UT Foundation Policies
1.1 ANDI: Access, Confidentiality & Security
EFFECTIVE: 6/1/2008 · REVIEWED: 3/23/2011
ObjectiveIn order to comply with the University of Tennessee’s information technology policies and industry best practices, new functionality has been added to ANDI that provides for password complexity, password expiration, and an anti-hacker feature that locks a user account after 5 invalid login attempts.
Password ComplexityANDI passwords must be at least eight characters but no longer than twelve characters. The password must include at least one numeral, one non-alphanumeric value (e.g., a punctuation mark), one upper case letter, and one lowercase letter.
Password ExpirationANDI passwords will expire every 90 days. A warning message indicating how many days remain until their password expires will be sent to each user beginning 14 days ahead of the actual day of expiration. This message will display each time a user logs on to ANDI until the password is changed or expires. If a user attempts to log in after the password has expired, the attempted login will take the user directly to the “Change Password” window.
User LockoutA user will be allowed five invalid login attempts within a thirty-minute period. After five unsuccessful attempts ANDI will lock the account. If a user account is locked, the user must contact ANDI Help at 865-974-4153. For questions regarding this policy, contact the Advancement Services help desk at (865) 974-4153 or email [email protected].
IntroductionPursuant to Article II, Section 4(i) of the Affiliation and Services Agreement between The University of Tennessee (UT) and The University of Tennessee Foundation (UTFI), UTFI establishes the following policy to protect the confidentiality of donors, alumni, and their records to the fullest extent allowable under the laws of the State of Tennessee.
Information is Confidential
- All information maintained in any form about UT alumni and UT/UTFI donors, donor prospects, and friends is confidential. This information may be accessed and used by UTFI staff solely for the purpose of planning and operating development and alumni affairs programs for the benefit of UT. In furtherance of their duties, UTFI staff may also share this information with:
- The UT Board of Trustees and the UTFI Board of Directors provided, however, that the recipient of that information first signs a data confidentiality agreement.
- The UT President and his/her staff provided, however, that the recipient of the information first signs a data confidentiality agreement.
- UT staff who assist the development and alumni affairs programs (e.g., Chancellors, Deans, department heads and any UT staff who work directly with the development and alumni affairs programs) provided, however, that the recipient of the information first signs a data confidentiality agreement.
- UT Alumni Association volunteers whose volunteer roles require access to the information (e.g., an Alumni Chapter volunteer responsible for communicating with chapter members) provided, however, that the recipient of the information first signs a data confidentiality agreement.
- UT Development Council, Alliance of Women Philanthropists and other campus/collegiate advisory groups whose volunteer roles require access to the information (e.g., an Alliance volunteer soliciting gifts) provided, however, that the recipient of the information first signs a data confidentiality agreement.
- Vendors retained to assist with the development and alumni affairs programs (e.g., a mail house retained to print and mail a college newsletter) provided, however, that the vendor first signs a data confidentiality agreement (or the terms of the data confidentiality agreement are built into the contract with the vendor).
- The UTFI Board endorses the “Donor Bill of Rights” promulgated by the Council for the Advancement and Support of Education, the Association of Fundraising Professionals, the Association for Healthcare Philanthropy and the Giving Institute. All UTFI staff shall adhere to the principles contained in these documents.
- Pursuant to TCA Title 49, Section 7, Part 1, the Executive Vice President and Chief Operating Officer (COO) shall prepare and maintain an annual report of gifts received during each 12- month period, including the amount of the gift and a general description of its use, but not including any personally identifiable information about the donor or members of the donor’s family.
Alumni and Development Information System
- Pursuant to Article III, Section 2(c)(ii) of the Affiliation and Services Agreement between UT and UTFI, UT and UTFI jointly maintain an electronic alumni and development information system (“ANDI”).
- As used in this policy “ANDI” includes all data stored and accessed through software licensed from SunGard Higher Education under the trade name Advance along with related software systems, including SmartCall, QAS and iModules.
- ANDI is licensed by UT and maintained on servers owned and operated by UT.
- The data is entered and maintained by UTFI staff.
- The data stored and accessed through ANDI is subject to and covered by this Confidentiality of Alumni & Donor Records Policy.
- Additionally, the data stored and accessed through ANDI is classified as “Restricted- Confidential” (level 3) pursuant to UT Policy IT0115, Information and Computer System Classification, Section 5(b)(ii) and use of ANDI data is subject to the terms of that policy.
Requests for Release of InformationAll requests to review or receive copies of UTFI records, data or other information shall be referred to the COO. The COO will review the request and, in consultation with appropriate UT and UTFI officials, determine how to respond.
Philanthropy is based on voluntary action for the common good. It is a tradition of giving and sharing that is primary to the quality of life. To assure that philanthropy merits the respect and trust of the general public, and that donors and prospective donors can have full confidence in the not-for-profit organizations and causes that they are asked to support, we declare that all donors have these rights:
- To be informed of the organization’s mission, of the way the organization intends to use
donated resources, and of its capacity to use donations effectively for their intended purposes.
- To be informed of the identity of those serving on the organization’s governing board, and to expect the board to exercise prudent judgment in its stewardship responsibilities.
- To have access to the organization’s most recent financial statements.
- To be assured their gifts will be used for the purposes for which they were given.
- To receive appropriate acknowledgment and recognition.
- To be assured that information about their donation is handled with respect and with confidentiality to the extent provided by law.
- To expect that all relationships with individuals representing organizations of interest to the donor will be professional in nature.
- To be informed whether those seeking donations are volunteers, employees of the organization or hired solicitors.
- To have the opportunity for their names to be deleted from mailing lists that an organization may intend to share.
- To feel free to ask questions when making a donation and to receive prompt, truthful and forthright answers.
This Bill of Rights for charitable givers was developed by the American Association of Fund Raising Counsel, Association for Healthcare Philanthropy, Council for Advancement and Support of Education and Giving Institute.