Information Technologies & Services

11.01 - Responsible Use of Information Technology Resources

Last Updated: March 3, 2023

Last Reviewed: March 3, 2023

Policy Statement

All members of the Weill Cornell Medicine community are responsible for protecting the confidentiality, integrity, and availability of data created, received, stored, transmitted, or otherwise used by the college, or for college activities by authorized parties regardless of the medium on which the data resides and regardless of the format (e.g., electronic, paper, fax, or other physical form).

Departments are responsible for implementing administrative, operational, physical, and technical controls for access, use, transmission, and disposal of Weill Cornell Medicine data in compliance with all Weill Cornell Medicine policies, standards, procedures, and guidelines.

Weill Cornell Medicine expects community members, including but not limited to faculty, staff, and students, to use all Weill Cornell Medicine information technology resources and data in a manner that is legal, ethical, and consistent with the mission of education, research, and patient care.

Reason for Policy

Information technology resources and data constitute valuable Weill Cornell Medicine assets. The use of these assets is constantly changing and evolving, and it is important that Weill Cornell Medicine articulate a clear statement regarding their appropriate use. This Policy provides both broad and detailed requirements for the responsible use of information technology resources and data. In addition, it requires departments to appoint liaisons who will facilitate communications, training, and awareness programs working with the Information Technologies & Services Department (ITS) and all other college departments.

Entities Affected by this Policy

All units of Weill Cornell Medicine, including Weill Cornell Medicine-Qatar.

Who Should Read this Policy

All members of the Weill Cornell Medicine community utilizing Weill Cornell Medicine information technology resources.

All stewards and custodians of Weill Cornell Medicine data.

Web Address of this Policy

https://its.weill.cornell.edu/policies

Contacts

Direct any questions about this policy, 11.01 – Responsible Use of Information Technology Resources, to Brian J. Tschinkel, Chief Information Security Officer, using one of the methods below:

  • Office:                          (646) 962-2768
  • Email:                           brt2008@med.cornell.edu

 

 

1.   Principles

1.01      Acceptable Use

Acceptable use of Weill Cornell Medicine IT resources and data includes, but is not limited to, community members:

  1. Respecting system security mechanisms, and not taking measures to circumvent, ignore, or break these mechanisms,
  2. Showing consideration for the consumption and utilization of ITS resources,
  3. Understanding and complying with policies, standards, procedures, and guidelines concerning the security of the Weill Cornell Medicine information technology and data, and,
  4. Assisting in the performance of investigation and remediation steps in the event of a suspected or detected security incident.

1.02      Unacceptable Use

Unacceptable use of IT resources and data includes, but is not limited to,

  1. Unauthorized access to or unauthorized use of Weill Cornell Medicine ITS resources
  2. Use of ITS resources in violation of any other Weill Cornell Medicine policy, applicable law or regulation,
  3. Any activity designed to hinder another person's or institution's use of its own information technology resources or data,
  4. Downloading, executing, installing, distributing, or recklessly using suspicious or malicious software (e.g., key generators, pirated software, spyware, viruses, etc.),
  5. Security breaches, intentional or otherwise, including negligent management of data, servers, workstations, other devices or peripherals, or applications resulting in unauthorized use or compromise, and
  6. Sharing of a password.

1.03      Liaisons

In order to facilitate compliance with this and other security policies, each department must appoint a liaison who will be responsible for:

  1. Understanding security policies and assisting in disseminating and evangelizing policies, standards, procedures, and guidelines to the greater Weill Cornell Medicine community,
  2. Meeting with appropriate ITS staff members on a predetermined, regular basis to discuss security and other information technology and data related issues,
  3. Providing documented authorization and de-authorization for data and information technology resource access requests to ITS whenever appropriate,
  4. Assisting in performing remediation steps in the event of data loss, theft, compromise, suspected or detected security incidents, etc., and
  5. Assisting in coordinating all activities related to electronic discovery.

Departments may choose to appoint multiple liaisons when appropriate.

Policy Download: 
PDF icon 11.01 - Responsible Use of Information Technology Resources

Need Help?

myHelpdesk
Open a ticket
(212) 746-4878
Monday-Sunday
Open: 24/7 (Excluding holidays)
SMARTDesk
WCM Library Commons
1300 York Ave
New York, NY
10065
M-F
9AM - 5PM
Make an appointment

575 Lexington Ave
3rd Floor
New York, NY
10022
Temporarily Closed

IT Glossary

Type an acronym or term you would like a definition for.