Policies + Procedures — Information Technology — Responsible Use of Electronic Resources

5.1 Responsible Use of Electronic Resources

I. Purpose

The purpose of this policy is to ensure the confidentiality, integrity, and availability of the college’s Information Technology Resources. It is the responsibility of each User to ensure that the college's Information Technology Resources are used appropriately. Inappropriate use of these services exposes the college to risks including but not limited to virus and malware attacks, compromise of Information Technology Resources, data and services, and potential legal issues. The policy is in place to protect all Users who utilize these resources and the college.

II. Scope

This policy applies to all Users who access and use any of the college’s Information Technology Resources.

III. General

Definitions

Information Technology Resource(s) – includes but is not limited to the following: computer and networking equipment, workstations, laptops, software, operating systems, storage devices and media, network accounts, email services and email accounts, Internet browsing and related services, voice mail, applications, scanning and fax systems, tablets, and smartphones.

System – same as Information Technology Resource.

Third Party E-mail Accounts – personal email accounts from a third party provider.

Security Breaches – defined as accessing data of which the individual is not an intended recipient, logging into a server or account that the individual is not expressly authorized to access, disrupting network services, or other intentional acts intended for malicious purposes.

User – Faculty Member, Staff Member, Employee, Agent, Authorized Representative, Agent, or Student that has access to the College’s network and Internet based services.

Policy Components

No Expectation to Privacy

During the course of carrying out their responsibilities faculty, staff, students, agents or other authorized representatives of the college may access the college’s Information Technology Resources. Therefore, there shall be no expectation of privacy in any message (voice or data), file, data, document, facsimile, or any other form of information accessed, transmitted to, received from, or stored on any electronic communication or information system owned, leased, used, maintained, moderated or otherwise operated by the college.
The use, creation or change of any password, code or any method of encryption or the capacity to delete or purge files or messages, whether or not authorized by the College, similarly shall not be understood to give a User any expectation of privacy in any message, file, data, document, communication, facsimile, or other form of information transmitted to, received from, or stored on any system owned, leased, used, maintained, moderated or otherwise operated by the college or its authorized representative.
To protect the college from liability for illegal use of network and/or Internet based services and to protect the college’s financial interests it is understood that the college may monitor the activities of Users that are granted access to its Information Technology Resources. Activities that the college may monitor include but are not limited to network access, email, and Internet usage.
Notwithstanding the foregoing, the college endeavors to maintain the security of all electronically- stored data and information, and the college requires that all Users that have access to network and Internet based services respect these rules. To safeguard and protect the proprietary and sensitive business information of the college and its customers and to ensure that the use of all Information Technology Resources is consistent with the college’s legitimate business interests, authorized representatives of the college may monitor the use of such systems, messages, files on the systems, and equipment.
If the college determines that activities are ongoing which do not comply with applicable laws or this policy, electronic records may be retrieved and used to document the activity. Triggers for record review may include, but are not limited to, investigation of a confidential complaint, investigation of unusual network or server activity, or legal subpoena. In legal matters, which involve electronically stored information, the college will follow appropriate federal and state guidelines.

Appropriate Use

The college considers use of its Information Technology Resources to be a privilege that is granted on the condition that each member of the college community respects the integrity of its Information Technology Resources and the rights of other Users. All Users that use the college’s Information Technology Resources should be guided by behavior and conduct that is consistent with the mission of the college and with respect for the principles of open expression. Use of the college’s Information Technology Resources is intended for use that align within the college’s priorities on instruction, research, and other educationally and business related communication. Accordingly, the use of the college’s Information Technology Resources is permitted and encouraged only where such use is in furtherance of its goals and objectives.

Personal use is permitted where such use does not affect the Users workplace performance, is not detrimental to the college in any way, does not breach of any term and condition of employment and does not place the individual or the college in breach of statutory or other legal obligations. Users should be guided by reasonable and prudent practices on personal use, and if there is any uncertainty, employees should consult their supervisor or manager.

Computer Access Controls

Access to the college’s Information Technology Resources is controlled by the use of User IDs and passwords. All User IDs and passwords are to be uniquely assigned to a named User and consequently, Users are accountable for all actions on the college’s Information Technology Resources. Users must not:

allow anyone else to use their User ID and password on any of the college’s systems;
use someone else’s User ID and password to access the college’s systems;
leave their User accounts logged in at an unattended and unlocked computer;
leave their password unprotected (i.e. writing it down on a piece of paper or storing on
an unencrypted file);
perform any unauthorized changes to the college’s systems or information;
access data for any purpose other than conducting the college’s business even if the
User authorized access;
interfere with or disrupt network communications or system functionality;
physically connect any hardware device not authorized, owned, or provided by the
college to any of the college’s Informational Technology Resources;
download or install software without the prior approval of the policy owner;
store restricted data on any device not owned or sanctioned by the college;
provide or transfer restricted software to any person or organization outside the college
without the approval of the college.

Electronic Mail (Email) and Texting

Email and texting are provided to support open communication and the exchange of information between Users that have access to the college’s Information Technology Resources and external entities. All Users are accountable for their actions when using email or texting applications and must not send emails or text messages that include but are not limited to the following actions:

that are used to harass, intimidate, alarm or threaten another person or organization;
that contain obscene, abusive, libelous or defamatory material;
that are used to distribute copyrighted materials that are not authorized for
reproduction/distribution;
that impersonate another User or mislead a recipient about their identity;
to deceive another individual in order to access another person’s email;
to deliberately and intentionally bypass systems security mechanisms;
to create or forward chain letters or Ponzi or other pyramid schemes of any type;
forward email that contains restricted data to a personal email account. Examples of
restricted data include but are not limited to Social Security Number, Student Financial Aid Data, Student Conduct Records, and Bank Account numbers. For a detailed definition please refer to the Institutional Data Security and Protection Policy;
used for any purpose which is illegal or against the College’s policies;
used to pursue an individual’s business interests that are not related to the College or
used to conduct any type of personal solicitation.

Internet Usage

The Internet provides access to a myriad of tools and the distribution of information that is in direct support of the College’s mission and can aid in furthering the goals and objectives of the college. All Users are accountable for their actions when using Internet based services and browsing and should be aware that every web site visited is monitored and tracked. Activities that are not permitted include but are not limited to:

viewing, downloading, or disseminating materials that can be used to harass, intimidate, alarm, or threaten;
viewing, downloading, or disseminating materials that may inflict harm, is illegal, or against the College’s policies;
disseminating, printing, downloading, or exporting of copyrighted materials (including articles and software) in violation of copyright laws;
export software, technical information, encryption software or technology that is in violation of international or regional export control laws;
perform unauthorized scanning of networks for security vulnerabilities;
execute any form of network monitoring which will intercept data not intended for the
User unless this activity is within the scope of the Users responsibilities;
effect security breaches or disruptions of network communications.

Exceptions

The following exceptions are provided under this policy. Any further exceptions to the policy must be approved by the responsible college officer in advance.

Software that is developed by students and/or faculty as part of instructional activities to satisfy course requirements is exempt from this policy.
An exemption is granted for those individuals engaged in normal educational related activities or research provided that those activities are consistent with the college’s mission.
Personal USB devices or memory sticks are permitted for school and instructional purposes. The User acknowledges that these devices are automatically scanned for any malicious code, virus, and malware or other files that may be detrimental to the college’s Informational Technology Resources.

Enforcement

Any User found to have violated this policy may be subject to disciplinary action, up to and including termination of employment or sanctions as defined in the Student Policies and Procedures Manual.

IV. Procedures

Compliance

The Information Technology Services Department (ITS) will verify compliance to this policy through various methods, including but not limited to monitoring, business tool reports, internal and external audits, and provide feedback to the responsible college officer.