INFORMATION TECHNOLOGY AND SECURITY

Personal Computers

Personal computers – desktop or portable – are provided by the University for many employees as a part of their work environment. The following guidelines for the care and use of these computers should be observed by all employees:

    1. All possible measures should be taken to preserve the physical security of personal computers, for example maintaining a physical locking device and locking access doors (where applicable). Portable computers should always be under personal supervision, in a locked space, or secured with a locking device -- especially when traveling.
    2. Hardware and software maintenance for personal computers is generally provided by Information Technology Services personnel and is charged to the user’s department. Information Technology Services sets standards for computer and communications equipment on the campus and policies for service of equipment that does or does not meet these standards.
    3. Connections to the campus data network should be made and changed only by personnel from Information Technology Services.
    4. Each user is responsible for the security of data on their personal computer. Where sensitive information is stored on a personal computer, access to internal storage should be limited by a password. Centralized backup may be implemented for some personal computers; for all other machines, the user should carry out regular backups by means of some removable storage medium such as disks or tapes. Storage media containing sensitive information (backup or otherwise) should be kept in a locked space. A personal computer connected to sensitive information (local or through the network) should not be left unattended.
    5. University-owned personal computers are to be used for university business. Limited personal use is permitted outside of work hours for communications such as email and Web browsing. Permission of a supervisor should be obtained for other personal uses. Use of university computers for personal commercial activities is prohibited.
    6. Personal computers must not be used to store or transmit any illegal documents, such as copyrighted documents without permission, pornography, etc.
    7. Employees’ use of games on university-owned personal computers is prohibited during work hours, except for special cases where there is a clear academic or administrative objective.
    8. University work should generally be done on computer or communications equipment provided by the university. Where personally-owned equipment is used for university business, the university assumes no liability for the maintenance or replacement of this equipment unless arrangements are made in advance.

Software

Licenses are to be purchased for all copies of software on university computers and users are responsible for observing license and copyright restrictions of all software and documentation. Usually this means that commercial software may not be copied to other machines and documentation should not be copied. “Site licenses” will be purchased by the university for some widely used programs. Information Technology Services personnel must install these programs and users should not copy or move them to other machines. Other copyrighted programs may be installed on personal computers by users provided that an appropriate license has been purchased.

Information Technology Services (ITS) sets campus standards for widely used software such as operating systems, word processing, etc. ITS also sets policies for the installation and maintenance of standard and non-standard software packages on university computers.

Administrative Computing System

Academic and other information about students and employees is stored in a central administrative computer system. The following policies apply to this system:

    1. Employees who need access to some or all of this information as part of their job responsibilities are given a password for access. This password should be carefully guarded, changed frequently, and treated as a signature, i.e. not shared with anyone else including fellow employees or family members. It is a responsibility of the employee to help preserve the confidentiality of personal information in the system mandated by law.
    2. Unauthorized access to data and improper use of data in the administrative system is strictly prohibited and may be grounds for termination.
    3. The administrative computing system is not to be used for personal purposes (the one exception being employees who receive email or access the Internet through accounts on this system).

Data Communications

The university provides a data network connection for virtually all personal computers giving access to other computers and services both within and outside the campus. Every employee and student is also given an account on at least one central computer to permit access to email, the World Wide Web, and other local and national/international services. The following policies apply to such accounts and communications services:


1. The access password should be carefully guarded, changed frequently, and treated as a signature, i.e. not shared with anyone else including fellow employees or family members.

2. The following are prohibited and some may constitute criminal activity:
a. Unauthorized access to other users’ accounts, system software, university data, or remote computer systems.
b. Unauthorized decryption of coded information such as passwords.
c. Attempts to “crash” computers or network services.
d. Storage or transmission of copyrighted materials without permission.
e. Wilful introduction of viruses or other disruptive/destructive programs.
f. Attempts to evade or bypass resource quotas
g. Forgery or attempted forgery of documents or email.
h. Excessive use of resources, such as network bandwidth or disk storage.
i. Unsolicited “broadcasting” of email (electronic junk mail).
J. Harassment or intimidation of other users.

3. Widely accepted etiquette for the Internet should always be observed. For example, email should not be sent to users, lists, or newsgroups where the subject is not appropriate, where the user is not welcome, or the document size is excessive. Language should always be appropriate and representative of a Christian.

4. University employees and students may set up a home page on the World Wide Web containing personal as well as university information. Such pages must follow guidelines established by the Web Page Committee.

5. Password-protected files and email on university computers are generally treated as private. However, the university reserves the right to inspect such information when and if there is reason to suspect that university policy has been broken. Permission for such inspection must be given by the president or the chief information officer in writing and the rationale for inspection recorded.

6. A limited number of telephone connections is provided by the university for employees to access campus information resources from their homes or while traveling on university business. All information technology policies apply to these connections as well as to computers on campus.

7. Limited personal use of university data communication facilities is permitted outside of work hours, for example for email or Web browsing. The available resources may sometimes restrict such personal use.


M. Kootsey, July 2, 1997