NETWORK SECURITY POLICY & COMPUTER USE STATEMENT

This document outlines the responsibilities of users of Humphreys College computing equipment and the college’s associated network environment policy.

Overview & Privacy Notice

The college network represents an essential asset of the college and misuse of networking resources may result in the loss of computer and/or network privileges. Computer and network privileges must be used in a legal and ethical manner, which respects the rights, privacy and needs of others, which honors copyright and license agreements, and which does not interfere with the operation, integrity or security of the network. Under California State Law (Penal Code, Section 502) anyone who maliciously accesses, alters, deletes, damages or destroys any computer system, network, computer program, or data is guilty of a felony.

All data pertaining to student records, College administration, research projects, any Federal or State information, and any other information not explicitly deemed public shall be considered confidential and will be safeguarded by each employee having access to that data. All employees will adhere to Federal (The Privacy Act of 1974 - Title 5 U.S.C. § 552A – As Amended) and State (Education Code, Section 49073-49079) laws concerning privacy and right-to-know. Official releases of data under Freedom of Information requests and/or subpoena are to be routed through the President and/or Dean of Administration.

Individual Responsibility

Users of computers and computing systems are expected to continue to develop their professional skills in response to changes in the college’s computer technology and/or job responsibilities (see the Employee Handbook for educational options) beyond the basic computer skills required when originally hired.

Users of computers and computing systems must respect the privacy of other users. For example, users shall not seek or reveal information on, obtain copies of, or modify files, disks, tapes, or passwords belonging to other users, nor may the user misrepresent others.

Users must respect the integrity of computing systems. For example, users shall not intentionally develop or use programs that harass other users, infiltrate a computer or computing system, and/or damage or alter the software components of a computer or computing system.

Users must respect the rights of other users. For example, users shall not engage in any behavior that creates an intimidating, hostile, or offensive environment for other users. This includes, but is not limited to, use of multi-server computing equipment in computing labs and the sending of any messages or information electronically. Any suspected irregularities discovered in system accounting or system security should be reported to the appropriate system administrator and/or to the information security officer so that steps can be taken to investigate and solve the issue. Each computer account is assigned to a single individual who is solely accountable for the activity on that account.

Users may be held accountable for their conduct under any applicable college or campus policies, procedures, or individual contract(s). Account holders are encouraged to change their passwords frequently to ensure the security of their accounts. A user may use only his/her legal name and actual title at the college.

Users must respect the intended college business or academic purpose for which access to computing resources is granted. Examples of inappropriate use of computing resources include, but are not limited to: use for personal or corporate profit or for the production of any output that is unrelated to the objectives for which access was granted.

Users must respect the shared nature of the computing resources. For example, users shall not engage in deliberately wasteful computing practices such as unnecessary printing; performing lengthy unnecessary computations; simultaneously queuing numerous batch jobs; or unnecessarily using workstations, or other equipment for extended periods of time.

Users granted website privileges must represent the college in line with the policies laid out in the catalog and other official college documents (employee handbook, faculty handbook, etc.). Opinion pieces should be noted as such to reflect the personal nature of statements made. In all cases, files placed on the college website must respect copyright and be certified under one of the following criteria…

Users must clear their own documents and files before submission, failure to do such may result in termination of webpage privileges. Unless otherwise agreed/contracted, original documents/files created exclusively for or to represent the college or college policy are considered to be a grant of unrestricted use and/or copyright.

Network Policy

Network access is granted with the understanding that neither the email system nor the network itself provides for personal privacy and users must therefore use the network in a conscientious manner in accordance with their duties. All communications are to reflect the mutual respect and civility expected in an academic community. Each user is responsible for all activity under his or her username, and abuse of the network privilege may result in the immediate suspension of network access.

Network traffic may be subject to search under court order. In addition, system administrators may monitor network traffic or access user files as required to protect the integrity of the network. For example, all traffic of all users of a system where a security breach is suspected of occurring may be monitored.

The college supports academic freedom and the pursuit thereof, however, the network and communication therein is supplied without warranty or guarantee of availability, usability and/or particular functionality unless specifically noted in writing by the President and/or Dean of Administration as approved by the Board of Trustees. Use of the network constitutes acceptance.

The college reserves the right to limit the use of network services. This includes, but is not limited to, size limitations for email messages, exclusion of particular attachment types, revocation of connection rights, bandwidth limitations and any other limitation deemed necessary to ensure the integrity of the college network.

External access of computer services (for example, remote email access) is offered to authorized users with the understanding that while the college maintains appropriate hardware and software to ensure the protection of data and prevention of network/computer misuse (including, but not limited to virus infiltration or "hacking"), even best-effort prevention/protection methods are not infallible, as such, the college offers no warranty should the prevention/protection methods be circumvented and cause damage and/or loss of personal data or functionality.

Software Policy

Most software is protected against duplication by copyright or license. Users must abide by the laws protecting copyright and licensing of programs and data. College users shall in no case make copies of licensed computer software to avoid paying additional license fees or to share with other users. No employee will knowingly violate software licenses or copyrights during the course of their job duties or at any time while using college equipment or software. Employees are responsible for producing proof of license for any personal software installed on their college-supplied computer on demand. Licenses for personally owned software installed on a college computer should be kept with that computer to facilitate such requests.

Custodial Responsibility

Facilities supervisors and other custodians of computers are responsible for the physical security of college hardware, software, and data entrusted to their use. This security generally includes the following provisions:

In addition to these guidelines, each facility may have additional guidelines for the use of particular types of accounts (i.e. Student Accounts or Instructional Accounts) or for use of that facility. Some facilities are restricted in use to student, faculty, and staff members of a particular department. It is the user’s responsibility to read and adhere to these additional guidelines.

Misuse & Consequences

Complaints alleging any misuse of network resources will be directed to those responsible for taking appropriate disciplinary action. Upon request, users are expected to cooperate in any investigation. Failure to do so may be grounds for cancellation or suspension of access privileges. Selected access to computing services may also be temporarily suspended while investigations are being conducted. In accordance with established college practices and numerous state and federal laws regarding computer violations, a user found to be abusing or misusing college computer resources may be subject to disciplinary action up to and including expulsion from the college or termination of employment, and/or legal action.

Disclaimer

Nothing in this statement supersedes state or federal law or the right of a network service provider to impose more restrictive terms. Internet services are provided from outside the college network and are subject to their own usage guidelines. This document is subject to change without notice in response to Federal and State guidelines, changes in law and/or college administrative policy; it is the users responsibility to keep apprised of these changes.

Definitions

A user is any individual who makes use of the network or computing resources, including (but not limited to) students, faculty and staff. Network services and/or computer resources include those in which a user may view and/or make modifications to data, initiate connections to other networks, or which have data with sensitive or secure content. A username is a network user’s personal identifier, depending on the software or system this identifier may be variously known as the login, userid, account name, nick or handle. A custodian is any employee who has secondary (e.g. instructional) or primary (e.g. physical) control over college computer equipment in the room(s) they occupy over the course of their workday.


Published December 13, 2000
Revised November 25, 2003
Republished January 15, 2003