Information Systems & Technology
Responsible Use of Information Systems and Technology Resources
This policy is designed to perpetuate Harding University’s mission. It is imperative that the campus community understands that informational and technological resources require responsible behavior from all its users.
This policy is designed to define the appropriate and responsible use of the information systems and technology (IS&T) resources at Harding University including campus computing and network facilities. Each authorized user must assume responsibility for their own behavior while utilizing these resources. The same moral and ethical behavior that is expected in the non-IS&T environment at Harding University should also serve as a guide in its IS&T environment.
This policy applies to all faculty, staff, students, contractors or any other individual using IS&T at Harding University. Access to Harding University owned computer facilities, equipment, hardware, software, printing services, technology, and staff-provided user support is a privilege, not a right. Accepting access to this technology carries an associated expectation of responsible and acceptable use. When accessing any remote resources using Harding University IS&T resources, users are required to comply with both the policies set forth in this document and all applicable policies governing the use and access to these remote resources. Users will also be required to comply with state and federal laws.
Harding University provides IS&T resources that are consistent with the mission and goals of the University. Specifically, services are provided to support teaching, learning, scholarship, research, administration and outreach functions of the University.
All users of Harding University IS&T resources are required to comply with this policy. Harding University reserves the right to amend this policy at any time and without prior notice in order to better provide IS&T resources and services to faculty, staff and students. Harding University reserves the right to deny, limit, restrict or extend computing privileges and access to its IS&T resources. App users are required to comply with state and federal laws when using Harding University IS&T resources.
SECTION ONE – GENERAL
1.1 Access & Privileges
1.1.1 User Accounts
Harding University students and employees will be provided access to IS&T resources based upon their individual role and need. These accounts may include, but is not limited to: individual computers or workstations, personal network file-space, the Internet, the Harding University Intranet, portals, web-space, email, and, classroom and learning management systems. Access to these accounts is a privilege, not a right, and may be revoked for any reason including non-compliance with Harding University policies, such as conditions laid out in the Employee Handbook, the current Student Handbook, the Responsible Use of Information Systems and Technology Resources policy.
Users are responsible for all activity performed with their personal user-IDs. User-IDs may not be utilized by anyone but the individuals to whom they have been issued. Users must not allow others to perform any activity with their user-IDs. Similarly, users are forbidden from performing any activity with IDs belonging to other users (excepting anonymous user-IDs like "guest"). Any suspected unauthorized access of a user account should be reported immediately to the Chief Information Officer or his/her designee.
Regardless of the circumstances, passwords must never be shared or revealed to anyone else besides the authorized user. To do so, exposes the authorized user to responsibility for actions that the others take with the password. If users need to share computer resident data, they should use electronic mail, public directories on local area network servers, and other mechanisms. All users are responsible for both the protection of their user account password and the data stored in their user account.
1.1.4 System Privilege Deactivation
1.1.5 No Responsibility for Personally Owned Computers
Harding University cannot provide, and will not be responsible for, software or data kept on personally owned devices, (e.g. phones, tablets, pad devices or computers), nor is it responsible for the installation, repair, maintenance or upgrade of personally owned devices.
1.2 Acceptable Use
1.2.1 Acceptable Uses of Information Technology or Systems
Harding University IS&T are provided to assist students and employees in acquiring and disseminating information related to the performance of regularly assigned job duties, classroom assignments, or relevant scholarly activities.
1.2.2 Unacceptable Uses of Information Technology or Systems
Any information, data, or programs not congruent with the mission of Harding University must not be created, stored, transmitted, viewed or manipulated using Harding University owned technology or information systems.
The following is a list that includes, but is not limited to, unacceptable uses of IS&T resources.
- Transmitting, displaying, disseminating or printing any material, or engaging in any other activity in violation of any federal, state, or local laws, including copyright law and the Family Educational Rights and Privacy Act (FERPA). Such material would include, but not be limited to, computer files, articles and software.
- Transmitting or accessing information containing harassing material. Harassment includes, but is not limited to:
- Text images with the intent to harass, terrify, intimidate, threaten or offend another person
- Intentionally using the computer to contact another person repeatedly with the intent to harass or bother, whether or not any actual message is communicated, and/or where no purpose of legitimate communication exists, and where the recipient has expressed a desire for the communication to cease
- Intentionally using the computer to disrupt or damage the academic, research, administrative or related pursuits of another
- Intentionally using the computer to invade the privacy, academic or otherwise, of another or the threatened invasion of the privacy of another.
- Transmitting, receiving, displaying, or viewing offensive content. This includes, but is not limited to, sexual comments or images, racial slurs, gender specific comments or any comments that would offend someone on the basis of their age, sex, national origin or disability.
- Displaying, sending, printing, or storing sexually explicit, graphically disturbing, obscene, pornographic, fraudulent, harassing, threatening, abusive, racist, or discriminatory images, files or messages in any campus computing facility or any campus location.
- Attempting forgery of email messages.
- Physical or electronic interference with other computer systems users.
- Extend Harding's enterprise network by attaching devices such as switches, routers and wireless access points without permission from IS&T.
- Any other practice or user activity that, in the opinion of the Information Systems and Technology Department constitutes irresponsible behavior promotes illegal activities, results in the misuse of computer resources or jeopardizes the operation of IS&T at Harding University.
1.2.3 Prohibition Against Commercial Use of Information Resources
Harding University users must not use Harding University IS&T resources for soliciting business, selling products, or otherwise engaging in commercial activities other than those expressly permitted by Harding University management. Prohibited activity includes, but is not limited to operating a business, usurping business opportunities or soliciting money for personal gain.
1.3 Privacy and Data Ownership
1.3.1 Legal Ownership of Information Systems Files and Messages
Harding University has legal ownership of the contents of all files stored on its computer and network systems as well as all messages transmitted via these systems. Harding University reserves the right to access all such information without prior notice whenever there is a genuine need.
1.3.2 No Responsibility for Monitoring Content of Information Systems
Harding University reserves the right to remove any message, file, database, graphic, or other material from its information systems. At the same time, Harding University has no obligation to monitor the information content residing on or flowing through its IS&T.
1.3.3 Privacy Expectations and Information Stored on Harding University Systems
At any time and without prior notice, Harding University management reserves the right to examine archived electronic mail, personal file directories, hard disk drive files, and other information stored in Harding University IS&T. Similarly, at any time and without prior notice, Harding University management reserves the right to examine or monitor any device attached, for any reason, to the Harding University digital network. This examination is performed to assure compliance with internal policies, to support the performance of internal investigations, to comply with legal requirements such as a subpoena or court order, and to assist with the management of Harding University IS&T resources. It is also possible that others may inadvertently access or monitor these same systems.
1.3.4 Disclaimer of Responsibility for Damage to Data and Programs
Harding University uses access controls and other security measures to protect the confidentiality, integrity, and availability of the information handled by computers and communications systems. In keeping with these objectives, management maintains the authority to: (1) restrict or revoke any user's privileges, (2) inspect, copy, remove, or otherwise alter any data, program, or other system resource that may undermine these objectives, and (3) take any other steps deemed necessary to manage and protect its IS&T resources. This authority may be exercised with or without notice to the involved users. Harding University disclaims any responsibility for loss or damage to data or software that results from its efforts to meet these security objectives.
1.4 Intellectual Property
Respect for the intellectual work and property of others has traditionally been essential to the mission of academic institutions. As members of the academic community, Harding University values the free exchange of ideas. Just as Harding University does not tolerate plagiarism, Harding University strongly supports strict adherence to software vendors' license agreements and copyright holders' notices. If Internet users or other system users make unauthorized copies of software, the users are doing so on their own behalf, since all such copying is strictly forbidden by Harding University.
1.4.2 Copyright Laws
Unless placed in public domain by its owners, the Copyright Act protects software programs. Software is also protected by the license agreement between the owner and purchaser. It is illegal to duplicate, copy, or distribute software or its documentation without the permission of the copyright owner.
1.4.3 Fair use
Unless permission from the copyright owner(s) is first obtained, making multiple copies of material from magazines, journals, newsletters, and other publications is forbidden unless this is both reasonable and customary. This notion of "fair use" is in keeping with international copyright laws.
SECTION TWO – POLICIES FOR STUDENTS
2.1 Student Specific Privileges
2.1.1 System Privilege Deactivation
Access to selected Harding University IS&T resources will normally be revoked at the time that a student is no longer enrolled at Harding University. Access to data stored on Harding resources and through the learning management system will be removed. The time-frame for this may vary according to the needs of specific systems and are determined by procedures (often automated) established by Information Systems and Technology Department. The student account may remain active allowing for access to selected portals and email hosted through Google.
2.2 Campus Computing Facilities
2.2.1 Acceptable Use of Facilities
Computer labs on the Harding University campus are not available for general use during the periods when the rooms have been reserved for teaching purposes, unless otherwise specified by the professor. It is the responsibility of every user to use these facilities in a responsible manner.
2.2.2 Disruptive Behavior
Students using campus IS&T facilities must not cause noise, display abusive or inappropriate behavior towards other users, or create other disturbances in any campus computing area
2.2.3 Data Protection
Students using campus IS&T facilities must not obtain, destroy or remove data other than their own.
2.2.4 Destruction of Computer Resources
Students using campus IS&T facilities must not destroy or remove university owned computer resources.
2.2.5 Alteration of Lab Computer Set-Up
Students using campus IS&T facilities must not attempt to change the setup on lab computers.
2.2.6 Damage Reporting
Students must report to the DormNet Help Desk any accidental damage or damage caused by other parties to IS&T facilities.
SECTION THREE – POLICIES FOR EMPLOYEES (Faculty, Staff and Student)
3.1.1 System Privilege Deactivation
Access to selected Harding University IS&T resources will normally be revoked at the time that an employee is no longer employed at Harding University. Access to data stored on Harding resources and through the learning management system will be removed. The time-frame for this may vary according to the needs of specific systems and are determined by procedures (often automated) established by Information Systems and Technology Department. The employee account may remain active allowing for access to selected portals and email hosted through Google.
3.1.2 Exception to System Privilege Deactivation
Harding University retirees and alumni are eligible to access to some Pipeline services using their Harding University accounts. This is a privilege and may be revoked at any time. Retirees must agree to abide by all Harding University Information Systems and Technology Policy in order to maintain their account.
3.1.3 Incidental Personal Use of Information Resources
Harding University allows computer users to make reasonable and incidental personal use of its electronic mail and other computer and communications systems. Incidental personal use is permissible if the use: (a) does not consume more than a trivial amount of resources that could otherwise be used for business purposes, (b) does not interfere with worker productivity, and (c) does not preempt any business activity. All such personal use must be consistent with conventional standards of ethical and polite conduct. For example, electronic mail must not be used to distribute or display messages or graphics which may reasonably be considered by some to be disruptive or offensive (such as sexual jokes or pornography).
3.2.1 Privacy / Administrative Data
Security and confidentiality are matters of concern to all Harding University employees who have access to financial, student, employee or donor records either by hard copy documents or via electronic or digital media. Harding University is responsible for the accuracy, integrity and confidentiality of its databases. All administrative digital data must be treated as confidential, other than data that has been designated as approved for release to the public. By law, certain institutional data are confidential and may not be released without proper authorization. Since conduct, either on or off the job, could affect or threaten the security and confidentiality of this information, each employee who accesses administrative systems is required to adhere to the following:
184.108.40.206 No one shall make or permit unauthorized use of any information in files maintained, stored, or processed by any Harding University information systems including the ERPs (e.g. Banner, Famis and others), portals (e.g. Pipeline), document imaging (Nolij) or any other administrative system.
220.127.116.11 No one is permitted to seek personal benefit, allow others to benefit personally or to divulge, in any way, the contents of any record or report, to any person except in the conduct of his/her work assignment.
18.104.22.168 No one shall knowingly include, or cause to be included, in any record or report, a false, inaccurate, or misleading entry. No one shall knowingly change or delete or cause to be changed or deleted an entry in any record or report, unless expressly authorized to do so and in accordance with Harding University and the Banner system (or other administrative system) policies and procedures.
22.214.171.124 Once information is downloaded, data should not be altered in word processing documents or spreadsheets in a way that misrepresents the information derived from these data. Downloaded information should be used and represented responsibly.
126.96.36.199 No official record or report, or copy thereof, shall be removed from the office where it is maintained or copied or printed via electronic means except in the authorized performance of a person’s duties, and in accordance with established procedures. Copies made in the performance of a person’s duties shall not be released to third parties except as Number 2 above applies.
188.8.131.52 No one is to aid, abet, or act in conspiracy with another to violate any part of these terms and conditions.
184.108.40.206 Any knowledge of a violation of these terms and conditions must immediately be reported to the employee’s supervisor and the Chief Information Officer, or his/her designee.
220.127.116.11 Terminals and workstations should not remain logged on to Harding University’s campus network when unattended, unless they are logically locked down by a standard operating system lock feature.
3.3 When Making Copies of Software is Permissible
Third party software in the possession of Harding University must not be copied unless such copying is consistent with relevant license agreements and either: (a) management has previously approved of such copying, or (b) copies are being made for contingency planning purposes.
3.4 Data Custodian
Data Custodians are designated individuals who have the ultimate responsibility for the accuracy and completeness of data in their respective areas. Examples include the Registrar for student data and the Director of Human Resources for employee data.
3.4.1 User Profile Groups
Data Custodians are responsible for maintaining security group assignments (user profiles that represent what is needed to perform a general set of related tasks.)
3.4.2 Access to Data
All access to institutional data must be approved by the appropriate Data Custodian. By approving access, the Data Custodian consents to the use of this data within the normal business functions of administrative and academic offices.
Access to institutional data shall not be granted to persons unless there is an established business need to know.
3.4.3 Violation of Access Privileges
The Data Custodian reserves the right to determine appropriate use of the data under his/her control. Usage violations may result in revocation of a user's access to the data.
SECTION FOUR – POLICIES FOR INFORMATION SYSTEMS AND TECHNOLOGY PROFESSIONALS
4.1 Handling of Third Party Confidential and Proprietary Information
Unless specified otherwise by contract, all confidential or proprietary information, including software written by a third party that has been entrusted to Harding University by a third party must be protected as though it was Harding University confidential information.
4.1.2 Confidentiality of Harding University Computer Related Software or Documentation
All Harding University generated programs, codes and related documentation is confidential and must not be taken elsewhere when an employee, consultant, or contractor leaves the employ or engagement of Harding University.
4.1.3. Removal of Sensitive Information from Harding University Premises
Confidential Harding University information, no matter what form it happens to take, must not be shared with those outside of Harding University, or removed from Harding University premises, unless there has been prior approval from the information’s owner.
4.1.4 Copyright Notices on Computer Programs and Documentation
All computer programs and program documentation owned by Harding University should include appropriate copyright notices.
4.2 Third Parties
Other than the publicly available resources such as the Guest wireless network, visitors to Harding University and other persons may be authorized to access IS&T resources. Those parties will be subject to relevant Harding University policies and procedures, and:
- Have the authorization of the CIO, or delegated officer
- Sign an indemnity releasing Harding University from the consequences of legal action arising from the use of IS&T resources
- The person's written agreement to abide by Harding University's policies
SECTION FIVE – META POLICY
5.1. Policy Revision and Review
5.1.1 Additions and Deletions
Suggested information, policy additions, deletions or alterations should be submitted to the Chief Information Officer, or his/her designated official. This policy will be updated as needed without notice.
5.1.2 Policy Review
The policy review committee will be the President’s Cabinet, and the University Counsel, if deemed necessary. Any member of the Cabinet may request additional review by others, but policy acceptance will occur when the Cabinet has approved the policy or policy change.
5.2 Policy Communication
The Harding University Information Systems and Technology policies in force will be available on a web site.
5.3 Policy Summaries
Condensed versions of this policy or user-specific synopses of these policies may be distributed as needed to adequately implement the policies. Condensed versions or synopses must include information about how to obtain the complete policy or policies.
Any violations of this policy should be reported immediately to the relevant offices as indicated in Section 5.5.
Depending on the nature of the events, violations may be dealt with as described in the current Harding University Employee Handbook and the Student Code of Conduct.
In most cases the first action that the Information Systems and Technology Department will take is to confirm there has been a violation of Harding University policy and if so, the employee’s or student’s user account(s) will be disabled.
Information Systems and Technology Department will report employee violations to the Office of Human Resources and student violations to the Office of Student Life.
5.5 Contact Offices
Employees & Vendors
Others (e.g. Alumni)