Procedure for Internal Investigation Requests

Purpose

Although monitoring of computing and networking resources is performed for the purposes of ensuring proper use of WPI resources, information discovered during such monitoring is kept confidential. Unauthorized disclosures of such information by IT staff are breaches of the WPI Confidentially Policy and the IT Administrator Code of Conduct. However, there are times when internal investigations into individual behaviors are prudent and must be initiated. This document explains the procedures for requesting an internal investigation and the conditions under which the information obtained from an investigation is released.

Scope

This procedure applies to the release of WPI computer and/or network usage information regarding faculty, staff or students when requested by another member of the WPI community. This information is either already stored by the Information Technology Division or is collected by the IT Division for the purposes of an investigation.

Procedures

Complaint Procedure

Individuals who believe that an investigation into a WPI community members use of the WPI computing or network resources should bring the matter to the attention of the Vice President for Human Resources (508-831-5473) in the case of an investigation into an exempt or non-exempt staff member; to the attention of either the Provost (508-831-5273) or the Vice President for Human Resources (508-831-5473) in the case of an investigation into faculty; or to the Dean of Students (508-831-5201) or Vice President for Student Affairs & Campus Life (508-831-5060) in the case of an investigation into a student. An independent inquiry and investigation will be made into any allegations. It is important for WPI community members to report incidents to management.

If appropriate, the Provost, Vice President, or Dean will make a written request for an investigation of computing and network usage to both the Vice President of Information Technology and the Assistant Vice President of Information Security and Networking.

Investigation

When the university receives notice of conduct which appears to be in violation of a computing or network usage policy, it will investigate the allegation in a fair and expeditious manner. The investigation will be conducted in accordance with the university's customary procedures and in such a way as to maintain confidentiality to the extent practicable under the circumstances and permissible by law. The investigation may, as appropriate, include private interviews with the person filing the complaint, with witnesses, and with the person alleged to have committed the infraction.

When the investigation is completed, the Vice President of Information Technology or the Assistant Vice President of Information Security and Networking will report findings to the Provost, Vice President, or Dean who filed the complaint and requested the investigation. The result from the collected information is released only to the requesting party and only pertains to the issue and individual specified in the original complaint. Additional approvals must be given before any additional information is collected regarding further issues involving potential violations of computing/network policies by the individual. Recipients of any data should treat it as confidential information governed under the WPI Confidentiality Policy.

In addition, the Information Security Office adheres to federal and state legal investigation and reporting requirements per the IT Incident Response Standard.

Appropriate Response/Disciplinary Action

In addition, the Information Security Office adheres to federal and state legal investigation and reporting requirements per the IT Incident Response Standard.

If it is determined that a member of the WPI community has been engaged in inappropriate conduct in their use of the WPI networking resources, appropriate action will be taken using the University's established procedures.

Revision History

October 1, 2008: Approved by the Vice President of Information Technology, Assistant Vice President of Information Security and Networking, Provost, Vice President of Human Resources, and Dean of Students. The procedure was e-mailed to the faculty Committee on IT Policy for their endorsement/comments.

April 2, 2009: After minor edits included on this webpage, the procedure was endorsed by three members of the faculty Committee on IT Policy, and approved by the Vice President of Information Technology, Vice President of Human Resources, Dean of Students, and Assistant Vice President of Information Security and Networking.