Policy Tracking	Date
Approved
Revised	February 8, 2024
Reviewed

Handbook: The IT Department shall publish an Information Technology Users Handbook (herein referred to as the “Handbook”) to help guide employees and students on the information technology resources and media services available at the College. This document shall be available online and shall be reviewed and revised at least once per year under the direction of the CIO.
Technology Facilities: Blue Ridge Community College’s technology facilities include desktop computers, laptop computers, servers, installed software as well as online services, printers, telephones, fiber optic distribution equipment, switches, routers, fax machines, pagers, distance learning equipment, multi-function printer copier devices, audio-visual equipment, media production equipment, telecommunications equipment, network systems and contracted resources provided by 3rd parties. Technology equipment is maintained either by the Information Technologies Department (IT) or the Media Services Department.
Multimedia Services: Blue Ridge Community College’s multimedia equipment includes multimedia carts, television monitors, overhead and digital projectors, video cameras, digital cameras, sound amplification equipment, auditorium sound and lighting equipment, and videoconferencing equipment. This equipment is maintained by the Media Services Department.
Blue Ridge Community College Technology Committee: The Blue Ridge Community College Technology Committee will develop and update the Technology Plan and advise in matters involving technology including: computer hardware and software, distance learning, telecommunications, digital media, multimedia, and electronic office equipment.
Off-campus Use of Technology Resources: Portable equipment may be assigned or loaned to Blue Ridge Community College faculty and staff for official use off-campus. Use of College equipment by non-college entities is restricted; where such use is allowed, equipment should be accompanied by a Blue Ridge Community College employee.
Printing and Copying: Users should not abuse printing privileges by printing extraneous material. All work is performed in strict accordance with federal copyright laws and with North Carolina General Statute G.S. 66-58(a) [sale of merchandise]. All printing and copying will be charged to each program area at the current rate per copy available at the Print Shop. Procedures regarding replacement printer toner cartridges and paper for networked printers are provided through the Print Shop.
Technology Selection and Purchasing Policies: The Blue Ridge Community College IT Department will assist faculty and staff in selecting the appropriate computer hardware, software, online software services, or telecommunications equipment. The CIO is responsible for final approval of the technical standards and compatibility of all new equipment, hardware, and software, and must approve all applicable purchase requisitions before approval by the President or respective Vice President.
Compatibility: The Media Services Supervisor is responsible for reviewing the technical standards and compatibility of all new multimedia equipment and software, and will approve all applicable purchase requisitions. Media Services will confer with the appropriate IT staff to ensure that new network and computing system software is compatible. All such purchases shall be approved by the CIO.
Ongoing Assessment of Information Technology Resources: The Department of Institutional Effectiveness will include appropriate technology satisfaction survey questions in their annual surveys. Technology survey questions will be guided by the program and unit assessment and unit review process as well as recommendations received from the Technology Committee. Results of the survey will be reported to the President of the College and made available to employees each year and used to inform budget priorities, improve equipment, software, and support services.
Blue Ridge Community College Logo: Blue Ridge Community College owns all rights to its logo, seal, and other related materials. The College’s name or symbols may not be used in the production or marketing of items not copyrighted or patented by the College.
Use of Electronic Images: Blue Ridge Community College reserves the right to use photographs, motion pictures, and electronic images of students and visitors who are age 18 or older with the following provisions:
1. Such photographs, pictures and images are taken on College property or at College-sponsored events; and the use of such photographs, pictures, and images is for marketing and promotional purposes.
2. Objection to the use of an individual's photograph in such a manner may be made in writing to the Director for Marketing and Communications.
Review of Procedures: All written procedures in this Chapter, and all information technology-related components in the Blue Ridge Community College Business Continuity Plan will be reviewed on no less than an annual basis.
Technology Vendor Vetting
1. Technology vendors may be required to provide appropriate information security compliance documentation as directed by the CIO. Such compliance documentation could include one or more of the following: North Carolina Department of Information Technology Vendor Readiness Assessment, Educause Higher Education Community Vendor Assessment Toolkit, service organization controls report, PCI compliance documentation, HIPPA compliance documentation, or other documentation as requested by the College CIO.
2. Established vendors may be required to provide updated compliance documentation periodically as determined by the CIO.
3. Vendors that process sensitive information will be contractually required to:
  1. Clearly define responsibilities in regards to service delivery and data protection
  2. Clearly define who has access to data and how the data is used
  3. Describe how data is stored, shared, monitored, and kept secure
  4. Employ encryption of data at rest and in transit
  5. Define how and when College data will be deleted
  6. Indemnify the college for any damages or liabilities arising from data breachers or non-compliance
  7. Provide a warranty regarding the security of their services
  8. Notify the College of any data breach or suspected data breach within the applicable legally required disclosure timeframe
  9. Affirm the College retains ownership of all data provided to the vendor by the College
4. The College reserves the right to terminate vendor contracts should the vendor fail to comply with applicable laws or applicable information security standards
Vendors or Contractor Access to College Technology Resources:
1. The purpose of this subsection is to define procedures for allowing vendors and contractors (herein referred to as vendors) access to Blue Ridge Community College Information Technology (IT) resources, network systems, or computer systems. As a general principle, such access will only be granted as required, will be extremely restrictive, and will be carefully monitored.
2. This section applies to all persons or companies with whom the College has contracted to provide a service that requires access to College technology resources.
3. Vendors must formally agree to comply with the College's Acceptable Use Policy and established safety procedures by providing a signed copy of the College's Acceptable Use Policy and Vendor Access Request form. Each individual accessing College Information systems on behalf of a vendor must use their own, individually assigned user account.
4. Vendors shall not divulge, copy, release, loan, sell, review, alter, or destroy any college-owned data, equipment, or software except as properly authorized by the College. Vendors may be asked to sign a confidentiality statement prior to doing work for the College.
5. To accomplish a given task, the vendor will be given the lowest security privilege required. Generally, a vendor will not be given system administrator privileges or their equivalent and such access will be granted for a defined and short duration, usually the length of time required to address a specific support incident. If vendor is given access to an account that is shared among IT staff, the password for the account will be changed after the vendor completes the work. On completion of the task, access will be disabled.
6. Prior to granting vendor access for software installations or upgrades, the process will be reviewed by the appropriate IT system administrator. After a vendor has installed or upgraded a product or system, the responsible IT system administrator will review the system to ensure that it is functioning properly. To the extent possible, the activities of a vendor will be monitored by Blue Ridge Community College IT personnel.
7. Violations of any provisions of this policy will be dealt with in the same manner as with other external vendors or contractors and may include denial of access to IT resources or legal action.
User Activity Logs
1. In compliance with applicable federal and state laws, information systems that process sensitive personal information, financial records, or academic information log user activity. Information contained in the logs can be made available upon written request from the College President, Division Vice President, or Director of Human Resources. IT staff may only access these logs for the purposes of monitoring or investigating potential cybersecurity threats, to maintain the operation of the systems, or to resolve specific technical issues.
Security Camera Systems
1. Access to the College's security camera systems must be approved by the College President or a Division Vice President using the standard Information Systems Access Request process.
2. Authorized Information Technology staff members may access the camera system solely for the purposes of systems administration or to resolve reported technical issues.
3. Members of the Blue Ridge Community College or other law enforcement agency with jurisdiction may view or export security camera video footage for the purposes of campus safety, security, law enforcement, or as needed to ensure the proper operation of the system.
4. Only the College President or Director of Human Resources may request video footage for other purposes.

Browser not supported