Caldwell Community College and Technical Institute

Transcription

1 Caldwell Community College and Technical Institute Employee Computer Usage Policies and Procedures I. PURPOSE: The purpose of this section is to define the policies and procedures for using the administrative systems, computer resources and network systems at Caldwell Community College and Technical Institute. II. PROCEDURE: A. INTRODUCTION Caldwell Community College and Technical Institute will provide administrative computer systems to employees and students for the purpose of completing college-related assignments. These assignments include, but are not limited to the following: data entry and retrieval, report preparation, records maintenance, instruction, research, and planning. Because of this wide range of users and uses, it is necessary to establish policies and procedures that assure that the systems are used in the most efficient manner possible while providing for the protection of equipment, data, and software. While the Director of Computer Information Services is charged with responsibility for the proper operation of the computer systems, all college employees are responsible for seeing that the computers are properly used and that security is maintained. B. POLICY While every employee of the College has a responsibility for the computer systems, those who actually use the systems are specifically responsible for data, personal file backup, software, and equipment. Since all of these responsibilities can be considered under the broad category of security, each user must be aware of and employ proper operating procedures to guarantee proper security. Access to the systems will be on a need to know basis, considering the accomplishment of assigned duties. In this context, the system means both the equipment and the data. With approval from the appropriate dean or vice-president, employees may request access from the System Administrator. All employees have a responsibility to become familiar with the principles and capabilities of the College computer systems.

2 C. PROCEDURES 1. DATA RETRIEVAL Non-routine requests for data (one-time reports and/or special requests) should be made in writing to the Computer Information Services staff. The request will be approved or disapproved based on justification provided by the requester. The request must specify the data elements to be used, the report format, and the time when it is needed so that the Computer Information Services staff involved may schedule the work. If a request is denied, it will be done so in writing with full justification. 2. SECURITY Security refers to the protection of equipment from any kind of damage and the protection of data from (1) disclosure to any unauthorized person, (2) unauthorized modification, or (3) destruction. While disclosure or damage may occur accidentally or intentionally, the results are the same. The security system implemented in these procedures will, if used properly, prevent unnecessary problems. a. Basic access to the college computer system is controlled by User ID and password protection. Each user on the system has a personal ID that must not be used by anyone else. The IDs are established by the Computer Information Services Staff as when approved by the appropriate management levels. The College Executive Council may authorize the Computer Information Services Staff to override any user account if sufficient evidence of inappropriate use exists. b. The Caldwell Community College and Technical Institute Administrative Computer User Authorization Form will be submitted through the user s supervisor, the appropriate dean or vice-president, and the System Administrator. Passwords will be changed every 90 days or less and passwords will not be divulged to any other person. If a user is terminated for any reason the Computer Information Services staff must be notified immediately by the supervisor so that the terminated user can be removed from the system. In the case of a supervisor s termination, all of the supervisor s employees must change their login passwords immediately. c. Users will not be granted access to the administrative computer system until they have read and agreed to comply with the provisions of The Family Educational Rights and Privacy Act of 1974 and have signed the

3 Statement of Acknowledgment Concerning Unauthorized Use of Computers and Software by Caldwell Community College and Technical Institute Faculty and Staff. d. Users should not leave their terminal or microcomputer unattended. If a user must leave the immediate area of his/her workstation for an extended period of time, he/she should log off the system. Users should not write their passwords or usernames on paper that is plain view. e. Microcomputer systems and peripherals must have restricted physical access controlled by the individual user. Sensitive information should not be sent to printers that are located in areas open to the public. Offices where computers are located should be kept locked if unoccupied for long periods of time. f. Users are responsible for immediately reporting suspected security violations to the Computer Information Services staff. The Computer Information Services staff will investigate the violation and take appropriate actions where required. g. Central Computer locations are strictly controlled by the Computer Information Services Staff. Personnel will not be allowed to enter the computer room unless authorized by one of the Computer Information Services staff members. There will be no exceptions to this policy. 3. MICROCOMPUTER AND NETWORK SYSTEMS In addition to the administrative and student computing systems, the college owns a large number of other computer-related devices -- primarily microcomputers. While all of the aforementioned security concerns and procedures apply to these devices, the security problem with stored data is much smaller still. Issues concerning the use and protection of software are of major concern with microcomputers. The college does not purchase microcomputer software outright, but rather buys a software license which allows the college to use the software but severely restricts anything other than the use of the software on a single computer or network. With this in mind, the following must be adhered to: a. SOFTWARE: Unless specifically authorized in writing by the software developer or publisher, programs and their related documentation shall not be reproduced in any form. U. S. Copyright Law provides for civil damages of $50,000 or more and criminal penalties, including fines and imprisonment, in cases involving

4 the illegal reproduction of software. Unauthorized copies of software will not be used on any computers owned by the college. Students must be advised of this policy and told that illegal software will be confiscated and destroyed. Caldwell Community College and Technical Institute employees involved in the making or use of unauthorized copies of computer software will be subject to disciplinary action as appropriate under the circumstances. Software licensed to the college will not be removed from the campus without the specific written permission of the department dean involved. Users cannot install or download software that is not work-related onto their systems as this produces unnecessary conflicts with the microcomputer software and performance. Computer Information Services will conduct software audits on a regular schedule. The individual departments and employees will maintain possession of all software licensing agreements. Software placed on a computer that violates the U. S. Copyright Law will be removed from a college computer after the Director of Computer Information Services provides written justification to the individual Vice-President/Dean or employee. b. ELECTRONIC MEDIA: Computer Information Services will practice appropriate measures to provide security, operability and integrity of the Wide Area Network, hereafter referred to as WAN, including , Internet, and other related resources. The College will not guarantee that electronic media stored on microcomputers and transmitted on the WAN will remain confidential and secure. Additionally, computerrelated files and data created or stored on College microcomputer systems are considered open records and are subject to discovery and subpoena during disciplinary and legal actions. The College reserves the right to view, monitor, and disclose the contents of and data created, transmitted, received, and stored on College-owned microcomputers under the following circumstances: 1. Investigations that reveal evidence of misconduct and misuse of accounts. 2. Need to protect the general welfare of the college employees and students. 3. Need to prevent interferences with the mission of the college. 4. Illegal activity that violates federal, state, or local regulations. c. AUTHORIZED USAGE: Microcomputer users should not deliberately attempt to modify or degrade the performance of college-owned systems. The systems are provided as a service and should be used to complete college-related task and not for personal business or recreation. The computer systems must not be used to intercept data, monitor user accounts, gain unauthorized access to restricted data, or for any purpose that violates federal, state or local regulations.

5 d. MORALS AND ETHICS: Freedom of expression is a constitutional right afforded to individuals. However, Microcomputer Systems Users are held accountable for their actions and must respect the rights of individuals who may be offended by the services and images retrieved on the Internet. Individuals that feel they have been harassed should immediately report the incident to the Director of Computer Information Services or the Director of Human Resources. e. PURCHASING: Departments that wish to purchase computer-related equipment and supplies must generate a statement of need to Computer Information Services. Computer Information Services will provide consultation to the individual requesting the purchase, generate the requisition, and submit it to the Business Office for issuance of a purchase order. f. INVENTORY CONTROL: Individuals requesting computer and related equipment transfer and relocation must fill out an Inventory Transaction Form, located in the Business Services Department mailroom, and submit it to Computer Information Services. Computer Information Services will not take any action until the Inventory Transaction Form is completed. Computer Information Services will relocate the computer and related equipment and forward the Inventory Transaction Form to the Business Services Department. g. COMPUTER REPAIR: Individuals requesting repair services from the Computer Information Services Department will submit the white copy of the Computer Information Services Request Form to Computer Information Services. The department requesting service will maintain the pink copy and place the yellow copy on the device(s) requiring service. If the request involves the acquisition of a centralized supply item, the requisition section of the form must be completed and signed by the departmental budget manager. Computer Information Services will provide the action necessary to address the departmental request. Computer Information Services will provide the Business Office with a monthly spreadsheet listing the totals of each individual department s supply acquisition. h. BUDGET PLANNING: The Director of Computer Information Services will provide consultation to each department head concerning his/her annual technology budget request. The individual department heads will submit the technology request to the Director of Computer Information Services. The Director of Computer Information Services will provide the Chief Financial Officer with a compiled listing of each departmental technology request.

6 i. VIOLATIONS: Any employee who learns of a violation of these policies shall report it to their supervisor and to Computer Information Services as soon as possible. Violators of the computer usage policies and procedures previously stated will be subject to one or more of the following sanctions: admonition, temporary or permanent suspension of computer access privileges, or dismissal from the College as stated in the Employee Policy and Procedures Manual. Adopted by the Board of Trustees on June 15, 2000