Policy UL-IT02 University Libraries Technology and Security Protocol

Main Policy Content

  • Introduction 
  • University Policies
  • University Libraries Policies 
  • Cross References


The following policies/guidelines apply to staff use of Libraries workstations (including laptops and notebooks), software, network space, and related technology.


Libraries employees must comply with all University policies relating to privacy, security, the use of software, hardware, and the University Network.  Policies are available in the Penn State Policy site.  The most important University policies are referenced below:

  1. Policy FN14, Use of University Tangible Assets, Equipment, Supplies and Services:  "All tangible assets (including equipment, software, audio-visual material, theatrical costumes, etc.) owned, leased or operated by the University are to be used in the conduct of University programs and activities at University owned or leased locations.  ...University tangible assets and services may not be used for personal gain, by employees for purposes outside the scope of their employment (see also Policy HR35,) or by students beyond their instructional requirements.
  2. Policy AD95 Information Assurance and IT Security.
  3. Policy AD96 Acceptable Use of University Information Resources.


Equipment Provided

The University Libraries may provide each employee with 

  1.  A single workstation

  2.  Standard suite of software

  3.  Employees are expected to use Libraries or University provided equipment in order to ensure proper security and license compliance. 

Principle of Least Privilege

PSU Policy AD95 references Standard – Access, Authentication , and Authorization which states that individuals must be granted the minimum access sufficient to complete their job responsibilities. Individuals with multiple accounts or that are granted privileged access must use the least privileged account for day-to-day activities; privileged accounts will only be used when the elevated privilege is required by the system or application.

Defend Point software is provided on all library employee workstations as the method to temporarily elevate privileges for software installations, etc.

Provisioning and Revocation of Access to Library Accounts and Resources

Compliance with PSU AD95 and the Standard – Access, Authentication, and Authorization requires that under normal circumstances, authorized access must be revoked as promptly as possible after notification of a status change has been received; preferably within 72 hours when the individual:

  • Permanently leaves/departs the University or when employment, student, or other status is terminated for whatever reason. 

  • Transfers from one position to another with different responsibilities and levels of access required.  

In the event that an individual is separated from the University with cause, authorized access must be revoked in coordination with the Office of Human Resources, Office of Student Affairs, or other responsible party, who will determine the appropriate timing based on the specific circumstances.

Note that revoking authorized access may be accomplished independently of disabling or removing an individual’s user account, depending on the security controls of the systems in use. 

PII Scanning

Workstations in areas designated as having the potential to interact directly with Data Categories 3or 4 are included in automatic PII scanning 


Other Policies in this manual should also be referenced, especially the following:

Policy AD95 Information Assurance and IT Security

Policy AD96 Acceptable Use of University Information Resources

Standard - Access, Authentication, and Authorization Management

Effective Date: March 2003
Date Approved: March 10, 2003 (Dean's Library Council)

Revision History (and effective dates):

  • October 2021 - Revised policy
  • May 2019 - Renamed (from - University Libraries Staff Information Technology Use Policies) and refreshed content
  • November 2007 – Revised policy
  • March 10, 2003 – New policy

Last Review Date:  October 2021