Policies on Use of IT Services and Resources
City University of Hong Kong
Policies on Use of IT Services and Resources
(revision approved by the Information Strategy and Governance Committee on 30 August 2023)
The City University of Hong Kong (CityU, “the University”) recognises the importance of information technology (IT) in teaching, learning, research and administration. With the use of software-as-a-service and cloud computing, various IT service providers now offer and manage an extensive range of IT services and resources within the University. Improper use of these resources, whether unintended or not, can have significant negative consequences for the University and its community. The use of IT services and resources is therefore governed by a set of CityU policies, principles, and regulations (including this document), the laws of the Hong Kong Special Administrative Region (hereafter “HKSAR”), and the laws of other countries where the IT services and resources are provided or hosted, or where users are located. Use of CityU IT services and resources is a privilege, not a right.
The following principles and policy statements apply to all users of CityU IT services and resources including students, staff, alumni, contractors, retired staff, applicants, guests, visitors and other persons who have been given access to the IT services and resources. By accessing the IT services and resources, users agree to comply with all applicable regulations (see Section A).
This document provides the framework for a set of policies and regulations (see Section G). In formulating these principles and regulations, the University relies on a set of guiding principles, which users must adhere to. Non-adherence will be considered as improper use of CityU IT services and resources.
- must act responsibly and in consideration of the rights of all others affected by them;
- must not harm any internal or external individuals or become a nuisance to them;
- must not harm the property or reputation of the University;
- should recognize and understand the ownership of the IT services and resources and not violate the corresponding ownership rights;
- should report any improper IT services or resources uses by other users;
- recognize the University’s right to assure proper function of IT services and resources, even if this negatively impacts individual users or groups of users;
- recognize the University’s right to enforce proper use behaviours, respond to violations, and impose penalties for improper use.
D. Policy Statements
- To safeguard the University operations, users may be asked to change their passwords regularly, or in urgent cases (e.g. hacker compromised EID) immediately and without delay.
- Users shall not resell, rent, lease, loan, share, distribute, modify, or copy any portion of the IT services and resources, or access thereof, in whole or in part.
- IT services and resources users must not interfere with the work of others or alter the integrity of the IT services and resources.
- The University assigns all members a registered email address under CityU’s domain addresses. This is the designated channel for official CityU communications. CityU members are responsible to regularly check their CityU email accounts for new communications.
- Certain academic and administrative communications are deemed essential by the university for proper operation and informed academic dialogue. CityU members and/or users of CityU’s communication systems and services (e.g., email users) cannot opt out from receiving these communications. The communications include, but not limited to, university announcements, service announcements, administrative messages, and CityU Newsletter.
- Users must use the IT services and resources responsibly and adhere to the mission of the University.
- Users must not use CityU IT services and resources for any unauthorised purposes such as conducting commercial activities for unauthorised financial gains.
- Users agree that the respective IT Service Providers, entrusted by the University to maintain the health and proper use of the IT services and resources, have the right to inspect, monitor, remove, block or disclose any data or information either stored or communicated via the IT services if there is compelling evidence of (i) violating either the policies and regulations of the IT Service Providers or any applicable laws and regulations from all applicable jurisdictions, or (ii) adversely affecting the normal functioning or normal use of the IT services and resources.
- All users and departmental IT services and resources providers have the responsibility to report to Central IT on any non‐compliance of the prevailing IT Policies and Regulations as soon as possible. Central IT will treat all such non‐compliances as IT incidents so that they can be reviewed in a timely manner, and corresponding preventive measures, if any, be adopted.
Failure to comply with the IT Polices and Regulations may result in immediate suspension or termination of access to some or all IT services and resources provided to the non-compliant user. Suspension or termination may occur without prior notice and will only be lifted or revoked after remedial action has been taken to the satisfaction of the IT service provider(s), and if necessary, of the respective line management. Any user who is alleged to have violated any policy or regulation may be subject to further disciplinary action if any, in accordance with the University’s disciplinary procedures. Central IT and/or respective IT service providers may impose penalties when deemed necessary, independent of any disciplinary procedures the University might invoke.
F. Terms and Definitions
- Central IT
Central IT consists of the Office of the Chief Information Officer (OCIO), the Computing Services Centre (CSC), and the Enterprise Solutions Office (ESU)
- Teaching Studios and Classrooms
Areas inside teaching studios and classrooms on CityU campus, or the surrounding space in which IT services and resources are provided.
- Data Custodians
Data Custodians define, implement, and enforce data management policies and procedures within their specific subject area and business domains; these include mainly the various University administrative offices.
- Electronic University Data
Electronic University Data refer to all data and information collected, maintained, or used in the University's information systems.
- IT Services
IT services include a range of services provided via the University’s and related IT Service Providers’ computers and communication networks, including for instance Email services, web hosting, data storage, resource booking, online library access, or online printing/copying.
- IT Services and Resources
IT Services and Resources include various IT services, manpower, information, data, and facilities to support the teaching, learning, research, and administrative activities at the University.
- IT Service Providers
IT Service Providers include various University departments and offices, including Central IT and their selected solution providers, that provide and manage IT Services and Resources.
- Email Services
The Central IT offers the following Email Services:
- Staff Email Services
- Students Email Service
- Alumni Courtesy Email Service
- Retired Staff Courtesy Email Service for eligible staff
- Specialised Emails (by application only)
- Staff Email Services
- Obsolete Email Services
The following email domains are no longer issued:
G. Related Policies and Regulations
This document, the Policies on Use of IT Services and Resources, is only part of the University’s set of policies and regulations governing IT use. The complete set includes also the following specific regulations:
- Electronic Mail Regulations
- Mass Communication and Social Computing Regulations
- Campus Network Regulations
- Electronic University Data Regulations
- Teaching Studio and Classroom Regulations
These IT Policies and Regulations may be revised from time to time as necessary without prior notice.
H. Contact Information
For questions about this document, please contact the Office of the Chief Information Officer (OCIO) at firstname.lastname@example.org.