PURPOSE:
This Email Accounts Policy outlines the standards and procedures for the creation, use, management, and termination of email accounts provided by Idaho College of Osteopathic Medicine (ICOM). The purpose of this policy is to ensure the secure, appropriate, and efficient use of ICOM's email systems for official communication, academic activities, administrative purposes, and other legitimate institutional business. This policy aims to protect ICOM's email infrastructure, data, users, and reputation from misuse, security threats, and legal liabilities.
SCOPE:
This policy applies to all email accounts provided by ICOM, including but not limited to:
- Faculty and Staff email accounts (@icom.edu)
- Student email accounts (@s.icom.edu)
- Group or Club email accounts
- Alumni email accounts (@alumni.icom.edu)
- Any other email account provisioned by or through ICOM's email systems.
This policy applies to all users of ICOM email accounts, including but not limited to:
- Faculty
- Staff
- Administrators
- Students
- Alumni (if provided with accounts)
- Affiliates
- Volunteers
- Contractors
- Vendors authorized to use ICOM email.
DEFINITIONS:
- ICOM Email Account: Any email account provisioned by or through Idaho College of Osteopathic Medicine.
- Institutional Record: Any recorded information, regardless of format or medium, created, received, maintained, or used in the course of ICOM business.
POLICY:
Account Provisioning and Ownership:
- ICOM email accounts are provided as a resource to support the Institution's mission and are considered the property of ICOM.
- Accounts will be provisioned for eligible individuals upon their affiliation with ICOM, according to established procedures.
- The IT Department is responsible for the creation, management, and termination of email accounts.
Acceptable Use:
- ICOM email accounts are primarily for official communication, academic activities, administrative purposes, and other legitimate institutional business.
- Reasonable personal use of ICOM email is permitted, provided it does not violate this policy or the Acceptable Use Policy and does not consume excessive resources or interfere with institutional operations.
Prohibited Uses:
The following uses of ICOM email accounts are strictly prohibited:
- Illegal Activities: Using ICOM email for any activity that violates federal, state, or local laws, including but not limited to harassment, discrimination, threats, copyright infringement, and distribution of illegal content.
- Spam and Unsolicited Communications: Sending unsolicited bulk emails (spam), chain letters, or other unauthorized communications.
- Commercial Use: Using ICOM email for personal financial gain, commercial activities, or private business ventures unrelated to the Institution, unless specifically authorized.
- Unauthorized Access: Attempting to access or accessing email accounts that the user is not authorized to use.
- Misrepresentation: Impersonating another individual or misrepresenting one's affiliation with ICOM in email communications.
- Forwarding to External Accounts: Automatic forwarding of ICOM email to external, non-ICOM email accounts is generally discouraged due to security and data governance concerns and may be restricted or require approval.
- Excessive Personal Use: Using ICOM email for excessive personal use that interferes with the user's responsibilities or burdens the Institution's resources.
- Sending Offensive or Inappropriate Content: Creating, sending, or forwarding content that is harassing, discriminatory, offensive, obscene, pornographic, defamatory, or threatening.
- Circumventing Security Measures: Attempting to bypass or disable security measures implemented for ICOM's email systems.
- Violation of Vendor Terms: Violating the terms of service or acceptable use policies of any third-party email service providers used by ICOM.
Security and Confidentiality:
- Users are responsible for maintaining the security of their ICOM email accounts, including protecting their passwords and using Multi-Factor Authentication (MFA) when required or available.
- Sensitive or confidential ICOM information should be transmitted via email only when necessary and appropriate security measures (e.g., encryption) are employed, in accordance with the Information Security Policy and Data Classification Policy.
- Users should exercise caution when opening emails or clicking on links from unknown or untrusted sources to prevent phishing attacks and malware infections.
- To maintain security, ensure policy compliance, and investigate suspected misuse, ICOM reserves the right to scan and monitor email content, while adhering to the principles and guidelines set forth in the Data Privacy Policy.
Account Management and Termination:
- Email accounts will be created and managed by the IT Department according to established procedures.
- Upon termination of affiliation with ICOM (e.g., graduation, resignation, termination of employment), email accounts will be disabled and eventually deleted according to the established account lifecycle management procedures.
- Former employees, students, or affiliates may be eligible for continued email access under specific circumstances, as determined by the Institution.
- Departmental or group email accounts will be managed by designated individuals within the respective departments.
Retention and Archiving:
- ICOM email is considered an Institutional Record and is subject to the Data Retention and Destruction Policy. Emails may be retained and archived according to the established Retention Schedule.
Disclaimer:
- Users should be aware that email communications are not always secure or private and can be subject to interception or disclosure.
ENFORCEMENT:
Violations of this Email Accounts Policy may result in disciplinary actions, up to and including warnings, suspension or termination of email account access, suspension or termination of employment or student status, and potential legal consequences, consistent with other ICOM policies and procedures. The IT Department is responsible for investigating suspected violations and enforcing this policy.
MONITORING:
ICOM reserves the right to monitor and log the use of its email systems, including email content, sender and recipient information, and timestamps, to ensure compliance with this policy, investigate security incidents, and maintain the integrity and security of its systems and data. Such monitoring will be conducted in accordance with applicable laws and guidelines set forth in the Data Privacy Policy.
PRIVACY:
While ICOM respects user privacy, Institutional business needs may necessitate access to and review of email content. For this reason users should have no expectation of absolute privacy when using ICOM's email accounts.
POLICY REVIEW AND UPDATES:
This Email Accounts Policy will be reviewed and updated at least annually, or as needed to reflect changes in technology, legal requirements, institutional policies, or best practices. The IT Department is responsible for coordinating policy reviews and updates.
PRIMARY POLICY OWNER:
Chief Information Officer/Information Security Authority
APPROVED:
Effective: 8/23/21
Last Reviewed: 7/8/25
Review Requirement: Annual
CROSS REFERENCE AND SUPPORTING DOCUMENTS:
Information and links to other policies or supporting documents referenced within this policy.
| Document/Resource | Location/Link |
| Information Security Program | Contact Chief Information Officer |
| Acceptable Use Policy | Acceptable Use Policy |
| Information Security Policy | Information Security Policy |
| Data Classification Policy | Data Classification Policy |
| Data Privacy Policy | Data Privacy Policy |
| Data Retention and Destruction Policy | Data Retention and Destruction Policy |