Handbook of Operating Procedures > Series 700 Information Resources > 7.5.10 Administrative Investigations Involving IR

7.5.10 Administrative Investigations Involving IR

A. Purpose 

To establish a process for University administrative investigations based on a reasonable suspicion of inappropriate use of University information resources.  

B. Persons Affected 

All active or former employees, contractors and/or staff of The University of Texas at Tyler (the "University"). 

C. Definitions 

N/A 

D. Policy 

1. General. This policy applies to acquisitions of information technology hardware (e.g., computers, media, etc), computer and/or network forensics, and access to University issued machines and accounts. 
   1. Computer forensics investigations shall not be initiated solely for the purpose of identifying causes of lack of productivity. In such situations, department management should utilize the University's performance management process. 
   2. Management and supervisory personnel will support the University's legal responsibilities and will cooperate with Compliance, Human Resources, Internal Audit, and Office of Legal Affairs in the investigation and reporting of violations of applicable laws, rules, and regulations as well as monitoring information security risks. 
   3. Information Technology will supervise all computer and network forensics investigations based on a reasonable suspicion of inappropriate use of information resources. When an investigation reveals suspected criminal activity or an investigation is initiated due to an allegation of criminal activity, the University Police Department will be notified immediately.
   4. In certain cases involving an immediate threat to persons or property or other exigent circumstances, Information Technology shall preserve or acquire evidence as necessary and may provide evidence to law enforcement in advance of a public records request, subpoena, or warrant. In such cases the Office of Legal Affairs shall be consulted unless exigent circumstances exist. 
2. Administrative Investigations. All administrative investigations involving active or former, non-student or student, employees, contractors and/or staff and requiring acquisitions of information technology hardware (e.g., computers, media, etc), computer and/or network forensics, and access to University issued accounts must be requested by an authorized department head, or his/her designee, representing one of the following units: Compliance, Human Resources, Internal Audit, or Office of Legal Affairs. These requests shall be served directly to the University's Chief Information Officer for handling. All such requests shall clearly demonstrate the specific alleged policy violations, based on articulated facts, warranting a forensic investigation. 
   1. Information Technology shall not proceed with any administrative investigations without first consulting with the Office of Legal Affairs unless exigent circumstances exist. In such cases, Information Technology shall consult with the Office of Legal Affairs as soon as possible. If extenuating circumstances exist, Information Technology may use Compliance or Internal Audit as their point of contact. 
   2. The Chief Information Officer shall provide the requestor with a list of anticipated deliverables and due dates so to ensure all are clear about the scope of the investigation. 
3. Data Protection  
   1. Information Technology shall keep its work papers and evidence secure and limit access to only those individuals designated by the Office of Legal Affairs.  
   2. In order to avoid damaging the reputations of innocent persons initially suspected of wrongful conduct, and to protect the University, the results of investigations conducted by Information Technology shall only be disclosed or discussed with those persons associated with the University who have a legitimate need to know such results in order to perform their duties and responsibilities, subject to the provisions of the Texas Public Information Act. 
   3. Information gathered and exchanged under this policy shall be managed in compliance with applicable laws, rules, and regulations and shall be classified as confidential at all times.

E. Reference(s) 

O'Connor v. Ortega, 480 U.S. 709 (1987)

F. Review Responsibilities and Dates

The Division Head for this Policy is the Chief Information Security Officer and this Policy shall be reviewed every two (2) years or sooner, if necessary, by the Division Head or their designee.