Appropriate Use of Information Technology Resources Policy

Introduction

The purpose of this policy is to provide guidelines for the appropriate use of Santa Fe's information technology resources as well as for the College's access to information.

Santa Fe College acquires, develops, and maintains computers, information systems, telephone systems and networks. These information technology resources support the mission, values and goals of the College and are intended for College-related uses, including the direct and indirect support of instruction; administrative functions; student activities; and the free exchange of ideas within the College community, and among the College community and the wider local, national, and world communities.

This policy applies to all individuals who access information technology resources owned or operated by the College, whether affiliated with the College or not, and whether on campus or from remote locations. Additional policies may govern specific information technology resources provided or operated by specific departments of the College.

Rights & Responsibilities

Access to information technology resources owned or operated by the College is a privilege that is granted by the College and subject to certain rules, regulations and restrictions. Such access carries with it legal and ethical responsibilities and should reflect the honesty and discipline appropriate for our community of shared information technology resources. Appropriate and ethical use demonstrates respect for intellectual property, ownership of data, system security mechanisms, and individuals' right to privacy and to freedom from intimidation or harassment.

General Guidelines

Appropriate use of information technology resources means that users:

• Must comply with federal and state laws, College rules and policies, and the terms of applicable contracts including software licenses while using College information technology resources. Examples of applicable laws, rules and policies include the laws of defamation, privacy, copyright, trademark, obscenity and child pornography; the Florida Computer Crimes Act (Chapter 815, Florida Statutes), the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act, which prohibit "hacking," "cracking" and similar activities; the College's Student Conduct Code; and the College's Sexual Harassment Policy. Users who engage in electronic communications with persons in other states or countries or on other systems or networks may also be subject to the laws of those jurisdictions and the rules and policies of those other systems and networks. Users with questions as to how the various laws, rules and resolutions may apply to a particular use of College information technology resources should contact the Department of Information Technology Services for more information.
• Must accept responsibility for account privileges. Users are responsible for obtaining proper authorization before using College information technology resources. Under no circumstances should users disclose their account login information or use another person's account login. In cases when unauthorized use of accounts or resources are detected or suspected, the account owner should change the password and report the incident to the network administrator. Electronic information is a valuable College resource. Users are responsible for safeguarding data connected with their accounts and are expected to use good computing practices to backup data, change passwords, grant access privileges to files and follow the records retention policies for their area.
• Should be considerate when using shared resources. Although there is no set limit on bandwidth, disk space, or CPU time that is applicable to all uses of College information technology resources, the College may require users of those resources to limit or refrain from specific uses if, in the opinion of the system administrator, such use interferes with the efficient operations of the system.
• Must not use information technology resources to gain unauthorized access to remote computers or to impair or damage the operations of College computers or networks, terminals or peripherals. This includes blocking communication lines and running, installing or sharing virus programs. Deliberate attempts to circumvent data protection or other security measures are not allowed.
• Should make every effort to abide by College information technology standards. Using non-standard hardware and software decreases the College's ability to maintain proficiency in procurement, installation, maintenance and life cycle management of information technology resources. Users of the College's information technology are strongly encouraged to check the standards before purchasing hardware and software.

This policy may be modified as deemed necessary by the College. Users are encouraged to periodically review the policy as posted on the web pages for Information Technology Services.

Email

For purposes of this document, e-mail includes point-to-point messages, postings to newsgroups and listservs and any electronic messaging involving computers and computer networks. Organizational e-mail accounts, including those used by student organizations, are held to the same standards as those for individual accounts. E-mail is considered an official communications method of the College and generally subject to the Florida Public Records Law and the Florida Sunshine Law to the same extent as it would be on paper. E-mail users must therefore know the laws (Policy On The Public Records Law And Email) and be mindful that College e-mail is public information.

Examples of Inappropriate Uses of E-mail

While not an exhaustive list, the following uses of e-mail by individuals or organizations are considered inappropriate and unacceptable at Santa Fe College. In general, e-mail shall not be used for the initiation or re-transmission of:

• Chain mail that misuses or disrupts resources -- E-mail sent repeatedly from user to user, with requests to send to others.
• Harassing or hate-mail -- Any threatening or abusive e-mail sent to individuals or organizations that violates college rules and regulations or the Code of Student Conduct.
• Virus or virus hoaxes.
• Spamming or e-mail bombing attacks -- Intentional e-mail transmissions that disrupt normal e-mail service.
• Junk mail -- Unsolicited e-mail that is not related to College business and is sent without a reasonable expectation that the recipient would welcome receiving it.
• False identification -- Any actions that defraud another or misrepresent or fail to accurately identity the sender.

College Access to E-mail

All e-mail messages are the property of the College. As a routine, the College will not inspect e-mail content. However, the College reserves the right to access messages under circumstances outlined in the Security and Privacy section of this policy and to save email pertaining to College business when an employee leaves the College. This access will be granted only upon written notification from the employee's supervisor to the Associate Vice President of Information Technology Services. These files may be transferred to another user if necessary to conduct College business.

Web Pages

College web pages represent the College and are intended for the official business functions of the College. Official web pages, including student organizational web pages, are expected to follow the same professional standards that apply to official publications in any other medium. For more information on web policies and guidelines refer to SFCC's Web Policies and Guidelines.

Commercial Use

Information technology resources are not to be used for personal commercial purposes or for personal financial gain. Occasional personal use of College information technology resources for purposes other than commercial or financial gain is permitted when it does not consume a significant amount of those resources, does not interfere with the teaching/learning process, or with the performance of a user's job or other College responsibilities, and is otherwise in compliance with this policy. Further limits may be imposed upon personal use in accordance with normal supervisory procedures concerning the use of College equipment.

Security & Privacy

The College employs various measures to safeguard its information technology resources and its users' accounts. Users should be aware, however, that the College cannot guarantee security and confidentiality. Users should therefore engage in "safe computing" practices by establishing appropriate access restrictions their accounts, guarding their passwords and changing them regularly.

Users should also be aware that their uses of College information technology resources are not completely private. While the College makes every effort to ensure privacy and does not routinely monitor individual usage of its information technology resources, the normal operation and maintenance of those resources require the backup and caching of data and communications, the logging of activity, the monitoring of general usage patterns and other such activities that are necessary for the continuation of service. The College may also monitor the activity and accounts of individual users of College information technology resources, including individual login sessions and the content of individual communications, without notice, when:

• The user has voluntarily made them accessible to the public, as by posting to a listserv or a web page
• It reasonably appears necessary to do so to protect the integrity, security, or functionality of College information
• There is reasonable cause to believe that the user has violated or is violating this policy
• A user appears to be engaged in unusual or unusually excessive activity
• It is otherwise required or permitted by law

Any such monitoring of communications, other than what is made accessible by the user, required by law, or necessary to respond to perceived emergency situations, must be authorized in advance by at least one College Vice President in consultation with the Associate Vice President of Information Technology Services and the College's legal counsel. The College, in its discretion, may disclose the results of any such general or individual monitoring, including the contents and records of individual communications, to appropriate College personnel or law enforcement agencies and may use those results in appropriate College disciplinary proceedings. Communications made by means of College information technology resources are also generally subject to the Florida Public Records Law to the same extent as they would be if made on paper.

Enforcement and Penalties for Violations

The College considers any violation of this policy to be a serious offense. Violators of this policy will be referred to the appropriate College entity for disciplinary action. The College may, however temporarily suspend, block or restrict access to an account, independent of such disciplinary procedures, when it reasonably appears necessary to do so in order to protect the integrity, security, or functionality of College or other computing resources or to protect the College from liability.