About
IT Policies and Procedures
The Division of IT administrative policies and procedures. It is the responsibility of the MU community, including faculty, staff, and students to familiarize themselves with and comply with the policies that affect them.
Refer to UM System Access to IT Accounts & Electronic Information policy.
Refer to UM System Electronic Mail Use and Management Procedures policy.
The Division of IT represents UM and MU central IT. The division reports to Ben Canlas, who serves as both the Interim MU Chief Information Officer and the Vice President for Information Technology.
The Division of IT follows a Change Management (CM) policy to assess, approve, and schedule changes to production systems using standardized methods and procedures.
Maintenance Windows
Although service interruptions will be kept to an absolute minimum, some services may potentially be unavailable during the following maintenance windows:
- Sunday, 12:00 a.m. – noon: infrastructure and systems
- Wednesday, 4:00 a.m. – 6:00 a.m.: infrastructure and systems
- Tuesday & Friday, 5:00 a.m. – 7:00 a.m.: standard application code promotions
- Saturday, 6:00 p.m. – midnight: Oracle/PeopleSoft enterprise applications
Urgent maintenance or changes having a major negative impact on applications, systems, and networks may occur outside defined maintenance windows as needed.
- Computing resources and facilities are for instructional and academic purposes.
- Please adhere to the UM Acceptable Use Policy and the Digital Millennium Copyright Act (DMCA).
- Only Division of IT-supplied paper is allowed in printers; use of personal paper or envelopes is prohibited.
- Be considerate of others — use headphones; speak quietly to others and on cell phones.
- Software installation is prohibited.
- Sites staff are not responsible for lost or stolen items.
- Reminders: Save often. Don’t forget to log out. Check printer selection before printing.
- Report Problems: Please report all computer and printer maintenance problems to the consultant on duty. If the site is unstaffed, please call Tech Support at 573.882.5000.
Departments are responsible for purchasing their own cordless telephones and headsets. DoIT prohibits the use of 2.4 GHz cordless telephones and headsets as they interfere with Tiger WiFi. Instead, departments should purchase cordless telephones (and headsets) using 900 MHz, 5.8 GHz, or 1.9 GHz (DECT 6.0) spectra.
DoIT is responsible for repair problems with the line, but not for a cordless telephone and/or headset connected to the line. If repair calls result in a problem with cordless phone or headset, DoIT will charge the prevailing labor rate for the repair call.
1.0 Introduction
The Data Center is vitally important to the ongoing operations of the University. The following policies and procedures are necessary to ensure the security and reliability of systems residing in the Data Center.
1.1 Role Definitions
Data Center Employee: Division of IT employees who work at the Data Center
Authorized Staff: University employees who are authorized to gain access to the Data Center but who do not work at the Data Center
Authorized Vendor: All non-University employees who, through contractual arrangement and appropriate approvals, have access to the Data Center
Visitors: All other personnel who may occasionally visit the Data Center but are not authorized to be in the Data Center without escort
2.0 Policies
2.1 Access to the Data Center
In order to ensure the systems housed within the data center are kept secure, the following policies apply to all personnel requiring access:
- All personnel who access the Data Center must have proper authorization. Individuals without proper authorization will be considered a visitor.
- Visitors to the Data Center must adhere to the visitors’ guidelines (see section 3.2).
- Authorizations will be verified on a quarterly basis.
- All personnel must wear a valid University or vendor identification badge at all times.
- All personnel must sign in when entering the Data Center to document the time and purpose of their visit. They also must sign out when leaving.
- All personnel must enter through the Data Center’s north entrance and must wear a University ID or visitor’s ID at all times.
- Authorized staff will have access to the Data Center at any time.
- Systems housed within the Data Center that contain data classified as Level III or above will be monitored by Data Center employees through live video cameras.
2.2 Equipment in the Data Center
In an effort to maximize security and minimize disruptions, the following policies apply to all equipment housed in the Data Center.
- A form must be completed for all equipment installations, removals, and changes.
- Data Center employees will deny entry to authorized staff or vendors who intend to install, remove, or rename equipment without an accurate equipment form.
- Equipment housed within the Data Center must meet certain system specifications.
3.0 Procedures
3.1 Access Authorization
University staff members must be pre-approved for unescorted access within the Data Center. Vendor access must be sponsored by an authorized staff member, or a dean, director, or department chair.
Authorizations will only be approved for individuals who are responsible for installation and/or maintenance of equipment housed in the Data Center. Approval processes are as follows:
- Authorization forms must be signed by the dean, director, or department chair of the person requesting access.
- After approval, the Division of IT Data Center manager will review and approve.
- If approved, the authorized staff member or vendor will be added to the authorization database, and the authorization form will be kept on file.
- Authorized staff/vendors will be allowed entrance into the Data Center by a Data Center employee but will then have unescorted access within the Data Center.
- Authorized staff/vendors are responsible for logging in/out when entering/exiting the Data Center. The purpose of the visit must be documented.
3.2 Visitor Procedures
Anyone who is not a Data Center employee, an authorized staff member, or authorized vendor is considered a visitor. All visitors to the Data Center must adhere to the following procedures:
- All visitors must enter through the north entrance of the Data Center.
- Visitors must be accompanied by either a Data Center employee or other authorized staff member at all times while in the Data Center. Exceptions to this policy must have the approval of the Data Center manager.
- Visitors must log in/out when entering/exiting the Data Center. The purpose of the visit must be documented.
- Visitors must wear a visitor’s badge at all times.
- Visits should be scheduled through the Data Center manager 573.884.3400 at least 24 business hours in advance. Unscheduled visits to install equipment or perform other tasks may be turned away.
3.3 Audit Procedures
- The Division of IT Data Center will send a list of authorized staff and authorized vendors to the appropriate dean, director, or department chair on a quarterly basis (January, April, July, and October) for review and verification.
- Each dean/director/department chair will review and update the list of authorized staff/vendors and return it to the Data Center manager within two weeks.
- Failure to return access audits will result in revocation of access privileges for previously authorized staff/vendors until such time as the audit is returned.
3.4 Equipment Installation
Authorized staff performing the installation must submit an installation form.
3.5 Equipment Removal
Authorized staff performing the removal must submit a removal form.
3.6 Equipment Renaming
Authorized staff performing the rename must submit a rename form.
Refer to UM System Data Classification Levels.
In FY22, changes were made to the way some IT costs are distributed to the campus. We’ve added IT costs for some of our services to the MU Allocation Model. As a result of the change, all expenses included in the FY22 MU allocation model are assigned to each entity based on their percentage of expenses to the total and then that amount is deducted from their annual General Revenue Allocation.
For example, If the School of Music accounts for 10 % of overall expenses, they will be assigned 10% of the IT expenses and their GRA allocation is reduced accordingly. This reduction is done BEFORE the allocation is transferred to the entity.
The following services are now included in the MU Allocation Model and are NOT billed monthly:
Microsoft Licensing | |
Security & Account Management | Help Desk |
Adaptive Computing Technologies | Faculty/Staff Initial ID Card |
Applications Development & Support | Administrative Overhead |
Project Management | Research |
Data Center | Cherwell |
Tier 1 Distributed IT Support | Wired and Wireless Data Network** |
**Please Note: Data Network monthly charges are included in the allocation model but activation and installation charges still apply.
Departments should review their Division of IT billing via PeopleSoft on a monthly basis and report any billing discrepancies to Tech Support at 573.882.5000. The Division of IT will:
- Issue credits for equipment and services for up to three previous billing cycles.
- Not issue credits for discrepancies crossing fiscal years, even if the request is within the previous three billing cycles.
- Issue credits for missing equipment charges for up to three previous billing cycles if the equipment is found and returned.
For additional information on policies governing information technology and telecommunications services, consult the MU Business Policy & Procedure Manual.
Copyright Violations
Federal copyright law protects the author of intellectual works. This copyright ensures that only the author or the author’s assignees have the legal authority to copy, distribute, create derivative works, or perform or exhibit protected works. These rights extend to the Internet and were supplemented by additional laws when Congress passed the Digital Millennium Copyright Act of 1998 (DMCA).
You could violate federal copyright law if:
- Somebody emails copyrighted material to you and, in turn, you forward it to one or more friends.
- You make an audio file (such as MP3) copy of a song that you bought (purchasers are expressly permitted to do so) but subsequently make the audio file(s) available on the Internet using a file-sharing network.
- You join a file-sharing network and download unauthorized copies of copyrighted material you want from the computers of other network members.
- To gain access to copyrighted material on the computers of other network members, you pay a fee to join a file-sharing network that is not authorized to distribute or make copies of the copyrighted material. You then download unauthorized material.
- You transfer copyrighted material using an instant messaging service.
- You have a computer with a CD/DVD burner that you use to burn copies of music or movies you have downloaded onto writable media and then distribute those to your friends.
There is a common misconception that you may duplicate and distribute copies of copyrighted materials as long as you do not sell the duplications. This is untrue. Copying and distributing someone else’s work may violate an author’s rights even when you are not selling the copies.
Violations to federal copyright law may carry heavy civil and criminal penalties. For example, civil penalties include damages and legal fees. The minimum fine is $750 per downloaded file. Criminal penalties, even for first-time offenders, can be stiff: up to $250,000 in fines and five years in prison.
A simple rule of thumb to help you identify which materials are protected by copyright and which are not: If you would typically pay for it, then it is probably protected. For more information, take our DMCA course in Canvas. Contact security@missouri.edu to enroll in the online course.
If you have copyrighted material on your computer and need assistance removing it, call Tech Support at 573.882.5000.
DMCA at MU
If you are using MU’s computer network, the University is your registered Internet Service Provider (ISP). The DMCA requires ISPs to take down or block access to copyrighted materials in a timely fashion when notified that their customers are sharing copyrighted files.
Complaints typically arrive directly from software, music, and motion picture associations, copyright holders, and law firms. The Division of IT disables network access for the listed device and attempts to identify the owner to inform him or her about the complaint. If the owner believes the complaint to be inaccurate, they are given the opportunity to contest the finding.
If your network connection has been disabled, call Tech Support at 573.882.5000. If you are informed that your connection has been disabled due to illegal file sharing or downloading, you must follow the steps below to have your network access restored:
- You must stop sharing of all copyrighted materials as defined by the UM Acceptable Use Policy and federal law.
- You must complete the Division of IT “Safe and Legal Computing on the Internet” course. After completing the course, you will sign an agreement to cease sharing copyrighted materials. Upon signing the agreement, it is expected that you will remove any files currently being shared across the network.
- Your device will remain off of the MU network for a minimum of two weeks.
- The Division of IT will assess a $200 administrative fee to individuals found in violation of policies related to illegal downloading or distribution of copyrighted files.
Any future violations by the same person are forwarded to the Office of Student Conduct for possible punitive action. Additionally, network access for students with multiple violations may be suspended for one semester on the second violation and forfeited permanently on the third violation. Any attempts to circumvent the disabling of network access are treated as a flagrant violation of policy and are forwarded to Student Judicial Affairs for punitive action.
In an attempt to reduce the unauthorized distribution of copyright protected works on the MU campus, the Division of IT has implemented a Peer-to-Peer File Sharing Policy which prohibits the use of Peer-to-Peer applications on the MU network.
Legal Repercussions for DMCA Violation
Under the Digital Millennium Copyright Act (DMCA), copying and sharing copyrighted materials without permission is illegal. The Recording Industry Association of America (RIAA), the Motion Picture Association of America (MPAA), and some other copyright owners and groups have stepped up their efforts to curb illegal file sharing on the Internet. Some of these organizations distribute “early settlement” letters to universities around the country as part of their anti-theft campaign. Given this activity, it is more important than ever to understand the importance of using legal methods when downloading files and the University’s position regarding these early settlement letters.
As a matter of policy, the Division of IT takes action when it is notified that someone is using the University’s network to distribute copyrighted materials without permission.
Early Settlement Letters
MU has decided to forward “early settlement” letters to students that the RIAA or other copyright holders allege have shared copyrighted material illegally while using the University network. MU will send a cover letter along with any early settlement letter to the student’s email address as well as his/her current and permanent addresses. Unless served with a proper subpoena, court order, or other legal process, the University will not release the name of the student. By forwarding the early settlement letters, MU has made no determination that a student has engaged in copyright infringement or that they should enter into an early settlement with the copyright holder. It is solely the student’s personal decision whether to respond to the early settlement procedure. MU believes that students should seek legal counsel before responding to these letters.
Legal Downloading
There are many options for legal downloading; a list of many of these services is available on the Educause website.
The Division of IT provides educational materials about the potential legal and policy enforcement consequences of illegal file sharing. To find out more about these programs, please contact the IT Security group at security@missouri.edu.
To comply with the law and to protect yourself from possible litigation, we strongly encourage you to remove illegally obtained copyrighted material from your computer and to stop downloading copyrighted material illegally if you do so now. We will continue our educational efforts in this area, but ultimately the choice is yours.
The Division of Information Technology provides Domain Name Services (DNS) assignment and management and Internet Protocol (IP) address changes from 8 a.m. to 5 p.m, Monday through Friday. After-hours requests may incur charges at the prevailing overtime rate. Visit the DNS-IP page for more information.
Work with your IT Pro to request services.
Students
Eligibility
- Enrolled, with courses appearing in myZou.
- Within 33 days of the start of the semester for which you are enrolled.
- Med School students receive a MU Health Care badge.
- Vet Med students receive a Vet Med badge.
Required Documentation
To ensure campus safety you must present both of these forms of identification prior to receiving your MU TigerCard:
- Student number, as listed in myZou.
- Valid U.S. government-issued photo ID (driver’s license, military ID, passport, state ID, etc.). Paper copies are not accepted. You may purchase a Missouri state ID at the Department of Motor Vehicles; visit the Licensing Checklist page for documents you will need to provide.
Fraudulent Use
- Use of any ID card other than your own is fraud. Any ID card used by a non-owner will be confiscated immediately and offenders will be prosecuted.
Student Charge Availability
- Student charge options are available to full-time students who are financially enrolled for the current semester.
Replacement
- IDs that are broken or unusable due to normal wear and tear will be replaced at no charge at the discretion of the ID Office staff.
- Lost or stolen IDs may be replaced for $25, payable by Student Charge.
Break in Attendance
- Your ID card can be reactivated once you are re-enrolled and your information displays in myZou.
Faculty/Staff
Eligibility
- Personnel Action Form (PAF) has been completed by hiring department and appointment appears in PeopleSoft Webapps.
- Visiting faculty and staff should work with the sponsoring department to complete a courtesy PAF.
- Outside vendors and contractors may be issued an ID card for door access and general identification upon completion of the courtesy PAF.
- MU Health Care employees are issued a hospital badge which may be used on campus as well as at the Hospital.
- Privileges are assigned based on your primary appointment or role. Faculty or staff will have applicable student privileges added to their TigerCard or MU Health Care badge if enrolled in classes.
Required Documentation
To ensure campus safety you must present both of these forms of identification prior to receiving your MU TigerCard:
- Emplid as displayed in myHR.
- Valid U.S. government-issued photo ID (driver’s license, military ID, passport, state ID, etc.). Paper copies are not accepted. You may purchase a Missouri state ID at the Department of Motor Vehicles; visit the Licensing Checklist page for documents you will need to provide.
Use
- Use of any ID card other than your own is fraud. Any ID card used by a non-owner will be confiscated immediately and offenders will be prosecuted.
Replacement
- IDs that are broken or unusable due to normal wear and tear will be replaced at no charge at the discretion of the ID Office staff.
- Lost or stolen IDs may be replaced for $25, payable by MoCode or payroll deduction.
What is IT Compliance?
IT Compliance is the act of adhering to established rules, standards, or specifications to align with university and government expectations. This may include adherence to laws and regulations, sponsor-imposed contract requirements, or internal policy and procedure.
For IT related purchases as well as changes to existing products and renewals, this service will review applicable requirements, identify steps for meeting obligations, and implement necessary safeguards and countermeasures.
Visit the IT Compliance page to learn more.
Laptop Loan Policy
- Laptops can be checked out by currently enrolled MU students.
- The laptop loan period is for two consecutive hours. If there is no waiting list, laptops may be renewed for additional two-hour loan periods.
- Laptops are available on a first come/first serve basis only. No advance reservations are allowed.
- Students will need to show their Mizzou Tiger Card.
- Students are allowed to have one laptop checked out at a time.
- The borrower is responsible for copying and/or saving any data from the laptop. Employees are not responsible for lost or damaged documents and data.
- Failure to comply with the rules and guidelines outlined in this agreement may result in the revocation of borrowing privileges and/or fines.
- Laptops will not be checked out during the last hour of business.
- Laptops must be returned in person, by the borrower. Do not drop off the laptop at the desk and leave before it has been checked in.
- Laptops must be returned before the Laptop Checkout Station closes, regardless of checkout time.
Computer Use
- The UM Acceptable Use Policy (AUP) applies to all Computing Site usage, including laptops in the Checkout Program.
- The borrower will not leave the laptop unattended for any length of time, remove it from the designated area, or loan it to another person.
- Laptops from the Laptop Checkout Program are to be used for academic purposes only.
- Tampering with existing hardware is not allowed.
Late Return
- If the laptop is not returned on time, a non-refundable late fee of $5 per hour (until the closing of the Checkout Station that day) will be charged to the student.
- Late fees will be assessed in 30-minute increments until the closing of the site that day.
- Thereafter, a late fee of $50 per day will be charged to the student and MU Police will be notified.
- Returning a laptop late on more than two occasions may result in the revocation of checkout privileges from any site.
Damage/Loss Policy
- The borrower is financially responsible for any damaged or missing laptops and components.
- If a laptop or component is damaged or missing, the borrower will be charged repair and/or replacement costs for both hardware and software.
- Replacement and repair costs are subject to change and will be assessed accordingly. (The approximate replacement cost is $2,500-$3,000.)
Refer to UM System Mandatory reporting Requirement policy.
Go to doitservices.missouri.edu to request port activations and deactivations. Login to the self-service portal with your University user id and password, select Service Catalog, and search for Data Ports. We will fulfill requests submitted by the next business day. Activation fees will apply.
DoIT owns, operates, and maintains networking equipment. Only Division of IT personnel may access wiring closets to activate or move data ports.
Work with your IT Pro to request services.
Effective January 2007, MU policy prohibits the use of all peer-to-peer applications such as BitTorrent and LimeWire. In compliance with this policy, network administrators block these technologies. Faculty, staff, or students attempting to circumvent the blocks violate MU policy.
This policy does not exempt MU faculty, staff, or students from sanctions for illegally downloading or distributing copyrighted materials. For more information, see the DMCA policy.
Direct questions to isam@missouri.edu.
The Division of Information Technology (DoIT) does not permit the connection and use of unauthorized switches or hubs (shared network devices) on Mizzou TigerNet. DoIT will disconnect access to unauthorized devices and issue a security incident.
Go to doitservices.missouri.edu to rent switches and hubs for special events and circumstances. Login to the self-service portal with your university user id and password, select Service Catalog, and search for Network Switches.
MU’s business policy 5:085 prohibits unauthorized wireless access point (AP), i.e. APs not installed, maintained, and managed by the Division of IT (DoIT). This policy facilitates a common campus wide standard for wireless networking available to all legitimate users. When DoIT identifies an unauthorized AP, we’ll ask the owner to remove it from the network.
Refer to UM System Procurement Policy
Workstation Administrative Access Scope
This standard applies to all university-owned workstations running a Windows, Macintosh, or Linux desktop operating system.
Standard
By default, all members of the university community using campus-owned workstations are granted the “Standard User” access level on their individual workstations. University-owned workstations are configured as part of central managed service to automatically receive software, secure configurations, updates and security patches, so administrator access is not necessary in most cases.
The Principle of Least Privilege. All University employees should use the least set of access necessary to operate their computers. By adhering to this principle, we limit the damage that can result from a poorly written application, viruses, malware, ransomware, an accident, or error.
Division of Information Technology will provide local computer “Administrator Access” when it has been determined that there is a valid business case for needing it. All requests will be reviewed on a case-by-case basis, and if approved, workstation admin rights will be granted. The usage and necessity of all end-users with workstation admin access shall be audited every six months. To continue possessing an account, a valid business purpose must still continue to exist.
Learn More about Workstation Administrative Access Scope.