Two sets of IT policies and procedures apply to all Division of Finance staff:


1. University-wide Policies http://www.upenn.edu/computing/policy/ 

  • Owned and managed by Information Systems & Computing (ISC), Penn's central IT organization
  • Applies to all university users


    University-wide IT policies that apply to you:

  1. Policy of Acceptable Use of Electronic Resources
  2. Policy on Unauthorized Copying of Copyrighted Media
  3. IT Security Policy
  4. Confidentiality of Student Records
  5. Confidentiality of Faculty and Staff Records
  6. Policy on Privacy in the Electronic Environment


2. Division of Finance Policies - listed below

  • Owned and managed by DoF
  • Only applies to DoF staff and users


3. DoF ITS Policy Manual [Internal]

  • In addition to the policies above, DoF ITS staff operate under an additional internal IT Policy Manual that governs routine ITS business operations and infrastructure management.

Division of Finance ITS Customer Policies and Procedures


Lost or Stolen (Breached) Data, Passwords, User Account Information, Confidential university data, and other Personally Identifiable Information (PII)

All security incidents regarding sensitive or high risk, confidential, or regulated data or individual identities must be immediately reported to Division of Finance IT Services and the University Office of Information Security.

  • Division of Finance IT Services Help Line:  215.898.4578 | financeITS@upenn.edu
  • University Office of Information Security:  215.898.2172 | security@isc.upenn.edu


File Storage

All university data should be stored on provisioned network storage drives (Drives G: through Z:), OneDrive, SharePoint, or PennBox.  Files stored on the local computer (C: drive or Windows Desktop) may be permanently lost during a hard drive failure or routine computer patching.  ITS is not responsible for lost or destroyed data stored on your PC.


Use of USB Flash Drives and Portable Media

To maintain a secure computing environment and minimize the threat of malware or data compromise, ITS prohibits using portable storage media, such as USB flash drives, CD/DVD disks, and portable external hard drives. 

 

For assistance in reviewing or securing your portable media for temporary use, please contact the ITS staff or submit a support request.

 

Remote Access to the Finance Network

Staff is permitted to connect to network drives (G:, H:, U:, etc.) through a secured remote network connection.  

 

Remote Access Accounts Required:  Network accounts must first be enabled to remotely connect to the Finance network. Submit a support request if your account is not currently enabled for remote connections.

 

Connection Limitations:  You will be automatically disconnected from the network if there is no activity for more than two hours, or if you are connected for more than fourteen (14) hours.

 

Deactivation of Remote Access Due to Lack of Usage:  Remote access network accounts will be disabled if they have not been used for at least six months.  If your remote access has been disabled due to lack of usage, please call the ITS helpline (x8-HLPU) or submit a support request (FinanceITS@upenn.edu) to re-enable your remote access rights.


Use of Mobile Devices and Phone to Access University Email or Data

Mobile Devices and Smartphones.  All mobile devices that access or store university data, including email, are required to be secured with protective measures that meet or exceed those used on computers managed by Division of Finance.  

 

Purchasing New Computers and Installing or Copying Software

Acquisition of new computers for all Division of Finance staff is the responsibility of IT Services.  Please contact our team to review any new computer or upgrade requests.   

ITS discourages customers from installing software on their own.  Please schedule a software installation appointment with the ITS team.  Copying commercial software is illegal and against University policy. It is the responsibility of each department to ensure its employees are familiar with and adhere to Penn’s computing security policies and guidelines. A complete explanation can be found within the university’s Policy on Unauthorized Copying of Copyrighted Media. 

 

Moving Computers and PennFlex Phones

Staff should contact ITS for all computer and phone moves.  Moving equipment requires at least two days' advance notice to allow for network and wiring port configuration changes.  Moves of multiple staff require additional planning and IT staff resources.  Staff should contact ITS with at least ten business days' notice for moves involving five or more people.

 

Support for Home Computers and Personally-Owned Mobile/Computing Devices

ITS support for personally-owned devices is limited support on common mobile phones and tablet computers using updated Windows, Android, and iOS (iPhone and iPad) operating systems.  Support is limited to connecting to the Finance network, AirPennNet, and configuration of university email and Office 365 mobile apps. 


Distribution of Computers for Home Use

Computers owned or managed by the Division of Finance remain the property of the university and cannot be taken home for personal use, including the following situations:

 

  • computers that reach the end of their warranty period or useful life
  • employee transfer to another university department or position
  • end of university employment
  • leave from work


Computers reaching the end of their useful life are recycled, repurposed, or reallocated to other university business areas.  Any home use outside this policy must be authorized by the employee's department management. 

 

Prior to deploying and using any university-owned computers in a home environment, department management and the requesting employee must consult with the ITS team to address all relevant policy and information security matters.

 

Secure PC Destruction, Recycling and Data Deletion

Computers that are replaced are not permitted to be removed from campus by the Division of Finance staff.  ITS staff will manage the collection and responsible recycling of all computers and electronics no longer in use.  A locally contracted e-waste recycler destroys all electronics and returns the separated raw materials back into the supply chain for reuse.

 

ITS employs measures to ensure any data remaining on recycled computing devices is permanently destroyed.


For a detailed overview of how the Division of Finance manages end-of-life computers, view our Frequently Asked Questions article on the topic.