The Information Security Office (ISO) maintains all Tulane University Information Technology Policies. For complete policy details please see the Information Security website.
See linked pages below for Tulane University information technology policies.
Tulane university grants individuals and departments access to sensitive, private and/or confidential electronic and hard copy information for the sole purpose of performing their assigned duties and roles. Every individual and department therefore holds a position of trust and must safeguard the confidentiality and integrity of the information they use. Users of all information systems of the University must abide by all relevant Federal, State and Local laws as well as University Policies on data privacy and confidentiality. These relevant laws include but are not limited to the Health Insurance Portability and Accountability Act (HIPAA), Family Educational Rights and Privacy Act (FERPA) and Gramm-Leach-Bliley Act (GLBA).
Tulane University has defined policies and procedures for complying with these applicable laws. Click on the following links to access relevant policies:
The University maintains several databases, applications and systems that contain or have access to private, sensitive and/or confidential information. To ensure that the information maintained within these systems remain secure, users should be granted access to these systems on a need to have basis only. That is, users should be granted access to a system only if that access is required for the performance of their job role and the level of access does not exceed that which will be necessary for the performance of that job role. Please contact the Information Security Officer (firstname.lastname@example.org) if you require further information.
2. Service Level Agreement
Technology Services will endeavor to process account requests within one business day of receipt. However, please note that during busy periods and depending on staff availability, it can take up to three business days to process some account requests.
3. Account Request Procedures
The following procedures should be followed when requesting for access to the following specific systems:
3.1 Affiliate Account Request Form
To request an affliate Email/LDAP account download and complete the account request form Affiliate Account Request Form
3.2 Banner, BDS, BRM, Datastore or TAMS Account Requests
Please visit https://tulane.service-now.com to request Banner, BDS, BRM, Datastore or TAMS accounts. Log in to the Service Catalog with your Tulane University credentials and go to ‘Order Things.’ Click on the ‘Accounts’ link. Order the account you or your employee needs access to by selecting the respective account. Complete all required fields on the online form. The account request must be approved by your department head before it will be created. You must also agree to the confidentiality statements, either found on the form or through email sent from Service-Now. Please contact the Technical Support and Network Operations Center (TSNOC) if you have any questions regarding ordering accounts through the Service catalog. The TSNOC can be reached at: Uptown: (504) 862-8888 or ext. 8888 Downtown: (504) 988-8888 or ext. 8-8888 Toll Free: (866) 276-1428
4. Firewall Access Requests
To request Firewall access, log in to the Service Catalog at https://tulane.service-now.com/ess with your Tulane University credentials. Go to ‘Order Things’ and click on the ‘Network Services’ link.
Research Data is often unique and irreplaceable. Typically, it has value extending many years beyond the termination of the project from which it was generated.
Researchers must ensure that all research data, regardless of format, is stored securely and backed up or copied regularly.
Storage and backup arrangements need to cover the life of the research project, and also the statutory minimum period of retention. In most cases, data will need to be kept for a minimum of 5 years after publication of the research results, so understanding your storage options and documenting your backup regime is an important part of data management planning.
By following the guidelines listed below you can make sound decisions regarding storage of your research data.
2. Data Storage Types
2.1 Networked drives
These are managed by IT staff centrally or within your School or College. It is highly recommended that you store your research data on regularly backed-up networked drives such as:
This will ensure that your data will be:
2.2 Personal computers and laptops
Storing files on individual desktop or laptop PCs is not recommended.
Local hard drives (e.g. "the C: drive") are convenient for temporary working copies of data, but should not be used to permanently store master copies of research data. From time to time, local hard drives do fail and are often not backed-up. Local machines may also be replaced, upgraded, and/or re-allocated to other people, at which time data on those machines may be lost or at risk of being inappropriately accessed.It is not recommended that you store files on individual desktop or laptop PCs.
Local drives in PCs and laptops may be lost or stolen leading to an inevitable loss of your data with minimal or no chance of recovery.
2.3 External storage devices
The low cost and portability of removable media like CDs, DVDs and flash memory devices (i.e. USB memory sticks) makes them an attractive option for storage. These are rarely a suitable option for long-term retention of your research data, especially master copies:
If you choose to use CDs, DVDs and USB flash drives (for example, for working data or extra backup copies), you should:
2.4 Remote or online back-up services
These provide users with an online system for storing and backing-up computer files e.g. Dropbox or Mozy/ Typically, they:
This policy governs the security of mobile devices used to access Tulane University email resources for administrators, faculty and staff. Tulane University requires all users to use a password to access University email. Currently there are mobile phones and tablets systems that store user passwords internally. However, these devices themselves often are not locked or otherwise secured. This configuration circumvents the University authentication requirement by automatically accessing email with saved credentials on unlocked mobile devices.
Tulane University requires all users to use a password to access University email. Mobile devices used to access Tulane University email will be automatically configured to
Utilize 4-digit or longer PIN to lock devices.
Erase and reset the device in the case of 10 sequential login failures.
This policy is enforced at the email server level by the Information Security and Policy Office.
Mobile devices configured to use Tulane email are subject to spot audits.
Mobile Device - for the purposes of this policy a mobile device is a phone, smartphone, or tablet with a cellular-capable connection.
This policy establishes conditions for use of, and requirements for appropriate security for Tulane University accounts. These requirements are necessary to help ensure personal security and protect The University’s information systems resources.
Your password functions as a "key" that enables you to access the University's many electronic resources. This is the private part of your digital identity. You should protect and guard your password as you would your personal bank card and PIN. The Tulane Account provides access to a wide range of Tulane Internet services such as e-mail, myTulane, Library resources, E-Academy, secured Web sites, VPN,and Tulane-access computing labs. You may need additional University accounts for other services, including access to systems such as TAMS, SIS, and Datastore.
This policy applies to every person using a Tulane Account at any time or location.This includes all students, faculty, staff, alumni, retirees, and other University affiliates (including contractors and vendors with access to Tulane University systems).
3. Policy Statements
3.2 Individual Responsibility
3.3 Password Expiration
3.4 Access to Accounts
Tulane accounts for faculty and staff who disengage from the University should be deactivated with the following exceptions:
4. Further Information
If you believe that your account or password has been compromised, change the password for the affected account. If your account has been compromised or you require more information, contact the Information Security Office at email@example.com or (504) 988-8500.
This policy defines how network accounts, which provide access to Tulane computer resources, are provisioned, and maintained for Tulane’s faculty, staff, and students. These services include, but are not limited to email, wireless, VPN and access to services such as Blackboard or Banner. The usage of these services is provided for educational, academic, and administrative purposes, and must conform to all current Tulane policies and procedures.
2. Account Type
Employees are entitled to one account, which will provide access to email and other systems. This account is automatically created when a new faculty or staff member is added to the University’s HR/Payroll system. Every employee will be entitled to one account/email address. Please contact your hiring manager so that the personal information for the new employee can be entered into the PeopleFlow system.
Accounts for faculty who have left Tulane and are no longer employed will retain their user accounts in the system for 12 months after their termination date.
Accounts for staff who have left Tulane and are no longer employed will lose access to their accounts at the end of the work day of their termination date.
Student accounts are created once a student has been entered into Banner as a matriculated student. Every matriculated student will be entitled to one account and email address. Please contact the Admission Office so that the personal information for the new matriculated student can be entered into Banner.
Student accounts expire one year after leaving the University. If the student has achieved Alumni status (12 credit hours acheived) they are entitled to a Tulane email address for life.
2.3 Visiting Scholars or Professors
Visiting Scholar accounts are created if they meet the appointment procedure specified at http://tulane.edu/provost/visiting‐scholars.cfm. Account requests must be submitted by the sponsoring department or unit. Account requests should have the approval of the Provost’s Office after all appointment criteria have been met.
Visiting Scholars’ accounts will expire every 12 months; extensions, however, may be requested with the approval of the Provost’s Office.
Contractors who require Tulane system access or a Tulane email address to perform work on behalf of Tulane are entitled to one account/email address. Account requests must be submitted to Technology Services (TS) by the department initiating the contract. Contractor accounts will expire every 12 months; however, extension can be requested by the department initiating the contract. Contractor’s accounts will be disabled as soon as they are flagged inactive in the system or when their expiration date has passed without a request for extension.
2.5 Affiliated Personnel
It is recognized that work requirements for those who are affiliated with Tulane, though not directly in its employ, may necessitate access to electronic service. Some of these affiliates are defined below:
Affiliates with Faculty Status:
Affiliates with Faculty Status must be entered into Banner and assigned to a course. Account requests for them must be made through the Registrar’s Office. Affiliates with Faculty Status who have left Tulane will retain their user accounts in the system for 2 semesters.
Affiliates with Non‐Faculty Status:
Account requests for Affiliates with Non‐Faculty Status must be made through TS and must include a sponsor and the explanation of the need for an account. Affiliates without Faculty Status will expire every 12 months. This type of accounts will be disabled as soon as they are flagged inactive in the system or when their expiration date has passed without a request for extension.
2.6 Departmental and Organizational Accounts
Departments and Organizations can request generic accounts so that they can have a common mailbox or distribution. Account requests must be submitted to TS by the Department Head or approved organization delegate.
3. Email Privacy & Security
While Tulane University does not regularly monitor the content of electronic mail, the University reserves the right to inspect, monitor, copy, store, or disclose the contents of electronic mail messages as it sees fit.
Users may not perform acts that waste Messaging System resources or unfairly monopolize resources to the exclusion of others. These acts include, but are not limited to, sending non‐work‐related mass mailings and chain letters, multiple copies of documents, creating unnecessary network traffic, or otherwise damaging Tulane’s reputation. Tulane reserves the right to disable mailboxes that are creating system‐wide problems and notify the appropriate campus IT organization that supports the mailbox owner.
Responsibility for developing and updating this policy lies with an Account Entitlement (“Committee”) for Tulane. The Committee is headed by Hunter Ely, Chief Information Security Officer who can be reached at (504) 988‐8556. The Committee will be responsible for ensuring appropriate steps should be taken in particular cases and periodically reviewing this policy.
SPHTM-IT maintains its own SOPs.