Staff Policy D-506.06
Institutional Effectiveness Criterion: Operations

Computer and Network Acceptable Use

Policy Statement

Northwestern Michigan College provides information technology resources, such as computing and networking, to the College community. It is the user's responsibility to properly use and protect those information technology resources, as well as comply with all College policies, state and federal laws, regulations, and contractual obligations.

Policy Requirements

Use of information technology resources owned or operated by the College imposes certain responsibilities and obligations. The College considers use of information technology resources to be a privilege that is granted on the condition that each member of the College community respects the integrity of information technology resources and the rights of other users.

Use of College information technology resources in a manner that violates the provisions set forth in this policy can lead to revocation of all access privileges as well as other disciplinary action, up to and including dismissal from the College.

Reason for Policy

This policy is designed to establish the acceptable and appropriate use of all information technology resources that support College business and its mission of education, research and service.

Standards for the Acceptable Use of Computing Resources

The following standards apply to all users of computing resources owned or managed by Northwestern Michigan College. Individuals covered by the policy include, but not limited to, College faculty and visiting faculty, staff, students, alumni, contractors, volunteers, guests or agents of the administration, and external individuals and organizations accessing network services via the College’s computing facilities.

Computing resources include all College-owned, licensed, or managed hardware and software, data, information, information assets, College assigned user accounts, and use of the College network via a physical or wireless connection (including networks in college-owned residential facilities), regardless of the ownership of the computer or device connected to the network.

These policies apply to technology whether administered in individual departments and divisions or by central administrative departments. They apply to personally owned computers and devices connected by wire or wireless to the College network, and to off-site computers that connect remotely to the College’s network services.

These standards are not an exhaustive list of acceptable use, but are intended to illustrate how unlawful or malicious purposes are defined.

General Standards

• Responsible behavior with respect to all College information technology resources at all times.
• Behavior consistent with the mission of the College and with authorized activities of the College or members of the College community.
• Use of NMC email and video conferencing should be limited to College business purposes.
• Respect for the principles of open expression.
• Compliance with all applicable laws, regulations, and College policies.
• Truthfulness and honesty in personal and computer identification.
• Respect for the rights and property of others, including intellectual property rights.
• Behavior consistent with the privacy and integrity of all College information technology resources.

Identification of Users

The following activities and behaviors are prohibited:

• Misrepresentation (including forgery) of the identity of the sender or source of an electronic communication.
• Acquiring or attempting to acquire passwords of others.
• Using or attempting to use the computer accounts of others.
• Alteration of the content of a message originating from another person or computer with intent to deceive.

Access to Information Technology Resources

Users must respect the integrity of College information technology resources. Users must refrain from seeking to gain unauthorized access to information technology resources or enabling unauthorized access. The following activities and behaviors are prohibited:

• The use of restricted-access College information technology resources or electronic information without or beyond one's level of authorization.
• The interception or attempted interception of communications by parties not explicitly intended to receive them without approval of an authorized College official.
• Making College information technology resources available to individuals not affiliated with the College without approval of an authorized College official.
• Intentionally compromising the privacy or security of electronic information.

Copyrights and Licenses

The College complies with the Digital Millennium Copyright Act (1998). Users must respect copyrights and licenses to software and other on-line information.

• All software protected by copyright must not be copied except as specifically stipulated by the owner of the copyright or otherwise permitted by copyright law. Protected software may not be copied except pursuant to a valid license or as otherwise permitted by copyright law.
• The number and distribution of copies must be handled in such a way that the number of simultaneous users does not exceed the number of original copies purchased, unless otherwise stipulated in the purchase contract.
• In addition to software, all other copyrighted information (text, images, icons, programs, videos, music, etc.) must be used in conformance with applicable law.
• Plagiarism of computer information is subject to the same sanctions as apply to plagiarism in any other media.

Operational Integrity

The College complies with Michigan Law: Act 53 of the Public Acts 1979 as well as the Computer Fraud and Abuse Act. As such, the following activities and behaviors are prohibited:

• Interference with or disruption of the computer or network accounts, services, or equipment of others, including, but not limited to, the propagation of computer "worms" and "viruses", the sending of electronic chain mail, and the inappropriate sending of "broadcast" messages to large numbers of individuals or hosts.
• The use of certain wireless devices that may cause interference with the College’s wireless network.
• Failure to comply with requests from appropriate College officials to discontinue activities that threaten the operation or integrity of computers, systems or networks, or otherwise violate this policy.
• Revealing passwords or otherwise permitting the use by others (by intent or negligence) of personal accounts for computer and network access.
• Altering or attempting to alter files or systems without authorization.
• Unauthorized scanning of networks for security vulnerabilities.
• Attempting to alter any College computing or networking components (including, but not limited to, bridges, routers, access points, and hubs) without authorization or beyond one's level of authorization.
• Intentionally damaging or destroying the integrity of electronic information.
• Intentionally disrupting the use of electronic networks or information systems.
• Negligence leading to the damage of College information technology resources.

Expectation of Privacy

The College's Vice President for Student Services and Technologies delegates responsibilities to authorized individuals to monitor users' data, programs, or any other activities to:

• perform routine maintenance,
• prevent damage to systems,
• ensure security, confidentiality, availability, and integrity of data and resources,
• ensure compliance with College policies, procedures, rules, or regulations as well as state and federal rules, regulations and laws, or
• as requested by authorized individuals.

The College respects the legitimate privacy interests of its employees and students and seeks to foster a climate free from arbitrary or capricious monitoring of electronic records and documents. Nonetheless, the College reserves the right to access electronic records and documents that are under the control of its employees and students in accordance with applicable law and College policies. Users of Northwestern Michigan College’s information technology resources are hereby notified that they should have no expectation of privacy in connection with the use of information technology resources beyond the provisions of this policy.

Definitions

Information Technology Resources - All computers and electronic data storage, networking, transmission, and manipulation devices owned and/or controlled by any part of the College, including departmental computers and the College's information technology network facilities accessed by anyone from anywhere.

Users - Individuals, whether a member of the College community or not, who are granted access to the College's information technology resources and to all uses of those resources, whether on campus or from remote locations. Those individuals include, but are not limited to faculty, students, staff, and those working on behalf of the College, guests, and visitors.

Responsibilities

College Community/Users - Notify one of the contacts listed below or their supervisor immediately if they may have unintentionally or inadvertently participated in or caused a violation of this policy, or if they suspect a violation.

Users - Properly use and protect information technology resources that they have access to and comply with all College policies, state and federal laws, regulations, and contractual obligations.

Contacts

Office Telephone

Vice President for Student Services and Technologies (231) 995-1671

Director for Systems and LAN Management (231) 995-1164

Appendices

• NMC Information Technology Security Plan and Procedures
• Computer Fraud and Abuse Act
• Digital Millennium Copyright Act (DMCA)
• Gramm-Leach-Bliley Act (GLBA)
• Health Insurance Portability and Accountability Act (HIPAA)
• Michigan Law: Act 53 of the Public Acts 1979
• Payment Card Industry Data Security Standards (PCI DSS)

If any provision(s) of this policy or set of bylaws conflicts with laws applicable to Northwestern Michigan College, including the Community College Act of 1966, the Freedom of Information Act, or the Open Meetings Act, as each may be amended from time to time, such laws shall control and supersede such provision(s).