400.6 - Computer and Network Usage Policy

University Group Policy #400.6

Executive Summary

Users of Winston-Salem State University's network and computer resources have a responsibility to properly use and protect those information resources and to respect the rights of others. This policy provides guidelines for the appropriate use of information technologies.

Policy Statement

The purpose of the Computer and Network Usage Policy is to help ensure an information infrastructure that supports the basic missions of the university in teaching, learning and research. Computers and networks are powerful enabling technologies for accessing and distributing the information and knowledge developed at the university and elsewhere. As such, they are strategic technologies for the current and future needs of the university. Because these technologies leverage each individual’s ability to access and copy information from remote sources, users must be mindful of the rights of others to their privacy, intellectual property and other rights. This usage policy codifies what is considered appropriate usage of computers and networks with respect to the rights of others. With the privilege to use the information resources of the university comes specific responsibilities outlined in this policy.

Users of university information resources must respect copyrights and licenses, respect the integrity of computer-based information resources, refrain from seeking to gain unauthorized access, and respect the rights of other information users. This policy covers the appropriate use of all information resources including computers, networks, and the information contained therein.

Definitions

Locally Defined and External Conditions of Use

Individual units within the University may define “conditions of use” for information resources under their control. These statements must be consistent with this overall policy but may provide additional detail, guidelines and/or restrictions. Where such “conditions of use” exist, enforcement mechanisms defined therein shall apply. These individual units are responsible for publicizing both the regulations they establish and their policies concerning the authorized and appropriate use of the equipment for which they are responsible. Where use of external networks is involved, policies governing such use also are applicable and must be adhered to.

Guidelines

Permissible Use

Users of University information resources are expected to follow this policy and any related university rules, regulations and procedures for university work produced on computing equipment, systems and networks. Employees may access these technologies for limited personal uses if the following restrictions are followed:

  • The use is lawful under federal or state law.
  • The use is not prohibited by Board of Governors, university or institutional policies.
  • The use does not overload the university computing equipment or systems, or otherwise harm or negatively impact the system’s performance.
  • The use does not result in commercial gain or private profit (other than allowable under university intellectual property policies).
  • The use does not violate federal or state laws or university policies on copyright and trademark.
  • The use does not state or imply university sponsorship or endorsement.
  • The use is not used for partisan political activities where prohibited by federal or state laws.
  • The use does not violate state or federal laws or university policies against race or sex discrimination, including sexual harassment.
  • The use does not send, view or download fraudulent, harassing, obscene, threatening messages or material that are a violation of applicable law or university policy, such as under circumstances that might contribute to the creation of a hostile academic or work environment.
  • The use is not for the purposes of chain letters, personal advertisements, or solicitations.
  • The use does not involve unauthorized passwords or identifying data that attempts to circumvent system security or in any way attempts to gain unauthorized access.
  • The use does not involve the access or storage of sexually explicit materials that can not be associated with the instruction or research activities.

Regulatory Limitations

The university may monitor access to computing and networking resources for the following purposes:

  • To insure the security and operating performance of its systems and networks.
  • To review employee performance.
  • To enforce university policies.

In addition:

  • The university reserves the right to limit access when the federal or state laws or university policies are violated or where university contractual obligations or university operations may be impeded.
  • The university may authorize confidential passwords or other secure entry identification; however, employees should have no expectation of privacy in the material sent or received by them over the university computing systems or networks. While general content review will not be undertaken, monitoring of this material may occur for the reasons specified above.
  • The university generally does not monitor or restrict material residing on university computers housed within a private domicile or on non-university computers, whether or not such computers are attached or able to connect to campus networks.

All material prepared and utilized for work purposes and posted to or sent over university information resources must be accurate and must correctly identify the creator and receiver of such. Any creation of a personal home page or a personal collection of electronic material that is developed for academic purposes and/or student organizations and is accessible to others must include a disclaimer that reads as follows: This is personal web page. Opinions or views expressed are those of the authors and do not represent the official views of Winston-Salem State University.

Copyright and Licenses

Computer users must respect copyrights and licenses to software, entertainment materials, published and unpublished documents, and any other legally protected digital information.

  • Licensed Software- Most software available for use on computers at Winston-Salem State University is protected by the United States Copyright Law of 1976, as amended. Educational institutions are not exempt from the laws covering copyrights. In addition, software is normally protected by a license agreement between the purchaser and the software seller. The software provided through the university for use by faculty, staff, and students may be used only on computing equipment as specified in the various software licenses. It is the policy of the university to respect the copyright protection given to software owners by federal law. It is against university policy for faculty, staff or students to copy or reproduce any licensed software on university computing equipment, except as expressly permitted by software license. Also, faculty, staff, and students may not use unauthorized copies of software on university-owned computers or on personal computers housed in university facilities. Unauthorized use of software is regarded as a serious matter and any such use without the consent of Winston-Salem State University and subject to disciplinary action.
  • Downloading of Music, Movies & Other Copyrighted Material- Use of any Peer to Peer application (downloading of movies, music or other copyrighted material) by faculty, staff or students is prohibited on any university owned computers unless approved by the Director of Windows System & Client Services. Students are prohibited from configuring their personal systems to participate in the hosting of files for access by Peer to Peer applications. If the application cannot be reconfigured to disable hosting, it must be removed from the computer. It is the sole responsibility of the student to disable this function prior to connection to the University's networks. If identified by internal security mechanisms of if an artist, author, publisher, the Recording Industry Association of America (RIAA), the Motion Picture Association of America (MPAA), or law enforcement agency notifies the university of a violation of copyright laws, Information Resources will provide to the University Attorney and the Vice Chancellor for Student Affairs information in the form of Internet Protocol (IP) address information, MAC address, appropriate log entries, location of computer, and any identifying information needed to assist in the investigation of the complaint or in response to a court order for identification of the user. The Office of Legal Affairs will advise any user identified pursuant to a lawfully ordered subpoena of the date for submitting identifying information to the court or the attorney identified in the subpoena. Neither the Office of Legal Affairs nor the North Carolina Attorney General can represent any employee or student identified who has illegally downloaded copyrighted material.

Integrity of Information Resources

Users must respect the integrity of computer-based information resources. Computer users must not attempt to modify or remove computer equipment, software, or peripherals that are owned by others, without proper authorization.

Application of Public Records Law

All information created or received for work purposes and contained in university computing equipment files, servers or electronic mail (e-mail) depositories are public records and are available to the public unless an exception to the Public Records law applies. This information may be purged or destroyed only in accordance with the university records retention schedule and State Division of Archives regulations.

Confidentiality of Data

Each employee, consultant, student, or person granted access to data and information holds a position of trust and must preserve the security and confidentiality of the information he/she uses. Users of the University data and information are required to abide by all applicable Federal and State guidelines and University policies regarding confidentiality of data. All users of University data and information must read and understand Information Resources policies and understand how these policies apply to their respective job functions. Any employee or person with authorized access to Winston-Salem State University’s computer resources, information system, records or files is given access to the University’s data or files solely for the business of the University. Specifically, individuals should:

  • Access data solely in order to perform his/her job responsibilities.
  • Not seek personal benefit or permit others to benefit personally from any data that has come to them through their work assignments.
  • Not make or permit unauthorized use of any information in the University’s information system or records.
  • Not enter, change, delete or add data to any information system or files outside of the scope of their job responsibilities.
  • Not include or cause to be included in any record or report, a false, inaccurate or misleading entry.
  • Not alter or delete or cause to be altered or deleted from any record, report of information system, a true and correct entry.
  • Not release university data other than what is required in completion of job responsibilities.
  • Not exhibit or divulge the contents of any record, file or information system to any person except as it is related to the completion of their job responsibilities.

It is the employee’s responsibility to report immediately to his/her supervisor any violation of this policy or any other action, which violates confidentiality of data.

Roles and Responsibilities

Division of Information Resources Responsibilities

The Associate Provost for Information Resources/CIO or persons designated by him/her shall be the primary contact for interpretation, enforcement and monitoring of this policy and resolution of problems concerning it. Any issues concerning law shall be referred to the Office of Legal Affairs.

  • Policy Enforcement- Where violations of this policy are identified, the Director of Windows Systems & Client Services or the Director of Communication Technologies are authorized to work with the appropriate administrative units to obtain compliance with this police.
  • Inspection and Monitoring- Only the Director of Windows Systems & Client Services or the Director of communication Technologies can authorize the inspection of data or the monitoring of the messages or network traffic where there is reasonable cause to suspect improper use of computer or network resources.

System Administrator Responsibilities

While the Division of Information Resources typically is responsible for administration of our computing resources, oversight of any particular system may be delegated to the head of a specific subdivision of the university, such as a dean, department chair or administrative department head. That person is the responsible administrator in the sense of this policy.

The responsible administrator may designate another person to manage the system. This designate is the “system administrator.” The system administrator had additional responsibilities to the University as a whole for the system(s) under his/her oversight, regardless of the policies of his/her department or group, and the responsible administrator has the ultimate responsibility for the actions of the system administrator.

  • University Responsibilities - The system administrator should use reasonable efforts:
    • To take precautions against theft of or damage to the system components.
    • To faithfully execute all hardware and software licensing agreements applicable to the system.
    • To treat information about, and information stored by, the system’s users in an appropriate manner and to take precautions to protect the security of a system or network and the information contained therein.
    • To promulgate information about specific policies and procedures that govern access to and use of the system, and services provided to the users or explicitly not provided. This information should describe the data backup services, if any, offered to the users. A written document given to users or messages posted on the computer system itself shall be considered adequate notice
    • To cooperate with the system administrators of other computer systems or networks, whether within or without the University, to find and correct problems caused on another system by the use of the system under his/her control.
  • Policy Enforcement- Where violations of this policy come to his/her attention, the system administrator is authorized to take reasonable actions to implement and enforce the usage and service policies of the system and to provide for security of the system.
  • Suspension of Privileges- A system administrator may temporarily suspend access privileges if he/she believes it necessary or appropriate to maintain the integrity of the computer system or network.

Applicability

This policy is applicable to all university students, faculty and staff and to others granted use of Winston-Salem State University information resources. This policy refers to all university information resources whether individually controlled or shared, stand-alone or networked. It applies to all computer and communication facilities owned, leased, operated, or contracted by the University. This includes networking devices, personal computers, workstations, mainframes, minicomputers, and any associated peripherals and software, regardless of whether used for administration, research, teaching or other purposes.

Compliance

Consequences of Misuse of Computing Privileges

The Director of Windows System & Client Services or the Director of Communications Technology may suspend access privileges for as long as necessary in order to protect the university’s computing resources.

  • Student Violations - Any violation of this policy is “misconduct” under the university’s student conduct code. Violations should be reported as provided in that code. Sanctions for violation of this policy may include revocation or suspension of access privileges in addition to any other sanction permitted under the student conduct code. For copyright violations, if identified by internal security mechanisms or if an artist, author, publisher, the Recording Industry Association of America (RIAA), the Motion Picture Association of America (MPAA), or law enforcement agency notifies the university of a violation of copyright laws, Information Resources will provide to the University Attorney and the Vice Chancellor for Student Affairs information in the form of Internet Protocol (IP) address information, MAC address, appropriate log entries, location of computer, and any identifying information needed to assist in the investigation of the complaint or in response to a court order for identification of the user.
  • Faculty/Staff Violations - Any violation of this policy is “misconduct” under EPA policies (faculty and EPA non-faculty) and “unacceptable personal conduct” under SPA policies. Sanctions for violation of this policy may include one or more of the following: a revocation of access privileges; a written warning or written reprimand; demotion; suspension without pay; dismissal; or prosecution for criminal violations. For copyright violations, if identified by internal security mechanisms or if an artist, author, publisher, the Recording Industry Association of America (RIAA), the Motion Picture Association of America (MPAA), or a law enforcement agency notifies the university of a violation of copyright laws, Information Resources will provide to the University Attorney and human resources, information in the form of Internet Protocol (IP) address information, MAC address, appropriate log entries, location of computer, and any identifying information needed to assist in the investigation of the complaint or in response to a court order for identification of the user.

Responsible Division: Information Technology

Authority: Board of Trustees

History:

  • Approved by Cabinet August 27, 2007
  • Adopted September 21, 2007