Electronic Mail (Email)
Purpose
Electronic mail (email) is the primary means of communication within the University and externally. The purpose of this policy is to describe permitted use of University email services and to ensure these critical services remain available and reliable.
Scope
This policy applies to anyone who uses the University’s email services, including but not limited to faculty, staff, students, contractors, consultants and guests.
Policy
EMAIL SERVICES
- Bryant University's email services are intended for teaching, learning, research, and administration in support of Bryant University's mission. Employees of the University must use their University-issued email account for University business and may not use personal email accounts for University business.
- Email is considered an official means for communication within Bryant University. Email users are required to comply with state and federal law, University policies, and normal standards of professional and personal courtesy and conduct. Access to University email services is a privilege that may be wholly or partially restricted by the University without prior notice and without the consent of the user: a) when required by and consistent with applicable law or policy; b) when there is a reasonable suspicion that violations of policy or law have occurred or may occur; or c) when required to meet time-dependent, critical operational needs. Such access restrictions are subject to the approval of the appropriate University supervisory or management authority (e.g., department heads, systems managers, etc.).
- All use of email, including use for sensitive or confidential information, will be consistent with the University policy. Confidentiality regarding student records is protected under the Family Educational Rights and Privacy Act of 1974 (FERPA). All use of email, including use for sensitive or confidential information, must be consistent with FERPA.
- On termination, resignation, or graduation, the individual's email account will be disabled, and all information retained for a period of ninety (90) days before deleted.
- In the event of a compromised email account, the account will be disabled, and the user's password changed. The IT Service Desk will be notified of the situation and in turn will inform the account owner. Should the account be exploited for spamming purposes, appropriate measures will be taken to mitigate the damage to the Bryant domain. Outbound mail leaving the Bryant domain from the account may be restricted for up to 72-hours or until all offending email is purged from the system.
- Information Services implements information security best practices and uses spam filtering tools to maintain the confidentiality, integrity and availability of the University’s email system. University employees requesting exceptions to the certified email configuration, such as a whitelist exception, should consult with IS. Requests should be sent to IT Service Desk helpdesk@bryant.edu.
SECURE EMAIL SERVICE
The Secure Email service is designed for faculty and staff who need to use email to send sensitive information as defined by the University’s Data Classification Policy, to a non-Bryant email account.
The University’s Secure Email service is designed as an opt-in service. The service assumes that a Bryant community member can identify whether they need to use the service when sending to a non-Bryant email account. The service will encrypt the sensitive information before releasing it to the non-Bryant account. The receiver will be provided the necessary information to easily decrypt the information.
For additional information on using secure email services, see How to secure emails using encryption or contact the IT Service Desk for more assistance.
RESTRICTIONS USING EMAIL SERVICES
- Persons given access to Bryant University's email system are expected to be familiar with and abide by the policies stated in the Bryant University Employee Handbook and the guidelines in this document.
- Bryant University email services may not be used for personal business or personal gain except as permitted by other University policies.
- It is a violation of this policy to use email to libel, threaten, or harass other individuals.
- Unsolicited email messages to multiple users are prohibited unless explicitly approved by the appropriate University authority.
- All messages must show the genuine sender information (i.e., from where and from whom the message originated). Users are not allowed to impersonate other users or user groups, real or fabricated, by modifying email header information in an effort to deceive the recipient(s); e.g., email spoofing is specifically prohibited.
Offensive Material - Use of University owned or provided equipment for viewing, accessing, or transmitting offensive material is strictly forbidden. This applies to any screen display or printing of images, sounds, or messages that could reasonably be considered unlawful, threatening, abusive, libelous, defamatory, obscene, pornographic, profane, or otherwise objectionable. Any attempt, whether by student, employee, or guest of the University, to access, view, or transmit such material using University-owned equipment or network resources will result in disciplinary action and possible loss of network privileges.
Users of campus communications are subject to all applicable local, state, and federal laws and regulations, and Bryant University policies and procedures.
DOMAIN NAME AND EMAIL WHITELISTING
A whitelist is a list of email addresses, domains, and IP addresses which will not be blocked by the University’s spam filters. Whitelisting introduces additional cybersecurity risks to the University. Spammers take advantage of whitelisting which makes University inboxes more susceptible to spam, phishing scams, and viruses. Spammers can create spoofed emails from whitelisted email addresses, domains, and IP addresses, which can make their way to University Inboxes.
Periodically check your Junk Email folder to make sure you are not losing important, safe emails. If you are losing important emails, add the sender to your email safe senders list. Contact the Helpdesk for assistance. Other requests, such as whitelisting entire domains or IP address space will be considered on a case-by-case basis.
Retract or Recall an Email
Information Services reserves the right to retract or recall a suspicious, malicious, or otherwise unintended email deposited in a Bryant University recipient inbox. Before this action is taken, it must be authorized by a University Vice President or member of the IS Security Management Team.
RETENTION AND DISPOSAL
Most emails are NOT records. Most emails are simply electronically stored information without a lasting legal, operational, or historic value. Only emails that serve a legal, operational, or historic value are records, and should be managed in conjunction with any other records related to that function or activity. Refer to your organization’s records retention policy. For further guidance on the disposition of email messages and attachments see Email Retention and Disposition Schedule.
COMPLIANCE
Any violation of University standards and/or directives may subject the violator to disciplinary actions in accordance with appropriate University processes.
EXCEPTIONS
Any exceptions to directives outlined within this document are to be reviewed and approved by the Security Management Team as needed.
Policy Review and Revisions
Last Reviewed | Last Updated | Summary |
---|---|---|
1/8/2024 | 1/8/2024 | Annual review and update. |