Information Technology Responsible Use Policy

Date of Original Implementation: October 2011

Date of Last Revision: October 2011

Purpose

Cambridge College is an educational institution which encourages continuous learning, experimentation, and the development of the adult learner. The College is committed to respecting individual privacy and freedom while expecting each individual to act in a responsible, legal, ethical and efficient manner when using the College’s information technology systems and resources. These systems are designed to encourage high-quality educational, professional career development and self-discovery activities.

The purpose of this policy is to define responsible and ethical behavior that guides faculty, student, and staff use of information technology resources at Cambridge College.

Statement of Policy

Cambridge College provides access to information technology resources for faculty, staff, students, and certain other users to support the College’s mission and to conduct the business of the College. Every authorized user of information technology resources at Cambridge College is responsible for utilizing these resources in an efficient, ethical, and legal manner and in ways consistent with overall College policy.

Definitions:

Information technology includes but is not limited to desktop computers, workstations, network servers, mainframes computers, software, digital information and voice, video and data networks, including official College web pages on its portal, public website and social networking sites.

Scope

The following principles serve to guide the responsible use of information technology for all Cambridge College users.

Respect the rights of others by complying with all College policies regarding sexual, racial and other forms of harassment, and by preserving the privacy of other individuals. For example, it is prohibited to send harassing messages via email or social networking or transmit or reveal personal or private information about individuals. Use computing facilities, accounts and data only when you have appropriate authorization and use them for approved purposes. For example, you should not use Cambridge College information Technology resources to run a business or to access another individual’s computer account.

Respect all pertinent licenses, contractual agreements, and copyrights. Use only legal versions of copyrighted software in compliance with vendor license requirements. For example, you should not post another individual’s copyrighted material on your web page or install software with a single user license on multiple computers.
Preserve the integrity of computing systems, electronic data, and communications networks. For example, you should not modify settings on a desktop computer to make it unusable to others or excessively utilize networked resources, like music videos, that may overload Cambridge College’s network bandwidth.

Respect and adhere to all applicable local, state and federal laws. For example, it is
prohibited to use Cambridge College’s information technology resources to attack computers on another network by launching viruses, worms, or other forms of attack.

Privacy

While the College values and respects the privacy of its staff, faculty, students, and other users, the intrinsic nature of electronic records places limits on the extent to which the College can guarantee a user’s privacy. Despite security protocols, communications over the Internet—and across the College’s local campus network—can be vulnerable to interception and alteration. Consequently, the College cannot assure that absolute privacy can be maintained for data that resides on the College network or on storage media.

Out of respect for personal privacy, the College does not routinely examine the contents of data or files in user accounts. However, on occasion, circumstances may require an examination of a user’s files to maintain system security, to administer or maintain system integrity, to access necessary College information or in response to legal mandate. In such cases, authorized personnel may examine a user’s data without notice. Authorized personnel are those specifically entrusted and approved by the College (needs VP level or General Counsel approval) to conduct such examinations.

Some data are subject to strict access restrictions, such as library patron records and data protected by the Family Educational Rights and Privacy Act (FERPA). The Library, the Office of the Registrar, and other departments that administer confidential data may enforce more stringent access policies.

Personal Use

Personal use is defined as the non-academic, non-administrative use of Cambridge College’s IT systems. Such use is solely discretionary; it neither serves an essential employment function nor is it related to academic discourse. Data that result from personal use are “personal data.”

Personal use of Cambridge College’s IT resources is secondary to performing essential College functions using such resources. If personal use of College IT resources interferes with or causes disruptions to the essential functions of the College performed by IT, then authorized personnel may curtail such use.

Passwords and User IDs

System accounts, passwords, and user IDs plays an important role in protecting the files and privacy of all users. Because users are responsible for all uses made of their accounts, users must take exceptional care to prevent unauthorized use of their accounts. This includes changing passwords regularly and disabling “automatic” log-ins.

In most cases, it is inappropriate—and perhaps dangerous—to allow another person to use another user’s network credentials or email account. In some cases, a user’s data are vulnerable to alteration or deletion. In others, the validity of a user’s credentials could be compromised. Alternatively, if criminal activity can be traced to a user’s account, the person to whom the account is assigned may be held accountable. The College, therefore, reserves the right to restrict or prohibit password sharing.

In addition, the College reserves the right to implement and enforce password maintenance procedures, including detecting and disabling “weak” passwords and implementing password “aging” mechanisms. Weak passwords are those that may be easily “cracked,” guessed, or discovered, such as a user’s birth date or name. Password aging refers to a process that requires users to change passwords at predetermined intervals.

Data Storage and Back-ups

The College maintains a centralized repository of data stored in user accounts on the College network. This includes all the data that a user creates and saves on the College’s network storage devices. It also includes saved email messages, attachments, files, and folders.

The College reserves the right to restrict the amount of network storage available for users. This includes the prerogative to impose quotas on the number and/or size of stored files. The Director of IT, after conferring with the College Leadership, can regulate the availability of central network storage to which each user is entitled.

Data files are routinely backed up on a daily, weekly, monthly, and/or yearly basis. These back-ups facilitate the restoration of College data that have been lost, altered, or damaged. The College will not routinely retrieve backed-up personal data. Users, therefore, are encouraged to maintain independent back-ups of their important personal data, including email messages. Cambridge College disclaims any responsibility for maintaining or providing access to backups of a user’s personal data.

For data backed up by the IT department, retrieval or restoration is at the discretion of the Director and/or the College Leadership.

Security

The College implements appropriate “industry-standard” practices concerning the security of the College’s IT resources. These methods are designed to protect against unauthorized access, intrusion, or damage to the availability, access, or integrity of the College’s IT systems. However, due primarily to the nature of security threats and the remote possibility of a breach of security, the College warrants neither a user’s privacy nor the integrity of data stored on the College network.
 

Copyright, Trademark, and Domain Names

Users must comply with all copyright, trademark, and other intellectual property laws. In general, permission is necessary for a user to reproduce materials, such as video, music, images, or text. To “reproduce” in this context includes downloading and saving a digital copy to a hard drive, floppy, or other storage media. Photocopying copyrighted materials without authorization is also prohibited. Certain exceptions apply, such as “Fair Use.”

In addition, users must generally obtain permission from the copyright owner to prepare derivative works, including modifying existing works. Copyright law also prohibits the distribution, display, or performance of works created by another without a proper release.

The College possesses trademark rights in certain symbols and phrases such as images of the College logo and the words “Cambridge College.” Unauthorized use of these trademarks is not permitted.

Additionally, the College owns certain Internet domain names. These include cambridgecollege.edu, ccnite.org and other such domain names. Registration of domain names incorporating or referencing College trademarks is prohibited without the approval of the College Leadership.

Compliance and Enforcement

All users of the College’s IT resources must abide by these policies. Users not wishing to agree to and comply with this policy will be denied use of or access to Cambridge College IT resources.

College community users who intentionally violate these policies are subject to disciplinary action by the College consistent with established College due process. At the discretion of the Director of IT alleged violations of this policy may be referred to the Executive Leadership or College disciplinary body. In addition, the Director of Human Resources may conduct an investigation regarding the alleged infraction. Violators may also be liable for civil damages and/or criminal prosecution, if applicable.

Guest users of publicly available College IT resources are also subject to the terms of this policy. While explicit acceptance of this policy is not required for guests to access these limited IT resources, guests are accountable for their actions while using College IT resources. Guests who violate this policy will be asked to cease use and may be barred from further access. If a guest user violates federal, state, or local law while using College IT resources, the Director of IT may report this activity to the General Counsel.

Members of the Cambridge College community who believe they have witnessed or been a victim of a violation of this policy should notify or file a complaint with the appropriate College office as follows. Students should report suspected violations to the Dean of Students. Faculty members should report suspected violations to the Vice President/Provost of Academic Affairs. Staff members should report suspected violations to their department head who may report the problem to the Director of Human Resources. Reports of suspected unauthorized use or misuse of Cambridge College information technology resources will be investigated pursuant to standard College procedures.

Information technology users who are found in violation of this policy will be subject to Cambridge College disciplinary processes and procedures including, but not limited to, those outlined in the Student Handbook, the Cambridge College polices, and any applicable bargaining unit contracts. Privileges to use Cambridge College information technology resources may be revoked. Illegal acts may also subject users to prosecution by local, state, and/or federal authorities.

POLICY APPLIES TO:

This policy applies to all students, faculty, and staff of the College and to all other users of information technology resources at Cambridge College. These users are responsible for reading, understanding, and complying with this policy.

Individuals Responsible for Revision and Implementation: Vice President for Finance and Administration and Director of Information Technology