11.01 Information Technology Resources Use and Security| Handbook of Operating Procedures – UTSA

At The University of Texas at San Antonio (UTSA), the protection of Data and Information Technology Resources within its academic, research, and administrative environments is not only required by various contracts and state, federal and international privacy laws, but it is also critical to the advancement of UTSA’s mission and strategic plans. Accordingly, the UTSA community must avoid compromise, degradation, and disruption of information services vital to the work of faculty, staff, students, guests, and external individuals or organizations. Towards that end, UTSA Tech Solutions promotes the widest possible access, appropriate use, and integrity of its Information Technology Resources through awareness programs, training, and technical and physical protective measures.  
While UTSA has the primary responsibility of maintaining and developing the security of UTSA Information Technology Resources, every Data User shares that responsibility and is responsible for understanding the legal and ethical standards expected for its use. In exercising its responsibilities, UTSA reserves the right to limit or restrict use based on privacy laws, institutional priorities, contracts, and financial considerations. UTSA may also limit or restrict use when violations of UTSA policy, contractual agreements, or privacy laws require limitation or restriction to protect UTSA Information Technology Resources.
This policy applies to all Data Users of UTSA Information Technology Resources, which includes but is not limited to faculty, staff, students, guests, and external individuals or organizations. This policy also applies regardless of the ownership of the equipment used to access UTSA Information Technology Resources (i.e., a person or company accessing UTSA Information Technology Resources on non-UTSA equipment is still subject to this policy)
If you have any questions about Handbook of Operating Procedures policy 11.01, Information Technology Resources Use and Security, contact one of the following offices:

  1. Office of Information Security
  2. UTSA Tech Solutions


  1. Chief Information Security Officer (CISO): The lead UTSA employee responsible for providing and administering the overall security program for UTSA Information Technology Resources for all centrally maintained and distributed systems and computer equipment. The CISO assesses Information Technology Resources security risks and engages in a transparent discussion of risks with internal stakeholders. The CISO is also responsible for the continuous development of this Policy and related UTSA Security Standards. The CISO promotes and tests for compliance through standards development, training, awareness programs, and risk assessments. The CISO responds to the misuse of Information Technology Resources and any unauthorized access of Information Technology Resources by external or internal parties.
  2. Data: Information that is recorded – regardless of form or media – and used to support the mission of UTSA, whether in an administrative, educational, or research capacity. Data may be saved or transmitted in hard copy (printed or written), digital/electronic (including video, audio, images), or other formats.
  3. Data Custodian: The Data Custodian is responsible for the day-to-day maintenance of UTSA Information Technology Resources. In some instances, this responsibility is assigned to a Department, Vice President Unit,  or College employee, a third-party vendor, or UTSA Tech Solutions.
  4. Data Owner: The Department or College manager or agent responsible for the business functions supported by the Information Technology Resources or the individual upon whom responsibility rests for carrying out the program using the Information Technology Resources.
  5. Data User: With authorization from the Data Owner, the Data User is any person who accesses, reads, enters, or updates information and/or Information Technology Resources whether done individually, through facilitation, or responsibility for an automated application or process.
  6. Information Security Officer: The Information Security Officer oversees and is responsible for the security of the Information Technology Resources within a Department, College, or Facility.
  7. Information System: An interconnected set of Information Technology Resources under the same direct management and control that shares common functionality. An Information System normally includes hardware, software, information, Data, applications, communications, and people.
  8. Information Technology Resources: The procedures, equipment, facilities, software, and Data that are designed, built, operated, and maintained to create, collect, record, process, store, retrieve, display, and transmit information. This may include, but is not limited to, any and all computer printouts, online display devices, mass storage media, and all computer-related activities involving any device capable of receiving email, browsing websites, or otherwise capable of receiving, storing, managing, or transmitting Data including, but not limited to, mainframes, servers, personal computers, notebook computers, hand-held computers, mobile devices, pagers, distributed processing systems, network-attached and computer-controlled medical and laboratory equipment (e.g., embedded technology), telecommunication resources, network environments, telephones, fax machines, printers and hosted services.


  1. Information Security Officer: The Information Security Officer oversees the security of the Information Technology Resources within a Department, Vice President Unit, College, or Facility.
  2. Data Owners: The Data Owner collects the Data, is the primary controller of a Data asset, or is the Principal Investigator (PI) of a UTSA-managed research project or sponsored program. Data Owners ensure compliance with this Policy, applying for exemptions when justified, and accepting residual risk when security threats cannot be further mitigated. Data Owners approve or deny requests to access Data, periodically review access assignments and take corrective action if inappropriate access is detected. Data Owners designate Data Custodians. Data Owners also designate Data users and set the rules and procedures for access to the Data.
  3. Data Custodian: The Data Custodian assists with the ongoing operational tasks of managing information assets.
  4. Data User: Data Users typically have no role in determining the security requirements for the information asset or performing server or application maintenance. Nonetheless, Data Users must understand and abide by the security requirements of this Policy, the UTSA Security Standards, and the expectations of the Data Owner.


  1. All Data Users of UTSA Information Technology Resources are required to comply with this policy, all UTSA HOP policies, and the . The Office of Information Security (OIS) develops and promotes and requirements. Violation of this policy may result in disciplinary action through regular, published disciplinary procedures in accordance with this Handbook of Operating Procedures, the Student Code of Conduct, degree program handbooks, and/or could include actions taken by sponsors of research or sponsored programs as well as federal oversight agencies. Discipline may include, but is not limited to, termination of employees and temporary employees; termination of contracts in the case of contractors or consultants; dismissal of interns and volunteers from the department or facility; and/or removal from a degree program, suspension, or expulsion of students. Additionally, individuals may lose access to UTSA Information Technology Resources and may face state or federal civil and/or criminal penalties, pending on the violation.


Institutional Compliance and Risk Services
One UTSA Circle
San Antonio, Texas 78249
Phone (210) 458-4992
Directions: Google Map, UTSA Map
© The University of Texas at San Antonio | One UTSA Circle, San Antonio TX 78249 | Information: 210-458-4011 | UTSA Police: 210-458-4242


Leave a Comment