PRO 2.250 Internet Account Administration
The ability of a System or Network Administrator (SNA) to read a users’ files does not imply that he or she may do so without obtaining the approval required by these procedures.
- Routine Operations
- During the routine administration, SNA’s may need to archive or delete user files or messages from the system; for example, due to physical data storage limits or an individual’s departure from the college.
- Given that these situations are foreseeable, each organization responsible for a computer or network system on which these actions will take place must define how and when they will occur.
- Reasonable efforts must then be made to ensure that system users understand the policy.
- Misuse Situations
- Non-routine, non-technical emergency situations may occur where it is necessary to examine a user’s files without being able to obtain his/her specific permission or authorization. Typically, there will be no threat to the operations or security of the computer or network system.
- These procedures separate the authority to read user files or messages from the technical ability to do so, protecting both the user and the SNA.
- An administrator with cause wishing to obtain access to user files or messages not their own must send a written request to the dean of institutional services (DIS) or previously designated representative responsible for the system wherein those files or messages reside. The reason(s) must be clearly stated.
- The DIS or designee will evaluate the request and make a recommendation. If the recommendation is that the user’s files be accessed, the DIS or designee will forward that recommendation, with the original request, to the appropriate administrator. Requests from the above named administrators will be approved by the President. The administrator and DIS may delegate authority to act under this paragraph.
- If the President approves the request, the cognizant DIS or designee will authorize an SNA to access the user’s files. A complete report will be made and distributed within one (1) business day as follows:
- to the user,
- the original requester, and
- the appropriate college official(s)
- Technical Emergency Situations
- Situations will occur that pose immediate threats to the operations of security of computer or network systems. Because of the immediacy, the SNA will need to intervene without obtaining the written permission usually required before taking actions that may affect user files, messages or system access privileges.
- These procedures allow SNA’s to take appropriate, timely action when protecting college computer systems while ensuring that the user and appropriate college officials will be made aware of the situation as soon as possible.
- If a SNA determines that user files or messages pose a significant threat to the operation of security of a college computer or network system, he or she will take appropriate action to correct the problem. Additionally, the SNA may temporarily restrict the user’s access to that computer or network system. The SNA will not perform any action on user files or messages that are not relevant to the current problem and will not take any technical action, at this point, that would permanently deprive the user of access to the computer or network system.
- If possible, the SNA should consult with his/her supervisor prior to taking action. As soon as possible after action is taken, but no later than within (1) one business day, the SNA will make a written report to his or her immediate supervisor outlining the nature of the situation, including, but not limited to: the nature of the threat; protective actions taken; the user(s) involved; the user files or messages that were affected.
- After appropriate review, the SNA’s supervisor will forward the report, along with any recommendations, to the administrator responsible for the affected system.
- After appropriate review, the DIS , or previously designated representative, will evaluate the situation. The DIS will forward a report of the situation to the appropriate office as outlined below. The DIS, in consultation with the cognizant SNA, will make a further determination as to whether a temporary restriction on the user’s access is appropriate.
- Unresolved Violations
- Incidents that are not resolved by the DIS, or designee, responsible for the affected system and are considered to be policy violations will be handled as follows:
- Policy violations by students will be handled in accordance with the Student Code of Conduct and referred to the director of student services.
- Policy violations by faculty or staff will be treated as academic matters and will be referred to the appropriate academic official and/or appropriate vice president (operations or instruction).
- Policy violations by college employees who are not faculty will be referred to the head of that employee’s department.
- Individuals who do not fit any of the above categories, i.e. “faculty,” “staff,” “student,” or “college employee” shall be dealt with in a manner which is congruous with the guidelines and due process of Kirtland Community College by the President or other duly designated administrator.
- Incidents that are not resolved by the DIS, or designee, responsible for the affected system and are considered to be policy violations will be handled as follows:
To view the policy, go to POL 2.250 Internet Account Administration