UH Home 
University Information Technology Policies & Guidelines Information Resources Security & Operations Manual Computer Security Violation
University Information Technology Policies & Guidelines Information Resources Security & Operations Manual Computer Security Violation-
UIT Help Center
Chat Live Chat
Email support@uh.edu
Submit a help form
Call 713-743-1411
Visit the Tech Commons-
Computer Security Violation Reporting
- To ensure compliance with the Texas Administrative Code, Title 1, (TAC 202), Family Educational Rights and Privacy Act (FERPA), Gramm Leach Bliley Act (GLB ACT), Health Insurance Portability and Accountability Act (HIPAA) and the policy which requires that all users of UH corporate computers shall have the affirmative obligation to report, directly and without undue delay to the Information Security Officer, any and all information concerning conduct which they know to involve corrupt or other criminal activity or conflict of interest, (1) by another University of Houston employee, which concerns his or her office of employment, or (2) non-University of Houston personnel whose activities involve the University of Houston.
- To provide prompt notification to the ISO of computer abuse situations which may include:
- Violation of the integrity or confidentiality of student, financial or health information under TAC 202, FERPA, GLB ACT or HIPAA.
- Theft or diversion of the University of Houston funds, computational resources, or other assets contained in or controlled by its computer systems.
- Vandalism or other damage to University of Houston computer systems, computer programs or data.
- Unauthorized modification to (or use of) University of Houston computer systems, programs, or data contained in these systems.
Applies to all University of Houston employees.
StandardEvery employee who has knowledge of a computer abuse which has or may be occurring on a University of Houston computer processing system must inform an appropriate University of Houston official.
GuidelinesThe following information should be gathered for each reported violation. The ISO is responsible for gathering this data, once he/she is initially contacted by the employee reporting the abuse. Information to collect includes:
- Description of the abuse:
- Unauthorized use of computer time
- Modification/alteration of computer data files or programs
- Detection of non-University of Houston data or programs on a university computer system
- Forgery of negotiable instruments using a computer
- Theft of computer equipment Disclosure of computer systems password to unauthorized individual(s)
- Destruction of computer data files or programs
- Insertion/modification of input documents
- Person(s) suspected of the abuse
- Name
- Social security number
- Date of birth
- Office title
- Work location
- Length of affiliation with University of Houston
- Office phone number
- Home address
- Person(s) reporting/detecting abuse
- Name
- Office title
- Office phone number
- Work location
- Evidence available to substantiate suspicion of abuse
- Activity logs
- Printouts
- Negotiable instruments
- Input documents
- Computer media
- Audit trails
- Date(s) of the abuse
- Location of the abuse situation
- Any action taken in response to the reported abuse.