Acceptable Use for Information Technology Systems Procedure

 

Introduction

This procedure aims to ensure that the College’s Information Technology Systems (ITS) are used to further the College’s mission. This procedure conforms to the HCCC Information Technology Services Policy approved by the HCCC Board of Trustees.

Applicability

This procedure applies to all individual users accessing and using computing, networking, and information resources through any College facility. These users include all Hudson County Community College staff, faculty, administrators, and other persons hired or retained to perform College work.

This procedure covers all of the College’s Information Technology Systems, including computing, networking, and other information technology resources owned or operated by, procured through, or contracted by the College. Such resources include the College’s computing and networking systems (including those connected to the College’s telecommunications infrastructure, the College-wide backbones, local area networks, and the Internet), public-access sites, shared computer systems, desktop computers, mobile devices, other computer hardware, software, databases stored on or accessible through the network, ITS/Enterprise Applications facilities, and communications systems and services.

Accountability

The Chief Information Officer (CIO) and Directors/Managers of ITS/Enterprise Applications shall implement this procedure. User reports of suspected abuse and other complaints shall be directed to the CIO. The CIO shall report the incident to the Vice President for Business and Finance/CFO. Specifics of the procedure are outlined below under “Non-compliance and Sanctions.”

Privacy

The College places a high value on privacy and recognizes its critical importance in an academic setting. In limited circumstances, including but not limited to technical issues or failures, law enforcement requests, or government regulations, the College may determine that other interests outweigh the value of a user’s privacy expectation. Only then will the College access relevant IT Systems without the consent of the user. The College is committed to protecting user privacy as long as this does not compromise institutional resources. Circumstances under which the College may need to gain access are discussed below. Procedural safeguards have been established to ensure access is attained only when appropriate.

Conditions – In accordance with state and federal law, the College may access all aspects of IT Systems, without the consent of the user, in the following circumstances:

      1. When necessary to identify or diagnose systems or security vulnerabilities and problems, or otherwise preserve the integrity of the College’s IT Systems;
      2. When required by federal, state, or local law or administrative rules; 
      3. When there are reasonable grounds to believe that a violation of law or a significant breach of College policy or procedure may have taken place, and access and inspection or monitoring may produce evidence related to the misconduct;
      4. When such access to IT/Enterprise Applications Systems is required to carry out essential business functions of the College; and,
      5. When required to preserve public health and safety.

Under the New Jersey Open Public Records Act, the College reserves the right to access and disclose data. This disclosure may include messages, data, files, and email backup or archives. Disclosure to law enforcement authorities and others shall be made as required by law, to respond to legal processes, and to fulfill its obligations to third parties. Even deleted email is subject to legal discovery during litigation through message archives, backup tapes, and un-deleting messages.

Process – The College will access data without the consent of the user only with the approval of the CIO and the Vice President for Business and Finance/CFO. This process will be circumvented only when emergency data access is necessary to preserve facilities’ integrity and preserve public health and safety. The College, through the CIO, will log all instances of access without consent. A user will be notified of College access to relevant IT Systems without consent. Depending on the circumstances, such notification will occur before, during, or after the access at the College’s discretion.

General Principles

  1. Access to information technology is vital to the College’s mission of providing its students with the highest quality educational services.
  2. The College owns its computing, networking, and other communications systems.
  3. The College also has various license-related rights to the software and information residing on or developed on these computers and networks. The College has the responsibility for the security, integrity, maintenance, and confidentiality of its communication systems.
  4. The College’s IT Systems exist to support staff, faculty, administrators, consultants, and students as they carry out the mission of the College. Toward these ends, the College encourages and promotes the use of these resources by the College community for their intended purposes. Access to and use of these resources outside of the College’s mission is subject to regulation and restriction to ensure that they do not interfere with legitimate work. Access and use of resources and services that interfere with the College’s mission and goals are prohibited.
  5. When the demand for information technology resources exceeds available capacity, ITS establishes priorities for allocating the resources. ITS gives a higher priority to activities essential to the mission of the College. In conjunction with the Chief Information Officer, the Vice Presidents shall recommend these priorities to the President.
  6. The College has the authority to control or refuse access to anyone who violates this procedure. Threatening other users’ rights, the availability and integrity of the systems, and information is a violation of this procedure. Consequences of procedure violation include deactivating accounts, access codes or security clearances, stopping processes, deleting affected files, and disabling access to information technology resources.

Rights of Users

  1. Privacy and confidentiality: As described more fully in section IV (above), the College will generally respect users’ rights to privacy and confidentiality. However, by their technological nature, electronic communications, especially email connected to the Internet, may not be secure from unauthorized access, viewing, or infringement. Although the College employs technologies to secure electronic messages, the confidentiality of email and other electronic documents cannot always be assured. Therefore, good judgment dictates crafting electronic documents that may become public without embarrassment or harm.
  2. Safety: The use by College faculty, staff, or administrators of the College’s IT Systems to transmit threatening, harassing, or offensive communication (or the display of offensive images or materials) is a violation of College procedure and may subject the violator to severe sanction. College personnel should report threatening, harassing, or offensive communications received over the network to the CIO as soon as possible.

Responsibilities of Users

  1. Individuals with access to the College’s computing, networking, and information resources are responsible for using them professionally, ethically, and legally and consistently with all applicable College policies. Users must take reasonable and necessary measures to safeguard the operational integrity and accessibility of the College’s systems. Users should maintain an academic and work environment conducive to efficiently and productively carrying out the College’s mission. Specifically, the responsibilities of users include:
      1. Respecting the rights of others, including their rights to intellectual property, privacy, and freedom from harassment;
      2. Safeguarding the confidentiality of sensitive College information and the privacy of student information following FERPA and College policy and procedures;
      3. Using systems and resources so as not to interfere with or disrupt the College’s normal daily operations;
      4. Protecting the security and the integrity of information stored on College IT/Enterprise Applications Systems;
      5. Knowing and obeying College and unit-specific policies and procedures governing access to, and use of, College IT Systems and information on those systems.

Specific Proscriptions on Network Use

  1. Individuals may not share passwords or log-in IDs or otherwise give others access to any system for which they are not the individual responsible for the data or system. Users are responsible for any activity conducted with their computer accounts and their password security. Only authorized persons may use the College’s IT/Enterprise Applications Systems.
  2. Individuals may not use another person’s network account or attempt to obtain passwords or access codes to another’s network account to send or receive messages.
  3. Individuals must identify themselves and their affiliation accurately and appropriately in electronic communications. They may not disguise the identity of the network account assigned to them or represent themselves as someone else.
  4. Individuals may not use the College’s systems to harass, intimidate, threaten or insult others; to interfere with another’s work or education; to create an intimidating, hostile, or offensive working or learning environment; or to conduct illegal or unethical activities, including plagiarism and invasion of privacy.
  5. Individuals may not use the College’s systems to gain or attempt to gain unauthorized access to remote networks or computer systems.
  6. Individuals may not deliberately disrupt the normal operations of the College’s computers, workstations, terminals, peripherals, or networks.
  7. Individuals may not run or install programs on any College computer system that may damage the College’s data and systems (e.g., computer viruses, personal programs). Users must not use the College’s network to disrupt external systems. If a user suspects that a program they intend to install or use may cause such an effect, they must first consult with ITS/Enterprise Applications.
  8. Individuals may not circumvent or avoid using authentication systems, data-protection mechanisms, or other security safeguards.
  9. Individuals must not violate any applicable copyright laws and licenses, and they must respect other intellectual property rights. Information and software accessible on the Internet are subject to copyright or additional intellectual property-right protection. College policy, procedures, and the law forbid the unauthorized copying of software that has not been placed in the public domain and distributed as “freeware.” Therefore, nothing should be downloaded or copied from the Internet without express permission from the owner of the material. Users must observe the material owner’s requirements or limitations on the material. The use of software on more than the licensed number of computers and unauthorized installation of unlicensed software are also prohibited.
    “Shareware” users must abide by the requirements of the shareware agreement.
  10. Activities that waste or unfairly monopolize computing resources and do not promote the College’s mission are prohibited. Examples of such activities include unauthorized mass e-mailings; electronic chain letters, junk mail, and other types of broadcast messages; unnecessary multiple processes, output, or traffic; exceeding network directory space limitations; game-playing, “surfing” the Internet for recreational purposes, or other non-work-related applications during business hours; and excessive printing.
  11. Reading, copying, changing, or deleting programs or files that belong to another person or the College without permission is prohibited.
  12. Individuals must not use the College’s computing resources for commercial purposes or personal financial gain.
  13. Use of the College’s IT Systems that violates local, state, or national laws or regulations or College policies, standards of conduct, or guidelines is prohibited.
  14. Email Communications:
      1. The College’s email system exists to support the College’s work, and email use must be related to College business. However, incidental personal, noncommercial use without direct cost to the College that does not interfere with legitimate College business is also permitted.
      2. Electronic communications whose meaning, transmission, or distribution is illegal, unethical, fraudulent, defamatory, harassing, or irresponsible are prohibited. College email systems must not be used to communicate content that may be considered inappropriate, offensive, or disrespectful to others.
      3. Individuals should observe appropriate professional standards of civility and decency in all electronic communication.
      4. All email correspondence relating to College business (including that sent to students and prospective students) should be sent with a plain white background and should not use any decorative stationery.
      5. Broadcast emails to the College Community will relate to College policy and procedures, College news, a College-sponsored event, or items affecting the College Community. Items for sale, donation requests, and other non-College business matters are prohibited. Individuals may not send emails requesting this type of information via the College’s mailing lists.

World Wide Web

  1. The Hudson County Community College Web site is an official publication of the College. All information contained on the Web pages must be accurate and reflect the official College policy and procedures.
  2. Official College Web pages conform to the same standards as any College print publication. The CIO, Director of Marketing and College Relations, Web Services Manager and the pertinent Vice President or their designee shall have the ultimate responsibility for each page’s content and design.
  3. The Web Services Manager and College staff responsible for each division or department will regularly review the currency and accuracy of official Hudson County Community College web pages. Individual areas are responsible for communicating revisions and updates, as they occur, to the Web Services Manager, who will review them and arrange for their posting.

Non-compliance and Sanctions

Non-compliance with this procedure may result in denial or removal of access privileges to the College’s electronic systems, disciplinary action under applicable College policies and procedures, civil liability and litigation, and criminal prosecution under appropriate state, federal, and local laws.

The process for an investigation into suspected abuses and non-compliance with this procedure is as follows:

    1. Report suspected abuse to the CIO.
    2. If there is concurrence by the Vice President for Business and Finance/CFO, the CIO shall investigate the report.
    3. CIO shall report any discovered abuse to the appropriate divisional Vice President, who will determine appropriate disciplinary action.

Network, Email, and Internet Accounts Procedures

Eligible for Accounts are the following:

    1. All salaried Hudson County Community College full-time staff.
    2. All adjunct faculty and other consultants engaged by the College through letters of agreement, memoranda of understanding, or contract.
    3. All members of the Board of Trustees.
    4. Hudson County Community College part-time staff who have a demonstrated need for computer resources available from ITS/Enterprise Applications (other than general Internet access), related to their work at the College, are eligible for temporary accounts.
    5. Employees of affiliated educational institutions that have relationships with Hudson County Community College, and a demonstrated need for ITS/Enterprise Applications computer resources (other than general Internet access), are eligible for temporary accounts.
    6. Affiliated organizations with an academic mission whose activities related to the College require computing resources that the affiliate cannot reasonably supply on its own are eligible for temporary accounts.

ITS removes accounts when:

    1.  The account holder no longer meets the eligibility requirements.
    2. The account is temporary, and the expiration date passes without renewal.
    3. The account holder has not accessed the account in 18 consecutive months.

Passwords

    1. Accounts are created with a pre-assigned password that account holders must change upon logging in for the first time, and consistent with College procedures.
    2. It is strictly forbidden to share or divulge passwords.

Hudson County Community College Email Procedure

Individuals with access to the College’s IT Systems are responsible for using them professionally, ethically, legally, and following applicable College policies and procedures. Users should maintain an academic and work environment conducive to efficiently and productively carrying out the College’s mission.

Electronic communications whose meaning, transmission, or distribution are illegal, unethical, fraudulent, defamatory, harassing, irresponsible, or violate College policies or procedures are prohibited. Electronic communications should not contain anything that could not be posted on a bulletin board, seen by unintended viewers, or appear in a College publication. Material that may be considered inappropriate, offensive, or disrespectful to others should not be sent or received as electronic communications using College facilities. The CIO will oversee the enforcement of this procedure.

A. Actions Considered Violations of this email procedure are as follows:

      1. Sending unauthorized bulk email messages (“junk mail” or “spam”).
      2. Using email for harassment, whether through language, frequency, content, or size of messages.
      3. Forwarding or otherwise propagating chain letters and pyramid schemes, whether or not the recipient wishes to receive such mailings.
      4. Malicious emails, such as “mail-bombing” or flooding a user site with very large or numerous pieces of email.
      5. Forging of sender information other than accountname@hccc.edu or another preapproved header address.
      6. Sending email for commercial purposes or personal financial gain.

The College has the right to remove access to accounts found in violation of this procedure.

B. Email Rules and Controls:

      1. The College does not archive email.
      2. The College does filter email for spam and malicious content.
      3. The College blocks email accounts that send spam and malicious content.

 

Approved by Cabinet: July 2021
Related Board Policy: ITS

Return to Policies and Procedures