Skip to main content
OSU.edu
    The James

    OSUCCC Administration

    IT Policy Manual

    Cancer IT Home

     

    Computer Networks
    Information Technology Office
    Technology Platform Guide
    Hardware Configuration
    Software Configuration
    Installation of Non-Standard Software Applications on Computers Connected to the LAN -- Guidelines
    Troubleshooting/Support
    Network Storage – Data Storage
    Portable Storage – Data Storage
    Computer Needs of New Employees -- Guidelines
    E-Mail Use/Etiquette -- Guidelines
    Use of Computer Resources and Internet Access


    Computer Networks

    Hospitals information is provided through the Hospitals' isolated data network. There are bridges between the Hospitals' network and OSUNet (Main Campus network). Maintaining the confidentiality of patient records in a networked environment is a major consideration during network planning. If you have further questions on this topic, contact the Help Desk at 614-293-HELP (614-293-4357).

    OSUNet is the University's wide-area network that links campus buildings. It provides access to local mainframes, the super-computer, local area networks, the Internet, and various information services. Some departments are directly connected to OSUNet through their local area network (LAN), however we are not. Individual computers can connect directly to OSUNet if needed.

    Many departments have their own local area network (LAN) used for maintaining software and data and to support e-mail and accessing the larger networks. We are such a department.

    Return to top

     

    Cancer CITOPS Office

    Who and what we support:

      • Faculty, staff, researchers, and students connecting to the established network(s)
      • Departmental personnel assigned to work on specific initiatives

    What we support:

      • Complete hardware set-up and support of approved hardware
      • Software installation, training, and support of approved software
      • E-Mail on Client Side
      • Acquisition of hardware and software
      • Assurance of license compliance
      • Meeting security controls (ISCR) of OSU and the Wexner Medical Center
      • Help Desk and on-site support
      • Ongoing assessment of hardware and software needs
      • Equipment inventory
      • Printer repair and toner

    Return to top

    Technology Platform Guide

    The Cancer Information Technology Operations (CITOPS) department recognizes the need to provide guidance in the area of computer hardware and software. Given that this office has a responsibility to both the medical complex and Campus, we strive to achieve a balance between the needs of both groups.

    It is the desire of our office to balance this by means of providing compatible software and hardware so that the constraints of incompatible equipment can be minimized or avoided altogether.

    In working with such areas as the Hospitals’ Information Systems and Technology and Digital Innovation (Campus IT), there is a clear need to provide compatibility with multiple computing platforms. Therefore, the CITOPS Office recommends the following platform for computing in our environment.

    Return to top

    PC's/Windows Hardware Configuration

    Return to top

    Software Configuration
      • OS: Microsoft Windows (10, 11, Server), Mac OS X, Linux (Ubuntu and RHEL)
      • Productivity: Microsoft Office / Microsoft 365 Apps
      • Email: Microsoft Outlook and mail.osumc.edu for @OSUMC.edu mail
      • Hospital Apps: IHIS, PLA, EasyViz, etc.
      • Utilities: Adobe Acrobat, Photoshop
      • Browser: Microsoft Edge, Google Chrome, Internet Explorer 11 (Depreciated)
      • Endpoint Protection: Windows Defender and Crowdstrike

    Return to top

    Installation of Non-Standard Software Applications on Computers Connected to the LAN -- Guidelines


    Preface:

    The CITOPS Office works with other technical offices on campus to ensure that clients directly connected to the Local Area Network (LAN) are provided with the appropriate software applications via the file server. Standardization on software (and hardware) allows for better technical management, timely software updates, and lowers costs in terms of licensing and technical support, and a lower total cost of ownership.

    There are times when a client will need to have specific software applications and/or files loaded on their workstation that are perhaps client-based and/or specific only to their needs or set-up. This document is intended to provide guidelines as to how an end-user should proceed in having such applications/files loaded.


    Priority:

    A responsibility of the CITOPS Office is to provide technical management of the file server and LAN-based hardware and software. The CITOPS Office works to maintain the integrity of the system and to prevent unnecessary down times for the end-users. A primary way of achieving this objective is to carefully check that any additions to the LAN or a user's workstation are compliant with the existing set-up. Involvement of our staff prior to the installation of a specific application will help avoid unnecessary problems that may occur at the workstation level, or even on the LAN. Should there be conflicts, the CITOPS Office will work to resolve such conflicts should the software/files be deemed necessary for the requester to fulfill position-related responsibilities. Applications that have conflicts and simply replicate what is already available (e.g., screen saver, web utilities, MP3 players, etc) and/or they are not needed as part of the user's position will not be installed and time spent to resolve such conflicts will be limited, if at all.

    In addition, the CITOPS Office is committed to 100% compliance with software copyrights and licensing requirements. Therefore, proof of ownership, which may include the software license and/or original media or documentation, will be required if the requester wishes to have the software installed.


    Process:

    A faculty or staff member connected to the LAN and wishes to have a specific application installed should call the helpdesk at 614-293-4357 or open a non-catalogue request via the directions here: Submitting a Non Catalogue Request

    The office will schedule a staff member to go to the requester's work site (on campus only). Support is provided Monday- Friday 7:30am – 5:00pm. Support is obtained by calling the above number or by submitting a ticket via the OSUWMC Support Home Page. The helpdesk is available 7 days a week 24 hours a day but can only offer limited support from 6:00pm until 7:00am. After hours support from the CITOPS Office is only available for server related issues.

    Return to top

    Troubleshooting/Support

    A responsibility of the CITOPS Office is to troubleshoot problems and conflicts. Again, the main thrust of the support will be for platform-supported software. Should conflicts develop after a specific application has been installed on a user's workstation, the Office will work to resolve the conflict for applications needed for a person's position. Should a conflict develop with a non-job specific application due to some future system upgrade (hardware and/or software) the application will be removed, and the end-user will be advised of possible alternatives. If it is found that third party software caused the problem, we will re-image your system with our standards.


    The risks associated with the use of non-platform software are entirely assumed by the end-user.

    Return to top

    Network Storage – Data storage

    Preface:

    The CITOPS Office maintains many servers for file/data storage, and Web/Database functions. We provide this for you to efficiently work together as a group. This storage is provided for safe and secure storage of your data files. We maintain the network storage area on enterprise class storage, that is replicated. We monitor the need for space, and backup this storage twice a day for disaster recovery for 5 months. Additional backups are done to tape incrementally weekly. For those that need an extensive amount of space (2TB or more) we offer storage to purchase. All data protections must comply with OSU Campus Information Security Control Requirements (ISCR) specified in the Information Security Standard (ISS) (OSU ISCR). Adherence to these requirements ensures that the Cancer Program protects its information assets with due diligence, complies with government regulatory and contractual requirements.

    Process:

    The purpose of this procedure is to outline the steps faculty and staff must take to be in compliance with the University ISCR and state and federal regulations. The goal also is to protect the University’s data, while preserving the ability for the Cancer Program and its faculty, staff, and students to perform their daily duties without significant disruption. This policy standardizes processes and procedures across all Cancer Program units and entities as they relate to the storage and transmission of electronic media. These procedures are designed to prevent the inadvertent disclosure of private (S3) or restricted (S4) data via common mistakes or accidents.

    All files must be stored on approved storage locations. In the case of the Cancer Program most are stored on a SAN server, known as T: drive, X: drive, or for Personal files, OneDrive. The T: drive is the shared area that individual groups have areas they share with each other. The X: drive is purchased space for archive files or large datasets that are not used daily. OneDrive is the end user personal drive, only the end user has access to their personal OneDrive storage area. Each End User is provided 5TB of space for this use. Although considered a personal drive, OneDrive is intended only to be work related storage this does not include actual lab data, lab data should be stored on T: drive under the correct lab or administration folder. This does not include personal photos of family, friends, or music files. OneDrive is provided for those documents that you may not want others to access, No files should be stored on a local C: drive. Files stored on Local drives cannot be the responsibility of the CITOPS Office if lost or deleted.

    Return to top

    Storage of Data on Portable Devices or Media

    Definitions

    • Mobile devices: External hard drives, USB Flash drives, laptops, cell phones
    • Encryption: The process of converting information or data into a code, especially to prevent unauthorized access of that data
    • Private (S3) data: Private (S3) data is institutional data classified as private due to legal, regulatory, administrative, or contractual requirements; intellectual property or ethical considerations; strategic or proprietary value; and/or other special governance of such data. Access to and management of private data requires authorization and is only granted to those data users as permitted under applicable law, regulation, contract, rule, policy, and/or role. Transmission and use of University data outside the University requires adherence with this policy. All faculty and staff must comply when using mobile devices and portable storage media or otherwise removing information outside the University
    • Restricted (S4) data: Restricted (S4) data is institutional data that requires the highest level of protection due to legal, regulatory, administrative, contractual, rule, or policy requirements. Access to and management of restricted data is strictly limited as unauthorized use or disclosure could substantially or materially impact the university’s mission, operations, reputation, finances, or result in potential identity theft
    • Outside the University: Information is considered "outside the University" if it is stored on a mobile device, transmitted by email, or otherwise stored on a system that is not managed by or provided under contract to the University

    Private (S3) and Restricted (S4) Data on Portable Devices and Media

    • New employees/end-users to be connected to the Local Area Network (LAN) will have different computer-related needs in the area of directory access, hardware, software, remote access, e-mail account, basic login training, etc. The CITOPS Office has worked to develop the capability of responding in a timely manner to such needs, by providing the end-user with the opportunity to contact only one office.
    • Use Cisco AnyConnect VPN for remote access to the CITOPS central server instead of transporting it on mobile devices, external hard drives, or flash drives
    • If there is no option but to use mobile devices, the device used must be purchased through CITOPS and encrypted with University approved encryption and managed by CITOPS. Note: The standard USB device is Aegis Secure Keys from Apricorn
    • Use of personal equipment (such as home PCs, laptops or personal USB drives) or non OSU approved third-party cloud hosting services for restricted data storage (S3 and S4) is prohibited. OSU’s approved cloud storage vendor Office 365 OneDrive is the current allowable cloud storage offering for S3 and S4 data
    • Data copied from University devices to portable storage media will be scanned by the University’s Data Loss Prevention software and violators of this policy will be reported to Compliance

    Return to top

    Computer Needs of New Employees -- Guidelines

    Preface:

    New employees/end-users to be connected to the Local Area Network (LAN) will have different computer-related needs in the area of directory access, hardware, software, remote access, e-mail account, basic login training, etc. The CITOPS Office has worked to develop the capability of responding in a timely manner to such needs, by providing the end-user with the opportunity to contact only one office.

    Priority:

    It is the responsibility of the CITOPS Office to manage the hardware and software along with providing end-user training as appropriate. There should be a basic understanding of computer usage that is not part of training. To prepare for meeting the needs of a new employee and to maintain the hardware and software inventory, offices are asked to notify the CITOPS Office as soon as possible (two weeks) when a new employee or an additional hardware/software need has been identified. This will facilitate the acquisition and preparation of needed computer equipment and the scheduling of time when the new end-user can meet with a CITOPS Office staff member for training and computer orientation. Note: for those requesting a Mac device justification will need to be provided.

    Process:

    As a guideline, an office director/supervisor/HR Department is asked to provide the following information, as much in advance as possible (two weeks), to the CITOPS Office.

      • New LAN User Request Form (on the web)
      • Hardware needed for the work site (e.g. Computer, Printer, other special needs)
      • Hardware, if any, needed for home
      • Special software needs for the work site computer (e.g., Stat, SMS, EndNote, etc)
      • Special connection needs (e.g., OSUNet, data line)
      • Time available for computer orientation (at least one hour is recommended)

    Return to top

    E-Mail Use/Etiquette -- Guidelines

    Preface:

    This document is intended to offer guidance to users of the electronic (e-mail) mail system. Access to e-mail, like other privileges, come with certain responsibilities; therefore, users are asked to consider the points below as they make use of e-mail and other computerized services (e.g., listserver lists) available at the College/University.

    Process:

    In an effort to efficiently and consistently familiarize users with the technology and operations in the department, a computer orientation is arranged (on an individual basis) for new employees who will have an account on the Local Area Network (LAN). In addition to this orientation, a packet of materials is given to new staff members, which include discussion of the e-mail system. Weekly maintenance is run to reduce the amount of mail stored in the system. This means, any mail stored in you in-box or folders for more than 90 days will be archived. Items in your Deleted Items are not archived. Message in your archive will not be affected.
    Specifically, e-mail users are advised of the following:

      • You may not sell or solicit items by sending messages to "All"
      • Do not send confidential patient and student information via e-mail unless it is encrypted
      • Do not forward your OSUMC email to any other email system, and only forward your OSU.EDU to your OSUMC email. Forwarding email to any other system is prohibited
      • Do not use all capital letters because this implies that you are shouting or angry
      • When sending messages to "All" in the E-Mail address book, remember that the message will be sent to everyone in the address book
      • When replying to a listserver list, remember that the message will go to all users in that particular group
      • Always try to specify a subject for the message
      • Try to be literal in your messages because often jokes can be misconstrued. Don’t forget that the receiver cannot see you smiling. "Smilies", for instance ;-), are characters typed together which look like a face. These may help portray humor better
      • Sign your messages and include a return address because some users E-mail may not have the ability to reply to a sender automatically. Create a signature file that will include your name, title, phone number(s), and e-mail address

    Return to top

    Use of Computer Resources and Internet Access

    Faculty, staff, and student employees may access the internet for personal business only during non-work time and in strict compliance with all other terms of this policy. Contract employees may not use resources to access the internet for personal business. All existing OSU polices apply to the use of electronic resources, particularly those that deal with confidentiality, misuse of resources, and sexual harassment, and information security.

    All information created, sent, or received via electronic resources, including the e-mail system, network, internet, or intranet, is the property of OSU. There is no right to privacy and faculty, staff, students, and contract employees should not have an expectation of privacy regarding such information. OSU reserves the right to, at any time without notice, access, read, review, monitor and copy all messages, and files on its computer systems, as it deems necessary. OSU may, as it deems necessary, disclose information from its computer systems to the law enforcement or other third parties without the consent of the faculty, staff, student and/or contract employee.
    The Internet is not a separate legal jurisdiction, and it is not exempt from the normal requirements of legal and ethical behavior. A good rule of thumb to keep in mind is that conduct which is illegal or a violation of OSU policy in the offline world will still be illegal or a violation of OSU policy when it occurs online.
    ?The following specific principles are applicable to faculty, staff, students, and contract employees when using computer and network systems operated under the direction of the College:

      • Comply with federal, state, and other applicable laws, including policies and protocols of The Ohio State University (examples: copyright, Computer Fraud and Abuse Act, child pornography, and the university's sexual harassment policy)
      • Respect the privacy and rules governing the use of any information accessible through the computer system or network
      • Respect all applicable software licenses. Do not make unauthorized copies of software even when the application is not physically protected against copying
      • Respect the procedures and guidelines established to manage the use of the system. Non-platform software applications should not be loaded on LAN workstations, nor should hardware devices be connected without contacting the CITOPS Office first in order to avoid potential conflicts with the existing setup. All files downloaded from the internet should be scanned for viruses before they are used on your system
      • Users are responsible for their computer accounts including e-mail and internet accounts. Accounts and their passwords may not be used by persons other than those to whom they have been assigned
      • Computer resources are in place to support the overall mission of the department. They may not be used for personal, commercial, or business purposes, or for other personal gain
      • Personal use of university computing resources is permitted when it does not consume a significant amount of those resources, does not negatively impact the end-user's job performance and other university responsibilities, and is in compliance with all applicable laws and policies. Individual units within the department may impose further limits as appropriate
      • Users are reminded that many electronic communications are subject to the Ohio Public Record Statute
      • E-mail users are to be familiar with the etiquette
      • End-users are specifically reminded not to send confidential patient and student information via e-mail unless it is encrypted and to use the standard e-mail applications of the department (Outlook)
      • E-mail messages should be written carefully. Often e-mail messages are written quickly and spontaneously and may tend to be glib. Responses are often drafted without reflection. Because e-mail message may be subject to disclosure under the public records law, nothing should be written that would make the write feel uncomfortable if they were to see it in the local newspaper
      • Users are specifically reminded not to send confidential patient or student information via e-mail unless it is encrypted and to use (Outlook). Encrypted messages with confidential content must be transmitted person to person for purpose related to patient care or offices OSU business and should not be broadcast to a distribution list
      • Downloading of applications and data from the Internet presents the potential of introducing problems for both the workstation and network. End-users are asked to contact the CITOPS Office to assist in this process

    ?E-mail system, network, and internet/intranet access are not to be used as follows

      • In a manner that interferes with business activities
      • To send chain letters
      • To conduct unauthorized business such as for profit business activity or to operate any outside business
      • To send, print, request, display or store fraudulent, harassing or obscene messages and/or materials, including any messages or materials that disparage other based on race, national origin, sex orientation, age, disability or religious or political beliefs
      • To engage in any illegal activity
      • To create websites without the permission of the CITOPS office
      • To acquire, disseminate or print copyright materials, including software and articles, in violation of copyright laws. Software may not be copied or redistributed unless the applicable license or other agreement expressly permits copy or redistribution. Software should not be downloaded or installed onto a computer, or network server, without the assistance of the CITOPS Office

    Engaging in hacking, cracking or other such activities is specifically prohibited by the policy. Under the federal and state laws (Computer Fraud and Abuse Act, Health Insurance Portability and Accountability Act (HIPAA), it may be a crime to access or use a computer without authorization, to alter data in a computer without authorization, to transmit computer viruses or worms over computer networks, to conduct e-mail bombing and to engage in other such activities

    End-users violating the above policies may be denied access to such resources and may be subject to other penalties and disciplinary action, both within and outside of the university.

    Return to top

    Please note this is just a subset of polices. Campus has additional polices that must be followed. Those can be found here (Office of Technology and Digital Innovation Policy) as well has policies from the Medical Center found here (OSUWMC Policy)