Home Contacts Library Site Map

Home » Faculty and Staff » Information Technology » Policies & Procedures » Computing Policy

ACCEPTABLE USE POLICY

 

1.0 Purpose

This policy sets forth the principles that govern appropriate use of computing and digital information resources of Georgia Highlands College. Such resources are the property of the State of Georgia, and users are bound by all pertinent Board of Regents, State and Federal policies and statutes. Access to Georgia Highlands College computing resources is a privilege granted by the College. This policy serves as the guiding framework for information security. There are many other information security policies for dealing with specific technology usage. Please refer to them for appropriate use of all information and technology related issues. Computing policies, like other Georgia Highlands College policies, wherever possible are governed by the principle of academic freedom. Information Technology is committed to protecting Georgia Highlands College's computer users from illegal or damaging actions by individuals, either knowingly or unknowingly. Inappropriate use exposes Georgia Highlands College to risks including virus attacks, compromise of network systems and services, and legal issues.

 

2.0 Scope

Internet/Intranet/Extranet-related systems, including but not limited to computer equipment, software, operating systems, storage media, network accounts providing electronic mail, WWW browsing, and FTP, are the property of Georgia Highlands College. These systems are to be used for business purposes in serving the interests of the college, and of our clients and customers in the course of normal operations. Effective security is a team effort involving the participation and support of every college computer user who deals with information and/or information systems. It is the responsibility of every computer user to know these guidelines, and to conduct their activities accordingly.

Furthermore, this policy applies to all equipment and systems that are owned or leased by Georgia Highlands College.

3.0 Policy

 

3.1 Policy Statement

Georgia Highlands College provides access to computing and information resources for students, staff, faculty, and certain other users in support of Georgia Highlands College’s mission of teaching, research, public service, and in support of the official duties of the College. Access to Georgia Highlands College networks, systems, and resources is considered to be a privilege. Users are expected to understand policies and procedures, comply with regulations and guidelines, act responsibly, and do their part to maintain the security and integrity of these technology resources. Inappropriate use will result in loss of these privileges and may include additional disciplinary action if necessary, up to and including dismissal and/or criminal prosecution. When activating an account, a user implicitly affirms the following:

·        Users will abide by the broadest interpretation of the policies set forth in this document.

·        Failure to follow policies may result in loss of computing privileges, expulsion, or criminal prosecution.

·        IT monitors computer use to protect the system.

·        IT may terminate the account of anyone who has been determined to use his or her access for unlawful purposes or in contravention of this policy.

 

 

3.2 General Use and Ownership

Computer Users Shall:

  • Act responsibly so as to ensure the integrity and ethical use of computing and information resources.
  • Respect the rights of others.
  • Respect all pertinent licenses, copyrights, contracts, and other restricted or proprietary information.
  • Use college computing resources and user accounts only for appropriate college activities.
  • Acknowledge that system administrators may examine files, mail, and printer listings for the purpose of diagnosing and correcting problems with the system.
  • Acknowledge the right of the College to restrict or rescind computing privileges for just cause.
  • Be aware that the data they create on the college systems remains the property of Georgia Highlands College. Because of the need to protect Georgia Highlands College's network, management cannot guarantee the confidentiality of information stored on any network device, including desktops, servers, etc. belonging to Georgia Highlands College.
  • Be responsible for exercising good judgment regarding the reasonableness of personal use.
  • Encrypt any information that users consider sensitive or vulnerable.
  • Acknowledge that authorized individuals within Information Technology may monitor equipment, systems and network traffic at any time for security and network maintenance purposes, per Information Technology's Audit Policy.
  • Acknowledge that Information Technology reserves the right to audit networks and systems on a periodic basis to ensure compliance with this policy.

3.3 Security and Proprietary Information

Computer Users shall:

  • Take all necessary steps to prevent unauthorized access to information contained on Internet/Intranet/Extranet-related systems. The user interface for this information should be classified as either confidential or public, as defined by college confidentiality guidelines.
  • Keep passwords secure and do not share accounts. Authorized users are responsible for the security of their passwords and accounts. System and User level passwords should be changed quarterly.
  • Secure all PCs, laptops and workstations with a password-protected screensaver with the automatic activation feature set at 10 minutes or less, or by logging-off when the host will be unattended.
  • Use encryption of information in compliance with Information Technology's Acceptable Encryption Use policy.
  • Exercise special care when using portable computers, because the information is especially vulnerable.
  • Include a disclaimer when posting from a Georgia Highlands College email address to newsgroups stating that the opinions expressed are strictly their own and not necessarily those of Georgia Highlands College, unless posting is in the course of business duties.
  • Ensure the security of all personally managed systems used by anyone connecting to the Georgia Highlands College network, whether owned by the individual or Georgia Highlands College, and continually execute approved virus-scanning software with a current virus database and operating system software.
  • Use extreme caution when opening e-mail attachments received from unknown senders, which may contain viruses, e-mail bombs, or Trojan horse code.

 

3.4 Unacceptable Use

The following activities are, in general, prohibited. Employees may be exempted from these restrictions during the course of their legitimate job responsibilities (e.g. systems administration staff may have a need to disable the network access of a host if that host is disrupting production services). Under no circumstances is a computer user of Georgia Highlands College authorized to engage in any activity that is illegal under local, state, federal or international law while utilizing Georgia Highlands College-owned resources.

 

The list below is by no means exhaustive, but an attempt to provide a framework for activities which fall into the category of unacceptable use.

  • Intentionally corrupt, misuse, or steal software or any other computing resource.
  • Threaten, harass, intimidate, or commit theft or fraud.
  • Use of any peer-to-peer, file sharing software such as but not limited to: (Kazaa, Freenet, Bearshare, Limewire, Morpheus, etc.)
  • Use of Internet radio/video broadcasts or other services that would present a drain on college network bandwidth.
  • Use of any application or service that is non-business related or that will provide a security threat to systems or data.
  • Access information resources, data, equipment, or facilities in violation of any restriction on use.
  • Use college computing resources for personal or private financial gain without written authorization. Exempted from this provision is remuneration to faculty and staff for customary college-related activities from: approved consulting, copyrights, patents, royalties, honoraria, reviews, etc.
  • Use another person’s computer account.
  • Establish an independent computer system, except those specifically authorized for departmental use.
  • Knowingly, without written authorization, execute a program which may hamper normal computing activities at Georgia Highlands College or elsewhere.
  • Violations of the rights of any person or company protected by copyright, trade secret, patent or other intellectual property, or similar laws or regulations, including, but not limited to, the installation or distribution of "pirated" or other software products that are not appropriately licensed for use by Georgia Highlands College.
  • Unauthorized copying of copyrighted material including, but not limited to, digitization and distribution of photographs from magazines, books or other copyrighted sources, copyrighted music, and the installation of any copyrighted software for which Georgia Highlands College or the end user does not have an active license is strictly prohibited.
  • Exporting software, technical information, encryption software or technology, in violation of international or regional export control laws, is illegal.
  • Introduction of malicious programs into the network or server (e.g. viruses, worms, Trojan horses, e-mail bombs, etc.).
  • Revealing your account password to others or allowing use of your account by others. This includes family and other household members.
  • Using a Georgia Highlands College computing asset to actively engage in procuring or transmitting material that is in violation of sexual harassment or hostile workplace laws in the user's local jurisdiction.
  • Making fraudulent offers of products, items, or services originating from any Georgia Highlands College account.
  • Making statements about warranty, expressly or implied, unless it is a part of normal job duties.
  • Effecting security breaches or disruptions of network communication. Security breaches include, but are not limited to, accessing data of which the computer user is not an intended recipient or logging into a server or account that the computer user is not expressly authorized to access, unless these duties are within the scope of regular duties. For purposes of this section, "disruption" includes, but is not limited to, network sniffing, pinged floods, packet spoofing, denial of service, and forged routing information for malicious purposes.
  • Port scanning or security scanning is expressly prohibited.
  • Executing any form of network monitoring which will intercept data not intended for the computer user's host, unless this activity is a part of the computer user's normal job/duty.
  • Circumventing user authentication or security of any host, network or account.
  • Using any program/script/command, or sending messages of any kind, with the intent to interfere with, or disable, a user's terminal session, via any means, locally or via the Internet/Intranet/Extranet.
  • Providing information about, or lists of, Georgia Highlands College faculty, staff, or students to parties outside of Georgia Highlands College.
  • Political campaigning and commercial advertising must comply with Board of Regents Policy (Section 914.01) – http://www.usg.edu/regents/policymanual/900.phtml

 

3.5 Privacy

Georgia Highlands College makes every effort to protect the privacy of information passing and stored on college systems and networks. This information contained on the systems, however, is subject to the Georgia Open Records Act and therefore can be inspected by the institution for those reasons.

 

3.6 Security Procedures

Additional security policies and procedures exist and must likewise be followed to ensure the integrity of Georgia Highlands College systems and networks. These measures are continually updated to allow for maximum protection as changes occur in the security climate. Appropriate disciplinary actions will be taken in the event these security measures are circumvented. Information Technology staff routinely perform risk assessments on networks, systems, and procedures to ensure compliancy of these policies and maintain integrity of these resources. In addition to validating the security of these resources, a risk assessment can identify additional security weaknesses and provide users with vital security training and awareness. In performing this risk assessment, Information Technology will monitor users and departments handling of information, computing activities, and protection of these assets. Reports of improper procedure and use will be reported to senior administration so appropriate corrective steps can be implemented.

 

3.7 Incident Response

Additional incident response policies exist and must also be followed in order to secure systems, data, and privacy of individuals. Incidents concerning security violations, viruses, hacks, or any other inappropriate use of technology should be immediately reported to the Chief Information Officer or IT Security Officer. Users have a responsibility to report any misuse or violation of security procedures. The Chief Information Officer will coordinate local efforts in safeguarding these systems and include other necessary campus officials per the Incident Response Plan.

 

3.8 External Investigation

With so many laws and regulations regarding use of technology resources, it is possible for an external agency to contact or request information from the College. All such requests should be quickly forwarded to the Chief Information Officer so the request can be properly directed to the appropriate campus official. Many of these requests have a time sensitive component and must be handled quickly.

 

3.9 Harassment

Proper use of electronic resources extends to the area of computer harassment. Users may not use college resources, either locally or remotely, to engage another user in a harassing manner. Such behaviors may be defined, but not limited to: intentionally using a computer to threaten, offend, harass, annoy, or bother another person by subjecting them to inappropriate material, use of language, or bodily threat. Additionally, harassment includes interruption of network and business service, academic pursuit, invasion of privacy, repeated communication designed to irritate, and improper use of legal proceedings. This harassment is not limited to only other users of the Georgia Highlands College network, but extends to inappropriate use of resources to harass individuals outside of the local networking environment. Appropriate steps will be taken to identify violators and cooperate with outside agencies to punish such offense.

 

3.10 Academic Dishonesty

Use of computer resources to pursue purposeful academic dishonesty will be turned over to the offices of Academic Affairs and Student Development. Appropriate disciplinary actions will be followed per the Academic Integrity Code and Student Code of Conduct.

 

4.0 Enforcement

If a College Information Technology official reasonably believes that a user is engaged in activities which may pose an imminent threat to:

1) the health or safety of another

2) the integrity of data

3) computing resources which may adversely affect system operations, the official may temporarily suspend user privileges while the incident is examined. Senior administration will be notified and may include both the supervisor and Human Resources Director. Any computer user found to have violated this policy may have account privileges suspended, terminated, or be subject to disciplinary action, up to and including termination of employment and/or criminal prosecution. Violation of policies includes all Information Technology policies, in addition to this guiding policy.

 

4.1 Acknowledgement of Policy

By activating a computing account, a user implicitly agrees to abide by this and all other Information Technology policies.

 

5.0 Definitions

Term Definition

Computer User (commonly referred to as "User") Any employee, student, Georgia Highlands College affiliate or partner, or any other person accessing Georgia Highlands College's information technology resources locally or remotely.

Spam Unauthorized and/or unsolicited electronic mass mailings.

Intranet Web pages served for Georgia Highlands College internal use only.

Extranet Web pages served for Georgia Highlands College internal use as well as a trusted third party.

 

6.0 Revision History

07/28/03 Policy origination jp & jm

09/17/03 Group review jp

12/08/04 Policy revision jp

11/09/05 Policy review and revision jp

08/13/08 Policy review and revision jp