DRAFT
EMAIL, WEB, AND NETWORK POLICY
ANDREWS UNIVERSITY

As a part of its educational mission, Andrews University provides data communications and computing services to University students, faculty, administration, and staff. The following policies and guidelines are established to maximize the educational benefit obtained from the considerable investment of resources necessary to operate and maintain these facilities.

General Guidelines

1. The cost of providing computing and data communications services on the campus is shared by different groups and individuals. In general, the responsibilities are divided as follows:

    1. Information Technology Services (ITS) provides and maintains the data network and building connections, administrative and academic computing servers, email and Web servers, and general computing laboratories. ITS also organizes other services for the campus for which the consumers pay, including sales of computing hardware and software and installation and maintenance of university-owned computers and software.
    2. Administrative and academic departments budget their own resources for purchasing and maintaining their own computing and data communication facilities and are encouraged to obtain the services through ITS.
    3. All students have access to computers and data communication through general and departmental laboratories on campus. For those who bring their own computers to the campus, access to the campus network is made available to students who live in University-owned facilities either through direct or dial-up connections. Help desk assistance and maintenance are not provided for student-owned computers unless they were purchased through ITS.
    4. A limited number of dial-up lines is provided by ITS for the use of off-campus students and University employees. There is no charge for the use of these lines, but availability is not guaranteed. All University policies apply to the use of these lines as well as to computing on campus.

2. Individual access passwords should be carefully guarded, changed frequently, and treated as a signature, i.e. not shared with anyone else including fellow employees or family members.

3. The following activities are prohibited on campus computers and networks and some may constitute criminal activity. Prohibited activities include, but are not limited to:

    1. Unauthorized access to other users’ accounts, system software, university data, or other computer systems.
    2. Unauthorized decryption of coded information such as passwords.
    3. Attempts to “crash” computers or network services.
    4. Storage or transmission of copyrighted materials without permission.
    5. Wilful introduction of viruses or other disruptive/destructive programs.
    6. Attempts to evade or bypass resource quotas.
    7. Forgery or attempted forgery of documents or email.
    8. Excessive use of resources, such as network bandwidth or disk storage.
    9. Unsolicited “broadcasting” of email (spam or electronic junk mail).
    10. Harassment or intimidation of other users, including sexual harassment.
    11. Pornography, especially involving children.

4. Information transmitted over the network or made available to others (e.g. through Web pages or bulletin boards) should be representative of a Christian university. For example, materials – text or graphics – should not contain: swearing or obscene language; defamation of any individual or group; materials promoting hatred of cultural, ethnic, or religious groups; advocacy of lifestyles contrary to University policy; pornography and other sexually-oriented material. Illegal materials such as child pornography should not be accessed by or stored on any computer while connected with the University, whether private or University owned.
This is new material, should be reviewed, some of it was published in the staff handbook.

5. Andrews University cannot guarantee the confidentiality or privacy of electronic mail messages and other documents stored on University computers and the University makes no promises regarding their security. Decisions as to what information to include in such messages should be made with this in mind. The ease of saving, forwarding, and printing electronic mail massages and documents makes them more like formal letters and memoranda than verbal communications.
This is a change. We do not desire this, but it has become unavoidable.

As it relates to confidentiality, the following criteria are guidelines Andrews strives to follow:

    1. Andrews University reserves the right to conduct routine maintenance, track problems, and maintain the integrity of its systems. As is the case with all data kept on Andrew’s computer systems, the content of electronic mail may be revealed by such activities.
    2. Andrews does not monitor the contents of e-mail as a routine matter. However such monitoring may be conducted when required to protect the integrity of the systems or to comply with legal obligations.
    3. Andrews University reserves the right to inspect the contents of electronic mail and all disk files in the course of an investigation triggered by indications of impropriety or as necessary to locate substantive information that is not more readily available by some other means.

6. Because there is no insurance coverage for computers that are not locked, all possible measures should be taken to preserve the physical security of personal computers, for example maintaining a physical locking device and locking access doors (where applicable). Portable computers should always be under personal supervision, in a locked space, or secured with a locking device -- especially when traveling.

7. Each user is responsible for the security of data on their personal computer. Where sensitive information is stored on a personal computer, access to internal storage should be limited by a password. Centralized backup may be implemented for some personal computers; for all other machines, the user should carry out regular backups by means of some removable storage medium such as disks or tapes. Storage media containing sensitive information (backup or otherwise) should be kept in a locked space. A personal computer connected to sensitive information (local or through the network) should not be left unattended.

8. University-owned personal computers are to be used for university business. Limited personal use is permitted outside of work hours for communications such as email and Web browsing. Permission of a supervisor should be obtained for other personal uses. In computing laboratories, academic work of students and faculty takes precedence over any personal uses. Use of University computers for personal commercial activities is prohibited. The dial-up lines may also be used for personal communications, but other University policies still apply. The available resources may restrict personal use.

9. “University work” should generally be done on computer or communications equipment provided by the university. Where personally-owned equipment is used for university business, the university assumes no liability for the maintenance or replacement of this equipment unless arrangements are made in advance.

Networking and Data Communications

1. The university provides a data network connection for virtually all computers connected with the University, giving access to other computers and services both within and outside the campus. Every employee and student can request an account on at least one central computer to permit access to email, the World Wide Web, and other local and national/international services.

2. Information Technology Services, in cooperation with various campus committees, sets technical and operational standards for data networking and computing on campus. Anyone connecting a computer to the campus network – student or employee – is required to abide by the standards set by ITS. In addition, help desk assistance is available only for programs on a supported list.

3. Connections to the campus data network must be made and changed only by personnel from Information Technology Services.

4. No private name servers are permitted on the campus network.

5. Approval is required by the Chief Information Officer for any site on a campus-connected computer that offers a service outside the University.

6. Any computer connected to the campus network that is configured to be a server must permit access by University network administrators.
3, 4, 5 & 6 are new

Email and Web

1. Widely accepted etiquette for the Internet and Web should always be observed. For example, email should not be sent to users, lists, or newsgroups where the subject is not appropriate, where the email is not welcome, or the document size or number of destinations is excessive.

2. University employees and students may set up a home page on the World Wide Web containing personal as well as university information. Such pages must follow guidelines established by the Web Committee. The owner of a Web site is responsible for the content of all pages in the site that are on computers connected to the University network and for all the first-level links from these pages.

Software and Intellectual Property

1. All software on university or personal computers on campus or connected to the campus network must be legally licensed by the owners of the software or copyrights. Users are responsible for observing license and copyright restrictions of all software and documentation. Usually this means that commercial software may not be copied to other machines and documentation should not be copied. “Site licenses” will be purchased by the university for some widely used programs. Information Technology Services personnel must install these programs and users should not copy or move them to other machines. Other copyrighted programs may be installed on personal computers by users provided that an appropriate license has been purchased. Many software packages are available at academic discounts through the University Bookstore.

2. Copyright laws should be observed for documents (text and graphics) as well as for computer software. For a summary of the copyright law, see Appendix A.

Copyrighted materials should not be used in Web pages (departmental or personal) or instructional materials, for example, unless the use falls under the educational “fair use” clause as defined by the United States Copyright Act. See Appendix B for a description of the definition of “fair use”.

The following resources on the Web may be helpful to users in deciding whether a particular usage of copyrighted material qualifies as a fair use:

http://www.utsystem.edu/OGC/IntellectualProperty/copypol2.htm#test
http://www.benedict.com/fairtest.htm

In addition to fair use, copyrighted material may also be used if the material has passed into the public domain. Items in the public domain (for example, items for which copyrights have expired) are no longer subject to copyright and do not require permission from the copyright owner. For more information on public domain works, the following Web site may be helpful:

http://www.unc.edu/~unclng/public d.htm.

The following Web resources may be helpful to users with questions regarding copyrights:

http://www.spa.org/piracy/highered
http://www.utsystem.edu/OGB/IntellectualProperty/cprtind
http://www.benedict.com/webiss.htm
http://www.fplc.edu/tfield/copynet.htm
http://fairuse.stanford.edu

3. ITS sets policies for the installation and maintenance of standard and non-standard software packages on University-owned computers.

4. Employees’ use of games on University-owned personal computers is prohibited during work hours, except for special cases where there is a clear academic or administrative objective.