DATE OF ADOPTION: May 1997
DATE OF REVISION: July 1, 2017
POLICY REFERENCE: Acceptable Use of Information Technology Resources
PROCEDURES GOVERNING USE OF INFORMATION TECHNOLOGY
These procedures are enacted pursuant to the Acceptable Use of Information Technology Resources Policy. They shall govern all use of Information Technology Resources and apply to all users.
1. Information technology resources shall include but not be limited to:
- All computer hardware, software, peripherals and mobile devices.
- Network communications technologies including wireless technologies.
- Network and Internet bandwidth.
- Telephone and voicemail.
- Electronic Mail (Email).
- Electronic services and information.
2. Information technology resources are owned by and are the property of the college. All users must be authorized by the college to access information technology resources. Such access shall be at the sole discretion of the college. Anything created at the direction of the college using information technology resources shall be the property of the college.
3. Any user of information technology resources shall:
- Comply with all laws (federal, state, local and other applicable laws and regulations); and all college policies and procedures.
- Respect the privacy and personal rights of others so as not to constitute an invasion of privacy, harassment, defamation, threat, intimidation, unwarranted annoyance, embarrassment, discrimination based on race, color, age, religion, sex, national origin, marital status, sexual orientation, ability, genetic information and veteran status or the like.
- Use information technology resources in an efficient, effective, ethical, and respectful manner.
- Respect the integrity and security of information technology resources by not attempting to circumvent the system security and/or aid others to achieve unauthorized access, including but not limited to, sharing a user password, unauthorized transmission of information via email, intercepting network transmissions, inappropriate posting of information on social media, or storing information in unapproved commercial systems.
- Respect the finite capacity of information technology resources so as not to interfere unreasonably with the activity of other users.
- Use information technology resources for authorized college-related purposes only.
- Respect and honor the intellectual property rights of others whether protected by patent, copyright, trademark, trade secrets law, other legal mechanism and/or the college Intellectual Property Policy and Procedures.
- Maintain the confidentiality of information by limiting actions that will provide, expose, distribute, or release information to unauthorized users.
- Only access confidential information when authorized by the college. Any confidential information obtained by an authorized user shall only be used for the appropriate college purpose for which access was authorized.
- Confidential information shall only be stored on college authorized service or devices.
- If confidential information is required to be communicated, it shall be communicated in one of the following ways: (i) the use of shared directories and embedding a hyperlink into an Email; (ii) utilize the approved secure file transfer application; (iii) including an attachment that is either encrypted or password protected; or (iv) system-to-system encrypted transmission.
- No automatic forwarding between college Email to/from personal or other business Email.
- Report any discovered weakness in the Information Technology Resources security system to the Chief Technology Officer.
- Report any incident of misuse of any information technology resource or violation of these Procedures to the Chief Technology Officer.
- Report any damaged, lost or stolen technology resource, including personal devices that may have college confidential information thereon, to the Chief Technology Officer.
- Only use college-owned information technology resources to connect to the internally wired college network unless Customer Support Services reviews and approves other equipment connections in advance.
4. The college cannot assure confidentiality, integrity or privacy of information that is transmitted or stored external to college systems. Therefore, users are prohibited from using systems that are not approved through the Information Services Department.
5. The college has the right, at all time, to monitor its information technology resources. Authorized Information Services personnel may inspect files and/or monitor a user's usage of resources. In response to the Higher Education Opportunity Act the college employs a commercial tool which identifies and blocks peer-to-peer applications running on the network.
6. The college Email system is an official method of communication between students, faculty, and staff. Each user is responsible for reading emails in a timely manner and shall be held responsible for the information contained therein, whether it is read or not. Each user is accountable for the contents of Emails sent using their college Email account.
The potential for unnecessarily consuming resources and cluttering campus inboxes requires that Email users adhere to the following:
- Mass Emails must be approved and sent only by authorized employees, which are both designated by Learning Response Team (LRT) members;
- Use of a distribution list is highly encouraged and information transmitted should be important to all members of the distribution list;
- Files attached to Emails should be limited in size, nominally 5MB. Sharing large data files can be accomplished by embedding a hyperlink which redirects to shared file storage or through the approved secure file transfer application;
7. The college email system shall be used in accordance with college policy and these procedures for college business only. Inappropriate use of the college Email system includes, but is not limited to:
- Personal monetary gain.
- Commercial purposes that are not directly related to college business.
- For personal solicitation of business or donations.
- Information in the Global Address Listing (GAL) shall not be extracted or provided by any means for use by businesses or other organizations outside of the college.
- Constructing an email communication so it appears to be from someone else (spoofing).
- Transmitting documents in violation of copyright laws.
- Transmitting embedded or attached malware (except for reporting purposes to the helpdesk).
- Transmitting inappropriate material.
- Viewing Email from another user’s account (except as required for conducting college business; to diagnose and correct delivery problems; in an emergency situation; to stop spam Emails; and conduct investigations).
8. Violations of these Procedures shall be dealt with as follows:
8.1 All detected or reported violations shall be investigated by the Information Services staff. They shall promptly collect all relevant documents and information relating to the alleged violation.
An incident report shall be prepared in all cases of detected or reported procedure violations. Upon collection and review of all relevant information and documentation, a determination shall be made as to whether a violation occurred. If it is determined that no violation occurred it shall be so stated in the incident report and the matter shall be closed. If a violation is found to have occurred, it shall be so stated in the incident report and reference shall be made to the supporting information and/or documentation.
8.2 Sanctions for violation of these procedures may include, but are not limited to, revocation of user account privileges, confiscation of files, data and equipment, and removal of computers from the network. Based on the circumstances, at the discretion of the college, any or all of these sanctions may be imposed prior to the conclusion of the investigation.
In addition to the aforementioned sanctions, an incident report finding that a faculty, staff, or student committed a violation of these procedures may result in a referral to the appropriate college department for further action under applicable college policies and procedures relating to the violator. In any case where a violation of law occurred, the matter may be referred to the appropriate law enforcement agency.