|(a) All authorized users (including, but not limited to, institution of higher education personnel, temporary employees, and employees of independent contractors) of the institution of higher education's information resources, shall formally acknowledge that they will comply with the security policies and procedures of the institution of higher education or they shall not be granted access to information resources. The institution of higher education head or his or her designated representative will determine the method of acknowledgement and how often this acknowledgement must be re-executed by the user to maintain access to institution of higher education information resources. (b) Devices designated for public access shall be configured to enforce security policies and procedures without the requirement for formal acknowledgement. (c) Each institution of higher education head or his/her designated representative and information security officer shall establish a strategy for the use of written non-disclosure agreements to protect information from disclosure by employees and contractors prior to granting access. (d) Institutions of higher education shall provide an ongoing information security awareness education program for all users. (e) Institutions of higher education shall use new employee orientation to introduce information security awareness and inform new employees of information security policies and procedures.