Staff Policy D-506.06
Institutional Effectiveness Criterion: Operations
Computer and Network Acceptable Use
The computer and network resources at Northwestern Michigan College support the activities of the College. As the provider and manager of these resources, the College has the right to establish policies, procedures and guidelines that enforce their legal and ethical use, ensure their availability and security and clarify for users their rights and responsibilities.
The College understands its unique function as an institution of higher education, and seeks to foster a climate free from arbitrary or capricious monitoring. The College’s computer and network resources are nevertheless provided to employees and students as tools to be used in furtherance of the College’s instructional, public service, and business and administrative objectives. As those resources are both powerful and, ultimately, the College’s property and responsibility, the College retains the right to access and monitor its computer and network resources in any manner consistent with applicable law and College policies and procedures.
The Executive Director of Learning Resources and Technologies and the Director of Human Resources, in conjunction with the appropriate faculty and staff, are responsible for the development and publication of any procedures or guidelines that may be necessary to administer this policy effectively.
This policy applies to all users of computer and network resources owned or managed by Northwestern Michigan College. Computer and network resources include all College owned, licensed, or managed hardware and software, and use of the College network via a physical or wireless connection, regardless of the ownership of the computer or device connected to the network.
- Computer resources refer to all computer hardware and software.
- Electronic records and documents refer to any means of expressing information that is created, received, used or maintained within the scope of College business or resides on College resources. Examples include budget reports, contracts with vendors, attendance records, work schedules, architectural drawings, correspondence or memoranda related to College business, course syllabi, meeting minutes, departmental web sites, and committee reports.
- Network resources refer to shared applications such as Groupwise and Banner, the Internet, data and file storage systems containing student and employee data, emails, course files, wired and wireless networks, email and calendar systems, etc.
- Users refer to anyone who uses computer or network resources belonging to Northwestern Michigan College.
- Your Rights and Responsibilities
The College shall take reasonable measures to protect all persons exercising the privilege of using its computer and network resources from unlawful abuse and/or intrusion by others sharing these resources, through both reasonable proactive means and the imposition of disciplinary sanctions where warranted. Users can expect to receive appropriate and lawful access to stored information, and to be permitted to electronically express opinions pursuant to legal protections applicable to the educational and/or employment setting. In turn, users are responsible for knowing the policies, procedures and guidelines of the College that apply to use of the College's computer and network resources, and for exercising good judgment in the use of those resources.
- Responsible use of computer and network resources
Central to appropriate and responsible use is the recognition that the College’s computing and network resources shall be used in a manner consistent with its instructional, public service, business and administrative objectives. Use should also be consistent with the specific objectives of the project or task for which such use was authorized.
Users of College computer and network resources:
- Must use only the computers, computer accounts, and computer files for which authorization is granted.
- Must not use the resources for promoting a personal business or for-profit work.
- Must not use another individual's account without authorization, and may not attempt to capture or guess other users' passwords.
- Must respect the privacy and personal rights of others.
- Should be professional and respectful when using computing and network resources to communicate with others. Libel, slander, or harassment is not allowed. See other NMC policies on harassment (www.nmc.edu/policies/nmc).
- Should make a reasonable effort to protect passwords and to secure resources against unauthorized use or access; and they must configure hardware and software in a way that reasonably prevents unauthorized users from accessing NMC's network and computing resources (ie. do not configure the computer or software to automatically remember passwords).
- Must not enable unauthorized users to access data or information on the NMC network.
- Must not attempt to access restricted portions of the network, an operating system, security software or other administrative applications for which authorization has not been granted.
- Must not develop or use programs that disrupt other computer or network users or that damage software or hardware components of a system.
- Must not download and/or use tools that are normally used to assess security or to attack computer systems or networks (i.e. password "crackers", vulnerability scanners, network sniffers, etc.) unless authorization has been given by the Executive Director of Learning Resources and Technologies, or designee.
- Must not attempt to forge, alter or remove electronic mail headers.
- Should understand that just because an action is technically possible does not mean that it is appropriate to perform that action.
- Must not configure computer or network resources in any way that negatively impact the security of those resources, or the documents and services on those resources. This includes storing NMC files on non-NMC servers or configuring a web browser to remember passwords for NMC sites.
- Should understand that this policy may be less restrictive than other policies that govern computer and network use. In such cases, the more restrictive policy takes precedence. If you have any questions, contact the Executive Director of Learning Resources and Technologies, or designee.
- Must not engage in unauthorized downloading, copying or use of licensed or copyrighted software.
- Shared Use of Resources
Systems and LAN Management, Information Technology Service, and other College departments which operate and maintain the computer and network resources expect to maintain an acceptable level of performance and must assure that frivolous, excessive, or inappropriate use of the resources by one person or a few people does not degrade performance for others. The College may choose to set limits on an individual's use of a resource through quotas or time limits and other mechanisms and may monitor traffic to ensure appropriate use.
- Adherence with laws, policies, contracts and licenses
All users of the College’s computing and network resources are expected to comply with all federal, Michigan, and other applicable laws and regulations; all generally applicable College rules and policies; and all applicable contracts and licenses. Examples include the laws of libel, privacy, copyright, trademark, obscenity, and child pornography; the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act, which prohibit "hacking", "cracking", and similar activities; the College’s harassment policies; and all applicable software licenses.
- Privacy for Employee and Student Electronic Records and Documents
The College respects the legitimate privacy interests of its employees and students and seeks to foster a climate free from arbitrary or capricious monitoring of electronic records and documents. Nonetheless, the College reserves the right to access electronic records and documents that are under the control of its employees and students in accordance with applicable law and College policies. Here are the rights, responsibilities, and expectations of the College and its employees and students regarding the conditions under which they may access electronic records and documents.
There are many laws that govern the maintenance and disclosure of electronic records and documents. Federal and state laws, for example, require the College to:
- protect from unwarranted disclosure certain electronic records and documents protected by laws such as Health Insurance Portability and Accountability Act, Family Educational Rights and Privacy Act, and the Michigan Library Privacy Act;
- disclose electronic records and documents (Freedom of Information Act, subpoenas, etc.); and/or
- monitor electronic records and documents.
The following statements govern those circumstances in which the College, when not governed by external law, will monitor or access electronic records and documents. The College may access or monitor all electronic records and documents in the following circumstances:
- When the College must monitor computer and network resources to avert reasonably anticipated threats or hazards to those resources. An example includes scanning to detect computer viruses; or
- When the College is required by law to access, monitor, or disclose electronic records and documents.
- When the College has a legitimate business need to know or access the information contained in electronic records and documents. Examples include, but are not limited to, providing financial records to auditors, or accessing electronic mail to investigate academic, personnel, business or administrative matters of concern to the College, or to investigate any suspected violation of law or College policy.
- User Compliance
When you exercise the privilege of using College computer and network resources, and accept any College issued computing accounts, you agree to comply with this and all other computing related policies. You have the responsibility to keep up-to-date on changes in the computing environment, as published, using College electronic and print publication mechanisms, and to adapt to those changes as necessary.
Violations of the Acceptable Use Policy by students will be referred to the Dean of Student Services and will be adjudicated through the Student Judicial Process. Violations of the Acceptable Use Policy by College employees, (including but not limited to: faculty, administrative, professional, technical paraprofessionals, support staff, maintenance/custodial, supplemental, and student employees) will be referred to Human Resources and/or the appropriate executive officer.
In such circumstances where electronic records and documents are not accessible, the Executive Director of Learning Resources Technology, his or her designee, or the President’s designee, will review a request by an executive officer and, if appropriate, authorize the specific access as necessary.
Initially adopted as D-1123.01 April 21, 2006
Revised and renumbered D-506.06 December 20, 2006