10.1 Information Technology - Acceptable Use Policy

Download as PDF

Wilmington College 
INFORMATION TECHNOLOGY Acceptable Use Policy

The Wilmington College information technology resources provide members of the College community with data communications and data processing services for the College’s educational, instructional, research, and administrative business (“College IT resources”). These College IT resources include any device connected to the College data infrastructure, domains, servers, file shares, websites, cloud services, and any other technology used to communicate and process data.  All users of College IT resources must comply with the Acceptable Use Policy.

Users of College IT resources have access to valuable College resources and legally controlled confidential information.  College IT resources remain the property of the College. Members of the College community are individually responsible for appropriate use of all College IT resources assigned to them.  Members of the College community must have a valid business or educational need and authorization to access College IT resources.

Acceptable Use

The College IT resources are provided to facilitate the educational process and the administrative efforts in support of research and instruction for faculty, staff, and students of the College. The use of the College IT resources must be consistent with facilitating the exchange of knowledge and information while encouraging resource sharing and collaborative projects in education and research.

In making acceptable use of College IT resources, a user must:

  1. Safeguard their own user ID and passwords or other credentials and use them for their intended purposes only. Users are solely responsible for all transactions made under the authorization of their ID, and for activity involving College IT resources that originate from devices owned by or assigned to them.
  2. Have appropriate software running on them to ensure a secure environment for all users. This includes, but is not limited to, encrypted wireless connections, anti-malware tools, up-to-date and patched operating systems, and password security or other form of identity protection.
  3. Use College IT resources only for authorized purposes and adhere to local, state, and federal laws governing the use of College IT resources.
  4. Access only the information they have been authorized to access or that is publicly available using the appropriate and authorized account.
  5. Store confidential data only in College-approved and secured locations and protect confidential information in accordance with College policies. Examples of confidential information include, but are not limited to, personally identifiable information (such as Social Security numbers), protected health information, student data, financial aid data, donor records, alumni records, bank account information, payment card data, and other data such as intellectual property and confidential and competition-sensitive information.
  6. Protect data that resides on or is transmitted to and from College IT resources.
  7. Use only legal versions of copyrighted software in compliance with vendor license requirements and third-party agreements.
  8. Comply with the terms of use on internet websites.
  9. Revise passwords and other means of authentication and authorization when suspected of compromise.
  10. Report immediately any suspicious or unusual activity, unexplained service interruption or degradation, security incident, suspected theft, loss, or compromise of College IT resources.
  11. Limit personal use of College IT resources to incidental, intermittent, and minor use that is consistent with College policy.  Personal use must not expose the College to risk or liability or interfere with College business or productivity.  The College is not responsible for the confidentiality, integrity, or availability of personal content on College IT resources, including, but not limited to, personal files, pictures, videos, sound files, personal software or software licenses, personal emails, eBooks, user credentials that access personal accounts, and other personal electronic files residing on a College-issued asset.
  12. Return College IT resources when separating from the College.

Misuse

In making acceptable use of College IT resources, a user must not:

  1. Secure unauthorized access to or unauthorized use of College IT resources or facilitate such use or access by another person.
  2. Access or attempt to access College IT resources (for example, by hacking) whether on or off the College campus without authority.
  3. Act deliberately or recklessly to deny or interfere with the access and use of College IT resources.
  4. Represent or imply that personal electronic publications (e.g. web pages, social media, etc.) or personal communications reflect the views or policies of the College unless authorized by the College.
  5. State or imply that links provided from web pages hosted on College IT resources constitute or imply the College’s endorsement of those sites, their content, or products and services associated with those sites.
  6. Use College IT resources in violation of federal, state, or local law or the College’s policies, including anti-discrimination, harassment, or retaliation policies, and a school’s honor code.
  7. Engage in personal communication or use that interferes with the use of College IT resources by other users or that interferes with or indicates neglect of responsibilities.
  8. Violate the intellectual property rights of others, such as software theft or piracy, data theft, or copyright violations.
  9. Inappropriately access, use, or disclose confidential information.
  10. Alter system hardware configurations without authorization; install or delete system software without authorization; or install or remove system hardware without authorization.
  11. Use computer programs to decode passwords or access-control information.
  12. Attempt to circumvent or subvert system or network security measures.
  13. Engage in any activity that is intended to harm College IT resources or any information stored in those resources, including but not limited to, including creating or propagating malware, such as viruses, worms, or “Trojan horse” programs; disrupting services; damaging files; or making unauthorized modifications to College data.
  14. Intercept or monitor communications, user dialog, or password input intended for another recipient, except when expressly authorized by the College.
  15. Collect or store information about users of College IT resources without authorization.
  16. Engage in illegal activity.
  17. Use College IT resources for gambling.
  18. Engage in business or commercial activity not carried out on behalf of the College.
  19. Access or use electronic distribution lists or email accounts created by the College for unauthorized purposes or permit others access to such distribution lists or email accounts for unauthorized purposes.
  20. Transmit messages that are threatening, obscene, vulgar, derogatory, defamatory, harassing, retaliatory or that otherwise violate any College policy.
  21. Engage in unusual or unexpected computing activity that is illegal or wasteful of College IT resources or that violate the terms of use of the licenses and agreements through which the College obtains or uses College IT resources.  This includes, but is not limited to, broadcasting unsolicited messages, repeatedly sending unwanted mail, or using someone else’s name or User ID.
  22. Send or receive confidential information via the internet without making reasonable accommodations for the security of such information.
  23. Use “auto-forward” rules to send business e-mail to a non-College e-mail account if the e-mail contains confidential information.
  24. Copy, store, or transmit College data for any use other than uses authorized by the College without the prior, express permission of the Director of IT.
  25. Copy, store, or transmit student data that falls under the Federal Education Rights and Privacy Act (FERPA) to a device or service not under complete control of the College. This includes, but is not limited to, external drives of any kind, cloud storage services or applications, email, text message, etc. without prior, express permission of the Director of IT.

Security and Monitoring

The College IT resources and the data transmitted through and contained within it are the College’s sole property. Users should not have any expectation of privacy for any files, documents, or other communications created, stored, or transmitted using these systems.  This is true even when a password or other security is placed on the communication, and regardless of whether it is related to personal or business use.  By accessing College IT resources, a user acknowledges and agrees that the Company (by itself or through its internet service provider) may from time to time audit, monitor, inspect, access, disclose, log, and gather statistics on team member internet activity and may examine all individual connections and communications to the maximum extent permitted by law.

Violations

Direct and indirect use of College IT resources made available to a user is a privilege granted by the College.  The privilege is subject to compliance with this policy, other applicable College policies, and applicable state and federal law.

Violations of the Acceptable Use Policy may result in the immediate suspension, restriction, or loss of access or privileges to the College’s IT resources. 

Violations of this Policy will be delivered to the appropriate College office(s) for disciplinary action up to and including termination of employment.

For students, violations of this Policy will be delivered to the appropriate College office(s) for disciplinary action up to an including expulsion from the College.

In all cases, violations of state or federal laws will be referred to the appropriate legal authorities.