UM Electronic Communications Standard

IN PLAIN LANGUAGE

University email, messaging, and collaboration tools are provided for University business and must be used responsibly. This standard sets expectations for how those systems should be used, what kinds of activities are prohibited, and how University Data shared through them must be protected. Only approved communications platforms should be used for University work. Users should be aware that University communications systems may be monitored or reviewed for security, legal, or compliance purposes, and there is no expectation of personal privacy when using these systems.

1. Purpose

The purpose of this Standard is to establish requirements for the acceptable use, management, and protection of University of Montana electronic communications systems. Electronic communications are core institutional services that support academic, research, administrative, and operational activities and must be used responsibly and securely.

This Standard supports the University's Information Security Program by setting expectations for use and governance of electronic communications platforms while enabling monitoring, investigation, and compliance activities when necessary.

2. Scope

This Standard applies to:

• University-provided electronic communications systems, including email, messaging, and collaboration platforms
• Faculty, staff, student employees, affiliates, contractors, and other authorized users
• University-owned, University-managed, or approved cloud-based communications services

This Standard applies to digital communications systems and does not replace the Acceptable Use of Technology Resources Policy.

3. Electronic Communications Systems

Electronic communications systems include, but are not limited to, email services, messaging and collaboration platforms, conferencing and collaboration tools, and other University-approved communications services.

Only approved communications platforms may be used for University business.

4. Acceptable Use and User Responsibilities

Users of University electronic communications systems must:

• Use systems for authorized University purposes
• Protect University Data communicated through these systems
• Comply with University policies, including the Acceptable Use of Technology Resources Policy
• Avoid using electronic communications systems for unlawful, disruptive, or prohibited activities

5. Monitoring and Privacy

• Electronic communications systems may be monitored, logged, or reviewed to support security, operational, legal, or compliance requirements
• Users should have no expectation of privacy when using University electronic communications systems
• Monitoring activities must be conducted in accordance with applicable laws and University policies

6. Security and Incident Response

• Electronic communications systems must be operated in accordance with applicable Information Security Standards
• Security incidents involving electronic communications must be reported and handled in accordance with the Incident Response Standard

7. Exceptions

Exceptions to this Standard must:

• Be documented with justification
• Be approved by the CISO or designee
• Be reviewed periodically

8. Review and Maintenance

This Standard must be reviewed at least annually and updated as necessary to reflect changes in technology, law, or institutional needs.

9. References

• UM Information Security Policy
• UM Acceptable Use of Technology Resources Policy
• UM Audit Log Management Standard
• UM Incident Response Standard
• NIST Cybersecurity Framework (CSF) 2.0