8.1.3 Acceptable Use Policy
Policy Tracking | Date |
---|---|
Approved | March 4, 2024 |
Revised | February 8, 2024 |
Reviewed | March 4, 2024 |
Section 1. Application
This policy applies to any College employee, contractor or third party who uses any device, whether College-owned or personal, to connect to the College Network or access College controlled Information Technology resources.
Section 2. Requirements
- Information Technology Resources of the College are intended solely for use by authorized faculty, staff, students, contractors, or vendors for the purposes of instruction, education, research, or other public service activities performed on behalf of the College.
- Users may not connect personal devices to the College Network without express written permission from the agency head or the agency head’s designee. This requirement does not apply to users who connect to the College’s designated Public Wireless Networks.
- Personally owned “smart” devices may not be connected to the College Network. “Smart” devices, commonly referred to as the “Internet of Things,” include smart thermostats, smart appliances, or wearable technologies.
- All devices connected to the College Network must have updated malware/anti-virus protection.
- Users must not attempt to access any data, documents, email correspondence, and programs contained on systems for which they do not have authorization.
- Users must not share or divulge confidential or sensitive information to anyone without proper authorization.
- Users must not share their account(s), passwords, Personal Identification Numbers (PIN), Security Tokens (i.e. Smartcard), or other similar information or devices used for identification and authorization purposes.
- Users must not use College Information Technology resources for non-work related or personal tasks except as allowed in Section 3: Incidental Use below.
- Users must not make unauthorized copies of, store or transport copyrighted electronic media including software, video, or audio. It is the responsibility of each individual to ensure their actions do not violate copyright law. Any material found on College managed equipment or services that violates copyright is subject to immediate and permanent deletion.
- Users must not download, install, or distribute software to College-owned devices unless it has been authorized by the College’s Information Technology department.
- Users must ensure all files downloaded from an external source to the College Network or any device connected to the College Network, including a diskette, compact disc (CD), USB flash drive, or any other electronic medium, is scanned for malicious software such as viruses, Trojan horses, worms or other malicious code.
- Users must ensure data classified as sensitive or confidential or otherwise contains personally identifiable information (PII) is only stored on equipment or data services owned by and under the control of the College.
- Users must not download College data to personally owned devices
- Users must not purposely engage in activity that is illegal according to local, state or federal law, or that violates College policy, or activity that may harass, threaten or abuse others, or intentionally access, create, store or transmit material which may be deemed to be offensive, indecent or obscene such as racially or sexually explicit materials.
- Users must not engage in activity that may degrade the performance of information resources, deprive an authorized user access to resources, obtain extra resources beyond those allocated, or circumvent information security measures.
- Users must not download, install or run security programs or utilities such as password cracking programs, packet sniffers, or port scanners that reveal or exploit weaknesses in the security of information technology resources unless approved in writing by the CIO or College President.
- College Information technology resources must not be used for personal benefit, e.g., gambling, political activity, unsolicited advertising, unauthorized fund raising, personal business ventures, or for the solicitation of performance of any activity that is prohibited by any local, College, or federal law.
- Access to the Internet from College-owned, home based, devices must adhere to all acceptable use policies. Employees must not allow family members or other non-employees to access data classified as restricted or highly restricted.
- Users must report any suspicious activity or unexpected software or system behavior, which may indicate malicious software is active on the device or unauthorized disclosure of information or exposure to security threats.
- Users must report any incidents of possible misuse or violation of the Acceptable Use Policy.
- Users have a responsibility to promptly report the theft, loss or unauthorized disclosure of information.
- Users must not use any unauthorized Cloud Services including online storage or Artificial Intelligence tools or systems such as DropBox, ChatGPT, Google Bard, Otter.AI, Read.io for storing, sharing, or processing of actual or potentially sensitive, confidential, or protected College data. Data classified as sensitive or confidential must only be stored or processed on systems and services designated. A list of designated systems is available on the College's internal website, "The Insider".
- Users must not send College data to non-authorized individuals or accounts.
- Per NC General Statute § 15A-287 users may not record any communications, including online or in person meetings, using any means including Artificial Intelligence agents, without the express consent of at least one party to the communication or event.
- Abuse, damage, and theft: Any person who willfully abuses, damages, steals, or otherwise renders inoperable any College-owned item including computers, digital media, software or other technology item, or uses such items for illegal purposes, may be disciplined under the Policies and Procedures Sections 3.11 (employees) or 4.15.1 (students) and could be referred to law enforcement for prosecution as applicable. For the purposes of this section, computer software and digital media are also considered to be property.
Section 3. Incidental Use
College systems are intended for primarily business purposes, but limited (incidental and occasional) personal use may be permissible when authorized by your management and it does not do the following:
- Interfere with the normal performance of an employee’s work duties.
- Result in direct costs to the agency, cause legal action against, or cause embarrassment to the agency. Agencies should restrict incidental personal use of electronic mail, Internet access, fax machines, printers, copiers, and any other information technology resources to employees. This does not include family members.
- Involve interests in personal or outside business and/or other non-authorized organizations and activities such as selling or soliciting personal property/items, promoting commercial ventures, charitable, religious, or political activities.
Section 4. Violations
Violation of this policy could result in suspension of the users access to College Information Technology resources, or in disciplinary action.
Violations: Violations of any procedures set forth herein will result in action being taken by the College including: counseling on the proper use of technology resources, temporary or permanent restriction of such use, or formal disciplinary action pursuant to Policies and Procedures Section 3.11.2 and Section 4.15.1. Violations of North Carolina statutes dealing with unlawful access or use of a computer may be referred to the State Attorney General’s Office for investigation and/or prosecution. Similarly, violations of 18 U.S.C. Sec. 1030 (Federal laws dealing with unlawful access to or use of a computer) may be referred to the FBI.
Abuse, damage, and theft: Any employee or student who willfully abuses, damages, steals, or otherwise renders inoperable any Blue Ridge Community College computer, multimedia or related equipment, network or software, or uses such items for illegal purposes, will be disciplined under the Policies and Procedures Sections 3.11 (employees) or 4.15.1 (students) as applicable. For the purposes of this section, computer software and digital media are also considered to be property.
Section 5. Acknowledgement of Policy
College employees, contractors and any individual granted access to College Information Technology resources must acknowledge in writing that they have received a copy of this policy.
Section 6. Supplemental
- Library Staff: Only Library staff members, print shop staff or other designated College employees lab assistants shall have access to visitor print account user names and passwords.
- Teaching Labs: Teaching computer labs are not considered open access labs and are not intended to be used by students beyond the requirements set by the classroom instructor, who shall be responsible for securing the classroom when the class is over.
Blue Ridge Community College Policies and Procedures Manual