C08.2 Code of Conduct for Computer Use

This policy and code applies to all members of the RIT community, including students, faculty, staff, alumni, trustees, or those with an RIT computer account. It governs all community members’ conduct while representing RIT, using RIT resources, or connecting to the RIT networks. This policy and code incorporates the RIT Compliance Program and Procedures that seek to ensure ethical, legal, and regulatory compliance available at the Office of Compliance and Ethics website. This policy and code should be referenced in context with the other RIT policies available online, as well as the specific policies and procedures incorporated below that already address key obligations and compliance risk areas for members of the RIT community.

RIT expects adherence to the requirements of this code of conduct and these identified RIT policies at all times. The mere absence of a specific policy does not relieve any individual in the RIT community of the responsibility to apply the highest ethical standards when using RIT Information Technology Resources.

Related Policies
C00.0 - Compliance Policy and Code of Ethical Conduct
C03.0 - Intellectual Property
C06.0 - Prohibiting discrimination and Harassment
C07.0 - Privacy Policy
C08.1 - Information Security Policy
C11.0 - Policy on Freedom of Speech and Expression
C18.0 - Illegal Conduct
C22.0 - Records Management Policy

The Information Technology Resources of RIT are intended to support the mission of teaching, scholarly activity, and service for the university’s students, faculty and staff.  Appropriate use of Information Technology Resources by members of the RIT academic community should always reflect academic honesty and good judgment in the utilization of shared resources, and observe the ethical and legal guidelines of society. This document constitutes the RIT policy for the proper use of all Information Technology Resources.

RIT Information Technology Resources provide access to a wide variety of internal and external resources. This privilege of access requires individual users to act in an ethical manner and as a result imposes certain responsibilities and obligations. It is the responsibility of every user to respect the rights, privacy, and intellectual property of others, respect the integrity of the resources, and abide by all local, state, and federal laws and regulations.

This document outlines the user privileges and responsibilities as well as the guidelines and procedures for the responsible use of RIT Information Technology Resources. It is intended to allow for the proper use and management of these resources, provide protection of users’ rights, ensure reasonable access, and provide guidelines for accountability. It applies not only to RIT Information Technology Resources, but also to all computers and electronic devices including but not limited to (IoT) connected to RIT Information Technology Resources in any way.

This policy incorporates other RIT policies that apply to the use of RIT's Technology Resources, including virtual or off-campus conduct that impact RIT Community members. This policy does not supersede rights or obligations of the respective policies:

1. Privacy - RIT’s Policy on Privacy (C7.0) applies in the context of computer use. 

2. Freedom from Discrimination, Harassment and Retaliation - RIT's Policy on Discrimination, Harassment and Retaliation (C6.0) applies in the context of computer use.

3. Intellectual Property - RIT's Policy on Intellectual Property (C3.0) applies in the context of computer use.

4. Freedom of Speech and Expression -  RIT's Policy on Freedom of Speech and Expression (C11.0) applies in the context of computer use.

5. Incidental Use - The Rochester Institute of Technology (RIT) has multiple policies that define incidental use of resources and facilities; C03.0 Intellectual Property Policy, C07.0 Privacy Policy

Members of the RIT community have the responsibility to use RIT Information Technology Resources in ways that respect the rights of others and permit our common electronic resources to be equitably shared. Since free and civil discourse is at the heart of the RIT community, users should communicate in a manner that advances the cause of learning and mutual understanding.

In exchange for use of RIT Information Technology Resources, users assume the responsibility to use resources in a responsible and professional manner. The following paragraphs highlight a non-exhaustive list of specific responsibilities. Questions about the appropriateness of any use of resources should be directed to the staff of the Division of Information and Technology Services or the systems personnel responsible for the resource in question.

1. Access

   1. Passwords and similar authorization information - Passwords are the primary way in which users are authenticated and authorized to use RIT Information Technology Resources. Users must not share or disclose their password(s) to any individual, including a faculty or staff member. Similarly, they must not disclose any other identifying information (e.g., PIN (personal identification numbers)) used to access specific system information. Authorized users are held accountable for violations of this Code of Conduct involving their accounts.

   2. Unauthorized use of resources – Users are prohibited from activities such as sharing login credentials for a computer account or providing access to restricted databases. Users may not use another user’s account to gain access to resources to which they are not authorized. Users must also not retain privileges or access to systems or information that are no longer necessary for their new or current role within RIT unless there is an approved justification.

   3. Circumventing or compromising security - Users are prohibited from using any means to compromise the security of any system, internal or external to RIT Information Technology Resources. This includes non-technical activities such as misrepresenting one’s identity or impersonating another user.

2. Self-Protection - Any authorized user who connects a computer to RIT's physical or virtual network must ensure that the computer is protected against compromise from an internal or external attack. In this context, reasonable measures include the installation and maintenance of virus detection and eradication software, care in opening all message attachments, vigilance when visiting web sites and adhering to published system configuration and management standards. Authorized users are responsible for following all applicable information security standards and policies.

3. Personal and Commercial Use - It is prohibited to use RIT Information Technology Resources to run a business or commercial service or to advertise for a commercial organization or endeavor. Use of RIT Information Technology Resources for any form of personal profit is strictly prohibited.

4. Communication with Government Officials - All communications with government officials must abide by RIT guidelines for political activities as outlined in policy C10.0. Individuals wishing to address a legislative issue on behalf of RIT  should consult with the Office of Government and Community Relations before sending such communications using the RIT network.

5. Harmful Activities - One must not use the RIT Information Technology Resources to cause harm to any individual or to harm any resources, whether internal or external to RIT. Examples of harmful activities, in addition to those noted elsewhere in this Code, include (but are not limited to):

   1. Degrading performance or otherwise disabling Information Technology Resources.

   2. Destroying, altering, copying, or compromising information integrity (e.g., student records, personnel information, etc.)

   3. Email spamming.

   4. Threatening, harassing or intimidating email, postings, and messaging or other harmful forms of communication.

   5. RIT resources may not be used to impersonate other members of the RIT community.

6. Illegal Activities - Members must refrain from any conduct that is illegal. Illegal activities that are prohibited include (but are not limited to):

   1. Copyright infringement, including publishing copyrighted material such as papers, software, music, musical scores, movies, and artistic works. It is irrelevant whether or not any profit is made from such distribution; the mere fact of providing uncontrolled access to such material is illegal (C03.2).

   2. Divulging information that is confidential, private, or proprietary information.

   3. Misrepresentation of one’s identity to gain access to systems, software, or other services to which one does not have authorized access.

1. Information Technology Resources: RIT-owned or leased transmission lines, networks, wireless networks, servers, exchanges, Internet connections, terminals, applications, mobile devices, and computers. Information owned by RIT or used by RIT under license or contract, in any form including but not limited to all types of electronic media, portable media, all electronic hardware, software, network, communications device or system and paper. Personal computers, servers, wireless networks, mobile devices, and other devices including (IoT) not owned by RIT but intentionally connected to RIT-owned Information Resources.

2. Internet of Things (IoT): The Internet of Things (IoT) is a network of physical objects that are embedded with sensors, software, and other technologies that allow them to connect and exchange data with other devices and systems over the Internet.

RIT reserves the right to restrict or deny access to its Information Technology Resources to those whose use of them is not consistent with the mission of RIT. Users should be aware that their use of the RIT Information Technology Resources is not completely private. However, in all operations discussed in the following paragraphs, individual rights of privacy will be preserved to the extent possible and compatible with the nature of the operation. As an institution, RIT retains the following rights with respect to its Information Technology Resources:

1. Allocation and Control of Access to Resources - Those responsible for maintaining RIT Information Technology Resources have the right to allocate resources in ways appropriate to the achievement of RIT's overall mission and objectives. They may also control access to its information and the devices on which it is stored, manipulated and transmitted in accordance with the policies of RIT, the laws of the State of New York, and the United States.

2. Usage Monitoring and Inspection of Files - While RIT does not routinely monitor individual usage, the normal operation and maintenance of the RIT's information technology environment require the backup and caching of data, the logging of usage data, the monitoring of usage patterns and other such activities that are necessary for maintaining network availability and performance. RIT system and network administrators may review this data for evidence of violation of law or policy. When necessary to ensure network availability and performance, or to respond to an alleged violation of law or policy, system and network administrators may monitor the activities and inspect the files of specific users on their computers and networks.

3. System and Network Administration Access - Authorized RIT personnel may access others’ files for the maintenance of network computer and storage systems. Similarly, for the maintenance or security of networks, a network administrator may access others’ files and data on network devices or in transit. System Administrators are required to uphold the same confidentiality, ethics, and information integrity as all other users.

4. Information Security Procedures - Units are responsible for complying with all RIT information security policy and standards, educating users of their responsibilities, and providing a reasonable level of security for sensitive information.

For this policy to be effective, all members of the RIT community must be alert to possible violations. If a member of the community suspects that another community member is abusing his or her privileges or is engaged in activities forbidden by this policy, it is that member’s responsibility to report this via the Ethics and Compliance reporting process. Details around this process can be found here: https://www.rit.edu/fa/compliance/reporting-incident.

Responsible Office: Information and Technology Services. Questions regarding this policy should be directed to the RIT Service Center (help.rit.edu)

Effective Date:
July 1, 2019

Policy History: 
Approved April 6, 1988
Revised April 24, 2002
Edited October 2010
Edited August to reflect change in responsible office
Interim Status – April 2019

Interim status removed. Revisions to policy approved April 23, 2025 by University Council