3.8.14 Network Scope of Service Policy
Approved by Academic Council, 2007, Administration, August 13, 2007
The University is not a public Internet Service Provider, operates a private secure network solely for the benefit of its user community, including authenticated guests, for activities aligned with the mission of the university and does not provide its network services to those outside this community.
Note that the line above is University Institutional Policy and that what follows is University Operational Policy. Both are approved by the Information Strategy and Policy Committee (ISPC).
User Community are all those individuals that fall under Pacific's Business Rules that define the provision of service by status. The User Community may, and usually does, contain Authenticated Guests.
Authentication is a process used to identify a person to a computer or network system, commonly through validation of an ID and password. Authentication at Pacific involves having a PacificNet ID and password.
Authorization(s) are what an authenticated individual has the rights to do. Authorizations often depend on status, but may be fine-grained and relate to the specific person.
Status is the current standing relative to the University. For example, Student, Faculty, Staff member, Alumni, Authenticated Guest or Vendor. A person may have more than one status.
Authenticated Guest is an individual that is not an employee, student, alum or some other established category of Pacific community user. This category of user is intended for temporary access to Pacific's systems and services. Pacific does not supply its systems and services to Guest users on a long-term basis. Temporary workers, including those working for temp agencies are Authenticated Guests. Authenticated Guests must agree at login to be subject to the IT Policies of Pacific, including the Associated Use Policy (AUP). Background checks may be required depending on duties as required by Human Resources.
Vendor is an authenticated Pacific user that is included as part of the Community on a long term basis by virtue of the Exception Clause below. That is, they are an employee of a third party that has a formal arrangement with Pacific. To get the required PacificNet ID and Password, a vendor must agree in writing to be subject to the IT Policies of Pacific, including the Associated Use Policy (AUP) and agree to a background check to be conducted by HR at their or their company's expense. If a person is no longer associated with the third party, their Vendor status and credentials are revoked. Temporary workers, where salary is paid to a temp agency (and not directly to the person) are not considered vendors, but Authenticated Guests.
- This policy statement combined with certain technical considerations is designed to insure that Pacific is not subject to CALEA
Communications Assistance to Law Enforcement Act. 1994 legislation that gives law enforcement agencies the right to place wiretaps on digital wireless networks. CALEA also requires wireless and wireline carriers to make their digital networks able to support law enforcement eavesdropping and wiretapping equipment and activities. Higher Education institutions are exempt if they are not judged to be Internet Service Providers (providing services to third-parties), but operate private networks (for their sole benefit).
There are complex technical and policy issues related to the determination of institutional CALEA exemption. OIT will continue to pursue legal clarification of the (private network) technical perspective as required. This policy is intended to maintain clean compliance relative to the provision of services to non-Pacific (third-party) entities such that questions are not raised going forward. However, on this specific issue of the provision of services to non-Pacific entities, some grey area is likely to remain. Because this policy is not intended to prohibit necessary and essential university operations, the following exception process is included:
Exception Clause: Provision of service to Vendors or non-Pacific entities can be provided so long as 1) The University obtains a favorable written legal opinion on the provision of the service relative to CALEA, taking into account previous and/or current exemptions and 2) the Cabinet formally approves such provision and 3) the provision of such services passes an initial and periodic technical and security review. The effort necessary to document the request, obtain the legal opinion, present it to Cabinet, secure the installation, including any costs in the process, is the responsibility of the requesting unit.
- This policy is intended to insure that non-Pacific corporate entities, or their agents, do not (except as above and in 5) below) have access to PacificNet services. These corporations and individuals are often beyond the purview of Pacific's policies and procedures (ex. background checks). Without limitation, some examples of non-Pacific entities are: food service companies, cleaning companies, non-pacific owned book stores, building contractors, or any on-campus organization whose employees are not employees of Pacific.
- This policy is not intended to block access and services to Authenticated Guests of the University directly engaged in Pacific's mission of teaching, learning, scholarship and administration. (ex. guest lecturers, registered library patrons). Pacific may or may not provide these individuals service on a case by case basis. (ex. One would not expect Pacific to give email service to library patrons.)
- This policy is not intended to block authorized access to consultants and contractors that require access University IT systems solely for the purposes of deploying or managing those services. It would be expected that those individuals would get Basic IT services (like email) from commercial providers.
- This policy is not intended to be immediately retroactive for existing situations:
Grandfather Clause: Any individuals or organizations that have contracts, agreements, MOUs or understandings with Pacific that would be in violation of this policy are exempt from this policy so long as certain conditions are met. Those conditions are: A) Their contract, agreement or MOU is not renewed, B) their physical location does not change or C) their status does not change (ex. they do not have a change in ownership).
The above not withstanding, Pacific will conduct a security audit on those falling under this clause and changes may be recommended, or required as permitted by contract, agreement or MOU language.
- This policy does not prohibit Pacific from offering information technology transport services for computing and communication so long as such transport is logically, if not physically, isolated from PacificNet. For example, OIT might be able to connect construction trailers with available fiber or copper and not be a part of PacificNet. Likewise, transport may take the form of a separate dedicated VLAN with no logical connection to PacificNet. Without access to PacificNet, there is no Internet access.
- This policy does not prohibit Pacific from supporting these non-Pacific activities with money or personnel, so long as this does not conflict with any of the other terms of this or other Pacific IT Policies.
- This policy does not prohibit Pacific from using temporary employees that work for employment agencies.