The use of technology in pedagogical settings has evolved at a rapid pace over the past decade. The internet continues to offer unprecedented access to educational content, services, and information. As a result, some services have transitioned from being hosted on campus, to cloud-based offerings in which the hardware, software or content do not reside on campus. The purpose of this policy is to strike a balance between the need to enable campus community to take advantage of rich content available in the cloud and protecting sensitive student and employee information.
Third Party Relationship: Any agreement, formal or informal, to utilize services, products, or content that is not generated by the University of Wisconsin-Whitewater and/or is hosted on off-campus servers.
Authentication: Any process by which a system verifies the identity of a user, typically though a username/email address and password.
Credentials: Personalized login information required to access a secure service or system, typically a username and password combination. (Note: campus credential refers to the Net-ID and password combination, unique to each individual, used to access campus IT-related services).
Third-party entities that require authentication and/or registration to use a service or to view content, exercise data collection practices, and/or track users in any way, may advertently, or inadvertently collect sensitive or restricted information as the result of user activity or system design. Entering into any agreement or relationship to utilize third-party services, products, and/or content that requires the use of campus data or credentials, has the potential to elevate IT security risk for the campus and/or for the individual user. UW-Whitewater has a robust technology infrastructure that enables safe and secure authentication process for cloud-based services for students and employees. Examples of secure third-party cloud based services currently offered on campus include:
ICIT, and other campus offices with applicable data custodianship responsibilities, must be made aware, prior to acquisition, of intentions to procure any third party digital services, products, and/or content that require the use of campus IT infrastructure or campus data, and/or directs users to share personal information prior to acquisition.
Users should never utilize their campus Net-ID and password combination as a username/password for a third party offering, unless access is approved by ICIT.
When a University-issued email address is provided to a third party, whether it is required or voluntarily submitted, the user may receive emails from that third party (i.e. marketing emails, password reset emails, etc.). It is the responsibility of the Office(s) or Department(s) acquiring the third party service to be aware of the volume and the extent of the email communications that will be received by the third party service provider. ICIT will not actively prevent third party emails from reaching their intended recipients unless the emails are deemed potentially harmful to the campus network.
Operational Procedures define ICIT's services, expectations, and role as part of the campus community.