|
Return to: College Regulations and Policies
Access to Carroll Community College’s computing facilities, telecommunications and network services, internet, social media platforms/accounts, servers, equipment, software, applications, information resources, printing and scanning (collectively, “technology resources”) is a privilege provided to all college users (students, faculty, staff, community users). Use of technology resources must comply with the College’s Standards for Acceptable Use of Technology Resources as well as all local, state, and federal laws relating to copyright, security, harassment and other statutes regarding electronic media. Access to information technology resources may be revoked if misused, abused, or if the College’s policies are violated by the user. Abuse of these privileges will result in appropriate disciplinary or legal action.
(Approved, Board of Trustees, May 19, 2010)
(Revision Approved, Board of Trustees, December 17, 2014)
Standards for Acceptable Use of Information Systems and the Internet
1.0 Introduction
Apart from any exception recognized by law (e.g. Maryland Public Information Act) use of any technology resource granted by the College for work purposes, may be monitored, intercepted, (recorded, read, copied) or accessed in any manner and used or disclosed in any manner by authorized personnel without additional prior notice to individuals for the purpose of ensuring network security, operating performance, reviewing employee performance and enforcing the College’s policies, procedures and standards. Records created, accessed and maintained on College resources should be considered public and therefore made available to the public unless there are legal exemptions.
In addition to the notice provided in this policy, users are also notified with a warning banner text at system entry points (where users initially sign on) that they are monitored and are reminded that unauthorized use of the College’s IT resources is not permitted.
The College may impose restrictions, at the discretion of executive management, on the use of a particular technology resource, for example, the College may block access to certain websites or services not serving legitimate business or academic purposes and may restrict a user’s ability to attach devices to the College’s IT resources, for example, personal USB drives, iPods and similar external data storage devices.
2.0 Acceptable Use
Scope: All users include students, faculty and staff and any non-College individuals or entities who have been granted authorized access to the College’s resources. All uses of information and information technology resources must comply with College policies, standards, procedures and guidelines as well as any applicable license agreements and federal, state and local laws. The acceptable use of information and IT resources encompasses the following duties:
• Understanding the baseline information security controls necessary to protect confidentiality, integrity and availability of information.
• Protecting the College information and resources from unauthorized use or disclosure.
• Protecting personal, private, sensitive or confidential information from unauthorized use or disclosure.
Observing authorized levels of access and utilizing only approved IT technology devices or services and immediately reporting suspected information security incidents or weaknesses to the appropriate manager or the Chief Information Officer (CIO).
3.0 Unacceptable Use
Includes, but is not limited to, the following:
• Unauthorized use or disclosure of personal, private, sensitive and confidential information
• Unauthorized use or disclosure of the College’s information and resources
• Distributing, transmitting, posting or storing any electronic communication material or correspondence that is threatening, obscene, harassing, pornographic, defamatory, discriminatory, illegal or intentionally false or inaccurate
• Attempting to represent the College in matters unrelated to official authorized job duties or responsibilities
• Connecting unapproved devices to the College’s network or any IT resource. Provision is made for personal devices to connect to the guest networks “CCC open” or “CCC Secure”
• Connecting College IT resources to unauthorized networks
• Installing, downloading, or running software that has not been approved following appropriate security, legal or IT review in accordance with College policies
• Connecting to commercial email systems (e.g., Gmail, Hotmail, Yahoo) without prior management approval (the College recognizes the inherent risk in using commercial email services as a mechanism to distribute malware)
• Using the College’s IT resources to circulate unauthorized solicitations or advertisements for non-College purposes including religious, political or not-for-profit entities
• Providing unauthorized third parties with access to the College’s IT information resources or facilities
• Using the College’s IT information or resources for commercial or personal purposes in support of “for-profit” activities or in support of other outside employment or business activity (e.g., consulting for pay, business transactions)
• Propagating chain letters, fraudulent mass mailings, spam, or other types of undesirable and unwanted email content using the College’s IT resources
• Tampering, disengaging, or otherwise circumventing the College’s IT security controls
• Sharing logins, usernames or passwords
• Knowingly violating intellectual property rights, Federal copyright law including peer-to-peer file sharing, trademarks, patents, trade secrets or software (for example, pirating, installing, copying, distributing or using digital content such as software, music, text, images or video) without appropriate license or as qualified under “Fair Use”
4.0 Occasional Personal Use
Occasional personal use of IT resources is permitted, provided such use is otherwise consistent with this standard; it is limited in amount and duration and does not impede the ability of the individual or other users to fulfill the College’s responsibilities and duties, including but not limited to extensive bandwidth, resource, or storage utilization. Exercising good judgment regarding occasional personal use is important. The College may revoke or limit this privilege at any time.
5.0 Privacy Expectations
Users are reminded that the College is publicly funded and as such, communication of information, in all its forms, is available to the public. Users should not expect any degree of personal privacy. This means that all data stored (data depositories) and all communications originating from the College’s resources are owned by the College and may be monitored and reviewed. Best practice is to keep personal data or communications on personal devices off of the College’s network.
6.0 Individual Accountability
Individual accountability is required when accessing any College resource. Everyone is responsible for the protection against unauthorized activities performed under their User ID. This includes locking your computer screen when you walk away from your system, and protecting your credentials (e.g., passwords, tokens or similar technology) from unauthorized disclosure. Credentials must be treated as confidential information and must not be disclosed, shared or exposed.
7.0 Restrictions on Off-Site Transmission and Storage of Information
Users must not transmit restricted College, non-public, personal, private, sensitive, or confidential information to or from personal email accounts (e.g., Gmail, Hotmail, Yahoo) or use a personal email account to conduct the College’s business unless explicitly authorized. Users must not transmit, share or store restricted College, non-public, personal, private, sensitive or confidential information on a non-College issued device, or share or store College information with a third-party service that has not been approved by the College. Devices that contain College information must be always attended or physically secured and must not be checked in transportation carrier luggage systems.
8.0 User Responsibility for IT Equipment
Users are routinely assigned or given access to IT equipment in connection with their official duties. This equipment belongs to the College and must be immediately returned upon request or at the time an employee is separated from the College. Users may be financially responsible for the value of equipment assigned to their care if it is not returned to the College. Should IT equipment be lost, stolen or destroyed, users will be required to provide a written report of the circumstances surrounding the incident. Users may be subject to disciplinary action, which may include repayment of the replacement value of the equipment. The College has the discretion not to issue or re-issue IT devices and equipment to users who repeatedly lose or damage IT equipment.
9.0 Use of Social Media
Users should follow the requirements as set out in the Online Social Networking Policy in section 8.11 of the employee handbook.
Students should follow the College’s Standards of Student Conduct as set out in Section Six: College Catalog, Regulations and Policies.
10.0 Compliance
This policy shall take effect upon publication. Compliance is expected with all College policies and standards. Policies and standards may be amended at any time. If compliance with this standard is not feasible or technically possible, or if deviation from this policy is necessary to support a business function, entities shall request an exception through the Chief Information Officer’s exception process.
11.0 Definitions of Key Terms
§110203. “Obscene” means:
1. That the average adult applying contemporary community standards would find that the work, taken as a whole, appeals to the prurient interest;
2. That the work depicts sexual conduct specified in subsection (b) of this section in a way that is patently offensive to prevailing standards in the adult community as a whole with respect to what is suitable material;
3. That the work, taken as a whole, lacks serious artistic, educational, literary, political, or scientific value.
Report violations immediately to the Chief Information Officer, Room C169C.
The user agrees to indemnify and hold harmless Carroll Community College, its Board of Trustees, and college employees from and against any claim, lawsuit, cause of action, damage judgment, loss, expense, or liability resulting from any claim, including reasonable attorney’s fees, arising out of or related to the use of the College’s hardware, software, and network facilities. This indemnity shall include without limitation, those claims based on trademark or service mark infringement, trade name infringement, copyright infringement, defamation, unlawful discrimination or harassment, rights of publicity, and invasion of privacy.
IT Resources
IT resources are defined as all end-user devices, network devices, non-computing or Internet of Things (IoT) devices, and servers that exist in virtual, cloud-based, or physical environment including those that can be connected to remotely. Information Technology are assets managed by Carroll Community College and have the potential to store, process, or transmit data. Types of College IT resources include:
• End-user device examples include desktops, workstations, laptops, tablets and smartphones
- Network device examples include wireless access points, switches, firewalls, physical/virtual gateways and routers
• Non-computing/Internet of Things (IoT) device examples include smart screens, printers, physical security sensors and IT security sensors
• Server examples include web servers, email servers, application servers and file servers
12.0 Contact Information
Submit all inquiries and requests for future enhancements to the policy owner.
13.0 Revision History
This standard shall be reviewed at least once every year to ensure relevancy.
|