Responsible Office: Office of Cybersecurity	Last Review: 05/23/2023 Next Review: 05/23/2025
Contact: Chris Madeksho	Phone: 901.448.1579 Email: mmadeksh@uthsc.edu

Purpose

To establish an announcement (banner) that will be displayed when users log into devices on the University of Tennessee Health Science Center (UTHSC) network advising them of the Acceptable Use Policy. This standard is also designed to meet compliance requirements for data regulated by federal or state law. This includes, but is not limited to, security requirements and safeguards for the Family Educational Rights and Privacy Act (FERPA), Health Insurance Portability and Accountability Act (HIPAA), or Gramm-Leach-Bliley Act (GLBA).

Scope

This practice applies to all UTHSC owned devices and the UTHSC Workforce who log into those devices using UTHSC credentials.

Definitions

UTHSC Information Technology (IT) Resource: Any data, device, or other component of the information environment that supports information-related activities. Assets generally include hardware (e.g. servers and switches), software (e.g. mission critical applications and support systems) and information.

UTHSC Credentials – a combination of an assigned NetID and password. UTHSC Workforce – employees, volunteers, trainees, student employees, paid contractors, or anyone acting in an official capacity for UTHSC, and other persons whose conduct, in the performance of work for a covered entity or business associate, is under the direct control of such covered entity or business associate, whether or not they are paid by the covered entity or business associate.

Responsibilities

Office of Cybersecurity is responsible for establishing the banner and implementing it on UTHSC owned devices on the network.

UTHSC Workforce is responsible for adhering to the practice and the security controls set forth in it.

Practice

1. The following banner is approved to inform potential users of the Acceptable Use policy and rules and restriction on the use of UTHSC computing devices.
   
   * * * * * W A R N I N G * * * * * *
   This computer system is the property of the University of Tennessee Health Science Center (UTHSC). It is for authorized use only. Users (authorized and unauthorized) have no expectation of privacy, either explicit or implicit, in any materials they place or view on this system.
   
   The use of this UTHSC owned device is governed under the policies, standards, and practices of the University and applicable laws. There is no representation that any uses of this system will be private or confidential. UTHSC is entitled to monitor this device (including, but not limited to its use and content). All systems and files on this device are considered the property of UTHSC.
   
   Unauthorized or improper use of this system may result in administrative disciplinary action and/or civil/criminal action. By continuing to use this system, you indicate your awareness of and consent to the terms and conditions of use.
   
   Please refer to the full UTHSC and UTSA Acceptable Use Policies for details.
   
   DO NOT LOG ON if you do not agree to the conditions, or you are not an authorized UTHSC user.
   
   * * * * * The University of Tennessee Health Science Center * * *
2. This banner is displayed before a person logs into a UTHSC owned device using their UTHSC credentials.
3. Users click “OK” or Enter after reading the banner to log into the device. By logging in, the user accepts responsibility for adhering to the UTHSC and University of Tennessee System Administration (UTSA) Acceptable Use policy and standard.
4. Exceptions to this practice should be requested using the process outlined in GP-001.02 Security Exceptions and Exemptions to ITS Standards and Practices

References

1. UTSA-IT0110-Acceptable Use of Information Technology Resources
2. GP-001.02 Security Exceptions and Exemptions to ITS Standards and Practices
3. GP-004-Acceptable Use of IT Resources