Objective:

To safeguard the integrity of computers, networks, and data, either at ACK or elsewhere; to ensure that use of electronic communications complies with ACK policies; and to protect ACK against damaging legal consequences.

 Policy:                                               Acceptable Use of Information Technology Resources

 INTRODUCTION

Computers, networks and electronic information systems are essential resources for accomplishing ACK mission of education outreach.  These resources are a valuable asset to be used and managed responsibly to ensure their integrity, security, and availability for appropriate business and education activities.  All authorized users of these resources are required to use them in an effective, efficient, and responsible manner.

 1   Responsibilities

1.1  User's Rights and Responsibilities

When ACK grants access to the students, staff and guests to information technology resources, it is to facilitate their education, research, and job activities.  However, by using these resources, users agree to abide by all relevant ACK policies and procedures, as well as all local laws.  These include but are not limited to policies and procedures related to harassment, plagiarism, commercial use, security, and unethical conduct, and laws prohibiting theft, copyright and licensing infringement, unlawful intrusions, and data privacy laws.

Users are responsible for:

• reviewing, understanding, and complying with all policies, procedures and laws related to access, acceptable use, and security of ACK information technology resources;
• asking system/network administrators on access and acceptable use issues not specifically addressed in ACK policies, rules, standards, guidelines, and procedures; and
• reporting possible policy violations to any system/network administrator.

1.2   System Owners/Managers

System owners must periodically assess the risk and magnitude of harm to the information and systems over which they have control that could result from the unauthorized access, use, disclosure, disruption, modification, or destruction of ACK information or information systems that support the operations and assets of ACK; develop operational policies and procedures that:

• are based on the risk assessments;
• cost-effectively reduce information security risks to an acceptable level;
• ensure that information security is addressed throughout the life cycle of the information systems under their control;
• ensure compliance with ACK information security policies, standards and procedures.

1.3    ACK Rights and Responsibilities

As owner of the computers and networks that comprise ACK technical infrastructure, ACK owns all official administrative data that resides on its systems and networks, and is responsible for taking necessary measures to ensure the security of its systems, data, and user's accounts.  ACK does not seek out personal misuse.  However, when it becomes aware of violations, either through routine system administration activities or from a complaint, it is ACK responsibility to investigate as needed or directed, and to take necessary actions to protect its resources and/or to provide information relevant to an investigation.

2     Use of IDs and Passwords

• Users are responsible for their activities on their username/account ID, including appropriate protection of their username/account ID and password.
• The username/account ID name or password assigned to users must not be shared with others.
• Users should select an obscure password and change it frequently.
• A system/network administrator must be contacted immediately if the user has reason to believe that his/her username/account ID or password has been compromised.
• Specific systems may have other, more defined password requirements, for example ARMS, VPN, and Ebrary.

Guidelines for helping users select a secure password may be found in the “Password Standard” document.

3    Use of Information/Data

• Users may access only accounts, files, and data that are their own, that are publicly available, or to which they have been given authorized access. Information that is in the user’s possession should be kept secure.
• The confidentiality of information considered to be student educational records, employee evaluative records, or otherwise confidential shall be maintained and such information shall not be disclosed or distributed except in accordance with college policies and the law.
• College information and resources shall be used for tasks related to job responsibilities and not for personal purposes.
• Information to which the user has access, but for which he/she does not have ownership, authority, or permission to disclose must not be disclosed.

4     Use of Software and Hardware

College email, computers, licensed software and networks must be used only for legal, authorized purposes. Unauthorized or illegal uses include but are not limited to the following:

• Harassment;
• Destruction of or damage to equipment, software, or data belonging to others;
• Unauthorized copying of copyrighted materials; or
• Conducting private business unrelated to college activities.

Users must not engage in any activity that might be harmful to systems or to an information/data stored thereon, such as:

• Creating or propagating viruses;
• Disrupting services or damaging files; or
• Making unauthorized or non-approved changes.

When vacating computer workstations, users must sign-off or secure the system from unauthorized use.

Users must use only legal versions of copyrighted software on ACK owned computer or network resources, in compliance with vendor license requirements.

Users should be aware of any conditions attached to or affecting the provision of college technology services:

• Consult with the system/network administrator for any questions about system workload or performance.
• Refrain from monopolizing systems, overloading systems or networks with excessive data, or wasting computer time, connect time, disk space, printer paper, manuals, or other resources.

5     Liability for Personal Communications

Users of ACK information technology resources are responsible for the content of their personal communications. ACK accepts no responsibility or liability for any personal or unauthorized use of its resources by users.

6     Privacy and Security Awareness

Users should be aware that although ACK takes reasonable security measures to protect the security of its computing resources and accounts assigned to individuals, ACK does not guarantee absolute security and privacy. Users should follow the appropriate security procedures

ACK assigns responsibility for protecting its resources and data to system/network administrators, who treat the contents of individually assigned accounts and personal communications as private and does not examine or disclose the contents except:

• as required for system maintenance including security measures;
• when there exists reason to believe an individual is violating the law or ACK policy; and/or
• as permitted by applicable policy or law.

7     Consequences of Violations

Access privileges to ACK information technology resources will not be denied without cause.  If in the course of an investigation, it appears necessary to protect the integrity, security, or continued operation of its computers and networks or to protect itself from liability, ACK may temporarily deny access to those resources.

Alleged policy violations will be referred to the appropriate ACK investigative and disciplinary units.  ACK may also refer suspected violations of law to appropriate law enforcement agencies.

Depending on the nature and severity of the offense, policy violations may result in loss of access privileges, ACK disciplinary action, and/or criminal prosecution.

8     Policy Review

ACK senior management will review this policy as needed. Any questions about the policy should be directed to the IT Manager or Support Services Director.

Definitions:

Acceptable Use: