1. University Wide Policy Library
  2. Administration and Operations
  3. Cybersecurity Policy for the use of Digital Assets by Alumni and Retirees

Cybersecurity Policy for the use of Digital Assets by Alumni and Retirees

Final Approval Body: Senior Leadership Team
Senior Administrative Position with Responsibility for Policy: Vice-Principal, Finance and Administration
Date Initially Approved: November 2025
Date of Last Revision, if applicable: N/A

Definitions

A complete glossary of technology and cybersecurity related terms and acronyms will be maintained in the Digital Information Security Glossary of Terms and will be made available to all community members and guests.

  • Digital Assets: Discrete or aggregated data, digital services, digital identities, digital technologies, and endpoints within the information technology environment, both on and off University premises, that are provided by the University or purchased using university funds. [Queen’s specific]
  • Endpoints: Client access devices, including, without limitation, laptops, desktops, and mobile devices. Endpoints may be personally owned, or provided by the University (i.e., purchased using University funds). [Queen’s specific]

Purpose

The purpose of the Cybersecurity Policy for Alumni and Retirees is to establish responsibilities of alumni and retirees as they use and interact with digital assets operated by, or on behalf of, the University. By fostering responsible and ethical use, this policy ensures that alumni and retirees can fully leverage these assets. Additionally, the Policy helps to mitigate the risk of cybersecurity incidents, safeguarding both the alumnus or retiree and the University's digital environment.

This policy contributes to a safe and supportive digital environment where alumni and retirees can continue to engage with the community, share their experiences and insights, and express diverse perspectives without fear of external interference or institutional reprisal. By responsibly and ethically using digital assets, alumni and retirees help sustain the conditions necessary to honour Indigenous rights to self-determination and cultural continuity, and foster a respectful community where all voices are recognized and valued.

Scope

The Cybersecurity Policy for Alumni and Retirees is designed to support alumni and retirees as they access and use digital assets operated by, or on behalf of, the University by clearly defining their responsibilities related to ensuring a cybersecure digital environment.

Acceptable use of University Digital Assets

Alumni and retirees are encouraged to use digital assets operated by, or on behalf of, the University for their intended purpose. Usage must:

  • be responsible, ethical, and legal,
  • be consistent with the ֱ, values, and strategic goals of the University,
  • comply with applicable University Policies and other governance instruments,
  • be considerate of the rights of other community members and guests,
  • not cause harm to the University.

Responsibilities

Access Control
Alumni and retirees are entrusted with access to digital assets operated by, or on behalf of, the University. Alumni and retirees may only access and use digital assets to which they have been granted perֱ, including digital authentication identifier(s) (e.g., “NetID”) issued to them by the University.

Subject to appropriate university safeguards, alumni and retirees can enhance their digital experience by granting perֱ to third-party apps to access their account information. Alumni and retirees are responsible for and must ensure that the perֱs do not unnecessarily expose information or increase risk to the University. Authorization by an institutional risk owner may be required for some perֱ requests, and access may be denied or revoked depending on the risk level of the app and vendor.

Identification and Authentication
Alumni and retirees are responsible for safeguarding their digital authentication identifier(s) issued by the University. Alumni and Retirees are required to select a password or passphrase as their identification and authentication knowledge factor that complies with minimum password complexity requirements. By following , and selecting strong passwords or passphrases, alumni and retirees contribute to the security of their accounts and the University's digital environment.

Alumni and retirees are responsible for protecting their passwords or passphrases and must not share or disclose them to anyone. Changing passwords or passphrases when activated or when there is reasonable suspicion of compromise is required and ensures ongoing security of their account.

Alumni and retirees are encouraged to enroll in multi-factor authentication, enhancing the security of their accounts.

Alumni and retirees that enroll in multi-factor authentication are encouraged to use a personal mobile device as their identification and authentication possession factor and configure one of the following as their primary multi-factor authentication methods:

  • University Supported Authenticator App Push Notification,
  • University Supported Authenticator App Software Token,
  • Other Authenticator App not supported by the University.

Alumni and retirees that enroll in multi-factor authentication are responsible for protecting the device they use as their identification and authentication possession factor and are required to:

  • Keep the device in their possession,
  • Store the device in a safe place when it is not in use,
  • Ensure that the device is not usable when it is lost, stolen, or no longer under their control.

System and Information Integrity
Alumni and retirees contribute to the integrity and security of the University's digital environment by protecting and maintaining the personal endpoints they use to connect to wireless networks or other University digital assets. It is strongly encouraged that:

  • The endpoint operating system and other software are intended for use on the endpoint. Software versions are supported by the manufacturer or vendor, and recent updates and security patches are installed,
  • Protection software that detects and prevents malware and other unwanted software is installed and up to date,
  • The endpoint operating system firewall is active and configured.

Prohibited use of University Digital Assets

To ensure a safe and respectful digital environment, alumni and retirees are encouraged to use digital assets operated by, or on behalf of, the University responsibly. To protect the integrity and security of our online community, the following actions are not permitted:

  • Attempting to gain access to or use digital assets to which explicit perֱ has not been granted, including credentials not issued explicitly to the alumni or retiree by the University.
  • Sending unsolicited electronic messages, commercial or otherwise, that are outside of the scope of their role at the University. For more information about unsolicited commercial electronic messages and relevant legislation and regulations, please review the guidance on the Canadian Anti-Spam Legislation (CASL) at Queen’s University web page.
  • Using peer-to-peer file sharing technologies and networks (such as BitTorrent) to download or share content.
  • Using digital assets in a manner that .
  • Using digital assets in a manner intended to deceive, including impersonating the University, any member of the university community, or any other person or entity; giving the impression of representing or being endorsed by the University or any other
  • institution or organization if this is not the case; misrepresenting identity or affiliation in any way.
  • Using digital assets in a manner that disables, overburdens, impairs, or damages the university network or any other university digital asset; restricts, inhibits, or interferes with the use of university digital assets by any other community member or guest; deliberately propagates a virus, malware, or any other malicious code.
  • Using technologies on the university network that automates the enumeration of entities or monitor or collect network activity and data from the university network, including network, port, or security scanning; robots or spiders; network sniffing; keystroke logging.

Assurance 
Suspected violation of this Acceptable Use Policy may result in the implementation of containment measures. Containment measures may include, without limitation:

  • Disabling access to university digital assets,
  • Disabling credentials,
  • Isolating or removing a client access endpoint from the network.

Violation of this Acceptable Use Policy may be referred to an appropriate authority for investigation and may result in disciplinary action at the discretion of said authority.

Related Policies, Procedures, Guidelines: Responsible Use of Digital Resources Policy
Policies Superseded by this Policy: n/a
Responsible Officer: The Associate Vice-Principal (Information ֱ Services) and Chief Information Officer
Contact: Information Security Officer 
Date for Next Review: 2030