|
|||
Administrative Regulation Using Information
Technology Resources at Part I: Introduction These guidelines apply to
all computing resources owned or managed by GCC or using its network, and to
all the users of these resources, including but not limited to The College has established
specific procedures to be followed when abuse of computing resources has
allegedly occurred. These procedures are defined in Appendix A. Questions
regarding policy, interpretation of policy, or special problems or needs should
be directed to the Dean of Information Technology Services (ITS). It is the sole responsibility of the user to
be familiar with this policy and its provisions. This document has been
adapted from the guidelines for the use of computing resources at Part II: Guidelines for
appropriate computing behavior The following list, while
not exhaustive, provides some specific guidelines for responsible and ethical
behavior: 1. Use only the computers,
computer accounts and computer files for which you have authorization. Do not
use another individual's account, or attempt to capture or guess other users'
passwords. Users are individually responsible for all use of resources assigned
to them; therefore, sharing of accounts is prohibited. 2. Obey established guidelines
for any computers or networks used both inside and outside the College. For
example, individuals accessing off-campus computers via external networks must
abide by the policies established by the owners of those computers as well as policies
governing use of those networks. 3. Do not attempt to access restricted portions of the network, an operating system, security software, or accounting software unless authorized by the appropriate College administrator or owner. Breaking into computers is explicitly a violation of Internet rules of conduct and of the law, no matter how weak the protection is on those computers. Tapping into telephone or network lines is a clear violation of College policy. 4. Abide by all state and
federal laws (Appendix B provides links to some relevant 5. Respect the privacy and
personal rights of others. Do not access or copy another user's electronic
mail, data, programs, or other files without permission. Guidelines in the
College catalog regarding academic honesty apply to course work completed with
computers just as they do to other types of course work. 6. Abide by all applicable
copyright laws and licenses. It is
against both College policies and the law to copy software that has not been
placed in the public domain or distributed as "freeware."
"Shareware" users are expected to abide by the requirements of the
shareware agreement. Respect the copyright law as it applies to images, texts
and sounds in the production of electronic information. The ease with which
electronic materials can be copied, modified and sent over the Internet makes
electronic materials extremely vulnerable to unauthorized access, invasion of
privacy and copyright infringement. The unauthorized use or distribution of
copyrighted works (including Web page graphics, sound files, trademarks and
logos) is prohibited and may provide the basis for disciplinary action, civil
litigation and criminal prosecution.
12. Be wary of installing or
downloading personal software on college equipment. Such operations will be at
your own risk and may result in loss of data and/or other problems. ITS is not
responsible for supporting personal software or for solving problems created by
such software. Students are prohibited
from installing or downloading personal software on college equipment. Part III: Users' rights
and responsibilities 1. Access to computing
resources Central computing
services: Faculty and College employees
may obtain an ID for use with the central computing services for activities
related to instruction or College administration. Individuals not at Other IT computing resources: Most of Glendale's computing facilities and
services are available to members of the College community. For more detailed
information about access to any facility or service, contact Information
Technology Services or the appropriate department head or division chair. 2. Data security and
integrity Owners of data are
responsible for the backup of their files.
ITS will provide centralized backup solutions for mission critical data
and will attempt to provide backup services for departments and services as
budget allows. However, since ITS does
not provide the same level of protection or file restoration for servers not
located in ITS, it is especially important that users back up their files and
use all available means to protect their data on departmental systems. ITS provides reasonable
security against intrusion and damage to files stored on the central computing
services. However, neither the College nor any ITS staff can be held
accountable for unauthorized access by other users, nor can they guarantee
protection against media failure, fire, floods, etc. Users should use all
available methods to ensure the physical security of their computers and to
protect their files, including the frequent changing of their passwords and
storing back-up copies of information off site. In addition, users are
regularly notified of potential virus threats and are required to follow
instructions in such cases. They are also required to scan routinely for
infections. In the event that data have been corrupted as a result of
intrusion, ITS and Campus Police should be notified immediately. Upon request,
ITS staff will assist in implementing procedures to maximize security. In an emergency, ITS
managers have the right to disconnect temporarily a user if network or mission
critical systems are endangered. 3. Privacy User account and files: Although not legally required to do so, ITS
respects the privacy of all users. Members of ITS staff are forbidden to log on
to a user account or to access a user's files unless the user gives explicit
permission (for example, by setting file access privileges). Exceptions to this privacy
policy are made, however, under specific conditions. One such condition is if a
user is suspected of causing disruption or using unreasonable bandwidth on the
network or other shared services. Another condition is a suspected violation of
state or federal law. In these instances, if the user is an employee of the
College, the Dean of ITS, with the concurrence of the President or the
Executive Vice-President of the College, must be convinced that there is
sufficient cause to review a file(s) before those files can be searched without
the user's permission. If the user is a student, the same procedures apply,
except that the Dean of ITS or the manager of the local area network can decide
alone if there is sufficient grounds to search the files of the suspected user. Before logging onto a user's
account or accessing a user's private files, a reasonable attempt will be made
to contact the user to inform him or her that ITS will access the files. If
that is not possible, the Dean of ITS or an authorized agent will view the
files for the suspected violation and will inform the user afterward that the
files have been reviewed. Information obtained in this manner is admissible in
legal proceedings or in a College Judicial Board hearing. In accepting a user
account, the user agrees to this policy. If an employee feels that
his/her privacy has been violated by a member of ITS, he/she may request that
the CCCC investigate the matter. Upon
reception of the request the CCCC shall form an independent committee and
proceed with the investigation. The
results shall be forwarded to Human Resources Complaint Review Procedure as set
forth in Administrative Regulation 4050. A request can be brought up to the
CCCC through any of its members. If a student feels that
his/her privacy has been violated by a College employee, he/she may file a
complaint with the Dean of Student Affairs who will then follow the standard procedure
for the resolution of student complaints. Electronic mail: Electronic mail is subject to the privacy
policies explained above for ordinary user accounts and files. However, users
should not expect total privacy of electronic mail (e-mail). ITS staff may see
the contents of e-mail due to serious addressing errors or as a result of
maintaining the e-mail system. In those cases where ITS staff do see the
contents of private e-mail, they are required to keep the contents
confidential. Users should also be aware that the current design of the
Internet is such that the privacy of e-mail that leaves When a user's affiliation
with Users are reminded that
e-mail is easily redistributed and may be read by people beyond the original
recipient list. Care should be taken in phrasing e-mail given the uncertainty
of readership. 4. Freedom of speech The College recognizes and
respects the rights of users to freedom of speech. Such rights, however, are
not absolute. Speech which is fraudulent, libelous, obscene, harassing or
threatening is not permitted under state or federal law. Please refer to
Appendix B for links to some relevant 5. Ownership of copyright
for materials developed with Ownership of copyright
eligible property is determined by negotiated agreement between the College and
the Glendale College Guild or the CSEA. Please contact the Guild or the CSEA
for further information. 6. Personal financial gain Because of the tax-exempt
status of the College, the use of its computing resources for personal
financial gain is prohibited. Employees,
however, are allowed to use these resources to prepare material for use in
their College work even though such material may later be copyrighted (see
section 5 above). 7. Political activity In general, political
activity in the form of providing information or educating the public is
permitted on a community college campus. College personnel and students are
free to express their political views provided it is made clear that they are
not speaking for or in the name of the institution. Campus organizations and
individuals may use the computing resources of the College to publicize
political forums or discussions, but may not use them to endorse, raise money
for or otherwise promote a candidate for public office, or a political party,
organization or lobby. For further information please refer to Appendix B for
links to some relevant 8. Responsibility for errors
in software, hardware, and consulting However, at the request of
the user, when hardware, software, or consulting errors are determined to have
occurred on central computing services, ITS will make a reasonable attempt to
recover files to their state prior to the failure, at no cost to the user. As
part of maintaining the software environment, ITS applies vendor-supplied or
locally developed fixes as appropriate when problems are identified. Given that
vendors may be involved and that staff resources are finite, no guarantee can
be made as to how long it may take to fix an error once it has been identified.
When software errors are considered major problems or could produce inaccurate
results, users will be notified as soon as possible using appropriate
electronic and/or other media. 9. Changes in the computing
environment When significant changes in
hardware, software or procedures are planned, ITS will notify the College
community through electronic and other media to ensure that all users have
enough time to prepare for the changes and to voice any concerns that they
might have. Part IV: Use of
Non-Glendale Owned Equipment on the College's Network Equipment which is purchased
using personal funds or which remains the property of an agency by grant or
contract may use the resources of the 1. Owners, or in the case of
grant/contract equipment, the contractual administrator(s), must assume
responsibility for the use of their equipment; usage must conform to the
standards for 2. Owners, or in the case of
grant/contract equipment, the contractual administrator(s), must ensure that
the use of their equipment on the 3. Owners, or in the case of
grant/contract equipment, the contractual administrator(s), must not permit
access to the network or any of its services that would not otherwise have been
granted through official College procedures. 4. Non-Glendale owned
machines on the 5. Non-Glendale owned
machines on To ensure a high level of
service to its users, the College monitors traffic on its network. It may also
monitor traffic to/from a particular non Adopted: 3/12/02 Appendix A Procedures for Handling
Alleged Abuse of Computer Systems 1. Upon receipt of a
complaint alleging abuse of computing resources as defined in this document,
the Dean of ITS shall make a determination as to whether there is enough cause
to initiate judicial proceedings. As part of this determination, the Dean may
authorize the review of file(s) without the user's permission as described in
Part III, section 3. 2. If there appears to be
cause, the Dean of ITS shall attempt to contact the alleged violator via a
combination of telephone, e-mail and written correspondence informing the
individual of the alleged offense. This correspondence shall request a personal
meeting between the alleged offending party, and the Dean of ITS (or a
designated agent). If the alleged
violator fails to respond to these attempts within three working days, the Dean
of ITS will automatically initiate further proceedings. 3. If the meeting identified
in section 2 above takes place, the Dean shall determine whether the incident
and circumstances involved warrant referral of the individual to the
appropriate judicial process. This determination will be made upon input from
all concerned parties, and will depend on the seriousness of the alleged
violation, and on the extent to which the individual demonstrates an understanding
of the problem and appears unlikely to commit future violations. 4. If this meeting provides
positive results and the Dean is satisfied that the violation has been fully
understood and is unlikely to recur, he/she may declare the matter closed. If the results of the meeting are not
satisfying, the Dean shall refer the individual to the appropriate judicial
proceedings. Such proceedings ould include those specified in Board Policy
section 1330 Complaints Concerning College), 4050 (Employee Complaints), 5100
(Students’ Grievance Procedures), 5420 (Standards of Student Conduct and
Disciplinary Action) or any other pertinent Board Policy provisions. 5. Access to the College
computing resources may be suspended at the discretion of the Dean of ITS based
upon the severity of the offense, whether the College is at risk of litigation,
whether the alleged violation reflects a repeat offense, an endangerment of the
system, or other cause which is perceived to directly harm the computing
environment at GCC. In any case where suspension has occurred, all procedures
identified in this document are immediately initiated. If suspension of access
has occurred, the alleged violator may at any time request that his/her access
be reinstated pending final resolution of the matter. This request must be
addressed in writing to the person in charge of the appropriate judicial
procedure who will then decide on its merit in consultation with the Dean of
ITS. 6. The judgment resulting
from the appropriate judicial process shall be final, and should include a
recommendation as to the extent and timing of access to the system. Adopted: 3/12/02 Appendix B Links to some relevant state
and federal laws Note: There is growing
international attention to legal prohibition against unauthorized access to
computer systems, and several countries have passed legislation that addresses
the area. In the United States, the Computer Fraud and Abuse Act of 1986, Title
18 U.S.C. section 1030 makes it a crime, in certain situations, to access a
Federal interest computer (federal government computers, financial institution
computers, and a computer which is one of two or more computers used in
committing the offense, not all of which are located in the same state) without
authorization. Most of the 50 states have similar laws regarding unauthorized
access or other misuse of computer technology and violators can be prosecuted in
the state or country |