POL 5.460 Acceptable Use of Technology
Purpose
This policy preserves the stability and security of the College’s information technology resources, protects the College from inappropriate use, and ensures reasonable access to technology resources for the College’s academic community. The policy also governs the access and use of all College technology and data, including any device that accesses or uses the College’s network or data.
Policy
This policy outlines the acceptable use of Kirtland Community College’s computer and network resources (“Computer System”). Access to these resources is a privilege, not a right. The College’s computing resources and facilities are intended for legitimate instructional and administrative use; computing facilities and network access cannot be used for commercial purposes without proper written authorization. The College makes no representation that its network resources will be available, or function as intended, at any time. Use of the College’s network resources is subject to the following rules and guidelines, as well as any other rules and/or guidelines that may currently exist or may exist in the future. Users are responsible for ensuring that the use of the College’s network resources complies with this Policy. Members of the user community must use only those resources to which they have been specifically granted access by the College; and by using the College’s technology resources, users assume personal responsibility for their appropriate use and agree to comply with this policy and other applicable College policies, procedures and guidelines, as well as applicable laws and regulations.
Access to the Computer System
Use of the Computer System and connecting to the Internet through the Computer System to receive email, search the Internet, or engage in other Internet-based activities is provided subject to these conditions: (1) the user accepts the terms of this Policy, (2) the user is a properly registered student that is in good standing, a current employee, or a person that otherwise has been granted access by an authorized agent of the College, (3) the user has not otherwise been restricted or revoked by the College, and (4) the user is not otherwise prohibited from using the Computer Systems and/or connecting to the Internet by any law enforcement, judicial or regulatory body or organization.
Access to Internet Content
While the College does not actively screen or restrict access to any content placed on or accessible through the Internet, it does utilize a network firewall to protect the network’s integrity and, in certain instances, to block certain categories of content. The College also does not screen or restrict communications between parties via the Internet. Use of the Computer System is an acknowledgment that the user may receive or be exposed to content, goods, or services that the user may consider to be improper, inaccurate, misleading, defamatory, obscene, or otherwise offensive. Use of the Computer System constitutes agreement that the College is not liable for any action or inaction with respect to any such content on the Internet accessible through the Computer System. In addition, the College is not responsible to the user for any content provided by third parties through the Computer System.
In making acceptable use of resources, users are expected to:
- use resources only for purposes as outlined in this policy;
- protect their user ID, password, and system from unauthorized use;
- access only information that the user owns, that is publicly available, or to which the user has been given authorized access;
- be considerate in the use of shared resources;
- demonstrate respect for principles of open expression;
- comply with copyright policies and laws and other restrictions on intellectual property as they apply to computer software and other materials that the user may access with College computing resources.
Unacceptable use of resources may include but is not limited to:
- use of another person’s system access, user ID, password, files, or data, or giving the use of one’s system, user ID, password, files, or data;
- use of computer programs to decode passwords or access control information;
- attempt to disguise the identity of the account or computer the user is employing;
- attempt to gain unauthorized access to resources and data, including other’s passwords;
- attempt to circumvent, subvert, or disable the system or network security measures;
- engage in any activity that might be purposefully harmful to systems or to any information stored thereon, such as creating or propagating viruses, disrupting services;
- damage files or make unauthorized modifications to College data;
- make or use illegal copies of copyrighted materials, software, or music, store such material on College resources or transmit them over College networks. If the College receives notice under the Digital Millennium Copyright Act of an alleged infringement on the intellectual property rights of a third party, the College retains the right to take down or disable access to the allegedly infringing material. It is the College’s policy, in appropriate circumstances, to terminate the access of users who infringe on the intellectual property rights of third parties;
- creation or display of threatening, obscene, racist, sexist, or harassing material that is in violation of existing law or College policy;
- engaging in any fraudulent activities, including impersonating any person or entity or forging anyone else’s digital or manual signature;
- engaging in the export or re-export of any product, technology, or information that the user acquires through the use of the Computer System whose export would violate import and export regulations of the United States and any foreign country, agency, or authority any applicable laws, regulations, or restrictions;
- use of College resources for any other illegal activity;
- monopolizing systems, overloading networks with excessive data, degrading services, or wasting computer time, disk space, printer paper, printer toner, manuals, or other resources. Users must ensure that their use does not improperly restrict, inhibit, or degrade any other user’s use of the Computer System, nor represent (in the College’s sole judgment) an unusually large burden on the network itself. In addition, users must ensure not to improperly restrict, inhibit, disrupt, degrade, or impede the College’s ability to maintain the Computer System and monitor the Computer System, backbone, network nodes, and/or other network services. The College may, without notice, modify the speed of, interrupt, or prohibit such data traffic;
- use of the Computer System to send or collect responses to unsolicited bulk or commercial messages;
- running a server in connection with the Computer System or providing network services to others via the Computer System. Examples of prohibited uses include, but are not limited to, accessing or hosting bit torrent services, running servers for mail (POP3 & SMTP), HTTP, HTTPS, FTP, IRC, DHCP and multi-user interactive forums;
- using any part of the Computer System or Internet access provided for the purpose of collecting, earning, mining any form of electronic currency, cryptocurrency, or Internet currency (e.g., Bitcoins), or providing processing work in exchange for the foregoing;
- Operating any sort of wireless hotspot or other devices to share a user’s connection to the Computer System;
- use of the College’s resources or networks for personal profit.
Incidental Personal Use
Incidental personal use is an accepted and appropriate benefit of being associated with the College’s technology environment. This type of personal use must adhere to all College acceptable use policies and procedures. Employees’ supervisors may restrict the personal activities of their employees if these personal activities are impacting the employees’ job performances.
Additionally, personal use by students is permitted as long as it adheres to these guidelines and doesn’t interfere with instructional processes. Faculty and staff may restrict personal use by students in these situations.
As above, while incidental personal use is permitted, users are strongly encouraged to carry out internet and email activities not related to the College off-site, using personal computer equipment, an outside service provider, and a personal email account.
Moreover, it will not be considered incidental personal use where the use interferes with job performance, interferes with the access of others to the technological resources of the College, incurs costs for the College, or is done for monetary gain or is otherwise in conflict with the College’s mission or violates any College policy.
Email Usage
The College values fostering an environment of open debate, freedom of inquiry, and expression of opinion. The College operated email system is a means by which open debate, freedom of inquiry, and expression of opinion can occur. However, to support a truly open and productive work environment, members of the College community are expected to engage in email communication that is respectful, professional, and limited to appropriate audiences. The College email system is open to Freedom of Information Act (FOIA) requests from third parties.
Privacy and Use of Information
Employees are expected to be knowledgeable of, and to perform their duties in compliance with, federal, state, and local laws and college policies, including the provisions of the Family Educational Rights and Privacy Act (FERPA) and Health Insurance Portability and Accountability Act (HIPAA) designed to protect the confidentiality of data and the privacy of individuals. Confidential or demographic data that pertain to students, employees, or college operations, must be used in a manner consistent with College Privacy and IT Security Standards to protect the rights of privacy and limit personal and institutional liability.
Security
Users are responsible for any misuse of the Computer System, even if the inappropriate activity was committed by another person using the user’s credentials or equipment. Therefore, users must take steps to ensure that others do not gain unauthorized access to the Computer System. The Computer System may not be used to breach the security of another user or to attempt to gain access to any other person’s computer, software, or data, without the knowledge and consent of such person. It also may not be used in any attempt to circumvent the authentication or security of any host, network, or account. This includes, but is not limited to, accessing data not intended for the user, logging into or making use of a server or account the user is not expressly authorized to access, or probing the security of other networks. Use or distribution of tools designed for compromising security, such as password guessing programs, cracking tools, port scanners, packet sniffers, or network probing tools, is prohibited. Users may not disrupt the Computer System. The Computer System also may not be used to interfere with computer networking or telecommunications services to any user, host, or network, including, without limitation, denial of Computer System attacks, flooding of a network, overloading a Computer System, improper seizing and abuse of operator privileges and attempts to “crash” a host. The transmission or dissemination of any information or software that contains a virus, worm, or other harmful feature also is prohibited. Users are responsible for the security of any device a user chooses to connect to the Computer System, including any data stored on that device.
Policy Violation
Employees found to be in violation of this policy could be subjected to progressive disciplinary action up to and including termination of their employment.
The Student Code of Conduct governs students who violate this policy.
The College reserves the right to withdraw access to its system to any user. The College also reserves the right to notify appropriate legal authorities in the event that its system is used in a manner that constitutes a violation of any local, state, or federal law.
Information Disclaimer
The College is not responsible for the loss of information or interruption of electronic communications. The College reserves the right to discard incoming mass mailings (“spam”) without notifying the sender or intended recipient and to block all Internet communications from sites that are involved in extensive spamming or other disruptive practices, even though this may leave the College computer users unable to communicate with those sites.
While the College takes reasonable measures to protect the security of its computing resources, the College cannot guarantee absolute security and privacy. System users should have no expectation of privacy. In cases of Freedom of Information Act (FOIA) requests, administrative or judicial proceedings, law enforcement investigations, or similar inquiries, information stored electronically may be released to outside parties. While the College does not routinely monitor the activity of users for violation of this Policy, situations may arise where the College may have the need to view information or email or monitor user activity on the network. Causes for access may include, but are not limited to the health or safety of individuals or property; violations of College policies, or local, state, or federal laws; discipline or investigation of an employee; and the need to locate information required for College business. The College reserves the right to investigate suspected violations of this Policy, including the gathering of information from users involved and the complaining party, if any, and the examination of material on our servers and network. During the College’s investigation, the College may suspend user access and/or remove material that violates or potentially violates this Policy. A user authorizes the College to cooperate with (1) law enforcement authorities in the investigation of suspected criminal violations, and (2) system administrators or other network or computing facilities in order to enforce this Policy. Such cooperation may include providing an IP address, contact information, or other identifying information about a user. Information technology resources licensed to the College through external contractual agreements may include additional disclosure stipulations.
Any questions about this policy or the applicability of this policy to a particular situation should be referred to the Director of Information Technology.
Adopted June 25, 2023