Computer and Network Usage Policy

Introduction

"Respect for intellectual labor and creativity is vital to academic discourse and enterprise. This principle applies to works of all authors and publishers in all media. It encompasses respect for the right to acknowledgment, the right to privacy, and the right to determine the form, manner, and terms of publication and distribution. Because electronic information is volatile and easily reproduced, respect for the work and personal expression of others is especially critical in computer environments. Violations of authorial integrity, including plagiarism, invasion of privacy, unauthorized access, and trade secret and copyright violations, may be grounds for sanctions against members of the academic community."

- The EDUCOM Code (1987, http://www.educause.edu/)

Contents

  1. Background and Purpose
  2. Definitions
  3. Individual Privileges
  4. Individual Responsibilities
  5. Gordon State College Privileges
  6. Gordon State College Responsibilities
  7. Procedures and Sanctions

1. Background and Purpose

This document constitutes a College-wide policy intended to allow for the proper use of all Gordon State College computing and network resources, effective protection of individual users, equitable access, and proper management of those resources. This should be taken in the broadest possible sense. This policy applies to Gordon State College network usage even in situations where it would not apply to the computer(s) in use.

These guidelines are intended to supplement, not replace, all existing laws, regulations, agreements, and contracts that currently apply to these services. As a result, the policy manual for the Board of Regent's is specifically identified in this document. In particular, Section 6 entitled Research. Section 6.3 addresses determination of rights and equities in intellectual property.

The entire Board of Regent's policy manual can be found at: http://www.usg.edu/policymanual/. In addition, The Regents guide to understanding copyright and fair use is an invaluable resource for questions about how materials, including electronic materials may be used. This document can be found at: http://www.usg.edu/copyright/

Given this background, Gordon State College expects all users of the Gordon State College network to recognize the following:

  1. Access to the Gordon State College network is a privilege, not a right.
  2. Access to networks and computer systems owned or operated by Gordon State College imposes certain responsibilities and obligations and is granted subject to College policies and local, state, and federal laws.
  3. Appropriate use should always be legal, ethical, reflect academic honesty, reflect community standards, and show restraint in the consumption of shared resources. It should demonstrate respect for intellectual property; ownership of data; system security mechanisms; and individual's rights to privacy and to freedom from intimidation, harassment, and unwarranted annoyance. Appropriate use of computing and networking resources includes instruction; independent study; authorized research; independent research; communications; and official work of the offices, units, students, recognized student and campus organizations, and agencies of the College.

2. Definitions

2.1. Authorized use

Authorized use of Gordon State College-owned or operated computing and network resources is use consistent with the education, and service mission of the College, and consistent with this policy.

2.2. Authorized users

Authorized users are: (1) current faculty, staff, and students of the College; (2) anyone connecting to a public information service (see section 6.5); (3) others whose access furthers the mission of the College and whose usage does not interfere with other users' access to resources.

3. Individual Privileges

It is the following individual privileges, all of which are currently existent at Gordon State College, that empower authorized users to be productive members of the campus community. It must be understood that privileges are conditioned upon acceptance of the accompanying responsibilities. (See Section 4)

3.1. Privacy

To the greatest extent possible in a public setting an individual's privacy should be preserved. Electronic and other technological methods must not be used to infringe upon privacy. However, users must recognize that Gordon State College computer systems and networks are public and subject to the Georgia Open Records Act. Users, thus, utilize such systems at their own risk. All content residing on Institute systems is subject to inspection by the Institute.

All content residing on Gordon State College computer systems is subject to inspection by Gordon State College.

3.2. Freedom of expression

The constitutional right to freedom of speech applies to all members of the campus no matter the medium used.

3.3. Ownership of intellectual works

People creating intellectual works using Gordon State College computers or networks, including but not limited to software, should consult Determination of Rights and Equities in Intellectual Property (Board of Regents Policy Manual, section 6.3.3, * and any subsequent revisions), and other possibly related Gordon State College policies.

3.4. Freedom from harassment, display of objectionable or undesired material

All members of the campus have the right not to be harassed by computer or network usage by others. (See 4.1.3)

4. Individual Responsibilities

Just as certain privileges are given to each member of the campus community, each member is held accountable for their actions as a condition of continued membership in the community. The interplay of privileges and responsibilities within each individual situation and across campus engenders the trust and intellectual freedom that form the heart of our community. This trust and freedom are grounded on each person's developing the skills necessary to be an active and contributing member of the community. These skills include an awareness and knowledge of information and the technology used to process, store, and transmit it.

4.1. Common courtesy and respect for rights of others

Users are responsible to all other members of the campus community in many ways, including respecting and valuing the rights of privacy for all, to recognize and respect the diversity of the population and opinion in the community, to behave ethically, and to comply with all legal restrictions regarding the use of information that is the property of others.

4.1.1. Privacy of information

Files of personal information, including programs, no matter on what medium they are stored or transmitted, may be subject to the Georgia Open Records Act if stored on Gordon State College's computers. That fact notwithstanding, no one should look at, copy, alter, or destroy anyone else's personal files without explicit permission (unless authorized or required to do so by law or regulation). Simply being able to access a file or other information does not imply permission to do so.

Similarly, no one should connect to a host on the network without advance permission in some form. People and organizations link computers to the network for numerous different reasons, and many consider unwelcome connects to be attempts to invade their privacy or compromise their security.

4.1.2. Intellectual property

You are responsible for recognizing (attributing) and honoring the intellectual property rights of others as is described in Regents' Code (http://www.usg.edu/copyright/).

4.1.3. Harassment

No member of the community may, under any circumstances, use Gordon State College's computers or networks to libel, slander, or harass any other person.

The following shall constitute Computer Harassment: (1) Using the computer to harass, terrify, intimidate, threaten another person by conveying or publicly displaying obscene language, pictures, or other materials; (2) Using the computer to convey threats of bodily harm to the recipient or the recipient's immediate family; (3) Intentionally using the computer to contact another person repeatedly with the intent to harass whether or not any actual message is communicated, and/or where no purpose of legitimate communication exists, and where the recipient has expressed a desire for the communication to cease; (4) Intentionally using the computer to contact another person repeatedly regarding a matter for which one does not have a legal right to communicate, once the recipient has provided reasonable notice that he or she desires such communication to cease (such as debt collection); (5) Intentionally using the computer to disrupt or damage the academic, research, administrative, or related pursuits of another; (6) Intentionally using the computer to invade the privacy, academic or otherwise, of another or the threatened invasion of the privacy of another.

No part of this policy shall be construed as limiting or interfering with freedom of expression of student publications unless considered a form of harassment.

4.2. Responsible use of resources

You are responsible for knowing what information resources (including networks) are available, remembering that the members of the community share them, and refraining from all acts that waste or prevent others from using these resources or from using them in whatever ways have been proscribed by the College and the laws of the State and Federal governments.

4.3 Use of personally managed systems

Personally managed systems are not limited to computer physically located on the campus, but include any type of device that can be used to access institute computing and networking resources from any location.

Authorized users have a responsibility to ensure the security and integrity of system(s) accessing other computer and networking resources of the Institute, whether you are a student, employee, or other authorized user. Institute information electronically stored therein must be protected.

Appropriate precautions for personally owned or managed systems include performing regular backups, controlling physical and network access, using virus protection software, and keeping any software installed (especially anti-virus and operating system software) up to date with respect to security patches.

Authorized users must ensure compliance with the security, software, and support policies of their unit.

4.4. Information integrity

It is the user's responsibility to be aware of the potential for and possible effects of manipulating information, especially in electronic form, to understand the changeable nature of electronically stored information, and to verify the integrity and completeness of information that you compile or use. Do not accept information or communications as being correct when they are contrary to expectations; verify it with the originator of the message or data.

4.5. Use of desktop systems

Users are responsible for the security and integrity of College information stored on personal desktop system. This responsibility includes controlling physical and network access to the machine. Avoid storing passwords or other information that can be used to gain access to other campus computing resources.

4.6. Access to facilities and information

4.6.1. Sharing of access

Computer accounts, passwords, and other types of authorization are assigned to individual users and must not be shared with others. Users are responsible for any use of your account.

4.6.2. Permitting unauthorized access

Users may not run or otherwise configure software or hardware to intentionally allow access by unauthorized users. (See section 2.2.)

4.6.3. Use of privileged access

Special access to information or other special computing privileges are to be used in performance of official duties only. Information obtained through special privileges is to be treated as private.

4.6.4. Termination of access

When a user ceases being a member of the campus community (cease enrollment or terminate employment), or is assigned a new position and/or responsibilities within the College, the user's access authorization must be reviewed. You must not use facilities, accounts, access codes, privileges, or information for which you are not authorized in your new circumstances.

4.7. Attempts to circumvent security

Users are prohibited from attempting to circumvent or subvert any system's security measures. This section does not prohibit use of security tools by system administration personnel.

4.7.1. Decoding access control information

Users are prohibited from using any computer program or device to intercept or decode passwords or similar access control information.

4.7.2. Denial of service

Deliberate attempts to degrade the performance of a computer system or network or to deprive authorized personnel of resources or access to any College computer system or network are prohibited.

4.7.3. Harmful activities

Harmful activities are prohibited. Examples include IP spoofing; creating and propagating viruses; port scanning; disrupting services, damaging files; or intentional destruction of or damage to equipment, software, or data.

4.7.4. Unauthorized access

Users may not:

  1. damage computer systems
  2. obtain extra resources not authorized to them
  3. deprive another user of authorized resources
  4. gain unauthorized access to systems by using knowledge of:
    1. a special password
    2. loopholes in computer security systems
    3. another user's password
    4. access abilities used during a previous position at the College

4.7.5. Unauthorized monitoring

Users may not use computing resources for unauthorized monitoring of electronic communications.

4.8. Academic dishonesty

Users should always use computing resources in accordance with the high ethical standards of the College community. Academic dishonesty (plagiarism, cheating) is a violation of those standards.

4.9. Use of copyrighted information and materials

Users are prohibited from using, inspecting, copying, and storing copyrighted computer programs and other material, in violation of copyright.

4.10. Use of licensed software

No software may be installed, copied, or used on College resources except as permitted by the owner of the software. Software subject to licensing must be properly licensed and all license provisions (installation, use, copying, number of simultaneous users, term of license, etc.) must be strictly adhered to.

4.11. Personal business

Computing facilities, services, and networks may not be used in connection with compensated outside work nor for the benefit of organizations not related to Gordon State College, except: in connection with traditional faculty pursuits such as teaching, research and service.

 This and any other incidental use (such as electronic communications or storing data on single-user machines) must not interfere with other users' access to resources (computer cycles, network bandwidth, disk space, printers, etc.) and must not be excessive. State law restricts the use of State facilities for personal gain or benefit.

5. Gordon State College Privileges

Our society depends on institutions like Gordon State College to educate our citizens and advance the development of knowledge. However, in order to survive, Gordon State College must attract and responsibly manage financial and human resources. Therefore, the College has been granted by the State, and the various other institutions with which it deals, certain privileges regarding the information necessary to accomplish its goals and to maintain the equipment and physical assets used in its mission.

5.1. Allocation of resources

Gordon State College may allocate resources in differential ways in order to achieve its overall mission.

5.2. Control of access to information

Gordon State College may control access to its information and the devices on which it is stored, manipulated, and transmitted, in accordance with the laws of Georgia and the United States and the policies of the College and the Board of Regents.

5.3. Imposition of sanctions

Gordon State College may impose sanctions and punishments on anyone who violates the policies of the College regarding computer and network usage.

5.4. System administration access

A System Administrator (i.e., the person responsible for the technical operations of a particular machine) may access others files for the maintenance of networks and computer and storage systems, such as to create backup copies of media. However, in all cases, all individuals' privileges and rights of privacy are to be preserved to the greatest extent possible.

5.5. Monitoring of usage, inspection of files

Users should be aware that their uses of Gordon State College computing resources are not completely private. While the Institute does not routinely monitor individual usage of its computing resources, the normal operation and maintenance of the Institute's computing resources require the backup and caching of data and communications, the logging of activity, the monitoring of general usage patterns, and other such activities that are necessary for maintaining network availability and performance.

The Institute may also specifically monitor the activity and accounts of individual users of the Institute's computing resources, including individual login sessions and communications, without notice. This monitoring may occur in the following instances:

  1. The user has voluntarily made them accessible to the public.
  2. It reasonably appears necessary to do so to protect the integrity, security, or functionality of the Institute or to protect the Institute from liability.
  3. There is reasonable cause to believe that the user has violated, or is violating, this policy.
  4. An account appears to be engaged in unusual or unusually excessive activity, as indicated by the monitoring of general activity and usage patterns.
  5. Upon receipt of a legally served directive of appropriate law enforcement agencies.

Any such individual monitoring, other than that specified in "(1)", required by law or necessary to respond to bona fide emergency situations, must be authorized in advance by the appropriate Vice President for faculty/staff and Vice President for Student Affairs for students; in all such cases, the appropriate unit head will be informed as time and the situation will allow.

In all cases all individuals' privileges and right of privacy are to be preserved to the greatest extent possible.

5.6. Suspension of individual privileges

Gordon State College may suspend computer and network privileges of an individual for reasons relating to his/her physical or emotional safety and well being, or for reasons relating to the safety and well-being of other members of the campus community, or College property. Access will be promptly restored when safety and well-being can be reasonably assured, unless access is to remain suspended as a result of formal disciplinary action imposed by the Office of the Vice President for Student Affairs (for students) or the employee's department in consultation with the Office of Business Affairs (for employees).

6. Gordon State College Responsibilities

6.1. Security procedures

Gordon State College has the responsibility to develop, implement, maintain, and enforce appropriate security procedures to ensure the integrity of individual and institutional information, however stored, and to impose appropriate penalties when privacy is purposefully abridged.

6.2. Anti-harassment procedures

Gordon State College has the responsibility to develop, implement, maintain, and enforce appropriate procedures to discourage harassment by use of its computers or networks and to impose appropriate penalties when such harassment takes place.

6.3. Upholding of copyrights and license provisions

Gordon State College has the responsibility to uphold all copyrights, laws governing access and use of information, and rules of organizations supplying information resources to members of the community (e.g., acceptable use policies for use of Internet).

6.4. Individual responsibilities

Each Department, Division, or Individual has the responsibility for those computer resources established under its supervision to include:

  1. enforcing this policy
  2. providing for security in their areas
  3. confidentiality of private information, including user files and system access codes
  4. controlling physical access to equipment
  5. providing proper physical environment for equipment
  6. providing safeguards against fire, flood, theft, etc.

6.5. Public information services

Units and individuals may, with the permission of the appropriate Department head and coordination with the Information Technology Department, configure computing systems to provide information retrieval services to the public at large. (Current examples include "anonymous ftp" and "www.") However, in so doing, particular attention must be paid to the following sections of this policy: 2.1 (authorized use [must be consistent with College mission]), 3.3 (ownership of intellectual works), 4.2 (responsible use of resources), 4.9 (use of copyrighted information and materials), 4.10 (use of licensed software), and 6.4 (individual unit responsibilities).

Usage of public services must not cause computer or network loading that impairs other services.

7. Procedures and Sanctions

7.1. Investigative contact

If you are contacted by a representative from an external organization (District Attorney's Office, FBI, GBI, Southern Bell Security Services, etc.) who is conducting an investigation of an alleged violation involving Gordon State College computing and networking resources, inform the Director of Information Technology immediately.

7.2. Responding to security and abuse incidents

All users and Departments have the responsibility to report any discovered unauthorized access attempts or other improper usage of Gordon State College computers, networks, or other information processing equipment. If you observe, or have reported to you (other than as in 7.1 above), a security or abuse problem with any College computer or network facilities, including violations of this policy.

Take immediate steps as necessary to ensure the safety and well being of information resources. For example, if warranted, a system administrator should be contacted to temporarily disable any offending or apparently compromised computer accounts, or to temporarily disconnect or block offending computers from the network (see section 5.6).

Ensure that the following people are notified: (1) Director of Information Technology, (2) your Department/Division head.

7.3. First and minor incident

If a person appears to have violated this policy, and (1) the violation is deemed minor by Information Technology, and (2) the person has not been implicated in prior incidents, then the incident may be dealt with at the Information Technology or Departmental/Divisional level. The alleged offender will be furnished a copy of the College Computer and Network Usage Policy (this document), and will sign a form agreeing to conform to the policy.

7.4. Subsequent and/or major violations

Reports of subsequent or major violations will be forwarded to Student Affairs (for students) or the Department head (for employees) for the determination of sanctions to be imposed. Department heads should consult the Office of Business Affairs regarding appropriate action.

7.5. Range of disciplinary sanctions

Persons in violation of this policy are subject to the full range of sanctions, including the loss of computer or network access privileges, disciplinary action, dismissal from the College, and legal action.

Some violations may constitute criminal offenses, as outlined in the Georgia Computer Systems Protection Act and other local, state, and federal laws; the College will carry out its responsibility to report such violations to the appropriate authorities.

7.6. Appeals

Appeals should be directed through the already-existing procedures established for employees and students.