Personal tools
Navigation
Tools

Difference between revisions of "Acceptable Use of Computing and Electronic Resources Policy"

From Appalachian State University Policy Manual

Jump to: navigation, search
(Introduction)
m
(33 intermediate revisions by 3 users not shown)
Line 1: Line 1:
Policy 901
+
Policy 906
 
== Introduction ==
 
== Introduction ==
1.1 The University provides computer access and capabilities through Information Technology Services and various Colleges and departments. The University relies heavily upon these systems to meet operational, financial, educational and informational needs. It is essential that Appalachian's computer systems, and computer networks, as well as the data they store and process, be operated and maintained in a secure environment and in a responsible manner. It is critical that these systems and machines be protected from misuse and unauthorized access. This policy applies to all University computer systems and refers to all hardware, data, software and communications networks associated with these computers. In particular, this policy covers computers ranging from multi-user timesharing systems to single user personal computers, whether stand-alone or connected to the network. In addition to this computer policy, users of these computer systems are subject to applicable state and federal laws. Computer abuse will be referred to the Chief Information Officer, the Director of Technology Support Services and/or the appropriate person affiliated with a college or department computer facility. Computing resources are valuable, and their abuse can have a far-reaching negative impact. Computer abuse affects everyone who uses computing facilities. The same morality and ethical behavior that applies in the non-computing environment applies in the computing environment.
+
1.1. The purpose of this policy is to outline the acceptable uses and specific prohibitions that are inherent to the access and use of Information Technology and Information Resources owned or provided by Appalachian State University (hereinafter “the University”).    
 +
 
 +
1.2. Individuals subject to this policy are responsible for exercising reasonable good judgment with respect to specific expectations regarding the use of Information Resources. Each user is expected to understand that Information Technology represents a shared service with finite resources. Users should exercise reasonable efforts to avoid impacting others’ efficient use of Information Technology and Resources.
  
 
== Scope ==
 
== Scope ==
 +
=== Individuals Covered by this Policy ===
  
 +
This policy applies to all users of Information Resources owned or provided by the University, including: 1) devices provided by the University, 2) services provided by the University, or 3) data that belongs to the University regardless of the location.  This applies to any cloud services employed to conduct University business or provide University services.
  
 
== Definitions  ==
 
== Definitions  ==
 +
=== Administrative Control ===
 +
: protecting an information system through policy, procedure, training, directives from an authority, or similar efforts that instruct and require individuals to take corrective actions.
  
=== Computer Systems ===
+
=== Authorized Personnel ===  
:Computer systems includes any microcomputer (stand-alone or networked), workstation, mini-computer or mainframe computer used on this campus or accessible by way of networks, at other locations.
+
:an employee with assigned responsibilities to support Information Resources, or approved by the Office of General Counsel, Director of Human Resources or the Chief Information Officer or designee(s) to perform a specific duty or duties in regards to Information Resources.
  
=== Computer Networks ===
+
=== Information Resources ===
:Computer networks includes any local or wide area communications systems connecting computer systems as defined above.
+
:information owned or possessed by the University, or related to the business of the University, regardless of form or location, and the hardware and software resources used to electronically store, process, or transmit that information.
  
=== Local Area Networking Media ===
+
=== Information Technology ===
:Local area networking media may consist of copper wire, fiber optic cable, thin or thick wire cable which is used to connect one terminal, microcomputer, workstation etc. to another or to network interface equipment.
+
:hardware and software resources owned, leased, or used by the University and its partners to store, process or transmit University information. Information technology is a subset of the University’s Information Resources.
  
=== Internet ===
+
=== ITS ===  
:A vast international computer network of many component networks. It contains the ability for electronic mail (e-mail), network news, file and image transfer and information browsing.
+
:the University’s Office of Information Technology Services.
  
=== World Wide Web (WWW) ===
+
=== IT Infrastructure ===
:The more graphical based component of the internet that encompasses many thousands of text, graphic, audio and video files interlinked throughout the world.
+
:the system of enterprise hardware, software, networks, facilities, and service components used to develop, test, operate, monitor, manage, and/or support information technology services.
 +
 
 +
=== University ===
 +
:Appalachian State University.
 +
 
 +
=== User ===
 +
:a person who uses Information Resources.
  
 
== Policy and Procedure Statements  ==
 
== Policy and Procedure Statements  ==
=== Common Forms of Computer Abuse ===
+
=== Acceptable Uses ===
 +
4.1.1 Individuals subject to this policy are responsible for exercising good reasonable judgment regarding what is the acceptable use of Information Technology and Information Resources. Generally, acceptable uses include, but are not limited to, the following:
 +
#Lawful uses not otherwise prohibited by UNC System or University policies.
 +
#Use of Information Technology and Information Resources to conduct University business.
 +
#Personal use of University maintained Information Technology that does not violate prohibitions listed in 4.2.7.
 +
##The University shall not be responsible for any personal material or information stored on University Information Technology. The University assumes no responsibility for backing up personal material or personal information stored on University Information Technology and shall have no obligation to produce any such personal material or information at any point during or after an individual’s period of employment, enrollment, or other affiliation. The user accepts all responsibility of removing personal materials prior to their separation with the University.  This provision does not apply to current students’ academic work stored on University Information Technology.
  
Misuse or abuse of computers, computer systems, computer networks, programs, and data are prohibited. The following topics are considered areas of abuse:
+
=== Prohibitions ===
 +
4.2.1 Individuals subject to this policy are responsible for understanding that specific activities are prohibited unless a written exception is agreed to and provided by the Chief Information Officer or his delegate.
  
#Privacy vs Open Records Investigating or reading another user's files is considered the same as reading papers on someone's desk - a violation of their privacy. Reading protected files, by whatever mechanism, is considered the same as "breaking and entering." Violations include, but are not limited to:
+
4.2.2 Users may not attempt to intentionally hide their identity for malicious purposes.  All use of University Information Technology must be identified as to the individual or device using the system. Obfuscation or intentional misrepresentation of identity (e.g., shared credentials, spoofed communications, etc.) for any malicious purpose, including access to and use of Information Technology, is prohibited.
##attempting to access another user's computer files without permission;
+
##supplying or attempting to supply false or misleading information or identification in order to access another user's account;
+
##deliberate, unauthorized attempts to access or use University computers, computer facilities, networks, systems, programs or data;
+
##the unauthorized manipulation of Appalachian's computer systems, programs or data.
+
##the unauthorized capturing of computer network data directly from network backbone or local area networking media.
+
#Harassment of other users may be the sending of unwanted messages or files. Violations include, but are not limited to:
+
##interfering with the legitimate work of another user;
+
##the sending of abusive or obscene messages via computers;
+
##the use of computer resources to engage in abuse of computer personnel or other users.
+
#Theft includes the stealing of any property of the Institution, or State of North Carolina. Violations include, but are not limited to:
+
##using subterfuge to avoid being charged for the use of computer resources;
+
##deliberate, unauthorized use of another user's account to avoid being billed for the computer usage;
+
##abusing specific computer resources, such the INTERNET or the World Wide Web (as described in other publications);
+
##attempting unauthorized access to computers outside the University using the University's computers or communications facilities;
+
##removing any computer equipment (hardware, software, data, etc.) without written authorization;
+
##copying, or attempting to copy, data or software without proper authorization.
+
#Vandalism - Any user's account, as well as the operating system itself, is a possible target for vandalism. Attempted or detected alteration of user system software, data or other files, as well as equipment or resources disruption or destruction, is considered vandalism. Violations include, but are not limited to:
+
##sending either mail or a program which will replicate itself or do damage to another user's account;
+
##tampering with or obstructing the operation of the Universities' computer systems (for example, attempting to "crash" the system);
+
##inspecting, modifying, or distributing data or software without proper authorization or attempting to do so;
+
##attempting to interfere with the performance of the system;
+
##damaging computer hardware or software.
+
#Unauthorized Business Usage includes any use of university resources for promoting or conducting business for personal use. Violations include, but are not limited to:
+
##sending mass mailings
+
##using computer accounts for work not authorized for that account
+
#Copyright Issues - The University owns licenses to a number of proprietary programs. Users who redistribute software from the computing systems break agreements with its software suppliers, as well as applicable federal copyright, patent and trade secret laws. Therefore, the redistribution of any software from computing systems is strictly prohibited except in the case of software which is clearly marked as being in the public domain. Violations include, but are not limited to copying, transmitting, or disclosing data, software or documentation without proper authorization.
+
#Miscellaneous - Other uses commonly considered unethical, such as:
+
##unauthorized and time consuming recreational game playing;
+
##using computer accounts for work not authorized for that account;
+
##sending chain letters or unauthorized mass mailings;
+
##using the computer for any illegal purposes;
+
  
=== Computer Usage Guidelines ===
+
4.2.3 Users may not intentionally attempt to expand or offer IT infrastructure services to others, through the implementation of unapproved hardware, software or cloud services.  The infrastructure may not be extended or otherwise modified without the oversight and approval of ITS.  This includes, but is not limited to, servers that provide services to multiple users, network communications devices, multi-user storage devices, or network-based camera systems. 
  
#Users are to have valid, authorized accounts and may only use those computer resources which are specifically authorized. Users may only use their account in accordance with its authorized purpose. Users are responsible for safeguarding their own computer account. Users should not let another person use their account unless authorized by the system administrator for a specific purpose. Passwords should be changed often to ensure that private and secure files are kept secure.
+
4.2.4 Users residing in residence halls may be subject to additional prohibitions as defined by University Housing.
#Users who choose to publish home pages on the World Wide Web must identify themselves as the author and provide a means to be contacted. In addition, they must include a disclaimer that the home page content reflects their own views and not necessarily that of the University. Furthermore, any pointers to other web resources must include, within the context of the pointer or its surrounding text, a clear indication as to what a browser will find when arriving at that resource.
+
#Users may not change, copy, delete, read or otherwise access files or software without permission of the custodian of the files or the system administrator. Users may not bypass accounting or security mechanisms to circumvent data protection schemes. Users may not attempt to modify software except when intended to be user customized.
+
#Users may neither prevent others from accessing the system nor unreasonably slow down the system by deliberately running wasteful jobs, playing games, engaging in non-productive or idle chatting, or sending mass mailings or chain letters.
+
#Users shall assume that any software they did not create is copyrighted. They may neither distribute copyrighted proprietary material without the written consent of the copyright holder nor violate copyright or patent laws concerning computer software, documentation or other tangible assets.
+
#Users must not use the computer systems to violate any rules in the University Staff Handbook, Faculty and Student Handbooks or any local, state or federal laws.
+
#A user shall disclose to the appropriate authorities misuses of computing resources or potential loopholes in computer systems security and cooperate with the systems administrator in the investigation of abuses. In connection with inquiries into possible abuses, the University reserves the right to examine files, programs, passwords, accounting information, printouts or other computing material without notice.
+
  
=== Penalties ===
+
4.2.5 Users, excluding authorized personnel, may not intentionally attempt to intercept, monitor, redirect, alter or otherwise adversely impact another user’s use of University Information Resources.  Users, excluding authorized personnel,  may not read, copy, or delete another user’s electronic data without the expressed prior approval of said user. 
  
Abuse or misuse of computing services may violate of this policy or user responsibility, but it may also violate the criminal statutes. Therefore, the University will take appropriate action in response to user abuse or misuse of computing services. Action may include, but not necessarily be limited to:
+
4.2.6 Users may not engage in cyberstalking, harassment or infringe upon the privacy of other users’ lawful use of University’s Information Resources.
#suspension or revocation of computing privileges. Access to all computing facilities and systems can, may, or will be denied;
+
#reimbursement to the University for resources consumed;
+
#other legal action including action to recover damages;
+
#referral to law enforcement authorities;
+
#computer users (faculty, staff and/or students) will be referred to the appropriate office for disciplinary action.
+
  
=== Distribution of This Policy ===
+
4.2.7 Users may not intentionally engage in any activity that negatively impacts Information Resources.
  
The University will insure that all users are aware of the policy by publishing it in appropriate media designed to reach all faculty, staff and students.
+
4.2.8 Employees’ personal use of Information Resources in accordance with 4.1.3 above may  not 1) interfere with an employee's job performance, 2) interfere with activities that directly support the University mission, 3) violate UNC System and University policies including, but not limited to, policies prohibiting the use of University Information Technology and Information Resources to endorse, campaign for, secure support for or oppose any candidate, political party, partisan political group, referendum, or issue in an election; or 4) constitute use of Information Resources to seek commercial gain or private profit, except as allowed under applicable University policies including policies concerning intellectual property rights and external professional activities for pay. Supervisors have discretion to further restrict or forbid personal use as they reasonably deem necessary.
 +
 
 +
4.2.9 Users may not engage in any activity that intentionally circumvents administrative controls or in any way attempts to gain or provide unauthorized access to Information Resources.
 +
 
 +
4.2.10 Additional activities that are prohibited, specific to certain types of use such as Network Access, Storage, etc. may be described in other more specific standards located at https://its.appstate.edu/it-governance/it-policy-standards-guidelines
 +
 
 +
=== Additional Conditions of Use ===
 +
4.3.1. By activating one’s University user account, the user agrees to receive via email University security breach notifications required by the N.C. Identity Theft Protection Act, as well as other official University communication.
 +
 
 +
4.3.2. Departments may enforce additional administrative controls concerning use, as long as such controls are in accordance with this and other University policies and are within the scope of their assigned areas of oversight.
 +
 
 +
=== IT Security and Monitoring ===
 +
4.4.1 The University does not routinely monitor or access individual communications.  Review or monitoring of the use of Information Resources is reasonably limited by scope, relevance and applicable law and University policy and may occur in the following circumstances if deemed necessary by authorized personnel:
 +
 
 +
#in accordance with generally accepted, network-administration practices and to resolve IT support requests;
 +
#to prevent or investigate any actual or potential information security incidents and system misuse;
 +
#to investigate reports of violation of University IT policy;
 +
#to support, as authorized by the Office of General Counsel, investigations of violation of local, state, or federal law; violations of University policies;  or to comply with legal requests for information (such as subpoenas and public records requests); or
 +
#to retrieve information in emergency circumstances where there is an imminent threat to health, safety, or University property involved.
 +
 
 +
=== Enforcement ===
 +
4.5.1 The University, in consultation with its legal counsel, may contact local or federal law enforcement authorities to investigate any matter in its sole discretion. Information Technology Services, in cooperation with other University authorities, is charged with enforcement of this policy, and establishing standards, procedures, and protocols in support of the policy.
 +
 
 +
4.5.2. To report a concern regarding non-compliance with this policy, please contact cio@appstate.edu
 +
 
 +
4.5.3. Penalties for violating this Policy may result in termination of or suspension of access, in whole or in part, to University Information Resources at the discretion of ITS where such action is reasonable to protect the University or University Information Resources. Failure to comply with this policy may put Information Resources at risk and may have disciplinary consequences for employees and students. Contractors, vendors, and others who fail to adhere to this policy may face termination of their business relationships with Appalachian State University.
 +
 
 +
4.5.4. Violations of this policy, insofar as they might also violate other policies, may also be enforceable under the following provisions:
 +
#For students, the Code of Student Conduct.
 +
#For employees, "misconduct" under the Faculty Handbook and other EHRA policies governing faculty and non-faculty EHRA employees, including any appeal rights stated therein; or "unacceptable personal conduct" under SHRA policies, including any appeal rights stated therein.
 +
 
 +
4.5.5. Faculty, staff, and students accused of violating this policy will be informed of the alleged violation when the notification does not place further investigation(s) or remediation at risk. Faculty, staff, and students can appeal a revocation or suspension of access to the Chief Information Officer or their designee; and can utilize appeal mechanisms included in any applicable policies and codes.
  
 
== Additional References ==
 
== Additional References ==
 +
5.1. All users should be aware of these additional statues and regulations as they may directly impact the lawful use of University Information Resources.
 +
#[https://www.ncleg.net/EnactedLegislation/Statutes/HTML/BySection/Chapter_14/GS_14-190.1.html North Carolina General Statute 14-190-1, Obscene Literature and Exhibitions]
 +
#[https://www.ncleg.net/EnactedLegislation/Statutes/HTML/ByArticle/Chapter_14/Article_60.html North Carolina General Statute 144-456, Denial of Computer Services to an Authorized User]
 +
#[https://www.ncleg.gov/EnactedLegislation/Statutes/PDF/BySection/Chapter_143B/GS_143B-920.pdf North Carolina General Statute 143B-920, Department Heads to Report Possible Violations of Criminal Statutes Involving Misuse of State Property to the State Bureau of Investigation]
 +
#U.S. Code Title 18, Section 1030, Fraud and Related Activity in Connection with Computers
 +
#[http://uscode.house.gov/view.xhtml?req=(title:20%20section:1232g%20edition:prelim)Family Education Rights and Privacy Act of 1974, 20 U.S.C. 1232g]
 +
#[https://www.eeoc.gov/laws/statutes/titlevii.cfm Title VII of the Civil Rights Act of 1964, 42 U.S.C. 2000e, et seq.]
 +
#[https://www.justice.gov/crt/fcs/TitleIX-SexDiscrimination Title IX of the Education Amendments of 1972, 20 U.S.C. 1681, et seq.]
 +
#[https://www.ncleg.net/EnactedLegislation/Statutes/HTML/ByChapter/Chapter_126.html North Carolina Human Resources Act, N.C.G.S. Chapter 126]
 +
#[https://www.ncleg.net/EnactedLegislation/Statutes/HTML/ByChapter/Chapter_132.html North Carolina Public Records Act, N.C.G.S. Chapter 132]
 +
#[https://www.northcarolina.edu/legal-affairs/records-retention UNC System Records Retention and Disposition Schedule]
 +
#[https://archives.ncdcr.gov/documents/e-mail-public-record-north-carolina-policy-its-retention-and-disposition Email as a Public Record in North Carolina]
 +
#[https://facultyhandbook.appstate.edu/Appalachian State University Faculty Handbook]
 +
#[https://studentconduct.appstate.edu/pagesmith/15 Appalachian State University Code of Student Conduct]
 +
#[https://policy.appstate.edu/Discrimination,_Harassment_and_Retaliation Appalachian State University Policy 110 Harassment, Discrimination and Retaliation]
 +
#[https://policy.appstate.edu/E-Mail_As_Official_Means_of_Communication Appalachian State University Policy 915 E-mail As Official Means of Communication]
 +
#[https://policy.appstate.edu/Audits Appalachian State University Policy 1000 Audits (and related Audit policies0]
 +
#[https://policy.appstate.edu/Public_Records_Requests Appalachian State University Policy 105.6 Public Records Requests]
 +
#[https://policy.appstate.edu/Political_Activities_and_Public_Office_Holding Appalachian State University Policy 604.7 Political Activities and Public Office Holding]
 +
#[https://policy.appstate.edu/External_Professional_Activities_of_Faculty_and_Other_Professional_Staff Appalachian State University Policy 604.3 External Professional Activities of Faculty and Other Professional Staff]
 +
#[https://policy.appstate.edu/Staff_(SHRA)_Employee_Request_for_Approval_to_Engage_in_Outside_Work Appalachian State University Policy 604.5 Staff (SHRA) Employee Request for Approval to Engage in Outside Work]
  
 
== Authority ==
 
== Authority ==
 
+
:[http://www.northcarolina.edu/apps/policy/index.php?pg=vs&id=4428&added=1 The UNC Policy Manual, Chapter 100.1, The Code, Section 502]
  
 
== Contact Information ==
 
== Contact Information ==
 +
:Office of the Chief Information Officer (828.262.6278)
  
 
+
== Original Effective Date ==
== Effective Date ==
+
:June 21, 2017
  
 
== Revision Dates ==
 
== Revision Dates ==
 +
:May 1, 2019 (This revision repealed the previous version of Policy 901 “Use of Computer and Data Communications” and replaced it with a new Policy 901 “Acceptable Use of Computing and Electronic Resources Policy” and a recommended University Privacy Policy)
 +
 +
[[Category:Contents]]
 +
[[Category:Information Technology]]

Revision as of 19:21, 10 December 2020

Policy 906

1 Introduction

1.1. The purpose of this policy is to outline the acceptable uses and specific prohibitions that are inherent to the access and use of Information Technology and Information Resources owned or provided by Appalachian State University (hereinafter “the University”).

1.2. Individuals subject to this policy are responsible for exercising reasonable good judgment with respect to specific expectations regarding the use of Information Resources. Each user is expected to understand that Information Technology represents a shared service with finite resources. Users should exercise reasonable efforts to avoid impacting others’ efficient use of Information Technology and Resources.

2 Scope

2.1 Individuals Covered by this Policy

This policy applies to all users of Information Resources owned or provided by the University, including: 1) devices provided by the University, 2) services provided by the University, or 3) data that belongs to the University regardless of the location. This applies to any cloud services employed to conduct University business or provide University services.

3 Definitions

3.1 Administrative Control

protecting an information system through policy, procedure, training, directives from an authority, or similar efforts that instruct and require individuals to take corrective actions.

3.2 Authorized Personnel

an employee with assigned responsibilities to support Information Resources, or approved by the Office of General Counsel, Director of Human Resources or the Chief Information Officer or designee(s) to perform a specific duty or duties in regards to Information Resources.

3.3 Information Resources

information owned or possessed by the University, or related to the business of the University, regardless of form or location, and the hardware and software resources used to electronically store, process, or transmit that information.

3.4 Information Technology

hardware and software resources owned, leased, or used by the University and its partners to store, process or transmit University information. Information technology is a subset of the University’s Information Resources.

3.5 ITS

the University’s Office of Information Technology Services.

3.6 IT Infrastructure

the system of enterprise hardware, software, networks, facilities, and service components used to develop, test, operate, monitor, manage, and/or support information technology services.

3.7 University

Appalachian State University.

3.8 User

a person who uses Information Resources.

4 Policy and Procedure Statements

4.1 Acceptable Uses

4.1.1 Individuals subject to this policy are responsible for exercising good reasonable judgment regarding what is the acceptable use of Information Technology and Information Resources. Generally, acceptable uses include, but are not limited to, the following:

  1. Lawful uses not otherwise prohibited by UNC System or University policies.
  2. Use of Information Technology and Information Resources to conduct University business.
  3. Personal use of University maintained Information Technology that does not violate prohibitions listed in 4.2.7.
    1. The University shall not be responsible for any personal material or information stored on University Information Technology. The University assumes no responsibility for backing up personal material or personal information stored on University Information Technology and shall have no obligation to produce any such personal material or information at any point during or after an individual’s period of employment, enrollment, or other affiliation. The user accepts all responsibility of removing personal materials prior to their separation with the University. This provision does not apply to current students’ academic work stored on University Information Technology.

4.2 Prohibitions

4.2.1 Individuals subject to this policy are responsible for understanding that specific activities are prohibited unless a written exception is agreed to and provided by the Chief Information Officer or his delegate.

4.2.2 Users may not attempt to intentionally hide their identity for malicious purposes. All use of University Information Technology must be identified as to the individual or device using the system. Obfuscation or intentional misrepresentation of identity (e.g., shared credentials, spoofed communications, etc.) for any malicious purpose, including access to and use of Information Technology, is prohibited.

4.2.3 Users may not intentionally attempt to expand or offer IT infrastructure services to others, through the implementation of unapproved hardware, software or cloud services. The infrastructure may not be extended or otherwise modified without the oversight and approval of ITS. This includes, but is not limited to, servers that provide services to multiple users, network communications devices, multi-user storage devices, or network-based camera systems.

4.2.4 Users residing in residence halls may be subject to additional prohibitions as defined by University Housing.

4.2.5 Users, excluding authorized personnel, may not intentionally attempt to intercept, monitor, redirect, alter or otherwise adversely impact another user’s use of University Information Resources. Users, excluding authorized personnel, may not read, copy, or delete another user’s electronic data without the expressed prior approval of said user.

4.2.6 Users may not engage in cyberstalking, harassment or infringe upon the privacy of other users’ lawful use of University’s Information Resources.

4.2.7 Users may not intentionally engage in any activity that negatively impacts Information Resources.

4.2.8 Employees’ personal use of Information Resources in accordance with 4.1.3 above may not 1) interfere with an employee's job performance, 2) interfere with activities that directly support the University mission, 3) violate UNC System and University policies including, but not limited to, policies prohibiting the use of University Information Technology and Information Resources to endorse, campaign for, secure support for or oppose any candidate, political party, partisan political group, referendum, or issue in an election; or 4) constitute use of Information Resources to seek commercial gain or private profit, except as allowed under applicable University policies including policies concerning intellectual property rights and external professional activities for pay. Supervisors have discretion to further restrict or forbid personal use as they reasonably deem necessary.

4.2.9 Users may not engage in any activity that intentionally circumvents administrative controls or in any way attempts to gain or provide unauthorized access to Information Resources.

4.2.10 Additional activities that are prohibited, specific to certain types of use such as Network Access, Storage, etc. may be described in other more specific standards located at https://its.appstate.edu/it-governance/it-policy-standards-guidelines

4.3 Additional Conditions of Use

4.3.1. By activating one’s University user account, the user agrees to receive via email University security breach notifications required by the N.C. Identity Theft Protection Act, as well as other official University communication.

4.3.2. Departments may enforce additional administrative controls concerning use, as long as such controls are in accordance with this and other University policies and are within the scope of their assigned areas of oversight.

4.4 IT Security and Monitoring

4.4.1 The University does not routinely monitor or access individual communications. Review or monitoring of the use of Information Resources is reasonably limited by scope, relevance and applicable law and University policy and may occur in the following circumstances if deemed necessary by authorized personnel:

  1. in accordance with generally accepted, network-administration practices and to resolve IT support requests;
  2. to prevent or investigate any actual or potential information security incidents and system misuse;
  3. to investigate reports of violation of University IT policy;
  4. to support, as authorized by the Office of General Counsel, investigations of violation of local, state, or federal law; violations of University policies; or to comply with legal requests for information (such as subpoenas and public records requests); or
  5. to retrieve information in emergency circumstances where there is an imminent threat to health, safety, or University property involved.

4.5 Enforcement

4.5.1 The University, in consultation with its legal counsel, may contact local or federal law enforcement authorities to investigate any matter in its sole discretion. Information Technology Services, in cooperation with other University authorities, is charged with enforcement of this policy, and establishing standards, procedures, and protocols in support of the policy.

4.5.2. To report a concern regarding non-compliance with this policy, please contact cio@appstate.edu

4.5.3. Penalties for violating this Policy may result in termination of or suspension of access, in whole or in part, to University Information Resources at the discretion of ITS where such action is reasonable to protect the University or University Information Resources. Failure to comply with this policy may put Information Resources at risk and may have disciplinary consequences for employees and students. Contractors, vendors, and others who fail to adhere to this policy may face termination of their business relationships with Appalachian State University.

4.5.4. Violations of this policy, insofar as they might also violate other policies, may also be enforceable under the following provisions:

  1. For students, the Code of Student Conduct.
  2. For employees, "misconduct" under the Faculty Handbook and other EHRA policies governing faculty and non-faculty EHRA employees, including any appeal rights stated therein; or "unacceptable personal conduct" under SHRA policies, including any appeal rights stated therein.

4.5.5. Faculty, staff, and students accused of violating this policy will be informed of the alleged violation when the notification does not place further investigation(s) or remediation at risk. Faculty, staff, and students can appeal a revocation or suspension of access to the Chief Information Officer or their designee; and can utilize appeal mechanisms included in any applicable policies and codes.

5 Additional References

5.1. All users should be aware of these additional statues and regulations as they may directly impact the lawful use of University Information Resources.

  1. North Carolina General Statute 14-190-1, Obscene Literature and Exhibitions
  2. North Carolina General Statute 144-456, Denial of Computer Services to an Authorized User
  3. North Carolina General Statute 143B-920, Department Heads to Report Possible Violations of Criminal Statutes Involving Misuse of State Property to the State Bureau of Investigation
  4. U.S. Code Title 18, Section 1030, Fraud and Related Activity in Connection with Computers
  5. Education Rights and Privacy Act of 1974, 20 U.S.C. 1232g
  6. Title VII of the Civil Rights Act of 1964, 42 U.S.C. 2000e, et seq.
  7. Title IX of the Education Amendments of 1972, 20 U.S.C. 1681, et seq.
  8. North Carolina Human Resources Act, N.C.G.S. Chapter 126
  9. North Carolina Public Records Act, N.C.G.S. Chapter 132
  10. UNC System Records Retention and Disposition Schedule
  11. Email as a Public Record in North Carolina
  12. State University Faculty Handbook
  13. Appalachian State University Code of Student Conduct
  14. Appalachian State University Policy 110 Harassment, Discrimination and Retaliation
  15. Appalachian State University Policy 915 E-mail As Official Means of Communication
  16. Appalachian State University Policy 1000 Audits (and related Audit policies0
  17. Appalachian State University Policy 105.6 Public Records Requests
  18. Appalachian State University Policy 604.7 Political Activities and Public Office Holding
  19. Appalachian State University Policy 604.3 External Professional Activities of Faculty and Other Professional Staff
  20. Appalachian State University Policy 604.5 Staff (SHRA) Employee Request for Approval to Engage in Outside Work

6 Authority

The UNC Policy Manual, Chapter 100.1, The Code, Section 502

7 Contact Information

Office of the Chief Information Officer (828.262.6278)

8 Original Effective Date

June 21, 2017

9 Revision Dates

May 1, 2019 (This revision repealed the previous version of Policy 901 “Use of Computer and Data Communications” and replaced it with a new Policy 901 “Acceptable Use of Computing and Electronic Resources Policy” and a recommended University Privacy Policy)