Information Technology Services

IT Policies and Practices

Rutgers, OIT, and Bloustein Policies and Practices

The Bloustein School follows the Policies contained in the Rutgers Policy Library as well as best practices set by the Rutgers Office of Information Technology (OIT).  The Bloustein School may create additional polices, practices, and procedures that apply to affiliates of the School.  Several key policies and practices are listed below, with added context for Bloustein.

Acceptable Use Policy

All Rutgers affiliates are expected to practice safe and responsible use of IT resources at the University, an expectation formalized by the University’s Acceptable Use Policy for Information Technology Resources. Below are selected portions of the policy with added context…

    • University IT resources, including hardware, software, and online services, are to be used primarily in support of University work, projects, and objectives
      • Hardware includes items such as University-provided laptops, desktops, tablets, and more
      • Software includes items such as University-provided desktop software, browser add-ons, mobile apps, and more
      • Online services include University-provided email, videoconferencing, web hosting, and more
    • Personal use is acceptable, so long as that use is incidental and does not interfere with University projects or tasks
      • If a specific personal use case is detected as a security concern, IT staff may recommend targeted restrictions
    • To best protect your personal privacy, we highly advise against any comingling of University and personal data
      • As an example, when IT staff responds to an IT security alert on a University-provided device, we may need to disclose the data found on the device as part of the investigation, which may include personal data if stored on the device
    • “Circumventing, disabling, or attempting to circumvent or disable security mechanisms” when using University IT resources is specifically prohibited
      • IT staff regularly monitor University IT resources for threats, intrusions, and misuse, and Bloustein ITS is required to report to OIT when this monitoring detects a potential high severity incident
    • Use of these University IT resources for “private advertising or other private commercial purposes” is specifically prohibited
Artificial Intelligence (AI)

Artificial Intelligence (AI) use and research is subject to the same IT policies and practices as other software and online services.  This includes policies regarding data security, purchasing, risk assessment, and responsible use.  For more information, visit Artificial Intelligence at Rutgers.

Disposition of Used IT Equipment

In general, Bloustein does not allow faculty or staff to purchase their previously-assigned IT equipment upon retirement or departure from the School.  Bloustein IT will, upon request, provide a consult to identify potential retail purchase options and assist in configuring the new machine to have the same look and feel as the previously-assigned machine (as licensing and data security allows).

Machines returned to Bloustein IT will be evaluated for potential re-deployment, salvage, or surplus.  Items designated as surplus are considered to have reached the end of their usable life and will be disposed through Rutgers Surplus Operations.  Any equipment that contains University data is either wiped or destroyed before disposal.

Email and Calendaring Systems

As detailed in Email and Calendaring Systems: Standards and Guidelines by the Rutgers Office of Information Technology, Rutgers Connect is the official email and calendaring system for faculty and staff, and ScarletApps is the official email and calendaring system for students.

Faculty and staff must use their official University email address through Rutgers Connect for all University business.  The automatic forwarding of Rutgers Connect email to an email system outside of Rutgers Connect is not allowed.  Example use cases of email communication that must be conducted via Rutgers Connect include…

      • Advisors and Instructors communicating with students
      • Student Workers communicating with their supervisor and colleagues regarding work tasks
      • Employees submitting timesheets to the Business Office
      • Faculty and staff communicating with prospective and current vendors
IT Security and Training

IT security is a shared responsibility, and all Bloustein School staff, faculty, and student workers are expected to complete assigned security training and report potential IT security incidents.  Bloustein ITS provides a separate Security Policies & Recommendations page with more specific IT Security recommendations, as well as a detailed Non Public Personal Information Policy.

Bloustein uses the KnowBe4 platform for IT security training, with an initial security training upon hiring and refresher security training each year.  Supervisors may request additional security training for users with access to protected data, users with privileged system access, and any other users in need of additional training.  When logging into the KnowBe4 platform, please remember to use your @ejb.rutgers.edu email account to access the system.

For more information please visit Bloustein’s Security Policies & Recommendations page and OIT’s Security page.

New Professor Research/Startup Account Technology Purchasing Policy
      • Information Technology (“IT”) equipment associated with a home office that is in direct support of research and teaching is permitted.
      • Non-IT equipment is not permitted, except where required by an disability finding or an REHS Ergonomic Assessment, such as a standing desk.
      • Exceptions to restrictions on home-office purchases may be considered with the approval of the Associate Dean of the Faculty and Director of Business/Budget.
      • All equipment purchased by Rutgers University is owned by Rutgers University. All Rutgers owned equipment designated for off-site use, must be signed out through the Bloustein School Information Technology Services Office using the official Rutgers sign out form for equipment removed from University premises. Employees that separate from Rutgers University must return all off site equipment prior to their last official date of employment with Rutgers University. Equipment that is no longer needed or has reached an end of life must also be returned to Rutgers University for re-allocation or disposal.

Policy Last Revised:  30 Jun 2022

Non-Public Personal Information (NPPI) Policy

Non-Public Personal Information (NPPI) is personal, private information that is not available to the general public through public records or widely distributed in media.  This includes, but is not limited to…

      • Social Security numbers
      • Driver’s license numbers or state identification card numbers
      • Credit or debit card numbers
      • Medical records
      • Student records
      • Financial records
      • Legal Records
      • Police Records
      • Studies or surveys using confidential or personally identifiable data

Bloustein School affiliates that make use of NPPI must register as a data custodian with Bloustein ITS, complete IT security training upon request, follow any applicable data security plans, comply with security audits, and report any suspected breach of data security.  Bloustein ITS provides training for data custodians, assistance with the creation of data security plans, and scanning of systems for potentially unprotected NPPI data.

For more detailed information, please see the “Non-Public Personal Information Policy” section on the Bloustein Security Policies & Recommendations page.

Ownership of University-Purchased Equipment

All equipment purchased by Rutgers University is owned by Rutgers University.

All University-Purchased equipment designated for off-site use must be signed out through Bloustein School ITS using the official Rutgers sign out form for equipment removed from University premises.

Employees that separate from Rutgers University must return all assigned equipment prior to their last official date of employment with Rutgers University.

Equipment that is no longer needed, or has reached end of life, must be returned to Rutgers University for re-allocation or disposal.  Rutgers Surplus Operations must be used for the disposal of applicable IT equipment.

Purchasing Hardware, Software, and Online Services

Purchases involving IT hardware and/or software (including cloud and online services) must be reviewed by Bloustein ITS. Whenever possible, these purchases are to be processed via purchase order. If an IT purchase cannot be processed via purchase order, purchase via P-Card or check request must be approved by the Business Office. IT purchases are not eligible for reimbursement if charged to a personal payment method except in very limited circumstances, which must be approved before purchase by both the Business Director and IT Director. Failure to follow this guidance may result in rejection of an expense reimbursement request.

All IT software purchases (including cloud and online services) that are not ordered through the Rutgers Software Portal must undergo risk assessment by OIT Risk Assurance. The individual requesting the purchase must fill out the Third Party Vendor Risk Assessment form if the purchase is a new use case or if a risk assessment has not been performed previously. Afterwards, individuals may fill out the shorter Third Party Vendor Recertification each year upon license or service renewal. The individual will receive, as two separate email messages, a receipt followed by the risk assessment report. The Business Office will need the risk assessment report (also known as “Risk Memo”) to proceed with the purchase.

Software and Online Service Risk Assessment

Any use of software or online service that utilizes or stores University data, including administrative records, student records, research data, and more, must be approved by Bloustein ITS and/or Rutgers OIT.  If a software or online service is not yet approved by Bloustein ITS or Rutgers OIT, it must be brought to Bloustein ITS for review, who may then submit a request to OIT for a Third Party Vendor Risk Assessment.  If necessary, Bloustein ITS will assist in the creation of a data security plan.

University-Wide IT Policies and Practices

Select University-Wide IT polices and practices, for reference and further reading…

Student Support

Canvas

Citation Management

Classrooms & Labs

Printing

Laptop Recommendations

Software

Email & NetID

Video Conferencing Software

WIFI

Faculty Support

Classrooms

Equipment Requests

Instructional Technology & Training

Email & NetID

University Resources

Video

Webpage Updates

Video Conferencing Software

Staff Support

Email & NetID

New Users

Phone Support

Laptop Recommendations

Training