Policy Name: Computer Systems and Communications Networks Usage
Responsibility for Maintenance: Information Technology
Date of Most Recent Changes: June 15, 2015
I. Policy Statement
Onondaga Community College offers students and employees the use of computer systems and software, internal and external communications networks, including electronic mail, telephone, and voice mail systems, and access to the Internet. In order to maintain computer systems and communications networks that effectively serve and support the campus community, Onondaga Community College manages, maintains and monitors the use of Onondaga Community College’s computer systems and communications networks, and responds to reported or detected IT Security Incidents. All materials, supplies and equipment issued to employees for the performance of their jobs are considered the property of Onondaga Community College at all times. Onondaga Community College does not provide technical support for the use of personally owned equipment or software. The authorized use of Onondaga Community College's computer systems and communications networks by students, faculty, staff, and authorized visitors shall be consistent with this Policy.
Regardless of funding source and resource requirements, all technology related purchases must be reviewed and approved by IT, including but not limited to: software, hardware, internal and external services, hosting arrangements and participation in any technology related beta or pilot program.
Personally owned devices connected to the OCC network either directly or via a network port, wirelessly by an access point, or by a wireless provider are the responsibilities of the owner of the device. This Policy in all parts applies to personally owned devices connected to the OCC computer systems and communications network. Please see Policy J8 for acceptable security standards for personally owned devices. http://employees.sunyocc.edu/index.aspx?id=22176
II. Reason for Policy
Onondaga Community College has implemented this policy in order to appropriately manage, operate, maintain, and monitor the use of its computer systems and communications networks, and to ensure that secure and productive computer systems and communications networks are available to the campus community.
III. Applicability of the Policy
This policy applies to all students, faculty, staff, contractors, visitors and others who have access to college information and who are authorized by Onondaga Community College to use Onondaga Community College’s computer systems and communications networks. Such authorized Users are responsible for knowing the procedures and regulations of Onondaga Community College that apply to this Policy and the appropriate use of the College’s computer systems and communications networks. Users are responsible for exercising good judgment in the use of the Onondaga Community College computer systems and communications networks.
IV. Related Documents
| Subject || Office Name || Title or Position || Telephone Number || Email/URL |
| Entire Policy || Information Technology || Chief Information Officer || (315) 498-2183 || email@example.com |
| Term || Definition |
| || 1) Any event involving Onondaga Community College Computer Systems and/or Communications Networks that is suspected or determined to a) violate applicable state or federal law or regulation; b) be harmful to the security or privacy of Onondaga Community College Computer Systems, Communications Networks, Onondaga Community College information, or the general public; c) be otherwise harmful to Onondaga Community College Computer Systems and/or Communications Networks; or d) cause unexpected disruption to Onondaga Community College Computer Systems and/or Communications Networks; or 2) any inquiry requests in connection with academic, disciplinary, or administrative investigations. |
| Critical Incident || Most IT Security Incidents will be of a non-Critical nature, but certain incidents will rise to the “Critical” level, due to their impact on the campus. Any IT Security Incident that impacts regulated data (e.g., Student Information, Personal Health Information, SSN’s) or sensitive Onondaga Community College Data (e.g., business contracts) will be considered a Critical Incident. |
| User || Students, faculty, employees, contractors, staff and visitors who are authorized to use Onondaga Community College’s computer systems and communications networks. |
- User Responsibilities. Users of the Onondaga Community College computer systems and communications networks have access to valuable Onondaga Community College computer and communications resources, sensitive data, and internal and external communications networks. Consequently, it is important for Users to behave in a responsible, ethical, and legal manner. Users are responsible at all times for the appropriate use of Onondaga Community College’s computer systems and communications networks, including, but not limited to, the following:
- Compliance. All Users are required to comply with all applicable Onondaga Community College policies, procedures, standards, guidelines; and municipal, state, and federal laws, rules, and regulations.
- Authorized Use. Users are permitted to use only those computer systems and communications network resources and tools for which authorization has been obtained and are required to use those resources and tools only in the manner and to the extent authorized. The authorized use of Onondaga Community College computer systems and communications networks, including computers, peripherals, telephones, and related equipment and supplies is restricted to work activities specifically, and is not authorized for personal use. The College is not responsible for retrieving or handling personal data that may be stored on college owned devices. Any employee who is assigned to work with access to the Onondaga Community College computer systems and communications networks is required to complete a Statement of Responsibility form prior to being authorized for use. In addition, Onondaga Community College is bound by its contractual and license agreements respecting certain third party resources; Users are expected to comply with all such agreements when using such resources.
- Confidentiality. Users are expected to protect and maintain the confidentiality and integrity of information obtained by access to Onondaga Community College computer systems and communications networks. Employees granting approval for access or directly accessing confidential data shall be aware of their obligations regarding such data. Those authorized to access confidential data should only do so when performing activities and responsibilities of their OCC position. Access to confidential data may only be granted to individuals where an OCC business need exists and the individual has appropriate authorization. Those authorized to access confidential data are responsible for properly storing and securing it. Those authorized to grant or revoke access to confidential data are responsible for ensuring that access is appropriately assigned, modified as needed and canceled promptly when individuals transfer to other positions or leave the college. Employees should not save, store or share confidential or sensitive data on personally owned devices.
- Copyright. In order to duplicate any copyrighted material, you must first obtain appropriate legal permission from the copyright holder. Faculty should consult Onondaga Community College Policy L2 Copying Materials Protected By Copyright in regard to the guidelines for classroom use of copyrighted material.
- Access. Onondaga Community College offers individual email accounts to faculty, staff, and students enrolled in at least one credit bearing class. Access to the Onondaga Community College computer systems and communications networks is strictly controlled by the use of a user name and password to protect your privacy and comply with federal law. Computer accounts and passwords are assigned to one individual, should be used by only that person. If an account is shared or password is given out, the holder of the account may lose all account privileges and be held personally responsible for any actions that arise from misuse of the account.
- College Property. All College property, including computers, software, peripherals, telephones, and related equipment and supplies, is not to be removed from the premises without written advance permission from the Administrative Department Head, Department Chair, or an authorized supervisor.
- Violations. Any User who violates this or other Onondaga Community College Policies, procedures, contractual obligations, or applicable state or federal laws, will be subject to appropriate disciplinary and legal action, including, but not limited to, the limitation or denial of access to Onondaga Community College’s computer systems and communications networks. Violators may also be subject to disciplinary action, up to and including termination. Onondaga Community College reserves the right to revoke access to its computer systems and communications networks when you are no longer a member of the campus community.
- Improper Behavior. Improper use of Onondaga Community College’s computer systems and communications networks is prohibited. The following are examples of improper use of the computer systems and communications networks:
- Prohibited Behavior. Storing, transmitting, accessing or printing via the computer systems and communications networks anything that contains illegal content or files, that infringes upon the rights of another person or entity, that contains sexually offensive or inappropriate information and/or graphic material, that consists of any advertisements for commercial enterprises, or that consists of information that may injure someone else and/or lead to a lawsuit or criminal charges.
- Downloading. Downloading, distributing, or running any file or program that has the potential to damage files, networks, servers, or computers; or for the purpose of eavesdropping on others’ communications; or if the User is not licensed or does not have the appropriate permission of the owner of the file to download such file. Users are prohibited from downloading, or running any data or programs without prior approval and without a demonstrated business need, including file sharing software, music, games, videos, chat services, peer-to-peer software and any non-business related software or data.
- Unauthorized Use/Access. Gaining or attempting to gain unauthorized access to remote computers or another User’s electronic communications, files or software without the permission of the owner, including, but not limited to, violations of software and other licenses. Actions that give simulated sign off messages, public announcements, or other fraudulent system responses. Having or changing system control information (for example, program status, protection codes, and accounting information), especially when used to defraud others, obtain passwords, gain access to and/or copy another's electronic communications, or otherwise interfere with or destroy their work.
- Harassment. Harassing others by sending annoying, abusive, profane, threatening, defamatory or offensive messages. Some examples include: obscene, threatening, or repeated unnecessary messages; sexually, ethnically, racially, or religiously offensive messages; continuing to send messages after a request to stop; and procedures that hinder a computer session.
- Destruction,Sabotage. Intentionally destroying anything stored on the computer system or communications networks. Deliberately performing any act that will seriously impact the operation of the computer systems and communications networks.
- Theft/Unauthorized Use of Data. Data created and maintained by Onondaga Community College, or acquired from outside sources, are vital assets of Onondaga Community College. Administrative, research, and other data may be subject to a variety of use restrictions.
- Program Theft. Unless specifically authorized, copying computer program(s) from the computer systems and communications networks.
- Viruses, Spyware, etc.. Running or installing on the computer systems, or giving to another, a program or file that could result in the eventual damage to a file or the computer systems and communications networks, and/or the reproduction of itself. This is directed towards, but not limited to, the classes of programs known as computer viruses, Trojan horses, and worms.
- Abuse: Abuse of Onondaga Community College's computer systems and communications networks include, but are not limited to, the following, and will not be tolerated under any circumstances:
- Circumventing or Breaching Security. Attempting to circumvent data protection schemes or uncover security loopholes. It is strictly forbidden to attempt to circumvent any of Onondaga Community College's security measures. Hacking and password grabbing are also strictly prohibited.
- Chain Letters. The propagation of chain letters is prohibited.
- Flooding. Posting a message with the intention of reaching as many users as possible is prohibited.
- Private Commercial Purposes. Users are prohibited from using Onondaga Community College's computer systems and communications networks for personal and/or financial gain.
- Wasting Resources. Performing acts that are wasteful of computing resources or that unfairly monopolize resources to the exclusion of others. These acts include, but are not limited to, sending mass mailings or chain letters, creating unnecessary multiple jobs or processes, generating unnecessary or excessive output, accessing and/or printing inappropriate material, printing or creating unnecessary network traffic; or using printers as copy machines (i.e., printing multiple copies of, documents, papers, flyers, etc.). The Duplicating department should be used for all large print jobs and manuals, where more cost effective double sided copying can be done.
- False or Misleading Email Address. Using a misleading or false email return address.
- Unsolicited Email. Users are prohibited from sending unsolicited commercial email messages or from sending any email messages “en masse” to persons not known.
- Recreational Use: Use of the computer system and communications networks, if such use prohibits others from getting their class work done. In particular, if you are using a machine in a public computer area for recreational purposes, and others are waiting for a machine to use for academic purposes, you are expected to give up your seat.
- Monitoring, Access, Disclosure. You should not expect email privacy or privacy in your other electronic communications when connected to the Onondaga Community College computer systems and communications networks. While Onondaga Community College does not generally monitor or access email, files, and other information transmitted via or stored on the Onondaga Community College computer systems and communications networks, it reserves the right to monitor, access, review, and disclose such information where appropriate. Without limiting the generality of the foregoing or the discretion of Onondaga Community College in determining when appropriate circumstances exist, appropriate circumstances include: investigating computer systems and communications networks performance and system problems; investigating IT Security Incidents; determining if an individual is in violation of this policy; to ensure that Onondaga Community College is not subject to claims of institutional misconduct; to investigate possible misuse of Onondaga Community College resources, violation of law or regulations, or violation of Onondaga Community College policies and procedures; (ii) in connection with academic, disciplinary, or administrative inquiries; in connection with legal proceedings; for purposes related to Onondaga Community College business; and as otherwise permitted by law. Onondaga Community College has the authority to access and inspect the contents of any College equipment, files or email on its systems. Access to files on College owned equipment will only be approved by specific personnel when there is a valid reason to access those files. Authority to access User files can only come from the Chief Information Officer in conjunction with the Vice President to whom the User reports (or the President if the subject of investigation is a Vice President and/or the Vice President of Human Resources or designee). Onondaga Community College General Counsel may be consulted if deemed necessary. External law enforcement agencies may request access to files through valid subpoenas and other legally binding requests. All such requests must be approved by Onondaga Community College legal counsel. Information obtained in this manner can be admissible in legal proceedings or in a College hearing.
- Deleting Electronic Communications. Users of the computer systems and communications networks should be aware that Electronic Communications are not necessarily erased from the computer systems when the user "deletes" the file or message. Deleting an Electronic Communication causes the computer systems to "forget" where the message or file is stored on the computer system. In addition, an Electronic Communication may continue to be stored on a backup copy long after it is "deleted" by the User. As a result, deleted messages can often be retrieved or recovered after they have been deleted.
- Physical and Environmental Security. Onondaga Community College provides reasonable security measures against intrusion and damage to files; however, Onondaga Community College is not responsible for unauthorized access or tampering with files or records and equipment. Information processing and storage facilities for critical information should be located in areas with controls for accessing the facilities. These physical security mechanisms are intended to protect the facilities from unauthorized access, damage or interference and should be periodically reviewed to insure such protection.
- System Development and Maintenance. Security issues must be identified during the requirements phase of any project and must be agreed upon and documented as part of any project plan or new software installation.
- IT Security Incident Response. The IT Security Incident response procedures are intended to protect the Onondaga Community College computer systems and communications networks, including information resources, from future unauthorized access, use or damage, and to mitigate the impact of the IT Security Incident. These procedures will also be followed in connection with academic, disciplinary or administrative inquiries.
- IT Security Incident Response Team. The IT Department, in consultation with the Administration, will be responsible for coordinating the handling of all IT Security Incidents, and any related duties, such as alerting the campus to attacks. The response to IT Security Incidents will involve both technical and management personnel that are properly positioned to represent key IT and business interests. Oversight of the response to IT Security Incidents will be the responsibility of the Chief Information Officer.
- Reporting and Detection of IT Security Incidents. Any member of the Onondaga Community College campus community may request investigation of a suspected IT Security Incident from the IT Department. The IT Department itself might detect IT Security Incidents. IT will take appropriate steps to track, investigate, and resolve reported or detected IT Security Incidents and report the outcome to the appropriate parties. Critical IT Security Incidents must be promptly reported to the IT Department. Departments and individuals are encouraged to report all IT Security Incidents to help improve the tracking of trends and threats.
- Assessment and Escalation. Onondaga Community College has the authority to access, inspect, and disclose the contents of any College equipment, files or email on its systems. Access to files on College owned equipment will only be approved by specific personnel when there is a valid reason to access those files. If it is necessary to access User files, authority must be obtained from the Chief Information Officer and the Vice President to whom the User reports (or the President if the subject of investigation is a Vice President and/or Vice President of Human Resources or designee). Onondaga Community College General Counsel will be consulted if deemed necessary.
- IT Authority and Actions. For Critical IT Security Incidents, IT management will have authority to involve legal entities, to disconnect or shut down part or all of the campus IT infrastructure, and to direct other campus IT personnel to take specific actions. For non-Critical IT Security Incidents, IT may disconnect individual systems, as needed, but will work with User areas to balance disruptions against the security risks.
- Reporting,Documentation, and Communication. IT will maintain records of all reported or detected IT Security Incidents and will strive to communicate important security information to the campus community.
Approved by OCC Board of Trustees April 3, 2006
Updated and approved by the President January 31, 2011
Updated and approved by the President April 14, 2014
Updated and approved by the President June 15, 2015