On November 12, 2009, the University Information Policy Office, with the Committee of Data Stewards, merged the "Institutional Data Acceptable Use Agreement" with the general technology "Guidelines for Appropriate Usage" agreement assented to by users when they create their first IU computing accounts.

The goal of this consolidated online agreement is to ensure that all new employees receive basic information about acceptable use of both technology AND information resources, prior to gaining access to such resources at IU. Future projects will address communicating this to employees who created their accounts prior to this implementation.

Why is this change being made?

Currently, many employees are never exposed to the full content of the "Institutional Data Acceptable Use Agreement," because they never need direct access to enterprise data systems. However, since nearly every employee will interact with IU information at some point during his or her employment, this basic information should be provided to every employee.

The first step towards this goal is to begin presenting this information to all new employees, as they begin their employment at IU.

How will this change be implemented?

Currently, a new employee takes the following steps to establish computer accounts and obtain access to enterprise systems, such as SIS or HRMS:

1. A new employee assents to a general technology "Guidelines for Appropriate Usage" agreement prior to establishing his or her IU Network ID username and passphrase. This involves viewing a number of screens outlining basic appropriate use of technology during the account creation process.
2. If the new employee requires access to an enterprise system, he or she is directed to the "Institutional Data Acceptable Use Agreement" prior to being granted access. Data Managers verify that the user has assented to the Institutional Data Acceptable Use Agreement, prior to authorizing access.

The content of these two agreements overlaps some, though not completely. The "Guidelines for Appropriate Usage" agreement does not contain important instructions about the handling of IU information. The "Institutional Data Acceptable Use Agreement" is missing just a few important technology appropriate usage points from the "Guidelines for Appropriate Usage" agreement.

To simplify the process, the content of these two agreements has been merged together into one new agreement. The new merged text has been reformatted and reorganized into one screen, following the recommendations of a usability study. On November 12, new employees will read a version that encompasses concepts covered in both former agreements, with the new title: "Acceptable Use Agreement - Access to Technology and Information Resources – Employees." New students and new affiliates will read a similar, but shorter version that omits information pertaining only to employees, with the new title: "Acceptable Use Agreement - Access to Technology and Information Resources – Students and Affiliates."

Does this new merged agreement for employees replace the "Institutional Data Acceptable Use Agreement?"

Yes

I already assented to the "Institutional Data Acceptable Use Agreement," do I need to do so again because of this change?

No, it is not necessary for anyone who has already assented to the "Institutional Data Acceptable Use Agreement" to re-assent at this time. The merged agreement has very little new content compared to the current "Institutional Data Acceptable Use Agreement."

The Committee of Data Stewards and the University Information Policy Office would like to see all employees assent to this agreement eventually, and be reminded of this important information by re-assenting to it periodically. Causing all new employees to assent to the new merged agreement as they create their first IU accounts is the first step in reaching these goals. We will undertake other projects in the future, to reach employees who created their accounts prior to this implementation, and to cause employees to re-assent periodically.

How will this change the current processes for gaining access to enterprise systems?

The implementation of this new consolidated agreement will not impact the process related to requesting access to enterprise systems at this time—that is, Data Managers will continue to use current processes to determine if an individual requesting access to enterprise systems has assented to the agreement. If the user requesting access to enterprise systems has not yet completed this step, he or she will still be directed to assent to the agreement, prior to granting the access.

How will this change impact Data Managers and others?

The title change of the new agreement is the primary impact for Data Managers and others who manage processes related to this agreement. If you have documents that reference the old title of the agreement, you will want to update them with the new title: "Acceptable Use Agreement - Access to Technology and Information Resources – Employees."

The URLs used to get to the agreement, and all back-end supporting processes, including the database that currently tracks the completion of the "Institutional Data Acceptable Use Agreement," remain the same, and any actions already reflected in the database will remain. As new employees assent to the new consolidated agreement, the existing database will be updated. Therefore Data Managers will continue to be able to determine if a user requesting access to an enterprise system needs to assent the "Institutional Data Acceptable Use Agreement," and will not be asking anyone who already assented to it to assent again.

Another effect of this change is that, over time, Data Managers will find that an increasing number of users requesting access to enterprise systems will already have assented to the agreement - by virtue of having assented to it when they joined the university and created their first computing accounts.

What about users who start out at IU as students and affiliates, but who later request access to enterprise systems?

Students and affiliates who have assented to the student version of the agreement will NOT appear in the database. Only those who have assented to the full employee version, and those who have already assented to the former "Institutional Data Acceptable Use Agreement," will appear in the database. We realize that some affiliates do perform work on behalf of IU, and that some students are also hired as employees at IU. However, because Data Managers will continue to use current processes to determine if a user requesting access to enterprise systems needs to assent to the agreement, any users who changed roles after they first created their IU accounts will be identified in that process, and will be directed to assent to the full employee agreement prior to being granted access.

I still have questions. Who may I contact?

If you have any further questions regarding this process, please contact the University Information Policy Office.