Electronic Mail (Email)
Bryant University’s email services support the educational and administrative activities of the University and serve as a means of official communication by and between users and Bryant. The purpose of these guidelines is to ensure that this critical service remains available, reliable, and is used for purposes appropriate to the University's mission.
These guidelines apply to all members of the Bryant community who are entitled to email services.
Guidelines and Recommendations
- Bryant University's electronic mail services are University facilities and are intended for teaching, learning, research, and administration in support of Bryant University's mission. Employees of the University must use their University-issued email account for University business and may not use personal email accounts for University business.
- Email is considered an official means for communication within Bryant University. Email users are required to comply with state and federal law, University policies, and normal standards of professional and personal courtesy and conduct. Access to University email services is a privilege that may be wholly or partially restricted by the University without prior notice and without the consent of the email user: a) when required by and consistent with applicable law or policy; b) when there is a reasonable suspicion that violations of policy or law have occurred or may occur; or c) when required to meet time-dependent, critical operational needs. Such access restrictions are subject to the approval of the appropriate University supervisory or management authority (e.g., department heads, systems managers, etc.).
- All use of email, including use for sensitive or confidential information, will be consistent with the University policy. Confidentiality regarding student records is protected under the Family Educational Rights and Privacy Act of 1974 (FERPA). All use of email, including use for sensitive or confidential information, will be consistent with FERPA.
- On termination, resignation, or graduation, the individual's email account will be disabled, and all information retained for a period of ninety (90) days before deleted.
- In the event of a compromised email account, the account will be disabled, and the password credential changed. The appropriate user support service will be notified of the situation and in turn will inform the account owner. Should the account be exploited for spamming purposes, appropriate measures will be taken to mitigate the damage to the bryant.edu domain name. Outbound mail leaving the Bryant domain from the account may be restricted for up to 72-hours or until all offending email is purged from the system.
The Division of IS implements information security best practices and uses spam filtering tools to maintain the confidentiality, integrity and availability of the University’s email system. University employees requesting exceptions to the certified email configuration, such as a whitelist exception, should consult with IS. Requests should be sent to firstname.lastname@example.org.
Secure Email Service
The Secure Email service is designed for faculty and staff who need to use email to send sensitive information as defined by the University’s data classification guidelines, to a non-Bryant email account.
The University’s Secure Email service is designed as an opt-in service. The service assumes that a Bryant community member can identify whether they need to use the service when sending to a non-Bryant email account. The service will encrypt the sensitive information before releasing it to the non-Bryant account. The receiver will be provided the necessary information to easily decrypt the information.
To get started all you need to do is put “Bryant//Secure” (leave out the quotes) somewhere in the subject line of the message. Contact the Helpdesk for more information.
Restrictions Using Email Services
- Persons given access to Bryant University's email system are expected to be familiar with and abide by the policies stated in the Bryant University Employee Handbook and the guidelines in this document.
- Bryant University email services may not be used for personal business or personal gain except as permitted by other University policies.
- It is a violation of this policy to use email to libel, threaten, or harass other individuals.
- Unsolicited email messages to multiple users are prohibited unless explicitly approved by the appropriate University authority.
- All messages must show the genuine sender information (i.e., from where and from whom the message originated). Users are not allowed to impersonate other users or user groups, real or fabricated, by modifying email header information in an effort to deceive the recipient(s); e.g., email spoofing is specifically prohibited.
Offensive Material - Use of University owned or provided equipment for viewing, accessing, or transmitting offensive material is strictly forbidden. This applies to any screen display or printing of images, sounds, or messages that could reasonably be considered unlawful, threatening, abusive, libelous, defamatory, obscene, pornographic, profane, or otherwise objectionable. Any attempt, whether by student, employee, or guest of the University, to access, view, or transmit such material using University-owned equipment or network resources will result in disciplinary action and possible loss of network privileges.
Users of campus communications are subject to all applicable local, state, and federal laws and regulations, and Bryant University policies and procedures.
Domain Name and Email Whitelisting
A whitelist is a list of email addresses, domains, and IP addresses which will not be blocked by the University’s spam filters. Whitelisting introduces additional cybersecurity risks to the University. Spammers take advantage of whitelisting which makes University inboxes more susceptible to spam, phishing scams, and viruses. Spammers can create spoofed emails from whitelisted email addresses, domains, and IP addresses, which can make their way to University Inboxes.
Periodically check your Junk Email folder to make sure you are not losing important, safe emails. If you are losing important emails, add the sender to your email safe senders list. Contact the Helpdesk for assistance. Other requests, such as whitelisting entire domains or IP address space will be considered on a case-by-case basis.
Retention and Disposal
Most emails are NOT records. Most emails are simply electronically stored information without a lasting legal, operational, or historic value. Only emails that serve a legal, operational, or historic value are records, and should be managed in conjunction with any other records related to that function or activity. Refer to your organization’s records retention policy. For further guidance on the disposition of email messages and attachments see Email Retention and Disposition Schedule.
Any violation of University standards and/or directives may subject the violator to disciplinary actions in accordance with appropriate University processes.
Any exceptions to directives outlined within this document are to be reviewed and approved by the Information Security Program Committee as needed.