ITS Email Standard - Office 365
Email is provided as a tool to assist and facilitate state business, communications with students, faculty, and its representatives to conduct official Clayton State University business. Email is one of the most important information technologies.You shouldn't write anything in e-mail that you would not want to send on a postcard through the mail. All electronic mail (email) transmitted to or from a Clayton State University (CSU) email system shall comply with all applicable federal and state regulations, and shall be governed by CSU security policies, standards, and/or guidelines. All information traveling over CSU computer networks that has not been specifically identified as the property of other parties will be treated as though it is a CSU business asset. It is the policy of CSU to prohibit unauthorized access, disclosure, duplication, modification, diversion, destruction, loss, misuse, or theft of any information. In addition, it is the policy of CSU to protect information belonging to third parties that has been entrusted to CSU in confidence.
To ensure compliance with this standard:
- Access to email shall be governed by authorization and access control and password protection policies and standards.
- All e-mail entering and leaving campus must go through the University Email Gateway to ensure that all email is properly scanned for virus and malware.
- Email passwords shall be encrypted and not be stored or passed in clear text.
- Email systems shall be protected from viruses, interception, and other malicious intentions.
- Use of CSU email systems for the creation or distribution of any disruptive or offensive messages is prohibited.
- Mass mailings about viruses or other malware warnings shall not be distributed by general users, and shall be validated, approved, and distributed by CSU appropriate security administrator(s).
- All email monitoring must be reviewed and approved by CSU Information Security & ePrivacy and/or CSU Legal representatives.
- Unauthorized email forwarding is prohibited. Email forwarding must be approved by the email account user or the CSU participant organization’s executive management.
- Sensitive data should not be sent off campus via e-mail unless required. In doing so, the information should be sent in a method to protect the data from interception, such as encryption.
- E-mails stored on campus equipment are the property of Clayton State University.
- As stated in the Bring Your Own Device standard care should be taken with emails in your Office 365 account that might contain sensitive data. Syncing your personally-owned device will also place copies of all of your emails onto your device.
- Only Clayton State University email accounts should be used as the official communication
method for CSU related messages. Likewise the CSU email address of the recipient should
always be used when applicable.
- Refrain from sending email to students’, faculties’, or staffs’ personal email accounts
- Refrain from forwarding from a CSU account to: third party email services (Gmail, Yahoo, and similar third party email provider’s third party cloud platforms.
- Likewise, within any CSU email directory students, faculty, staff and other CSU agents should refrain from replacing their CSU email address with their personal email address or “nickname”
- Transfer of CSU data designated as sensitive using a non - CSU email account could result in a violation of federal, state and/or local regulations.
- CSU emails should not be used to:
- Broadcast non-business related email to CSU faculty, staff and students (including but not limited to “For Rent/Sale” and personal notes to the campus)·
- Broadcast unsolicited email.
Related regulation CAN-SPAM act of 2003 (http://www.law.cornell.edu/uscode/html/uscode15/usc_sup_01_15_10_103.html)