Responsible Use of Resources

1.1 Access & Privileges

1.1.1 User Accounts

Harding University students and employees will be provided access to IS&T resources based upon their individual role and need. These accounts may include, but are not limited to: individual computers or workstations, personal network file-space, the Internet, the Harding University Intranet, portals, web-space, email, and, classroom and learning management systems. Access to these accounts is a privilege, not a right, and may be revoked for any reason including non-compliance with Harding University policies, such as conditions laid out in the Employee Handbook, the current Student Handbook, the Responsible Use of Information Systems and Technology Resources policy.

1.1.2 User-ID

Users are responsible for all activity performed with their personal user-IDs. User-IDs may not be utilized by anyone but the individuals to whom they have been issued. Users must not allow others to perform any activity with their user-IDs. Similarly, users are forbidden from performing any activity with IDs belonging to other users (excepting anonymous user-IDs like "guest"). Any suspected unauthorized access of a user account should be reported immediately to the Chief Information Officer or his/her designee.

1.1.3 Passwords

Regardless of the circumstances, passwords must never be shared or revealed to anyone else besides the authorized user. To do so, exposes the authorized user to responsibility for actions that the others take with the password. If users need to share computer resident data, they should use electronic mail, public directories on local area network servers, and other mechanisms. All users are responsible for both the protection of their user account password and the data stored in their user account.

1.1.4 System Privilege Deactivation

See employee specific and student specific deactivation policies. (Sections 2.1.1 and 3.1.1)

1.1.5 No Responsibility for Personally Owned Computers

Harding University cannot provide, and will not be responsible for, software or data kept on personally owned devices, (e.g. phones, tablets, pad devices or computers), nor is it responsible for the installation, repair, maintenance or upgrade of personally owned devices.

1.2 Acceptable Use

1.2.1 Acceptable Uses of Information Technology or Systems

Harding University IS&T are provided to assist students and employees in acquiring and disseminating information related to the performance of regularly assigned job duties, classroom assignments, or relevant scholarly activities.

1.2.2 Unacceptable Uses of Information Technology or Systems

Any information, data, or programs not congruent with the mission of Harding University must not be created, stored, transmitted, viewed or manipulated using Harding University owned technology or information systems.

The following is a list that includes, but is not limited to, unacceptable uses of IS&T resources.

1. Transmitting, displaying, disseminating or printing any material, or engaging in any other activity in violation of any federal, state, or local laws, including copyright law and the Family Educational Rights and Privacy Act (FERPA). Such material would include, but not be limited to, computer files, articles and software.
2. Transmitting or accessing information containing harassing material. Harassment includes, but is not limited to:
   • Text images with the intent to harass, terrify, intimidate, threaten or offend another person
   • Intentionally using the computer to contact another person repeatedly with the intent to harass or bother, whether or not any actual message is communicated, and/or where no purpose of legitimate communication exists, and where the recipient has expressed a desire for the communication to cease
   • Intentionally using the computer to disrupt or damage the academic, research, administrative or related pursuits of another
   • Intentionally using the computer to invade the privacy, academic or otherwise, of another or the threatened invasion of the privacy of another.
3. Transmitting, receiving, displaying, or viewing offensive content. This includes, but is not limited to, sexual comments or images, racial slurs, gender specific comments or any comments that would offend someone on the basis of their age, sex, national origin or disability.
4. Displaying, sending, printing, or storing sexually explicit, graphically disturbing, obscene, pornographic, fraudulent, harassing, threatening, abusive, racist, or discriminatory images, files or messages in any campus computing facility or any campus location.
5. Attempting forgery of email messages.
6. Physical or electronic interference with other computer systems users.
7. Extend Harding's enterprise network by attaching devices such as switches, routers and wireless access points without permission from IS&T. 
8. Any other practice or user activity that, in the opinion of the Information Systems and Technology Department constitutes irresponsible behavior promotes illegal activities, results in the misuse of computer resources or jeopardizes the operation of IS&T at Harding University.

1.2.3 Prohibition Against Commercial Use of Information Resources

Harding University users must not use Harding University IS&T resources for soliciting business, selling products, or otherwise engaging in commercial activities other than those expressly permitted by Harding University management. Prohibited activity includes, but is not limited to operating a business, usurping business opportunities or soliciting money for personal gain.

1.3 Privacy and Data Ownership

1.3.1 Legal Ownership of Information Systems Files and Messages

Harding University has legal ownership of the contents of all files stored on its computer and network systems as well as all messages transmitted via these systems. Harding University reserves the right to access all such information without prior notice whenever there is a genuine need.

1.3.2 No Responsibility for Monitoring Content of Information Systems

Harding University reserves the right to remove any message, file, database, graphic, or other material from its information systems. At the same time, Harding University has no obligation to monitor the information content residing on or flowing through its IS&T.

1.3.3 Privacy Expectations and Information Stored on Harding University Systems

At any time and without prior notice, Harding University management reserves the right to examine archived electronic mail, personal file directories, hard disk drive files, and other information stored in Harding University IS&T. Similarly, at any time and without prior notice, Harding University management reserves the right to examine or monitor any device attached, for any reason, to the Harding University digital network. This examination is performed to assure compliance with internal policies, to support the performance of internal investigations, to comply with legal requirements such as a subpoena or court order, and to assist with the management of Harding University IS&T resources. It is also possible that others may inadvertently access or monitor these same systems.

1.3.4 Disclaimer of Responsibility for Damage to Data and Programs

Harding University uses access controls and other security measures to protect the confidentiality, integrity, and availability of the information handled by computers and communications systems. In keeping with these objectives, management maintains the authority to: (1) restrict or revoke any user's privileges, (2) inspect, copy, remove, or otherwise alter any data, program, or other system resource that may undermine these objectives, and (3) take any other steps deemed necessary to manage and protect its IS&T resources. This authority may be exercised with or without notice to the involved users. Harding University disclaims any responsibility for loss or damage to data or software that results from its efforts to meet these security objectives.

1.4 Intellectual Property

1.4.1 Software

Respect for the intellectual work and property of others has traditionally been essential to the mission of academic institutions. As members of the academic community, Harding University values the free exchange of ideas. Just as Harding University does not tolerate plagiarism, Harding University strongly supports strict adherence to software vendors' license agreements and copyright holders' notices. If Internet users or other system users make unauthorized copies of software, the users are doing so on their own behalf, since all such copying is strictly forbidden by Harding University.

1.4.2 Copyright Laws

Unless placed in public domain by its owners, the Copyright Act protects software programs. Software is also protected by the license agreement between the owner and purchaser. It is illegal to duplicate, copy, or distribute software or its documentation without the permission of the copyright owner.

1.4.3 Fair use

Unless permission from the copyright owner(s) is first obtained, making multiple copies of material from magazines, journals, newsletters, and other publications is forbidden unless this is both reasonable and customary. This notion of "fair use" is in keeping with international copyright laws.

2.1 Student Specific Privileges

2.1.1 System Privilege Deactivation

Access to selected Harding University IS&T resources will normally be revoked at the time that a student is no longer enrolled at Harding University.  Access to data stored on Harding resources and through the learning management system will be removed. The time-frame for this may vary according to the needs of specific systems and are determined by procedures (often automated) established by Information Systems and Technology Department. The student account may remain active allowing for access to selected portals and email hosted through Google.

2.2 Campus Computing Facilities

2.2.1 Acceptable Use of Facilities

Computer labs on the Harding University campus are not available for general use during the periods when the rooms have been reserved for teaching purposes, unless otherwise specified by the professor. It is the responsibility of every user to use these facilities in a responsible manner.

2.2.2 Disruptive Behavior

Students using campus IS&T facilities must not cause noise, display abusive or inappropriate behavior towards other users, or create other disturbances in any campus computing area.

2.2.3 Data Protection

Students using campus IS&T facilities must not obtain, destroy or remove data other than their own.

2.2.4 Destruction of Computer Resources

Students using campus IS&T facilities must not destroy or remove university owned computer resources.

2.2.5 Alteration of Lab Computer Set-Up

Students using campus IS&T facilities must not attempt to change the setup on lab computers.

2.2.6 Damage Reporting

Students must report to the DormNet Help Desk any accidental damage or damage caused by other parties to IS&T facilities.

3.1 Privileges

3.1.1 System Privilege Deactivation

Access to selected Harding University IS&T resources will normally be revoked at the time that an employee is no longer employed at Harding University. Access to data stored on Harding resources and through the learning management system will be removed. The time-frame for this may vary according to the needs of specific systems and are determined by procedures (often automated) established by Information Systems and Technology Department. The employee account may remain active allowing for access to selected portals and email hosted through Google.

3.1.2 Exception to System Privilege Deactivation

Harding University retirees and alumni are eligible to access to some Pipeline services using their Harding University accounts. This is a privilege and may be revoked at any time. Retirees must agree to abide by all Harding University Information Systems and Technology Policy in order to maintain their account.

3.1.3 Incidental Personal Use of Information Resources

Harding University allows computer users to make reasonable and incidental personal use of its electronic mail and other computer and communications systems. Incidental personal use is permissible if the use: (a) does not consume more than a trivial amount of resources that could otherwise be used for business purposes, (b) does not interfere with worker productivity, and (c) does not preempt any business activity. All such personal use must be consistent with conventional standards of ethical and polite conduct. For example, electronic mail must not be used to distribute or display messages or graphics which may reasonably be considered by some to be disruptive or offensive (such as sexual jokes or pornography).

3.2 Privacy

3.2.1 Privacy / Administrative Data

Security and confidentiality are matters of concern to all Harding University employees who have access to financial, student, employee or donor records either by hard copy documents or via electronic or digital media. Harding University is responsible for the accuracy, integrity and confidentiality of its databases. All administrative digital data must be treated as confidential, other than data that has been designated as approved for release to the public. By law, certain institutional data are confidential and may not be released without proper authorization. Since conduct, either on or off the job, could affect or threaten the security and confidentiality of this information, each employee who accesses administrative systems is required to adhere to the following:

3.2.1.1 No one shall make or permit unauthorized use of any information in files maintained, stored, or processed by any Harding University information systems including the ERPs (e.g. Banner, Famis and others), portals (e.g. Pipeline), document imaging (Nolij) or any other administrative system.

3.2.1.2 No one is permitted to seek personal benefit, allow others to benefit personally or to divulge, in any way, the contents of any record or report, to any person except in the conduct of his/her work assignment.

3.2.1.3 No one shall knowingly include, or cause to be included, in any record or report, a false, inaccurate, or misleading entry. No one shall knowingly change or delete or cause to be changed or deleted an entry in any record or report, unless expressly authorized to do so and in accordance with Harding University and the Banner system (or other administrative system) policies and procedures.

3.2.1.4 Once information is downloaded, data should not be altered in word processing documents or spreadsheets in a way that misrepresents the information derived from these data. Downloaded information should be used and represented responsibly.

3.2.1.5 No official record or report, or copy thereof, shall be removed from the office where it is maintained or copied or printed via electronic means except in the authorized performance of a person’s duties, and in accordance with established procedures. Copies made in the performance of a person’s duties shall not be released to third parties except as Number 2 above applies.

3.2.1.6 No one is to aid, abet, or act in conspiracy with another to violate any part of these terms and conditions.

3.2.1.7 Any knowledge of a violation of these terms and conditions must immediately be reported to the employee’s supervisor and the Chief Information Officer, or his/her designee.

3.2.1.8 Terminals and workstations should not remain logged on to Harding University’s campus network when unattended, unless they are logically locked down by a standard operating system lock feature.

3.3 When Making Copies of Software is Permissible

Third party software in the possession of Harding University must not be copied unless such copying is consistent with relevant license agreements and either: (a) management has previously approved of such copying, or (b) copies are being made for contingency planning purposes.

3.4 Data Custodian

Data Custodians are designated individuals who have the ultimate responsibility for the accuracy and completeness of data in their respective areas. Examples include the Registrar for student data and the Director of Human Resources for employee data.

3.4.1 User Profile Groups

Data Custodians are responsible for maintaining security group assignments (user profiles that represent what is needed to perform a general set of related tasks.)

3.4.2 Access to Data

All access to institutional data must be approved by the appropriate Data Custodian. By approving access, the Data Custodian consents to the use of this data within the normal business functions of administrative and academic offices.

Access to institutional data shall not be granted to persons unless there is an established business need to know.

3.4.3 Violation of Access Privileges

The Data Custodian reserves the right to determine appropriate use of the data under his/her control. Usage violations may result in revocation of a user's access to the data.

4.1 Handling of Third Party Confidential and Proprietary Information

Unless specified otherwise by contract, all confidential or proprietary information, including software written by a third party that has been entrusted to Harding University by a third party must be protected as though it was Harding University confidential information.

4.1.2 Confidentiality of Harding University Computer Related Software or Documentation

All Harding University generated programs, codes and related documentation is confidential and must not be taken elsewhere when an employee, consultant, or contractor leaves the employ or engagement of Harding University.

4.1.3. Removal of Sensitive Information from Harding University Premises

Confidential Harding University information, no matter what form it happens to take, must not be shared with those outside of Harding University, or removed from Harding University premises, unless there has been prior approval from the information’s owner.

4.1.4 Copyright Notices on Computer Programs and Documentation

All computer programs and program documentation owned by Harding University should include appropriate copyright notices.

4.2 Third Parties

Other than the publicly available resources such as the Guest wireless network, visitors to Harding University and other persons may be authorized to access IST resources. Those parties will be subject to relevant Harding University policies and procedures, and:

• Have the authorization of the CIO, or delegated officer
• Sign an indemnity releasing Harding University from the consequences of legal action arising from the use of IS&T resources
• The person's written agreement to abide by Harding University's policies