system utilization. Individuals should contact the IT Services Help Desk to report security risks, violations of policy, or to make requests for exceptions or amendments to the policies. The Chief Information Security Officer (CISO) and other IT Services staff will respond to all reported security issues and will work with the policy subcommittee to allow for development of appropriate updates to policies. Violations of these policies may result in fitting administrative action up to and including revocation of system privileges, employee termination, or student expulsion.

Information about the Information and Instructional Technology Policy subcommittee is available on the IT Governance website.


Policy History

Effective: July 1, 2017


Related Information


Edit this page