Policies
Passwords
- All computers, servers, and applications must be protected by a strong password -- this is automatically enforced.
- Password must be changed every 90 days minimum.
- Passwords cannot be reused within 360 days.
This password policy is a direct reflection of CU guidelines for password managment. Note: Systems prompt users to change passwords when required.
School Policy & Guideline Highlights
We've highlighted some of the most critical policies and listed those that are specific to Mailman School faculty and staff. However, please make sure you check both the CU and CUMC policy pages periodically -- they are updated frequently.
Used Computer Purchases
Staff and faculty may purchase old desktop and laptop computers from the School provided the equipment meets the following criteria outlined below:
- The equipment is 3 years or older and is out of warranty.
- Your department is buying replacement equipment and the computer has been officially "retired." See your DA for details.
Purchase Guidelines
- Your purchase must take the form of an official University transaction
- Your department must issue you an invoice for the equipment that details exactly what you are buying and for how much
- You must receive a receipt from your department for your payment
- All sales are final
- The School makes no warranties as to the condition or performance of the computer; all purchases are at the buyer's own risk
- The cost to purchase a used desktop PC/Mac is $50
- The cost to purchase a used laptop PC/Mac is $100
- Checks must be made payable to the "Mailman School of Public Health" and submitted with a copy of the invoice to your DAF
- The computer hard drive must be wiped of data by Mailman IT or your department IT contact prior to your taking possession
Equipment Loans
Mailman School Faculty and Staff may borrow electronic equipment as available from Mailman Central IT. Equipment includes:
- Laptop PCs
- LCD projector
The user must sign-out the equipment with name, phone, e-mail and department account number. The user is solely responsible for returning all equipment to IT in good working order. In the event the equipment is damaged, lost, or stolen, the account may be charged for repair or replacement costs. The IT team is not responsible for any data that may have been saved to the machine; devices are wiped of data upon return on the equipment to the IT group.
File Sharing Options
As a general rule, the School strongly discourages the use of unsecured online file sharing sites, such as DropBox for sharing any type of data. We ask instead that faculty and staff make it a point to always use secure options, such as CUIMC OneDrive for internal sharing and CUIMC BOX (contact 5Help for information), for external sharing.
Please note: In the case of transporting protected data, secure file sharing is required. Please contact CUMC IT Security via 5Help or Mailman IT for assistance.
Desktop Scope of Support
Mailman Faculty & Staff
Desktop technicians at the Mailman School provide free, on-campus desktop support to School faculty and staff for their Columbia-owned work devices (desktop and laptop computers, tablets, and phones.) Check here for detailed services and hours.
Personally-Owned Devices: The Mailman School does not permit the use of personally owned computers (desktops, laptops, tablets, etc.) for work and no technical support is provided.
Personally-owned smart phones are permitted for work use provided the following criteria are met by the user first:
- Device is submitted to Mailman IT for registration in the Service Now Asset Inventory. Note: These devices are designated “personally owned” in the database.
- Device encryption is configured by a Mailman Tech and encryption is maintained at all times. Thereafter, a passcode will be required to access the phone. The user will be prompted to change the code every 90 days.
- User agrees to keep device software up-to-date as is required
- User agrees to report to Mailman IT immediately if the device is:
- Retired or replaced
- Lost or stolen
- Phone is automatically retired from work use in the event the manufacturer stops providing updates.
Mailman Students
Students receive computer support from CUMC IT via 5help and the Hammer Help Desk. Check here for more information.
Skype
The School permits the installation of Skype software provided the file transfer function has been disabled. Unaltered versions of Skype will be removed. To get your Skype software modified, please contact Mailman IT via 5Help.
Remote Computer Access Software
Use of software programs that enable you to access your Columbia desktop PC or Mac without using the VPN is against policy. This software includes PC Anywhere, LogMeIn, and GotoMyPC.
Ideally, we recommend that you employ Windows or Mac's native remote access clients. Please contact your IT technician for assistance with these tools.
Passwords for Mobile Devices
The School requires that all mobile devices, such as smart phones and tablet computers used to connect to e-mail or data files via the University network be password protected.
The password must be a strong combination of characters and digits, and the device must be configured to auto lock after 10 minutes (max) of inactivity.
View the University policy. Note: The School's policy differs in that it includes all smart phones (we use more than Blackberrys here) and tablet computers.
File Server Usage
IT subcontracts with CUMC IT to provide secure file storage for the School’s full-time faculty and staff. This file server enables users to store essential work-related documents in a safe, secure online environment. Below are the policies with which account holders are required to comply:
- File server access is restricted to full-time faculty and staff.
- OneDrive is provided for the storage of private work documents. Personal music, movies, and pictures are not allowed, and are subject to removal by CUIMC IT.
- MS Sharepoint, Teams or "P drives" are for work-related files and documents involving collaboration.
- Accounts that are inactive for 6 months or that belong to faculty or staff that have left the School, are removed from the server by CUIMC. Once CUIMC has disabled the account, data is likely no longer available.
Desktop/Laptop User Permissions
For the purposes of protecting user data and the network, administrative computer rights on university-owned computers is restricted. Instead, users login with local user accounts that are more than adequate for day-to-day work.
E-Mail Client Usage
It is against CUIMC policy to conduct School business with third-party, non-CUIMC e-mail accounts. This includes using an email account, such as Gmail or hotmail, as your de facto work e-mail, or even forwarding your Columbia e-mail to an outside e-mail provider. (See full policy)
- The reasons for this policy are simple, but the penalties for noncompliance are not.
- As an institution that has been entrusted with public data, Columbia is legally obligated to ensure that our data is secure. While we can secure our internal e-mail systems, we have no control whatsoever over the security of third-party providers, which makes the risk of using them unacceptable. In fact, in the event of a data breach with an outside e-mail client like Google, the University/School is subject to financial penalties for not properly storing and policing sensitive e-mail data. Worse, the faculty/staff person who sent and/or received the confidential data on that outside system is subject not only to University action, but to CIVIL PROSECUTION by the government. As such, compliance with this policy actually protects you.
- Some grantors (for example NIH) specify that no grant-related data be stored offshore from the US. However, currently most outside e-mail providers store data in world-wide data farms, and so far, refuse to agree to a strict domestic data storage arrangement. So, use of these e-mail systems actually breaks many of our grantor requirements, and puts your hard work and grants at risk.
So, if you are currently using a third party e-mail system for work purposes, protect yourself by:
- Switching immediately to your CUIMC Columbia e-mail account
- Moving any project-related data from third party providers to a secure Columbia system, such as your OneDrive.
- Educating yourself as to the specific data storage requirements of your grants and other data security regulations, and recognize that CUIMC systems are the only systems you can count on to be in compliance.