INFORMATION TECHNOLOGY USER RESPONSIBILITY AGREEMENT
Download a printable version Information Technology User Responsibility Agreement
USER NAME: ____________________________________________
I, __________________, hereby agree to the following terms and conditions governing my use and possession of a UAID and/or Agency Network Log-in ID.
- My UAID and/or Agency Network Log-in ID were issued to me exclusively for the purpose of enabling me to perform my job duties as an employee or contractor of the Commonwealth of Massachusetts. My UAID will allow me to use one or more statewide systems such as HR/CMS, MMARS, PCRS, the Information Warehouse, MAGIC and ViewDirect to which I have been explicitly granted access. My Agency Network Log-in ID will enable me to use the Commonwealth's Information Technology Resources ("IT Resources") to which I have been granted access for additional purposes. My UAID and/or Agency Network Log-in ID are referred to hereafter as "Log-in IDs".
- I must keep my Log-in IDs and corresponding passwords confidential, and not knowingly allow anyone else to use them for any reason. I must not disclose my Log-in IDs to anyone, including my coworkers and administrative assistants. I must not record and store my Log-in IDs and passwords in a manner that makes them accessible to others, or e-mail them to anyone.
- When I choose my password, I must not choose a variation on my Log-in IDs, my first, middle, or last names (current or former); the names of my immediate family members; or other information easily obtainable about me (license plate number, telephone number, social security number, automobile brand, street name). I must choose a password that is easy for me to remember so that I don't have to write it down.
- Use of my Log-in IDs is a privilege that can be revoked for failure to comply with the terms of this agreement.
- I am solely responsible for my Log-in IDs and corresponding passwords. This means that I can be held accountable for any access gained and/or any transactions attempted or completed with my Log-in IDs and corresponding passwords by me or anyone else who gains access to the Commonwealth's IT Resources as a result of my negligence in failing to safeguard this information.
- I must immediately report to my department or agency security officer any information that would lead a reasonable person to believe that someone else other than me had obtained access to my Log-in IDs and corresponding passwords.
- I am not authorized to allow anyone to have access to, and I am not authorized to release, any information or data held in the Commonwealth's IT Resources and accessible to me through the use of my Log-in IDs and passwords except in a manner consistent with the laws, regulations and policies that govern my agency.
- I may have the opportunity to access the Commonwealth's IT Resources remotely, using authorized remote access methods such as VPN or Web-based processes such as Outlook Web Access. I understand that remote use of the Commonwealth's IT Resources multiplies the possibilities for inadvertent disclosure of the Commonwealth's confidential data. Passersby eavesdropping over my shoulder, passengers sitting next to me on an airplane, or family members in my home could have inappropriate (and in some cases illegal) access to the Commonwealth's confidential data similar to that which would occur if I removed such information from my office and left it in plain view of the public. Remote access to the Commonwealth's IT Resources poses the same or greater risks than offsite use of paper resources containing such data. When accessing the Commonwealth's data remotely using any authorized technology, I will take extra precautions to ensure that my use does not compromise the confidentiality of the Commonwealth's data or the privacy of individuals and other entities to whom such information pertains. Such extra precautions include, but are not limited to, shielding the screen of my remote access device (laptop, PC, or PCD) from others, and logging off if I leave such device out of my sight and in the view of others during a work session. My agency's remote access policy specifies additional restrictions on remote access. I understand that my Log-in IDs can be revoked if I violate the terms of my agency's remote access policy.
- I understand that improper use of or negligence in safeguarding my Log-in IDs and passwords and Commonwealth IT Resources to which I have access as a result of my possession of these identifiers will result in my agency's suspension of my use of these identifiers. If I am an employee, improper use of or negligence in safeguarding such information, and any other violation of this IT User Responsibility Agreement, may subject me to disciplinary action up to and including termination. If I am a contractor, such use may result in termination of my contract. Whether I am an employee or contractor, such use, negligence or violations may expose me to civil liability and criminal fines and imprisonment.
- I have read and understand my agency's acceptable use policy, a copy of which is attached hereto. My continued use of my Log-in IDs and passwords is contingent upon my compliance with my agency's acceptable use policy.
- I understand that incoming and outgoing e-mails are screened by EOTSS for viruses and "spam", and may be screened for profanity (specifically, offensive ethnic, racial or sexual language).
- If I have any questions concerning the security or use of my Log-in IDs and passwords, I understand that I may contact my departmental security officer, ___________.
I, the user, have read and understand this Information Technology User Responsibility Agreement governing the use of the Log-in ID assigned to me.
User Name (PRINT) Signature/Date