Terms of Service

Introduction

This policy is designed to perpetuate Harding University’s mission. It is imperative that the campus community understands that informational and technological resources require responsible behavior from all its users.

 

Purpose

This policy is designed to define the appropriate and responsible use of the Information Systems and Technology (IS&T) resources at Harding University including campus computing and network facilities. Each authorized user must assume responsibility for their own behavior while utilizing these resources. The same moral and ethical behavior that is expected in the non-IS&T environment at Harding University should also serve as a guide in its IS&T environment.

 

Scope

This policy applies to all faculty, staff, students, contractors or any other individual using IS&T at Harding University. Access to Harding University owned computer facilities, equipment, hardware, software, printing services, technology and staff-provided user support is a privilege, not a right. Accepting access to this technology carries an associated expectation of responsible and acceptable use. When accessing any remote resources using Harding University IS&T resources, users are required to comply with both the policies set forth in this document and all applicable policies governing the use and access to these remote resources. Users will also be required to comply with state and federal laws.

Harding University provides IS&T resources that are consistent with the mission and goals of the University. Specifically, services are provided to support teaching, learning, scholarship, research, administration and outreach functions of the University.

 

Compliance

All users of Harding University IS&T resources are required to comply with this policy. Harding University reserves the right to amend this policy at any time and without prior notice in order to better provide IS&T resources and services to faculty, staff and students. Harding University reserves the right to deny, limit, restrict or extend computing privileges and access to its IS&T resources. App users are required to comply with state and federal laws when using Harding University IS&T resources.

Section One - General

1.1 Access & Privileges

1.1.1 User Accounts

Harding University students and employees will be provided access to IS&T resources based upon their individual role and need. These accounts are themselves part of the IS&T resources.  The IS&T resources to which they allow access may include, but are not limited to: individual computers or workstations, personal network file-space, the internet, the Harding University Intranet, portals, web-space, email and classroom and learning management systems. Access to these accounts is a privilege, not a right, and may be revoked for any reason including non-compliance with Harding University policies, such as conditions laid out in the Employee Handbook, the current Student Handbook and this policy.

1.1.2 User-ID

Users are responsible for all activity performed with their personal user-IDs. User-IDs may not be utilized by anyone but the individuals to whom they have been issued. Users must not allow others to perform any activity with their user-IDs. Similarly, users are forbidden from performing any activity with IDs belonging to other users (excepting anonymous user-IDs like "guest"). Any suspected unauthorized access of a user account should be reported immediately to the Chief Information Officer or his/her designee.

1.1.3 Passwords

Regardless of the circumstances, passwords must never be shared or revealed to anyone else besides the authorized user. To do so exposes the authorized user to responsibility for actions that the others take with the password. If users need to share computer resident data, they should use electronic mail, public directories on local area network servers, and other mechanisms. All users are responsible for both the protection of their user account password and the data stored in their user account.

1.1.4 System Privilege Deactivation

See employee specific and student specific deactivation policies. (Sections 2.1.1 and 3.1.1)

1.1.5 No Responsibility for Personally Owned Computers

Harding University cannot provide, and will not be responsible for, software or data kept on personally owned devices, (e.g. phones, tablets, pad devices or computers), nor is it responsible for the installation, repair, maintenance or upgrade of personally owned devices.

1.2 Acceptable Use

1.2.1 Acceptable Uses of Information Technology or Systems

Harding University IS&T are provided to assist students and employees in acquiring and disseminating information related to the performance of regularly assigned job duties, classroom assignments or relevant scholarly activities.

1.2.2 Unacceptable Uses of Information Technology or Systems

Any information, data or programs not congruent with the mission of Harding University must not be created, stored, transmitted, viewed or manipulated using Harding University owned technology or information systems.

The following is a list that includes, but is not limited to, unacceptable uses of IS&T resources.

  1. Transmitting, displaying, disseminating or printing any material, or engaging in any other activity in violation of any federal, state or local laws, including copyright law and the Family Educational Rights and Privacy Act (FERPA). Such material would include, but not be limited to, computer files, articles and software.
  2. Transmitting or accessing information containing harassing material. Harassment includes, but is not limited to:
    • Text images with the intent to harass, terrify, intimidate, threaten or offend another person
    • Intentionally using the computer to contact another person repeatedly with the intent to harass or bother, whether or not any actual message is communicated, and/or where no purpose of legitimate communication exists, and where the recipient has expressed a desire for the communication to cease
    • Intentionally using the computer to disrupt or damage the academic, research, administrative or related pursuits of another
    • Intentionally using the computer to invade the privacy, academic or otherwise, of another or the threatened invasion of the privacy of another.
  3. Transmitting, receiving, displaying or viewing offensive content. This includes, but is not limited to, sexual comments or images, racial slurs, gender specific comments or any comments that would offend someone on the basis of their age, sex, national origin or disability.
  4. Displaying, sending, printing, or storing sexually explicit, graphically disturbing, obscene, pornographic, fraudulent, harassing, threatening, abusive, racist or discriminatory images, files or messages in any campus computing facility or any campus location.
  5. Attempting forgery of email messages.
  6. Physical or electronic interference with other computer systems users.
  7. Extend Harding's enterprise network by attaching devices such as switches, routers and wireless access points without permission from IS&T. 
  8. Any other practice or user activity that, in the opinion of the Information Systems and Technology Department constitutes irresponsible behavior, promotes illegal activities, results in the misuse of computer resources or jeopardizes the operation of IS&T at Harding University.

1.2.3 Prohibition Against Commercial Use of Information Resources

Harding University users must not use Harding University IS&T resources for soliciting business, selling products or otherwise engaging in commercial activities other than those expressly permitted by Harding University management. Prohibited activity includes, but is not limited to operating a business, usurping business opportunities or soliciting money for personal gain.

1.3 Privacy and Data Ownership

1.3.1 Legal Ownership of Information Systems Files and Messages

Harding University has legal ownership of the contents of all files stored on its computer and network systems as well as all messages transmitted via these systems. Harding University reserves the right to access all such information without prior notice whenever there is a genuine need.

1.3.2 No Responsibility for Monitoring Content of Information Systems

Harding University reserves the right to remove any message, file, database, graphic or other material from its information systems. At the same time, Harding University has no obligation to monitor the information content residing on or flowing through its IS&T.

1.3.3 Privacy Expectations and Information Stored on Harding University Systems

At any time and without prior notice, Harding University management reserves the right to examine archived electronic mail, personal file directories, hard disk drive files and other information stored in Harding University IS&T. Similarly, at any time and without prior notice, Harding University management reserves the right to examine or monitor any device attached, for any reason, to the Harding University digital network. This examination is performed to assure compliance with internal policies, to support the performance of internal investigations, to comply with legal requirements such as a subpoena or court order and to assist with the management of Harding University IS&T resources. It is also possible that others may inadvertently access or monitor these same systems.

1.3.4 Disclaimer of Responsibility for Damage to Data and Programs

Harding University uses access controls and other security measures to protect the confidentiality, integrity and availability of the information handled by computers and communications systems. In keeping with these objectives, management maintains the authority to: (1) restrict or revoke any user's privileges, (2) inspect, copy, remove or otherwise alter any data, program or other system resource that may undermine these objectives, and (3) take any other steps deemed necessary to manage and protect its IS&T resources. This authority may be exercised with or without notice to the involved users. Harding University disclaims any responsibility for loss or damage to data or software that results from its efforts to meet these security objectives.

1.4 Intellectual Property

1.4.1 Software

Respect for the intellectual work and property of others has traditionally been essential to the mission of academic institutions. As members of the academic community, Harding University values the free exchange of ideas. Just as Harding University does not tolerate plagiarism, Harding University strongly supports strict adherence to software vendors' license agreements and copyright holders' notices. If Internet users or other system users make unauthorized copies of software, the users are doing so on their own behalf, since all such copying is strictly forbidden by Harding University.

1.4.2 Copyright Laws

Unless placed in public domain by its owners, the Copyright Act protects software programs. Software is also protected by the license agreement between the owner and purchaser. It is illegal to duplicate, copy, or distribute software or its documentation without the permission of the copyright owner.

1.4.3 Fair use

Unless permission from the copyright owner(s) is first obtained, making multiple copies of material from magazines, journals, newsletters and other publications is forbidden unless this is both reasonable and customary. This notion of "fair use" is in keeping with international copyright laws.

 

Section Two - Policies for Students

2.1 Student Specific Privileges

2.1.1 System Privilege Deactivation

Access to Harding University IS&T resources provided through User Accounts will normally be revoked and the user account deleted nine months after a student’s last term of enrollment.  The Google account will be deleted simultaneously.  Access to services outside those normally provided to all students may be revoked before that time based on prior arrangement with faculty or departments.  Requests for any extension of the above must be  approved by the Chief Information Officer or his/her designee.

2.2 Campus Computing Facilities

2.2.1 Acceptable Use of Facilities

Computer labs on the Harding University campus are not available for general use during the periods when the rooms have been reserved for teaching purposes, unless otherwise specified by the professor. It is the responsibility of every user to use these facilities in a responsible manner.

2.2.2 Disruptive Behavior

Students using campus IS&T facilities must not cause noise, display abusive or inappropriate behavior towards other users, or create other disturbances in any campus computing area.

2.2.3 Data Protection

Students using campus IS&T facilities must not obtain, destroy or remove data other than their own.

2.2.4 Destruction of Computer Resources

Students using campus IS&T facilities must not destroy or remove university owned computer resources.

2.2.5 Alteration of Lab Computer Set-Up

Students using campus IS&T facilities must not attempt to change the setup on lab computers.

2.2.6 Damage Reporting

Students must report to the DormNet Help Desk any accidental damage or damage caused by other parties to IS&T facilities.

 

Section Three - Policies for Employees

3.1 Privileges

3.1.1 System Privilege Deactivation

Access to Harding University IS&T resources provided through User Accounts will normally be revoked and the user account deleted nine months after a student’s last term of enrollment.  The Google account will be deleted simultaneously.  Access to services outside those normally provided to all students may be revoked before that time based on prior arrangement with faculty or departments.  Requests for any extension of the above must be  approved by the Chief Information Officer or his/her designee.

3.1.2 Exception to System Privilege Deactivation

Harding University retirees and alumni are eligible to access to some Pipeline services using their Harding University accounts. This is a privilege and may be revoked at any time. Retirees must agree to abide by all Harding University Information Systems and Technology Policy in order to maintain their account.

3.1.3 Incidental Personal Use of Information Resources

Harding University allows computer users to make reasonable and incidental personal use of its electronic mail and other computer and communications systems. Incidental personal use is permissible if the use: (a) does not consume more than a trivial amount of resources that could otherwise be used for business purposes, (b) does not interfere with worker productivity, and (c) does not preempt any business activity. All such personal use must be consistent with conventional standards of ethical and polite conduct. For example, electronic mail must not be used to distribute or display messages or graphics which may reasonably be considered by some to be disruptive or offensive (such as sexual jokes or pornography).

Employees are encouraged to use a non-Harding email account for personal and other non-work-related activities to avoid difficulties when employment ends.

3.2 Privacy

3.2.1 Privacy / Administrative Data

Security and confidentiality are matters of concern to all Harding University employees who have access to financial, student, employee or donor records either by hard copy documents or via electronic or digital media. Harding University is responsible for the accuracy, integrity and confidentiality of its databases. All administrative digital data must be treated as confidential, other than data that has been designated as approved for release to the public. By law, certain institutional data are confidential and may not be released without proper authorization. Since conduct, either on or off the job, could affect or threaten the security and confidentiality of this information, each employee who accesses administrative systems is required to adhere to the following:

3.2.1.1 No one shall make or permit unauthorized use of any information in files maintained, stored, or processed by any Harding University information systems including the ERPs (e.g. Banner, Slate, and others), portals (e.g. Pipeline), document imaging (OnBase) or any other administrative system.

3.2.1.2 No one is permitted to seek personal benefit, allow others to benefit personally or to divulge, in any way, the contents of any record or report, to any person except in the conduct of his/her work assignment.

3.2.1.3 No one shall knowingly include, or cause to be included, in any record or report, a false, inaccurate or misleading entry. No one shall knowingly change or delete or cause to be changed or deleted an entry in any record or report, unless expressly authorized to do so and in accordance with Harding University and the Banner system (or other administrative system) policies and procedures.

3.2.1.4 Once information is downloaded, data should not be altered in word processing documents or spreadsheets in a way that misrepresents the information derived from these data. Downloaded information should be used and represented responsibly.

3.2.1.5 No official record or report, or copy thereof, shall be removed from the office where it is maintained or copied or printed via electronic means except in the authorized performance of a person’s duties, and in accordance with established procedures. Copies made in the performance of a person’s duties shall not be released to third parties except as in section 3.2.1 above applies.

3.2.1.6 No one is to aid, abet or act in conspiracy with another to violate any part of these terms and conditions.

3.2.1.7 Any knowledge of a violation of these terms and conditions must immediately be reported to the employee’s supervisor and the Chief Information Officer, or his/her designee.

3.2.1.8 Terminals and workstations should not remain logged on to Harding University’s campus network when unattended, unless they are logically locked down by a standard operating system lock feature.

3.3 When Making Copies of Software is Permissible

Third party software in the possession of Harding University must not be copied unless such copying is consistent with relevant license agreements and either: (a) management has previously approved of such copying or (b) copies are being made for contingency planning purposes.

3.4 Data Custodian

Data Custodians are designated individuals who have the ultimate responsibility for the accuracy and completeness of data in their respective areas. Examples include the Registrar for student data and the Director of Human Resources for employee data.

3.4.1 User Profile Groups

Data Custodians are responsible for maintaining security group assignments (user profiles that represent what is needed to perform a general set of related tasks.)

3.4.2 Access to Data

All access to institutional data must be approved by the appropriate Data Custodian. By approving access, the Data Custodian consents to the use of this data within the normal business functions of administrative and academic offices.

Access to institutional data shall not be granted to persons unless there is an established business need to know.

3.4.3 Violation of Access Privileges

The Data Custodian reserves the right to determine appropriate use of the data under his/her control. Usage violations may result in revocation of a user's access to the data.

 

Section Four - Policies for IS&T Professionals

4.1 Handling of Third Party Confidential and Proprietary Information

Unless specified otherwise by contract, all confidential or proprietary information, including software written by a third party that has been entrusted to Harding University by a third party must be protected as though it was Harding University confidential information.

4.1.2 Confidentiality of Harding University Computer Related Software or Documentation

All Harding University generated programs, codes and related documentation is confidential and must not be taken elsewhere when an employee, consultant or contractor leaves the employ or engagement of Harding University.

4.1.3. Removal of Sensitive Information from Harding University Premises

Confidential Harding University information, no matter what form it happens to take, must not be shared with those outside of Harding University or removed from Harding University premises, unless there has been prior approval from the information’s owner.

4.1.4 Copyright Notices on Computer Programs and Documentation

All computer programs and program documentation owned by Harding University should include appropriate copyright notices.

4.2 Third Parties

Other than the publicly available resources such as the Guest wireless network, visitors to Harding University and other persons may be authorized to access IS&T resources. Those parties will be subject to relevant Harding University policies and procedures and:

  • Have the authorization of the CIO or delegated officer
  • Sign an indemnity releasing Harding University from the consequences of legal action arising from the use of IS&T resources
  • The person's written agreement to abide by Harding University's policies
Section Five - Meta Policy

5.1. Policy Revision and Review

5.1.1 Additions and Deletions

Suggested information, policy additions, deletions or alterations should be submitted to the Chief Information Officer, or his/her designated official. This policy will be updated as needed without notice.

5.1.2 Policy Review

The policy review committee will be the President’s Cabinet, and the General Counsel, if deemed necessary. Any member of the Cabinet may request additional review by others, but policy acceptance will occur when the Cabinet has approved the policy or policy change.

5.2 Policy Communication

The Harding University Information Systems and Technology policies in force will be available on a web site.

5.3 Policy Summaries

Condensed versions of this policy or user-specific synopses of these policies may be distributed as needed to adequately implement the policies. Condensed versions or synopses must include information about how to obtain the complete policy or policies.

5.4 Violations

Any violations of this policy should be reported immediately to the relevant offices as indicated in Section 5.5.

Depending on the nature of the events, violations may be dealt with as described in the current Harding University Employee Handbook and the Student Handbook.

In most cases, the first action that the Information Systems and Technology Department will take is to confirm there has been a violation of Harding University policy and if so, the employee’s or student’s user account(s) will be disabled.

Information Systems and Technology Department will report employee violations to the Office of Human Resources and student violations to the Office of Student Life.

5.5 Contact Offices

Employees & Vendors

IS&T Helpdesk

Phone: 501-279-4440

itshelp@harding.edu

 

Students

DormNet

Phone: 501-279-4545

dormnet@harding.edu

 

Others

Alumni office

Phone: 501-279-4276

alumni@harding.edu

Contact Information