Procedure 8.2.2: Information Technology Usage Procedure
Effective Date: Mon, May 19, 2008
Amended Date: Mon, Oct 11, 2010
This section will define the procedures for the use of the Information Technology Services systems at Haywood Community College. All users of HCC information technology services are subject to the Computing Services Policy found in the HCC policy manual.
Haywood Community College will provide information technology resources to staff and students for the purpose of completing college-related activities. These activities include, but are not limited to the following: data entry and retrieval, report preparation, records maintenance, instruction, research, and planning. Because of the wide range of users and uses, it is necessary to establish procedures to ensure that the systems are used in the most efficient manner possible while providing for the protection of equipment, data, and software. HCC has the right to monitor activities and to access information on HCC information technology systems stored, sent, created or received by faculty, staff and students. HCC faculty, staff and students should not expect individual privacy in their use of HCC information technology systems including the use of the HCC electronic mail system.
While the Executive Director of Technology and Instructional Support Services is charged with the responsibility for the proper use of the Information Technology Services systems, it is everyone’s responsibility to see that information and technology services and resources are properly used and that security is maintained. Since all of these responsibilities can be considered under the broad category of security, each user must be aware of and employ proper operating procedures to ensure security. In this context, “the system” means both the equipment and the data.
Information and Technology Systems
The following must be adhered to in the use of HCC Technology and Information Systems:
Each HCC employee has a personal ID that must not be used by any other user. Users should not leave a computer unattended on which they have logged-on to HCC information technology services and resources. If a user must leave the immediate area of their workstation, he/she should log off the system. Sensitive information should not be left accessible on a computer.
Every employee is responsible for the protection of all equipment resources from any kind of damage and the protection of data from (1) disclosure to any unauthorized person, (2) unauthorized modification, or (3) destruction.
In accordance with the HCC Computing Services Policy, HCC information technology systems should be used to complete college-related activities and research, not for personal recreation or business, or political purposes. The college computer systems must not be used by employees to intercept data, monitor user accounts, gain unauthorized access to restricted data, or for any purpose that violates federal, state or local regulations. All HCC Faculty and staff are expected to:
- Access data only to conduct college business.
- Access the minimum Confidential data or Restricted data necessary to perform college business.
- Respect the confidentiality and privacy of individual records.
- Observe any ethical restrictions that apply to data to which an employee has access to college information in performance of his/her job.
HCC prohibits access to the college trusted network via unsecured wireless communication mechanisms. Only WPA2 Enterprise encrypted wireless systems are approved for use on the HCC wireless infrastructure. An unsecured wireless subnet is provided for access by guests to non-college related resources necessary to conduct business or to provide presentations to the college.
Remote Access and off-campus access
It is the responsibility of all HCC employees with remote access privileges to the college information systems and college data to assure that their remote access connection adheres to all HCC policies and procedures regarding security of data and confidential information. Remote access will only be granted to authorized users by the ITS office.
All employees with remote access privileges or authentication credentials from off-campus are expected to operate in accordance with all HCC technology security policies and procedures as if he or she was working on campus. All employees are responsible for maintaining security practices in the retrieving and management of data on HCC information systems. Remote access users who violate Information Technology Services usage policies and procedures will be subject to one or more of the following disciplinary sanctions: admonition, temporary or permanent suspension of information technology access privileges.
It is recommended that all Confidential data and Restricted data types be electronically stored or accessed from the one of the following list of devices: HCC managed servers, HCC managed desktop computer, HCC encrypted laptop, HCC encrypted mobile storage device. Any encrypted device must be encrypted using a process documented approved by ITS.
Unless specifically authorized in writing by the software developer or publisher, programs and their related documentation shall not be reproduced in any form. U. S. Copyright Law provides for civil damages in cases involving the illegal reproduction of software. Students and staff involved in the making or use of unauthorized copies of computer software will be subject to disciplinary action. Unauthorized copies or illegal software installed by students will be confiscated and destroyed. Students cannot install personal software on college-owned computers.
Information Technology Services will practice appropriate security measures in the operability and integrity of the college Local Area Network (LAN), including e-mail, Internet, and other related resources. All employees are responsible for maintaining security practices in the retrieving and management of data on HCC information systems
Morals, Ethics, and Audits
Freedom of expression is a constitutional right afforded to individuals. However, HCC information systems are for the purpose of conducting college business. HCC information technology system users are held accountable for their actions and must respect the rights of other individuals that may be offended by the services and images retrieved on the Internet. Creating, viewing, storing, transmitting or publicly displaying pornographic material (as defined by the U.S. Supreme Court), obscene, defaming, slanderous, harassing, or offensive data (including sound, video, text, and graphics data) is prohibited.
Freedom of expression and the right of privacy are constitutional rights afforded to individuals. HCC information systems are for the purpose of conducting college business. Therefore, these rights have certain limits. At HCC, as in other public colleges and universities, there are limitations to speech and privacy rights when an employee or student uses HCC information technology resources owned or leased by the college. The users of information technology services owned and operated by HCC have a diminished right of privacy and their expression or speech is limited to that of a nonpublic forum. Therefore, information technology system users are held accountable by the college for their actions including, but not limited to, their respect for the rights of other individuals that may be offended by the services and images retrieved on the Internet.
The college prohibits the creating, viewing, storing, transmitting, or publicly displaying of pornographic material (as defined by the U.S. Supreme Court), obscene, defaming, slanderous, harassing, or offensive data (including sound, video, text, and graphics data). Moreover, users may not download to or maintain unlawful material on college-owned or leased computer systems (Urofsdy, et al. v. Gilmore (4th Cir., 2000) or on privately owned computers used on the campus network (U.S. v. Simmons, 206 F.3d 392 (4th Cir., 2000).
HCC reserves the right to conduct electronic audits to enforce its policies, regulations, and procedures in the usage of the administrative systems, computer resources and network systems at Haywood Community College. Individuals who feel they have been harassed should report the incident to the Executive Director of Technology and Instructional Support Services. The Information Technology Services staff controls physical access to the information technology center. Students and staff are not allowed to enter the data center unless authorized by one of the Information Technology Services staff members.
Students and staff are responsible for reporting suspected security violations of information technology systems and services to their teacher, Academic Advisor, Department Chair, Supervisor or the Information Technology Services staff immediately. The Information Technology Services staff will investigate the violation and take appropriate action where required. Violators of the Information Technology Services usage procedures previously stated will be subject to one or more of the following disciplinary sanctions: admonition, temporary or permanent suspension of information technology access privileges.
Up one level