Information Technology Department

1.0 Overview

The focus of this Acceptable Use Rules, Procedures and Regulations document is to protect Mt. San Antonio College, its faculty, staff and students, from damaging or illegal actions whether accidental or intentional. This document is intended to promote and encourage responsible use, while minimizing the potential for misuse and avoiding unnecessary restrictions on users. This document is not intended to prevent or prohibit the authorized use of resources required to meet the mission and the academic and administrative purposes of Mt. San Antonio College.

Effective security can only be accomplished by a team effort involving every faculty and staff member who deals with information systems. It is the responsibility of every computer user to know the contents of this document and to conduct activities accordingly.

2.0 Purpose

The purpose of this document is to outline the acceptable use of computing, communications and information resources at Mt San Antonio College. The rules are intended to protect College resources including College information, equipment, students, faculty and staff.

3.0 Definitions

Information technology resource includes any computer, communication system and information resource, including, but not limited to, means of access, networks, and any data that may reside thereon.

Electronic communications, electronic communication services or electronic communication systems include, but are not limited to, electronic mail, electronic mail address or account, College computer systems, Internet services, voice mail, audio and video conferencing, and facsimile messages.

The College's computer systems include, but are not limited to, any and all College owned, leased, or rented computer hardware, software, databases, telecommunication equipment, telephone and related equipment, and any other system used in connection with College programs.

E-mail means an electronic message transmitted between two or more computers or electronic terminals, whether or not the message is converted to hard copy format after receipt and whether or not the message is viewed upon transmission or stored for later retrieval. E-mail includes electronic messages that are transmitted through a local, regional, or global computer network.

Voice mail means an audio message transmitted telephonically between two or more telephones, whether or not the message is converted to hard copy format after receipt and whether or not the message is heard upon transmission or stored for later retrieval. Voice mail includes telephonic messages that are transmitted through a local, regional or global telephone network.

Authorized means any person who has expressly received permission from Information and Educational Technology to perform a specific function or service.

Information is data owned, maintained, and managed by the College.

For the purpose of this document, a user is any person who utilizes any Mt. San Antonio College information technology resources.

4.0 Scope

This document applies to any user of the College's information technology resources, whether connected from a computer located on or off-campus.

This document applies to the use of all of the College's information technology resources, regardless of the division or department that administers that resource. The chief administrators of divisional/departmental information technology resources may enact additional policies specific to those resources, provided they do not conflict with the provisions of this or other policies or laws.

All users are subject to both the provisions of this document, as well as any policies specific to the individual systems they use.

5.0 Disclaimer

Mt. San Antonio College is not responsible for loss of information from computing misuse, malfunction of computing hardware, malfunction of computing software, or external contamination of data or programs. It cannot be guaranteed that, in all instances, copies of critical data will be retained for all systems. It is ultimately the responsibility of computer users to obtain secure backup copies of their own files for disaster recovery.

Both the nature of electronic communications and the public character of the College's business make electronic communications less private than users may anticipate, and confidentiality of electronic communications should not be expected. Users, therefore, should exercise extreme caution in using electronic communications to communicate confidential or sensitive matters. The College has the right to inspect, monitor, or disclose electronic communications which utilize any College-owned equipment. Without prior notice and without consent, the College may perform routine maintenance or system administration of computers and other electronic communications equipment which may result in observation of the contents of files and communications.

Electronic communications that utilize College equipment, whether or not created or stored on College equipment, may constitute a College record subject to disclosure under the California Public Records Act or other laws, or as a result of litigation.

The College cannot guarantee that users will not receive electronic communications they may find offensive, nor can the College guarantee the authenticity of electronic communications received, or that electronic communications received were in fact sent by the purported sender. Users are solely responsible for materials they access and disseminate on the College's Electronic Communication Systems.

6.0 Acceptable Use Rules, Procedures, and Regulations

This section defines acceptable use of the College's electronic communication services and computer systems. It does not articulate all permissible and prohibited uses, but is intended to provide a framework that honors the rights of other users, respects the integrity of the systems, and observes relevant laws, regulations, contractual obligations, and Board Policies.

6.1 Authorized Use

Access to Mt. San Antonio College's information technology resources is a privilege granted to the faculty, staff and students in support of their studies, instruction and duties, and for purposes consistent with the mission of the College. Unauthorized access to the College's information technology resources is not permitted.

The College's computing, communications and information resources are provided for the support of its educational and service goals and the use of such resources for any other purpose is prohibited.

Gaining access to the College's information technology resources does not imply the right to use those resources. The College reserves the right to limit, restrict, or remove access to its information technology resources. It is expected that these resources will be used efficiently and responsibly in support of the mission of the College. All other use not consistent with this document will be considered unauthorized use.

6.2 Information Security and Confidentiality

Users of the College's information security resources are responsible for ensuring the confidentiality and appropriate use of all the data to which they have access by:

1. ensuring the security of any account issued in one's name; ensuring the security of the equipment where such information is stored or displayed; and
2. abiding by related privacy rights of students, faculty and staff, concerning the use and release of personal information, as required by law or existing policies.

Note: Ensuring the security of the equipment where information is stored applies to all servers and to all workstations (PCs) that contain academic, student, employee, accounting or similar data. All such servers and workstations must have an operating system that provides access control to the contents of the workstation or server, or have access control software and/or hardware installed, or the workstation or server must be physically protected against unauthorized use. Additionally, all servers and workstations, regardless of their content, must be equipped with anti-virus software. The virus definition update frequency must be at least weekly.

The College's electronic communication systems and services are College property. Any electronic mail address or account associated with the College or any department of the College, assigned by the College to individuals, departments or functions of the College, is the property of the College. Authorized College personnel, while performing routine or investigative operations, have access to files, including electronic mail, web browsers information and any other personal or class data stored on College computers. In the event of a sanctioned College investigation, files or electronic mail may be locked or copied to prevent destruction and loss of information.

All users are advised to consider the open nature of information transferred electronically, and should not assume any degree of privacy or restricted access to such information. The College provides the highest degree of security possible when transferring data, but disclaims responsibility if these security measures are circumvented and the information is compromised.Disclosure of confidential information to unauthorized persons or entities, or the use of such information for self-interest or advantage, is strictly prohibited. Access to non-public institutional data by unauthorized persons or entities is strictly prohibited.

The confidentiality of student and staff information is protected under state and federal law. Any information regarding students or staff that an employee might access in the course of a work assignment through a computer, student file, or other documentation, is to be used strictly to perform the job duties and may only be shared with those who are authorized to have such information. An employee may not change, alter, copy, or divulge any such information unless it is required to carry out a College job assignment.

6.3 Network and System Integrity

In accordance with California State Penal Code Section 502, California State University's 4Cnet Acceptable Use Policy, and other policies and laws, activities that threaten the integrity of computer networks or systems are strictly prohibited. This applies to College-owned and privately-owned equipment operated on or throughout College resources. These activities include but are not limited to:

1. Interference with or disruption of computer systems and networks and related services, including but not limited to the propagation of any computer "worm," "virus" and "Trojan Horse."
2. Intentionally or negligently performing an act that places an excessive load on a computer or network to the extent that other users may be denied service or the use of electronic networks or information systems may be disrupted. An example of this activity would be the use of Net Radio.
3. Failure to comply with authorized requests from designated College officials to discontinue activities that threaten the operation or integrity of computers, systems or networks.
4. Negligently or intentionally revealing passwords or otherwise permitting the use by others of College-assigned accounts for computer and network access. Individual password security is the responsibility of each user. The user is responsible for all uses of their accounts, independent of authorization.
5. Altering or attempting to alter files or systems without authorization.
6. Unauthorized scanning of ports, computers and networks.
7. Unauthorized attempts to circumvent data protection schemes or uncover security vulnerabilities.
8. Connecting unauthorized equipment to the campus network or computers.
9. Attempting to alter any College computing or network components without authorization or beyond one's level of authorization, including but not limited to bridges, routers, hubs, wiring, and connections.
10. Utilizing network or system identification numbers, accounts or names that are not assigned for one's specific use.
11. Using campus resources to gain unauthorized access to any computer system and/or using someone else's computer without their permission.
12. Providing services or accounts on College computers or via College networks to other users from a personal computer unless required to meet the normal activities of students working as individuals or in collaborative groups to fulfill current course requirements.
13. Registering a Mt. San Antonio College's IP address with any other domain name or the Mt. San Antonio College name.

6.4 Copyright Law and Fair Use

Violations of the rights of any person or entity protected by a copyright, patent, trademark or similar law, or regulation is strictly prohibited. Violations include, but are not limited to, the unauthorized reproduction of any copyrighted material, including but not limited to software, text, images, audio, and video. Also included are the installation, distribution or use of "pirated" software, as well as the display or distribution of copyrighted materials over computer networks without the author's permission. NOTE: The "fair use" provisions of the copyright law, section 107 of the U. S. Copyright Law, may permit the reproduction of copyrighted work for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use) scholarship or research.

6.5 Equal Access to Electronics and Information Technology

In accordance with Section 508 of the Federal Rehabilitation Act of 1973 and Senate Bill 105 , Mt. San Antonio College is required to assure that all electronic and information technology purchased, used, and developed by the College is as fully and equally accessible to persons with disabilities as it is to persons without disabilities. Specifically, this applies to products such as telecommunications, video, multi-media, ATMs, copiers, fax machines, computers, software and operating systems, web pages and other instructional materials.

6.6 Web Sites

Mt. San Antonio College's web sites are for the sole purpose of supporting the college's academic and service goals. Any other purpose is not allowed.

Official web pages may be created by the College as well as the divisions and departments contained therein. Official web pages must be reviewed for accuracy and appropriateness by the responsible administrator. Official web pages provide a source of communication with the public and the information they provide becomes the legal responsibility of the College. This requirement does not apply to on-line courses or web pages created to supplement course work.

Personal web pages that utilize the College's electronic communication systems and identify the individual as an employee or student of the College are the sole responsibility of the individual, should support the academic, research, and public service mission of the College, and must comply with the provisions of this document. Formal approval is not required for student, staff and faculty personal pages. However, the College reserves the right to remove pages from the Web if they are deemed inappropriate or deviate from this document. An official home page is the web page that serves as the initial entry point to an institution's web site.

Standards and guidelines for the development and maintenance of web pages are established to provide consistency and accuracy of information published on the World Wide Web. All web pages must comply with the requirements listed in the Federal Rehabilitation Act, section 508.

The World Wide Web is a fluid environment that offers access to a wide range of information. While the College assumes full responsibility for the accuracy and appropriateness of official College web pages, the College is not responsible for individual, personal pages. Users who believe the content of a personal page is offensive, obscene, violates College policy, or is inconsistent with the generally-accepted norms for web page content may register a formal complaint by following the procedures outlined in section 9.0, Reporting Improper Use and Violations.

Links to other web sites contain information that is created, published, maintained, or otherwise posted by organizations independent of the College. The College does not endorse, approve, certify or otherwise guarantee the accuracy of any information at linked web sites.

The College is not responsible for material viewed as a result of individual links or connections.

6.7 Harassment

Harassment of others via electronic methods is prohibited under California State Penal Code Section 653m and College policy. It is a violation of this document to use the College's information technology resources as a means to harass, threaten, or otherwise cause harm to any individual(s), whether by direct or indirect reference. It may be a violation of this document to use information technology resources as a means to harass or threaten groups of individuals by creating a hostile environment.

6.8 Commercial Use

The College's information technology resources are provided strictly for College business or College fundraising activities. Any use of these resources for unauthorized commercial activities, personal or private financial gain, or otherwise unrelated to the College business is strictly forbidden. This includes the unauthorized soliciting, promoting, selling, marketing or advertising products or services, or reselling information technology resources.

6.9 Obscene Material

Sending or accessing pornography or patently obscene material other than for authorized research or instructional purposes is prohibited.

6.10 Other Mt. San Antonio College Policies

Go to http://infosecurity.mtsac.edu to view other policies, drafted and adopted.

7.0 Policy Compliance

The Chief Technology Officer is authorized by the President to ensure that the appropriate processes to administer the policy are in place.

The Chief Technology Officer, or designee, will ensure that suspected violations receive the proper and immediate attention of the appropriate College officials and the appropriate law enforcement authorities, if applicable.

The Chief Technology Officer or designee will inform users about the policy; receive and respond to complaints; collect and secure evidence as required; advise and assist on the interpretation, investigation and enforcement of this policy; consult with legal counsel on matters involving interpretation of law or requests from outside entities; and maintain a record of each incident and its resolution.

8.0 Violation of Policy

Violation of this policy may result in disciplinary action. Additionally, inappropriate use of information technology resources may result in criminal, civil, and other administrative liability.

9.0 Reporting Improper Use and Violations

Improper use and suspected violations of this document should be reported to Information and Educational Technology via e-mail at abuse@mtsac.edu. This email list includes representatives from Human Resources, Information and Educational Technology, the Student Life Office, the Public Information Office, and the Public Safety Office. Violations can also be reported via telephone to the IET Help Desk at (909) 594-5611 ext. 4357. Report immediate threats to:

• Emergency Services, 911
• Los Angeles County Sheriff, (626) 913-1715
• Campus Security, telephone extension 4555

10.0 Document Review and Practices Oversight

The Chief Technology Officer, or designee, is responsible for application and enforcement of this document. The Vice President of IET or designee will review this document on an annual basis, or when the need arises, make recommendations for any changes and provide oversight and periodic review of the practices used to implement this document. A current version of this document will be posted on the Mt. San Antonio College web site. A printed copy will be available at the Library Information Desk and the IET Help Desk.

11.0 Acknowledgements

Computer policies and procedures from the following institutions were consulted, adapted and/or reviewed in developing this document:

• California Polytechnic State University, San Luis Obispo (http://its.calpoly.edu/Policies/RUP-INT/)
• California State Polytechnic University, Pomona (http://www.csupomona.edu/~iit/policy/appropriateuse.shtml)
• North Orange Community College District (http://www.nocccd.cc.ca.us/bp.htm)

12.0 Appendix

The following regulations, policies, and laws should be consulted for more information:

• Family Educational Rights and Privacy Act (http://www.ed.gov/legislation/FedRegister/finrule/2000-3/070600a.html)
• California State Penal Code (http://www.leginfo.ca.gov/cgi-bin/calawquery?codesection=pen&codebody=&hits=20)
• California State Penal Code Section 502 (http://www.leginfo.ca.gov/cgi-bin/waisgate?WAISdocID=92031922486+1+0+0&WAISactioction=retrieve)
• 4CNET Acceptable Use Policy (http://www.csu.net/documents/4cnet_policy.html)
• US Copyright Law Section 107 (http://www.copyright.gov/title17/)