Acceptable Use of IT Resources Policy
To safeguard the integrity of computers, networks, and data, either at ACK or at elsewhere; to ensure that use of electronic communications complies with ACK policies; and to protect ACK against damaging legal consequences.
This policy applies to all users of computing resources owned or managed by ACK. Individuals covered by the policy include (but are not limited to) ACK faculty and visiting faculty, staff, students, alumni, guests or agents of the administration, external individuals and organizations accessing network services via ACK’s computing facilities.
Computing resources include all ACK owned, licensed, or managed hardware and software, and use of the ACK’s network via a physical or wireless connection, regardless of the ownership of the computer or device connected to the network.
These policies apply to technology administered in individual departments, the resources administered by administrative departments (such as the Library), personally owned computers and devices connected by wire or wireless to the campus network, and to offcampus computers that connect remotely to ACK's network services.
- Computers, networks and electronic information systems are essential resources for accomplishing ACK mission of education outreach. These resources are a valuable asset to be used and managed responsibly to ensure their integrity, security, and availability for appropriate business and education activities. All authorized users of these resources are required to use them in an effective, efficient, and responsible manner.
Use of IDs and Passwords
- Users are responsible for their activities on their username/account ID, including appropriate protection of their username/account ID and password.
- The username/account ID name or password assigned to users must not be shared with others.
- Users should select an obscure password and change it frequently.
- A system/network administrator must be contacted immediately if the user has reason to believe that his/her username/account ID or password has been compromised.
- Specific systems may have other, more defined password requirements, for example Financial System, VPN, and Ebrary.
- Guidelines for helping users select a secure password can be found in the Password Standard Policy.
Use of Information/Data
- Users may access only accounts, files, and data they own, that are publicly available, or to which they have an authorized access. Information that is in the user’s possession should be kept secure.
- The confidentiality of information considered being student educational records, employee evaluation records, or otherwise confidential shall be maintained and such information shall not be disclosed or distributed except in accordance with college policies and the law.
- College information and resources shall be used for tasks related to job responsibilities and not for personal purposes.
Information to which the user has access, but for which he/she does not have ownership, authority, or permission to disclose must not be disclosed.
Use of Software and Hardware
- College email, computers, licensed software and networks must be used only for legal, authorized purposes. Unauthorized or illegal uses include but are not limited to the following:
- Destruction of or damage to equipment, software, or data belonging to others;
- Unauthorized copying of copyrighted materials;
- Conducting private business unrelated to college activities.
- Users must not engage in any activity that might be harmful to systems or to an information/data stored thereon, such as:
- Creating or propagating viruses;
- Disrupting services or damaging files;
- Making unauthorized or non-approved changes.
- When vacating computer workstations, users must sign-off or secure the system from unauthorized use.
- Users must use only legal versions of copyrighted software on ACK owned computer or network resources, in compliance with vendor license requirements.
- Users should be aware of any conditions attached to or affecting the provision of college technology services:
- Consult with the system/network administrator for any questions about system workload or performance.
- Refrain from monopolizing systems, overloading systems or networks with excessive data, or wasting computer time, connect time, disk space, printer paper, manuals, or other resources.
Liability for Personal Communications
- Users of ACK information technology resources are responsible for the content of their personal communications. ACK accepts no responsibility or liability for any personal or unauthorized use of its resources by users.
Privacy and Security Awareness
- Users should be aware that although ACK takes reasonable security measures to protect the security of its computing resources and accounts assigned to individuals, ACK does not guarantee absolute security and privacy. Users should follow the appropriate security procedures listed in the IT Security Policy to assist in keeping systems and accounts secure.
- ACK assigns responsibility for protecting its resources and data to system/network administrators, who treat the contents of individually assigned accounts and personal communications as private and does not examine or disclose the contents except:
- as required for system maintenance including security measures;
- when there exists reason to believe an individual is violating the law or ACK policy; and/or
- as permitted by applicable policy or law.
Consequences of Violations
- Access privileges to ACK information technology resources will not be denied without cause. If in the course of an investigation, it appears necessary to protect the integrity, security, or continued operation of its computers and networks or to protect itself from liability, ACK may temporarily deny access to those resources.
- Alleged policy violations will be referred to the appropriate ACK investigative and disciplinary units. ACK may also refer suspected violations of law to appropriate law enforcement agencies.
- Depending on the nature and severity of the offense, policy violations may result in loss of access privileges, ACK disciplinary action, and/or criminal prosecution.
TERMS AND DEFINITIONS
- Acceptable Use: This term consists of these related concepts:
- Information/data and systems may only be used by authorized individuals to accomplish tasks related to their jobs. Use of the information and systems for personal gain, personal business, or to commit fraud is prohibited.
- Information not classified as Public must be protected, and must not be disclosed without authorization. Unauthorized access, manipulation, disclosure, or secondary release of such information constitutes a security breach, and may be grounds for disciplinary action up to and including termination of employment.
- Authorized User: Individual or entity permitted to make use of ACK’s computer or network resources.
- Information Technology Resources: Facilities, technologies, and information resources used for ACK information processing, transfer, storage, and communications. Included in this definition are computing and electronic communications devices and services, such as email, networks, telephones (including cellular), voice mail, fax transmissions, video, multimedia, instructional materials. This definition is not all inclusive but rather reflects examples of ACK equipment.
- Security Incident: An intentional or accidental occurrence affecting information or related technology in which there is a loss of data confidentiality or integrity, or a disruption and/or denial of availability.
- Security Measures: Processes, software, and hardware used by system and network administrators to ensure the confidentiality, integrity, and availability of the information technology resources and data owned by ACK and its authorized users. Security measures may include reviewing files for potential or actual policy violations and investigating security-related issues.
© Copyright 2017. ACK. All Reserved.