Cal State LA Appropriate Use Agreements

Information security is everybody's responsibility!

Employee Appropriate Use Agreement

Acknowledgement of Confidentiality and Appropriate Use of Access

  • Under the Family Educational Rights and Privacy Act (FERPA); CSU Executive Orders; CSULA Administrative Procedures, policies, and guidelines; and applicable federal and state laws and regulations, those Cal State L.A. employees with access to any and all institutional networks, systems, and/or data are entrusted to maintain the security and confidentiality of institutional records and information. Authorized employees (referred to as system users in this document) are expected to adhere to the following rules:

    • Unauthorized use or access to institutional system records and information is prohibited.
    • Accounts granted to system users may be used only for work associated with the programs of the California State University, Los Angeles and/or the California State University system.
    • To maintain account and password security, disclosure of any account information and passwords to anyone is prohibited.
    • Exhibiting or divulging the contents of any record or report to any person except in the execution of normal duties and responsibilities is prohibited.
    • Using any institutional data and/or information for gender and/or ethnicity-based recruiting/selections, unauthorized fund raising, or other barred activities is prohibited.
    • Personally benefiting or allowing others to benefit from any confidential information, or knowledge thereof, gained by virtue of work assignments and/or network or system access is prohibited.
    • Directly or indirectly causing the inclusion of any false, inaccurate, or misleading entries into any records or reports is prohibited.
    • No official record or report or copy thereof, whether paper or electronic, may be removed from the office where it is maintained except in the performance of system user´s job duties and responsibilities.
    • All systems must be completely exited before leaving a computer or server unattended.
    • Adequate security standards and precautions for access, use, retention, and disposal of student, personal, and confidential data as outlined, described, or defined by law, CSU Executive Orders, CSULA Administrative procedures, and CSULA User Guidelines must be maintained.
    • Violation of security precautions to protect confidential information may be a crime, and may be subject to appropriate legal action and/or criminal prosecution.
    • No one is to aid or act in conspiracy with another to violate any of the rules listed above.

    I have read and understand all the rules listed above, and I agree to abide by them. I will maintain the security and confidentiality of any institutional records and information entrusted to me as stated in the rules above. If there is reason to believe there is a violation of University computer security, FERPA, and/or state or federal laws, statutes, and regulations, I understand that my access, account(s), account contents may become subject to monitoring and examination by authorized personnel.

Supplemental Confidentiality and Appropriate Use of Access for Supervised Accounts (e.g., Student Assistants)

  • In addition to the rules outlined in the Standard Acknowledgement of Confidentiality and Appropriate Use of Accounts, authorized Student Assistants agree to adhere to the following rules:

    • Student Assistants must be logged on to the system by the department manager or supervisor, or designated approved system user.
    • Student Assistants are prohibited from having access to passwords.
    • Student Assistants are prohibited from removing printed copies from the department without a supervisor´s approval.

Third Party Appropriate Use Agreement

Third Party Vendor/Consultant Acknowledgment of Confidentiality and Appropriate Use of Access

  • All vendors and consultants who are granted temporary access to networks, systems, and/or data of California State University, Los Angeles are entrusted with the maintenance of the security and confidentiality of institutional systems, records, and information. All vendors and consultants are expected to adhere to the following rules:

    • Unauthorized use or access to institutional system records and information is prohibited.
    • Access granted under this request is only for work associated with the programs of the California State University, Los Angeles and/or the California State University system.
    • Access, if granted, will be only for the period stated in this document. Thereafter, all accounts, passwords, and access associated with this request will be revoked immediately.
    • If system administrator rights are granted, they will apply only to the specific actions identified in this document. Performance of any unrelated and/or unauthorized actions will result in the immediate termination of system administrator rights.
    • To maintain account and password security, disclosure of any account information and passwords to anyone is prohibited.
    • Exhibiting or divulging the contents of any record or report to any person except in the execution of normal duties and responsibilities is prohibited.
    • Using any data accessed with any accounts associated with this request for gender and/or ethnicity-based recruiting/selections, unauthorized fund raising, or other barred activities is prohibited.
    • Personally benefiting or allowing others to benefit from any confidential information gained by virtue of network or system access is prohibited.
    • Directly or indirectly causing the inclusion of any false, inaccurate, or misleading entries into any records or reports is prohibited.
    • No official record or report or copy thereof, whether paper or electronic, may be removed from the office where it is maintained.
    • All systems must be completely exited before leaving a computer or server unattended.
    • Industry-accepted security standards for access, use, retention, and disposal of data must be maintained.
    • Vendor/consultant must protect any accessed confidential information according to industry-accepted standards and no less rigorously than it protects its own customers´ confidential information.
    • Vendor/consultant must hold confidential information in strict confidence, and will access information only for the explicit business purposes outlined in its contract with the University.
    • Vendor/consultant must ensure compliance with the protective conditions outlined in its contract with the University.
    • Vendor/consultant will return or securely destroy all confidential information upon completion of its contract with the University.
    • Violation of security precautions to protect confidential information may be a crime, and may be subject to appropriate legal action and/or criminal prosecution.
    • Vendor/consultant must notify the University immediately upon the termination of any individuals connected from this project or contract so that account access, passwords, remote diagnostic access, or other forms of access can be revoked.
    • Vendor/consultant must not aid, or act in conspiracy with, anyone to violate any of the rules listed above.

Student Appropriate Use Agreement

Student's Statement of Appropriate Use

  • I certify that this MyCalStateLA ID account will be used for work associated with the programs of California State University, Los Angeles or the California State University system. I understand that access to and use of data, computers, computer programs, computer systems, computer networks or supporting documentation with this account is governed by federal and state statutes and regulations, CSU policies and California State University, Los Angeles (CSULA) standards, guidelines and Administrative Procedures. I understand that I am responsible for all activity that occurs under this account and I understand that I am responsible for the account's password security. If there is reason to believe this account is in violation of any governing statute, regulation or policy, or thought to cause a breach in University computer or information security, this account and its contents may become subject to monitoring and examination by systems administrators. Violations of any governing statutes, regulations or policies may be a crime and may lead to appropriate legal action and/or criminal prosecution.