DIXIE STATE COLLEGE OF UTAH

POLICIES AND PROCEDURES MANUAL


Section: 6-Administrative

Policy No:   49

Approved: 05/07/10

Policy: USE OF COLLEGE INFORMATION TECHNOLOGY RESOURCES

6-49- USE OF COLLEGE INFORMATION TECHNOLOGY RESOURCES

  1. Purpose

    1. Dixie State College owns, maintains, and makes available Information Technology Resources for authorized use. These Information Technology resources and Information assets are intended to support the mission of the College. This policy will outline the use of College Information Technology Resources.

  2. Scope

    1. This policy applies to all users of Dixie State College Information Technology resources and governs all Information Technology systems owned or leased by the College whether individually controlled or shared, stand-alone or networked.

  3. Definitions

    1. Access Credentials – Usernames, passwords, tokens, or any other credential or identifier that has the purpose of verifying the identity and authorization of a user to access and perform tasks using an IT resource.

    2. Chief Information Officer (CIO) -- The senior administrative authority regarding operation and development of Information Technology resources and IT support services for Dixie State College.

    3. Data Steward -- The recognized senior administrative position (typically a Vice President, Dean or Executive Director) within a College unit or department, or an appropriate deputy designated by the senior administrator to act in that capacity. Within each College unit or organization, the Data Steward is the principal IT decision-maker regarding departmental IT resources and data.

    4. Data Custodian -- Employees with administrative or operational responsibilities for IT Resources. Typically Data Custodians are managers within a department or unit. Dedicated IT personnel are, in most cases, considered Data Custodians.

    5. Information Technology Governance Committee (ITGC) – Reviews and recommends to College Council new Information Technology policies and rules and changes to existing policies and rules. In the event that conflict arises over matters regarding Information Technology Resources the IT Governance Committee shall act as a forum for conflict resolution.

    6. Information Technology Resource (IT Resource) – includes but is not limited to workstations, servers, network infrastructure or media that provide essential services to core college functions or that are provided for the use of college constituents. External IT resources are systems, services, networks, and media not owned or controlled by the College, including Internet resources, accessible using College networks and services.

    7. Users – Any student, college employee, affiliate, or guest who accesses or uses College information assets and IT resources.

  4. Policy

    1. Access to College owned or operated Information Technology Resources – The College owns and/or operates its IT resources and information assets and reserves the right to govern the use and availability thereof.

      1. Access to College IT resources and information assets is granted to authorized users subject to College and Board of Regents policies, and local, state, and federal law, and use of any College IT resource(s) indicates that the user agrees to and must abide by the laws and policies governing s uch use. Users unwilling to abide by these terms of use may have IT privileges revoked.

    2. Non-College and Personal Use of College IT Resources –

      1. Use of College IT resources to conduct business or work unrelated to College employment or duties individually and/or on behalf of external entities is restricted. Employees should refer to College Policy 4.11 Personal Conduct/Conflict of Interest and seek guidance from supervisors and appropriate Data Stewards regarding such use.

      2. Incidental personal use of College IT resources by employees must not impede the performance of their job responsibilities or the job responsibilities of other employees.

      3. Use of College IT resources through joint-ventures, economic development programs, or other arrangements between the College and external entities must be approved by College Administration, including the College CIO. Use of College IT resources in such circumstances will be governed by all applicable College policies and any agreements negotiated by the College with participating entities.

    3. Use of non-college owned devices – The College permits the use and/or connection to the College IT network of computing and storage devices which are owned by students, staff, faculty, and other College affiliates and third-parties. Non college-owned devices must comply with all College IT policies, rules, and standards governing the use thereof. Use of non-college owned devices used by College employees to conduct official College business with confidential personal or internal information must meet the criteria outlined in the College’s Information Technology Security Policy, 6-50. The College reserves the right to refuse use and connection privileges to any device at any time.

      1. Use of any College IT resource or connection to the College network by a non college-owned (i.e. personally-owned) device indicates that the user agrees to comply with this policy and any associated rules, standards, procedures, and acceptable use agreements governing the use College IT resources by non college-owned devices.

    4. Access Privileges – Students, faculty, staff, and other college affiliates may be granted access privileges to various IT resources and authorization privileges to perform tasks within those resources. Access and authorization privileges for College IT resources are governed by procedures established by data stewards and/or the ITGC. Users must follow these procedures when seeking access and authorization privileges. The College reserves the right to suspend or revoke access privileges. Users are not authorized to transfer or confer these privileges to others.

      1. Users are accountable for activities which take place using their usernames and passwords or other access credentials.

      2. Students, faculty, staff and other users will not share or disclose their usernames and passwords and other access credentials to DSC IT resources to co-workers, fellow students, or other unauthorized parties.

    5. Expectation of Privacy – The College strives to maintain an IT environment that values academic freedom and the privacy of its users using College IT resources. Users shall respect the privacy of others by making no attempts to view or access College data or the private data of other users transmitted and/or stored by College IT resources unless explicitly authorized. However, users should not expect privacy in their use of College IT resources. No computing system is entirely without risk. Therefore, the College makes no guarantee that data stored on or transmitted by College IT Resources can be completely protected from disclosure or unauthorized access. The following include, but are not limited to, circumstances which may affect a user’s expectation of privacy for data viewed, transmitted, or stored on College IT resources:

      1. The College reserves the right to access any College-owned information stored on College-owned computers and IT resources at any time.

      2. The College will cooperate with court orders, search warrants, subpoenas, and other requests for information under Utah State and Federal laws and regulations.

      3. As a publicly-owned institution, the College is subject to Utah State public records laws. This may result in disclosure of data including but not limited to the email messages and documents of College employees, regardless of any expectation of privacy.

      4. College Data Stewards and Data Custodians, including IT staff, have administrative privileges over IT resources. These individuals may access information contained within or transmitted by these resources as necessary to perform their job responsibilities.

      5. Users may request technical assistance regarding computer systems and accounts from College IT administrators and technical support staff. Administrators and technical support staff engaged in a good faith effort to assist the user may view or access material for which the user has an expectation of privacy.

      6. College IT staff routinely engages in automated and manual monitoring of system activity and network traffic to measure performance, identify problems, and detect and investigate IT security events.

    6. Acceptable use and individual responsibilities in maintaining a professional and academic environment – Users of College IT resources have a responsibility to maintain an Information Technology environment conducive to the mission of the College.

      1. The College expects users to maintain a secure IT environment that values both academic freedom and integrity.

        1. Users will not gain, attempt to gain, or help others to gain access to College or external IT resources without authorization.

        2. Users will not engage in actions that intentionally cause College or external IT resources to be unavailable, degraded, or otherwise compromised.

        3. Users will not circumvent or subvert IT policies or technical controls of College or external IT resources.

        4. College IT resources shall not be used to illegally obtain, store, distribute, or otherwise use copyrighted software, media , or other content.

        5. Users will not excessively consume, monopolize, or waste College IT resources.

        6. College IT resources will not be used to originate or distribute unsolicited bulk messages that do not pertain to College business.

        7. College IT resources will not be used to facilitate indecent public displays as defined in Utah State Code 76-10-1228.

        8. Users of College IT Resources will not violate laws or College policies prohibiting sexual harassment or discrimination. Users should refer to College policy 5.34 Sexual Harassment/Discrimination.

    7. This policy authorizes Data Stewards, Data Custodians, and College IT staff to implement additional rules, standards, procedures, and acceptable use agreements governing specific systems and resources as needed in accordance with the intent of this policy. Institutional rules and acceptable use agreements shall be reviewed and recommended by the Information Technology Governance Committee for approval by College Council. Data Stewards may implement rules or acceptable use agreements for individual departments or units.

  5. Sanctions and Remedies

    1. Policy Violations – Users engaged in activities in violation of this policy or departmental policy may be subject to disciplinary action in accordance with College policies. Sanctions may include, but are not limited to, suspension or revocation of use and access privileges for College IT resources, suspension or expulsion from the institution, or termination of employment and, as necessary, referral to appropriate law enforcement agencies.

    2. Revocation of Access – Dixie State College reserves the right to revoke use and access privileges to the College network or IT resources for any user, device, or system for non-compliance with this policy and any associated rules, standards, or acceptable use agreements or for any other reason in accordance with applicable institutional policies.

    3. Appeals – College constituents may appeal revocation of access to IT resources or disciplinary action taken against them pursuant to College grievance and/or appeal policies.

  6. References

    1. Dixie State College of Utah Policy 4.26, Corrective and Disciplinary Action

    2. Dixie State College of Utah Policy 4.28, Grievance Procedure

    3. Dixie State College of Utah Policy 6.50, Information Technology Security

    4. Dixie State College of Utah Policy 4.41, Personal Conduct / Conflict of Interest

    5. Dixie State College of Utah Policy 5.34, Sexual Harassment / Discrimination

    6. Dixie State College of Utah Policy 5.33, Student Rights and Responsibilities Code