Sheridan College Institute of Technology and Advanced Learning Telephone and Computer Information Access Policy

Transcription

1 Sheridan College Institute of Technology and Advanced Learning Telephone and Computer Information Access Policy Introduction This Telephone and Computer Information Access Policy (the "Policy") governs the use of computer and telephone systems at Sheridan. It applies to all staff, students and any other users of the telephone or computer systems at Sheridan. All Sheridan staff, students and any other users are responsible for reading and understanding this Policy. Please note that any violation of this Policy by Sheridan staff may result in serious sanctions up to and including dismissal. Any violation by students may result in serious sanctions up to and including expulsion. If there are any questions concerning the Policy, please direct those inquiries to one of the following: -Human Resources -Student Affairs -a faculty member (for students) -Information Technology (I.T.) HelpDesk at extension 2150 or Property of Sheridan All telephone and computer systems at Sheridan (including hardware, software for which Sheridan is the licensee or owner, and storage space) are the property of Sheridan and have been acquired by Sheridan to enable and facilitate Sheridan s operations. Sheridan does permit limited use by employees and students of its systems, subject to the clear understanding that: i) any personal usage must be in compliance with Sheridan s rules and regulations, ii) no student or employee shall have any right of privacy or property rights* in connection with his/her usage of Sheridan s systems, and iii) at all times Sheridan has the right to monitor the usage of its systems, including checking any information or files stored, copied or recorded in any of Sheridan s systems. * Sheridan's property rights in its systems are distinct from any copyright rights which anindividual may have under Sheridan's Copyright Policy. Personal Accounts Generally, information stored in personal voice mail, or computer directories ("Personal Accounts"), is accessible only to the authorized owner of the account. However, users of these Personal Accounts should be advised that Sheridan reserves the right to monitor and/or access this data in order to conduct its business in a secure and reasonable manner and to ensure that its rules regarding usage of its systems are being followed. 1

2 Without limiting Sheridan's right to access Personal Accounts, please be advised that, in the following circumstances, Sheridan may access your Personal Accounts: 1. If the Personal Account holder is unavailable or absent and there is a pressing or urgent need to access information contained in the Personal Account. 2. If the Personal Account holder is suspected of any breach of this policy or other wrong doing involving Personal Accounts. 3. If compelled to do so by any law, including a request for information under the Freedom of Information & Protection of Privacy Act. 4. For the purpose of monitoring the usage by staff and students of Sheridan s systems in order to ensure compliance with the system, authorized Sheridan personnel may access Personal Accounts at any time. Access to Personal Accounts will only occur after signed authorization is received from a third level manager or more senior staff member. Passwords All Personal Accounts are protected by a password. The initial password is released to the person who requested the access to the Personal Account and should be changed by the Personal Account holder: i) the first time the account is accessed; ii) when there is any concern on the part of the Personal Account holder about the security of that password; or iii) when requested to do so by recognized Sheridan management, including Information Technology. The Personal Account holder is responsible for the proper use of the account, including password confidentiality, and has a resulting shared responsibility for the security of the entire system. The individual must take all reasonable precautions to prevent unauthorized access to the Account and the information stored therein. Further the account holder is fully accountable and responsible for any information stored in his/her accounts. Choosing a Password The following are recommended guidelines for creating an appropriate password: 1. Passwords must be at least 6 characters long. 2. Passwords should be composed of a combination of upper and lower case letters, numbers and special characters (e.g.!@#, etc.). 3. It is recommended that you change your password at least once a semester. 4. Never share your password with anyone (including I.T. staff). 5. Never write your password down, choose one that you can remember. 6. Do not use your userid or Sheridan ID number as your password. 7. Do not use a word found in a dictionary (even one for a foreign language). 8. Do not use a proper name or any variation of one (real or fictional). 9. Do not use a simple keyboard pattern (e.g. qwerty). 10. Do not reuse old passwords. 2

3 Account Management Individual managers have the responsibility of requesting either account deletion or partial removal of privileges when their staff leave or change jobs. The changes will be activated the day following the date of termination/reassignment. For Accounts that are deleted from the system, data that is contained in personal directories, whether work related or personal, will be deleted from the system 30 days after the account access is suspended. Information Technology also inactivates accounts based on employee termination/leave dates and student withdrawal/graduation dates. Data in voice mailboxes will be cleared on the date of termination/reassignment. Accounts that belong to staff who are leaving Sheridan for more than 60 days, either permanently or temporarily, and who will not require access while they are absent from Sheridan, should be disabled immediately to discourage unauthorized access. I.T. should be contacted to discuss archiving or transferring data if required. Temporary access to someone else's account or voice mailbox cannot be granted. Generally, temporary access to someone else's Personal Account will not be granted by Information Technology. Use of Accounts Each Personal Account holder or other user of Sheridan telephone or computer systems must comply with the following: 1. The Personal Account and password should be kept secure. The owner must log out of the Account when the workstation is left unattended. 2. The access granted to Sheridan's telephone and computer services is to be used for Sheridan business only and is not to be used to the detriment of Sheridan or any of its students or employees. 3. Access is for use of the account owner only and is not to be extended to others. 4. Access is not to be used for any illegal purpose. 5. Sheridan operates in compliance with existing Freedom of Information legislation. The user of any system who is privy to Sheridan data is expected to comply and to maintain confidentiality. 6. Access must not be used to harass, threaten or annoy others or to store or send messages which are pornographic, obscene, abusive, threatening, libellous, defamatory or harassing contrary to the Human Rights Code. This would include sending unwanted s to another after being requested not to do so. The Account owner is responsible for ensuring the use of the Account conforms to Sheridan policy and guidelines relating to harassment, discrimination or interaction with others. 7. The owner will not attempt to hide or misrepresent the originator of any communication he or she might initiate or forward. 8. The Account owner will not attempt to circumvent any security or control measures 3

4 implemented on Sheridan systems. 9. Access will not be used to monitor, interfere with or destroy work being done by others. 10. Access will not be used to knowingly degrade system performance or to knowingly or carelessly provide, run or install any program intended to damage any system. This includes, but is not limited to, programs known as computer viruses, Trojan horses or worms. 11. The individual owner of each Account is responsible for managing the information kept on the system to make efficient use of storage. 12. Installation or storage of illegal or pirated software on Sheridan systems is not tolerated. Unauthorized copying of Sheridan software is also illegal. 13. Where provided, users of any workstation are required to run anti-virus software before installing or using any floppy disk, including newly purchased software. 14. Each Account owner must be aware of and respect all copyrights, trademarks and other intellectual property rights for materials on Sheridan systems or the Internet, including the use of the Sheridan logo. 15. Account owners will not initiate or propagate chain letters. 16. The Account owner will not represent themselves as acting on behalf of Sheridan unless properly authorized to do so. 17. Access will not be used to access pornography, or any material that can be considered to be obscene, abusive, threatening, or harassing as described by the Human Rights Code, nor shall any such materials be stored, transmitted or printed using any Sheridan system. 18. Access will not be used by an employee or student for the purpose of carrying out any commercial undertaking or activity excepting only a commercial undertaking or activity authorized by Sheridan. 19. Access will not be used by any person for the purpose of gaining illegitimate or unauthorized access to personal accounts, resources, files, systems, databases, or information within any of Sheridan s systems or for the purpose of breaking into any other system outside Sheridan. No person shall change, enter, add or alter in any way any information within Sheridan s systems, files and databases without proper authorization. 20. Use of external access to contravene any of the above will be considered violation of the above (e.g., use of the Sheridan logo on a web page on an external ISP). All guidelines and policies apply to all resources whether access is initiated on-site or through a remote location. 4

5 Consequences of a Failure to Comply with this Policy Failure to comply with the above policy may result in disciplinary action. The nature and severity of Sheridan s action in this regard will be at Sheridan's discretion and will depend on influencing factors such as, the severity of the offence, its impact on others and Sheridan, and whether it is a repeat offence. These actions can include, without limitation, any of the following: 1. Account privileges being restricted or revoked; 2. Disciplinary action up to and including dismissal or expulsion from a course, program, or Sheridan; 3. Sheridan electing to seek appropriate penalties under existing legislation or other Sheridan policies. (Note: Some violations of the Policy are also covered under existing legislation such as Criminal Code of Canada and the Copyright Act or under other Sheridan policies such as the Harassment and Discrimination policy). External resources, including law enforcement, may be involved. Important Note: It is a criminal offence to obtain or use any computer service or system to wilfully destroy or alter data, to render data meaningless or useless, to obstruct or interfere with the lawful use of data or to deny access to data to anyone who is entitled to have access to such data. Information Technology - Handling Problems Generally, Information Technology will not deal unilaterally or directly with concerns brought to its attention relating to obscene, threatening or harassing behaviour. I.T. staff will advise that any situation involving students be referred to the Director, Student Affairs; problems not involving students will be referred as appropriate. I.T. will assist as requested in gathering information relating to problems and will act as requested by Sheridan in resolving them. I.T. reserves the right to act immediately and unilaterally when it determines there is an immediate security risk. Such action will be immediately reported to the appropriate Sheridan authorities or other related agencies for guidance and further follow-up. Sheridan Resources to Call in the Event of a Breach of this Policy Security Sheridan Security at the appropriate campus should be contacted immediately when there is a concern about safety or violation of any laws. Security works closely with other Sheridan resources in resolving any difficulties. Student Affairs Student Affairs is the prime contact in dealing with problems relating to students including interpersonal conflict, misuse of rights and responsibilities, and misuse of network accounts. Student Affairs will also initiate any formal disciplinary actions involving students. Problems or questions in this regard should be referred to Rob Till, Director, Student Affairs, at extension

6 Human Resources Human Resources is the prime contact in dealing with problems relating to any Sheridan employee and the misuse of his/her rights and responsibilities and misuse of network accounts as described in this Policy. Human Resources will assist Sheridan managers initiate any formal disciplinary actions involving Sheridan employees. Managers of Process Sheridan's Managers of Process will accept any call relating to staff, students or anyone who does business with Sheridan who may be involved in harassing or discriminating behaviour. Please refer to Sheridan's Harassment and Discrimination Policy for more information. 6