This site requires JavaScript to be enabled
An updated version of this article is available

IT Standard Institutional Email (IT-14)

120 views

18.0 - Updated on 01-03-2024 by Michael Arsenault

17.0 - Updated on 04-27-2023 by Sussan Dehghan-Kavoosi

16.0 - Updated on 10-27-2021 by Sussan Dehghan-Kavoosi

15.0 - Updated on 10-21-2021 by Sussan Dehghan-Kavoosi

14.0 - Updated on 09-29-2021 by Sussan Dehghan-Kavoosi

13.0 - Updated on 09-13-2021 by Sussan Dehghan-Kavoosi

12.0 - Updated on 09-13-2021 by Sussan Dehghan-Kavoosi

11.0 - Updated on 09-13-2021 by Sussan Dehghan-Kavoosi

10.0 - Updated on 09-13-2021 by Sussan Dehghan-Kavoosi

9.0 - Updated on 04-01-2021 by Sussan Dehghan-Kavoosi

8.0 - Updated on 02-23-2021 by Vladislav Dozorov

7.0 - Updated on 01-28-2021 by Vladislav Dozorov

6.0 - Updated on 12-17-2020 by Sussan Dehghan-Kavoosi

5.0 - Updated on 11-29-2020 by Sussan Dehghan-Kavoosi

4.0 - Updated on 11-29-2020 by Vladislav Dozorov

3.0 - Updated on 11-29-2020 by Olawunmi Togun

2.0 - Updated on 11-29-2020 by Sussan Dehghan-Kavoosi

1.0 - Authored on 10-02-2019 by Sussan Dehghan-Kavoosi

In this article

Purpose

The University of Maryland (“UMD” or the “University”) provides an institutional email system to promote secure communication and collaboration, allow for business continuity, and maintain effective handling of institutional data. The use of email systems to conduct University Business is subject to federal, state, and local legal, regulatory, and statutory requirements, including but not limited to the Family Educational Rights and Privacy Act (FERPA) and the State of Maryland’s public records laws. Noncompliance with these laws and regulations could result in a loss of federal funding, as well as civil and criminal penalties, and/or have a severe adverse impact on UMD’s mission, safety, finances, or reputation. This standard sets forth fundamental requirements for the appropriate use of email systems to conduct University Business. Compliance with this standard is necessary for the University to meet all the requirements of the USM IT Security Standards(Opens in a new window) and the UMD Policy on Acceptable Use of Information Technology Resources(Opens in a new window).

Top

Definitions

Terms used in this article and their definitions.
Term Definition
University Business The work performed on behalf of the University by its personnel (including faculty, staff, student employees, and other persons whose conduct falls under University operations), whether or not such persons receive compensation for performing this work.
Institutional email The UMD email system/platform provided and maintained by the Division of Information Technology (username@umd.edu) enabled by G Suite for Education.
Approved email system The institutional email and any administrative, academic, or programmatic unit’s email system with a waiver.

Top

Requirements

  1. The University requires its personnel to use an approved email system to conduct University Business. Specifically, all email sent by University personnel regarding University Business must be sent from an approved email system.
  2. Email is an inherently insecure medium for transmitting private or confidential information. Email should not be used to transmit data with a risk category of high (Category 4) as defined by the University of Maryland’s Data Classification Standards(Opens in a new window).
  3. As state employees, UMD personnel should not use an approved email system for private gains or personal matters that create or appear to create a conflict of interest or an endorsement by the University. Employees are strongly encouraged to use a separate, non-UMD email system for personal matters.
  4. There are significant differences in the agreement language and the data collected between a typical consumer Gmail and the UMD G Suite for Education accounts. Therefore, automatically forwarding emails and documents from an approved system to another email account/platform (e.g., @gmail.com, @yahoo.com, etc.) is prohibited. This practice greatly elevates the risks of sharing information that is protected as confidential by federal and/or state law or the University’s contractual obligations.
  5. University personnel may enable a UMD email account on multiple devices including mobile phones. To prevent accidental use of personal email addresses, it is strongly recommended that an approved email system is used as the default outbound setting on devices.

Top

Implementation

  1. Each University administrative, academic, and programmatic unit must establish priorities and timetables to decommission their legacy email systems and transition their users to the UMD email system before June 30, 2020. The plan must be communicated to the Division of Information Technology at emailconsolidation@umd.edu before November 30, 2019.
  2. Subject to approval by the respective relevant unit heads and deans, the use of legacy email addresses of the form @[unit].umd.edu may continue for both inbound and outbound email as long as this email is sent and delivered by an approved email system.

Top

Applies To

All members of the University Community who conduct University Business via email. Excludes TERPmail, which is the University of Maryland’s institutional student platform for communicating academic information and providing cloud storage and productivity and collaboration tools. All students and accepted applicants may be granted a TERPmail address (username@terpmail.umd.edu).

Top

Procedures

Waiver

A unit that has unique business requirements that cannot be met by the Institutional email must submit a waiver form(Opens in a new window) explaining, in detail, how conformance with this standard would be noncompliant with federal or state laws. For example, University personnel conducting classified work are required to use an email system that meets federal government statutory or contractual requirements in specific situations. Waivers must be requested by a unit head responsible for overseeing the administrative, academic, or programmatic unit and approved by the respective Dean or Vice President. Waivers to this security standard may be granted for up to 3 years’ duration (with the option for renewal). Consistent with the University’s UMD Policy on Acceptable Use of Information Technology Resources(Opens in a new window), a waiver may be revoked at any time by the VP/CIO.

Violation

Failure to comply with this standard constitutes a violation of the UMD Policy on Acceptable Use of Information Technology Resources(Opens in a new window).

Review

The VP/CIO or a designee will initiate a review and necessary revisions of this standard as needed, with appropriate input from the Division of Information Technology staff and the IT Council.

Top

Responsibilities

The related responsibilities of the positions and offices mentioned in this document.
Position/Office Responsibilities
Vice president/chief information officer
  • Consults with the President, the Senior Vice President and Provost, and the Office of General Counsel about this standard and its implementation.
  • Decides and communicates whether waiver requests are approved.
Division of Information Technology
  • Provides oversight and management access to the Institutional email platform.
  • Provides support and training as required and requested.
  • Takes and resolves complaints about this security standard.
  • Periodically initiates a review and approves the necessary revisions of this security standard.
  • Manages integration with the University Directory, which contains information about users, calendars, and conference/meeting rooms.
  • Provides daily backups to prevent loss of data due to unintentional deletion or system failure.
  • Provides and supports spam and virus protection.
IT Council Reviews and makes decisions related to this standard.
University administrative, academic, and programmatic units
  • Comply with the requirements of this security standard.
  • Establish priorities and timetables for decommissioning their own legacy email systems and transitioning their email users to the Institutional email system.
  • Request waiver to this security standard.
Faculty, staff, and student workers conducting business on behalf of the University
  • Understand and comply with this security standard.
  • Inquire about and report concerns to the Division of Information Technology at itsupport@umd.edu.

Top

Resources

Top

Contact

For questions or comments or complaints about the IT Standard, training or technical help, contact the Division of Information Technology by phone at 301.405.1500 or by email at itsupport@umd.edu(Opens in a new window) or by website at it.umd.edu(Opens in a new window).

Top

History

Recommended by the IT Council and issued by the VP/CIO on: 10/01/2019.

Top

Revised by Sussan Dehghan-Kavoosi
Last modified 11-29-2020 07:33:59 AM