Policy Issue: Acceptable Use of Technology Resources

Policy Statement Code: 7016

Date Adopted Dates Reviewed Dates Amended
March 2002 November 2007 December 2007
Acceptable Use of Technology Resources
  1. 6. Responsibilities in Managing iSTORM
  2. 7. Network Design
  3. 8. Network Security
  4. 9. Bandwidth Guidelines
  5. 10. Website Usage

1. Purpose

Southwestern Illinois College provides extensive computing and network communications services. These services, known collectively as Information Technology (IT), are part of the campus infrastructure, and their purpose is to support the college's teaching and public service missions. Unless explicitly noted, these policies apply to all computing and network communications equipment in all units of the college.

This document addresses issues specific to Southwestern Illinois College computing and network usage. Sections 1 through 5 articulate policies regarding individual users of computers and networks; sections 6 through 9 summarize administrative protocols for computing and network administrators and should not be construed as creating additional rights for individual users. Other college policies that address specific activities and behaviors, some of which are cited later in this policy, continue to apply to computing and network use. Individuals using college computing and networking services should be particularly aware of policies that apply to discrimination, harassment, the use of copyrighted materials, and those that apply to the appropriate use of college resources.

Computing and network communications are changing rapidly both in terms of technology and application, and the college reserves the right to amend this policy at any time.

All members of the college community are given notice of this policy by virtue of its publication, and are subject to it on the same basis. Ignorance of this policy does not relieve anyone of his or her responsibilities under it.

[Back to Top]

2. Computers and Network Systems: iSTORM Defined

The term iSTORM is used here to denote the campus computer and data communications infrastructure at the college. It includes the campus backbone and local area networks, all equipment connected to those networks (independent of ownership), and all equipment registered to any domain name owned by the college. In effect, iSTORM is short for Southwestern Illinois College Network. IT refers to the college's Information Technology division. College units refers to the various departments and divisions and offices of the college.

[Back to Top]

3. Underlying Principles

  1. The principles of academic freedom apply in full to electronic communications. The institution has adopted the academic freedom principles as articulated by the American Association of University Professors and has incorporated these into the faculty memorandum of understanding.

  2. The use of computing and network services provided by the college is subject to all applicable state and federal laws, as well as applicable college policies.

  3. All standards of behavior, courtesy, and etiquette that govern vocal and written communications also extend to electronic communications.

  4. IT is responsible for the design, operation, and management of the computing and network communications services provided. When IT becomes aware of any use of iSTORM that violates provisions of college policy, presents a security risk, or degrades services to others, IT may suspend or terminate network access and use and/or notify appropriate disciplinary and/or legal authorities. Where possible, IT will provide prior notification of actions that affect network use and access. IT's responsibilities include:

    1. The choice of protocols supported by the network,

    2. The definition of technical standards necessary for efficient operation of the network and for the security of transmitted data and networked computers.

    3. Application of network management policies adopted by the campus to ensure inter-operability of department local area networks (LANs),

    4. Monitoring the overall system to ensure the reliability, robustness and security of the college network infrastructure, and

    5. Serving as the campus representative to the Internet community, under the auspices of the Chief Information Officer (CIO), and ensuring that the college is a responsible member of that community.

[Back to Top]

4. Proper and Authorized Use of iSTORM

IT is charged with ensuring the integrity of iSTORM computers and communications. IT takes active steps to ensure the physical integrity of the infrastructure, including routine monitoring of performance and reliability. While IT does not routinely monitor appropriate use of iSTORM by individuals, it will respond to complaints or other notifications of inappropriate use. Units that provide access to iSTORM are responsible for ensuring that use is limited to legitimate users and is consistent with college policies and contractual obligations that govern the software and services offered on iSTORM . Use of iSTORM is a privilege, not a right, which may be suspended or terminated by IT when, in its judgment, this policy has been violated by the user.

  1. Purpose of iSTORM , the campus computing and communications infrastructure: iSTORM exists to support the educational and public service missions of the college, and its use should be limited to those purposes.

  2. Appropriate Use of iSTORM: No individual may use iSTORM resources for commercial or profit-making purposes or other purposes unrelated to the mission of the college. As with all college computing and network facilities, iSTORM may not be used for improper or illegal purposes, such as unauthorized use of licensed software, intentional efforts to breach security, sending unauthorized mass mailing, or the transmission of computer viruses.

    1. Ownership of Network Identifiers: College-supplied network identifiers (network IDs), college identification numbers, and computer-sign-ons are the property of the college. The college may revoke these identifiers or sign-ons at any time.

    2. Responsibility to Maintain Privacy of Passwords: Passwords associated with an individual's network IDs and computer sign-ons should not be shared without authorization. Compromised passwords may affect not only the individual, but also other users on campus or on the Internet.

    3. Proper Identity Required: Electronic mail and other forms of electronic communication must carry the proper identity of the sender at all times. Information servers (e.g., Web servers) must display the email address and identity of the unit or person responsible for maintaining the information.

    4. Appropriate Use of Bandwidth: As described in Section 9 below, bandwidth both within campus and connecting to the Internet is a shared, finite resource. Users of iSTORM must make reasonable efforts to use this resource in ways that do not negatively affect others. College units may set guidelines on bandwidth utilization for purposes of resource allocation.

    5. Appropriate Use of Online Services: Internet services such as social networking, audio or video streaming, podcasting, etc. will be used primarily for instructional and institutional needs. Hosting of any Internet Services will be centralized within IT for proactive management. Activities associated with unauthorized hosting of social networking, peer-to-peer networks, video or audio streaming, podcasting, etc. will be suspended immediately upon discovery. If malicious activity is suspected, the appropriate legal, administrative, and Student Conduct processes will be followed.

  3. Use by Faculty and Staff

    1. Passwords and College Units: Faculty and staff, including student employees, must not under any circumstances share their passwords with others, even with supervisors. However, when limited access to college-related documents or files is required specifically and solely for the proper operation of college units and where available technical alternatives are not feasible, exceptions may be specifically authorized by IT.

    2. Use Unrelated to College Positions: Use by college employees unrelated to their college positions must be limited in both time and resources and must not interfere in any way with college functions or the employee's duties. It is the responsibility of employees to consult their supervisors if they have any questions in this respect.

  4. Use by Students:

    1. Responsibility for Passwords: Students must not share their passwords with others, even with friends. Students are responsible for ensuring that their computers are secure from unauthorized use. When working as employees, students are covered under section c) above.

    2. Appropriate Use of Online Services: Students will comply with institutional guidelines as published in Board Policy and in the Student Rights and Conduct statement.

  5. Use by Non-College Users: Non-college individuals and organizations may not use iSTORM , except as specified by written college contract. It is the responsibility of the contracting unit to ensure that content and usage of iSTORM adhere to all general college policies and that resources are provided in a secure manner. For purposes of this policy, a contracting organization shall be deemed to be a unit of the college, and designated officials of the organization may exercise the responsibilities of college administrators as described in this policy, except that the contracting organization may not exercise or supercede the authority of the CIO.

    1. Limited to College-related activities: Legitimate non-college users may use their college provided accounts and Internet access only in conjunction with their authorized college-related activities.

    2. Authorized Organizations: iSTORM resources may be used in support of organizations approved by the CIO. While it is appropriate for the home pages of these organizations to provide some information about external organizations, clubs, commercial entities, etc. iSTORM -connected equipment may not be the primary repository for that information.

    3. College-sponsored External Entities:

      Any college program that, in the interest of collaboration, wishes to provide an external entity with Internet access or to host non-college materials on a iSTORM -connected server must first consult with IT about alternatives and secure approval from the CIO.

[Back to Top]

5. Protection of Information in Electronic Media

5.1 Status of Information in Electronic Media

Information and data maintained in electronic media on college computer systems are protected by the same laws and policies, and are subject to the same limitations, as information and communications in other media. Before storing or sending confidential or personal information, network users should understand that most materials on college systems are, by definition, public records. As such, they are subject to laws and policies that may compel the college to disclose them. The privacy of materials kept in electronic data storage and electronic mail is neither a right nor is it guaranteed.

[Back to Top]

5.2 Examination of Contents of Electronic Messages and Files

Unless required by law or authorized administrative approval to do otherwise, IT and unit-level LAN-and systems administrators will not examine the contents of electronic messages and files and will make every reasonable effort to protect them from unauthorized inspection, subject to the following:

  1. Contents of Email: The contents of electronic messages might be seen by a system administrator in the course of routine maintenance or in order to dispose of undeliverable messages. In addition, electronic mail systems store messages in files (e.g., the file containing a user's inbound mail.) These files are copied in the course of system backups, and these backup copies may be kept long after original messages were deleted.

  2. System Files and Logs: In the course of resolving system performance or security problems, IT and unit-level system administrators may examine the contents of files that control the flow of tasks through the system or that grant unauthenticated access to other systems. This includes systems logs that document some activities of users.

  3. File and Directory Names: File names and directory names are treated as public information and are not protected.

[Back to Top]

5.3 Process for Requesting Disclosure of Contents of Messages and Files

  1. Requesting Disclosure: Requests for disclosure must be made in writing through regular reporting channels, consistent with the guidelines below. Requests for disclosure are made to the college Chief Information Officer (CIO), who is assigned the responsibility for implementing this policy and ensuring that the scope of the disclosure is limited to a legitimate college purpose. The CIO carries out these responsibilities in consultation with Legal Counsel and other appropriate offices. The CIO may designate an individual to act on his or her behalf in fulfilling these responsibilities. All authorizations by the CIO or designee will include specifications for the form and timing of notification to the person whose information is accessed or disclosed.

  2. Action While a Request is Pending. While a request consistent with this process is pending or under consideration, the requesting unit executive officer may ask computer system administrators to take reasonable, necessary steps to maintain, store, or otherwise prevent the deletion or modification of the information being sought. This must be done in such a way as to maintain the privacy of said information until the requested disclosure is reviewed. IT may be able to advise units on appropriate procedures.

  3. Notification of Affected Individual(s): a) When IT or other authorized unit administrators provide access to, and disclosure of, email messages and/or file content under provisions of external laws, regulations or applications of this college policy, the requesting administrator will normally notify in advance the individual(s) whose information is to be released, indicating the information to be released and the law, regulation or policy that governs the release. If individuals are not notified in advance, the CIO will be responsible for determining when notification is appropriate and for ensuring that such notification is carried out. Circumstances in which notification may be delayed include, but are not limited to, (1) the presentation by legal bodies of subpoenas or other instruments prohibiting advance notification, (2) situations where the safety of individuals is involved, or (3) investigations or inquiries conducted under published college policies.

  4. Conditions for Disclosure: In the absence of legally compelled access or disclosure, the CIO is authorized to grant access to a user's file contents or electronic mail messages, or to give copies of them to any third party within the college only if all the guidelines below are met:

    1. The access or disclosure is requested in writing through regular college reporting channels, including the unit executive officer of the individual whose information is being disclosed and the next administrator in that reporting chain, and

    2. The reason for the requested disclosure serves a legitimate college purpose, and

    3. The disclosure is not invasive of legitimate privacy interests or unreasonable under the circumstances, e.g., in light of alternative means of acquiring the information or achieving the requester's purpose, and

    4. The nature and scope of the disclosure is submitted in writing to and approved by the CIO. This request is normally submitted by the approving executive officer indicated above.

[Back to Top]

5.4 Review of Disclosure

iSTORM users whose information is accessed or disclosed under the above provisions should use existing college complaint and/or grievance procedures when concerned about the application of this policy.

[Back to Top]

6. Responsibilities in Managing iSTORM

This section outlines responsibilities in managing iSTORM that may affect units and individuals.

  1. Network Design: IT will work with any unit to develop or modify a network to meet unit needs. Needs directly related to the college's education or public service missions have first claim on resources.

[Back to Top]

7. Network Design

IT is responsible for the design or approval of departmental local area networks (LANs) that are connected to the campus network and their connections to the campus backbone. The following subsections document policies and procedures relevant to these areas. The term LAN as used here refers to the routers, switches, repeaters, cabling and patch panels, but excludes servers and other computers.

  1. iSTORM Address Space: Only IT-approved domains may be operated within iSTORM address space. Publicly accessible Domain Name Servers must be approved by IT before they are placed in service.

  2. Responsibility for Telecommunications Wiring: IT is responsible for the telecommunications wiring system on the college's campuses. If portions of this system are used in the construction of a LAN, all such use must conform to campus standards.

  3. Local Network Policies: Network administrators and the owners of local networks may develop their own network policies, as long as they are not in conflict with college policies. Unit-level policies may not restrict access to campus services, except where specific security concerns require it, and may not contravene policies stated here.

  4. Responsibility of Units: Units are responsible for the uses of their local area networks and servers. In particular, units are responsible for ensuring that materials published electronically or otherwise placed on their servers are relevant and appropriate to the unit's mission..

  5. Licensing and other Restrictions: Some servers connected to iSTORM provide services or software that are restricted by licensing agreements to use by college students, faculty and staff. Some licenses may further limit use to a specific campus or particular units. Servers must be configured such that restricted services or software are accessible only to those who are eligible.

  6. LAN Administrators: Each LAN must have at least one designated administrator who is responsible for its administration and management, and whom IT may contact if it detects a problem.

[Back to Top]

8. Network Security

The security functions of commonly used desktops, servers, and communications technologies are often vulnerable, allowing unauthorized access to or viewing of system resources. A security violation on one machine may threaten security of other systems on the network, allowing unauthorized users to disrupt or damage interconnected systems. Because of this, each individual and unit has certain responsibilities to ensure that their systems are reasonably secure. This section describes security-related roles and responsibilities. It also describes circumstances under which iSTORM user data can be collected and examined by an individual managing a LAN, server, or system.

  1. Responsibilities of Network Administrators: It is the responsibility of every network administrator to have expertise sufficient to maintain appropriate levels of security and system integrity on local LANs. IT will document best practices and procedures for maintaining network security and integrity, in consultation with the campus community and peers nationally. IT provides training, consulting, and general support to network administrators.

  2. Ensuring Integrity of iSTORM: In the event that IT judges a LAN to present an immediate risk to the integrity of iSTORM equipment, software, or data, or presents a risk to the external network (resulting in potential liability for the college), IT may terminate or restrict the LAN's network connection without notice. If there is no immediate risk, IT will bring the matter to the attention of the LAN's network administrator. If IT is unable to resolve the problem at this level, it will contact the unit executive officer or the next level administrator. In addition, if an individual system administrator of a multi-user system determines that an account presents an immediate security risk, he or she may inactivate the computer account without prior notice. The administrator must contact IT in a timely manner to report and discuss the situation. In the course of ensuring the integrity of iSTORM and local LANs, IT and system administrators, respectively, may use tools, monitoring hardware and software, and log information as indicated here:

    1. Security Tools: IT may use tools designed to locate security flaws in equipment connected to the campus network and will take appropriate steps to protect the privacy of data (as provided by this policy) in the process. When IT documents risks to security or network integrity, units are responsible for immediate responses to mitigate or remove the risk. Whether so notified or not, units are responsible for appropriate security with respect to equipment within their LAN.

    2. Network Monitoring Tools: In order to solve network problems, system administrators may employ software or hardware devices from time to time that capture contents of packets traversing the network, including email, Web, and other services. These monitoring tools will be used to monitor and improve the performance or integrity of the network. They will not be used to monitor or track any individual's network activity except under the special authorizations provided for under Section 5.

    3. System Log Files: i) Managers of systems and network services may log connections to their machines and services made via remote access or iSTORM . The information recorded may include the source and destination for a connection, and session start and end times.

      Operators of multi-user systems may keep logs of activities on their systems. The logs may include login name, timestamps and commands issued. Network administrators may not monitor individual users' data or files except under special authorizations provided for under Section 5.

[Back to Top]

9. Bandwidth Guidelines

iSTORM and its connections to the Internet are a shared, finite resource. While every effort is made to provide adequate bandwidth for college purposes, bandwidth may not be available for every use.

    1. New Applications: Extensive use of new applications that require very large amounts of bandwidth on the campus backbone must be discussed with IT beforehand, so that appropriate planning can take place.

    2. Degrading Network Performance: If use of a computing or network service by a project or individual seriously degrades network service to others, IT will try to help the project or individual obtain the needed service in a way that does not seriously impact others. If a network upgrade is required, the unit or user may be asked to pay all or part of the cost.

    3. Responsibilities of Network Administrators: Network administrators are responsible for monitoring and managing traffic on their LANs to protect the quality of service from adverse impact by users whose applications require substantial bandwidth or other network resources.

    [Back to Top]

10. Website Usage

This section addresses issues specific to Southwestern Illinois College website usage and is related to: Commercial Advertising, Compliance, Copyright, Links, Logos and Other Trademarks, Nondiscrimination, Personal Business, Security, Violations, and Web Accessibility. Institutional Web Pages include: all Web sites using the swic.edu domain (examples: www.swic.edu, fac.swic.edu, techknow.swic.edu), intranet website (http://istorm.swic.edu), and all web pages representing Southwestern Illinois College to the community.

  1. Commercial Advertising: Commercial advertising is not permitted on pages published on Southwestern Illinois College Web servers. No graphic or text may imply Southwestern Illinois College endorsement of commercial products or services. A disclaimer should be displayed if non-endorsement is not evident from the context (see links- below.)

  2. Compliance: All official Southwestern Illinois College Web pages that comply with College policies and guidelines will be eligible to display a seal or mark that certifies such compliance.

  3. Copyright: Copyright laws apply to electronic publishing as well as to print publishing. Publishers must have permission from the copyright owners to copy and display text, graphics, or photographs on their pages. In the alternative, publishers must have a reasonable basis for believing their use of copyright materials of others constitutes fair use or that the materials are in public domain. Electronic publications are subject to the same Southwestern Illinois College policies and standards.

  4. Links: Links from a Southwestern Illinois College page to any non-college site must not imply College endorsement of the site's products or services. A disclaimer should be displayed if non-endorsement is not evident from the context. Links that violate this policy must be deactivated.

  5. Logos and Other Trademarks: The approved college logo must appear on the published entry page (home page) for all college related sites. These pages will also clearly communicate the name of the unit publishing the page. All representations of Southwestern Illinois College or campus names, logos, or other trademarks must conform to Southwestern Illinois College's Graphics Standards Manual.

  6. Nondiscrimination: All Web pages must comply with the Southwestern Illinois College's Board Policy on nondiscrimination.

  7. Personal Business: Southwestern Illinois College resources may be used to create Web pages about an individual or an individual's interests but may not be used to create Web pages for personal business, personal gain, or partisan political purposes, except as permitted by the college or by law.

  8. Security: Southwestern Illinois College is committed to providing a secure Web environment. All those who publish on the College servers must comply with the College's Acceptable Use Policy of Information Technology Resources.

  9. Violations: Violations of Southwestern Illinois College policies governing the use of College Web resources may result in restriction of access to College electronic resources. In addition, disciplinary action may be applicable under other College policies, guidelines, or collective bargaining agreements, up to and including dismissal. Any restrictive action must follow standard College procedures that assure due process.

  10. Web Accessibility: Southwestern Illinois College is committed to making all its electronic information accessible in compliance with applicable state and federal laws and to following Southwestern Illinois College standards of Web Accessibility.

[Back to Top]