Technology Acceptable Use Policies

Network and Technology Acceptable Use

William Jessup University shall not fail to administer policy and procedures that guide acceptable network and technology use.

Procedure:
This WJU Network and Technology Acceptable Use policy regulates the direct and indirect use of technology resources, both on campus and off campus. Individuals are expected to be familiar with this Network and Technology Acceptable Use policy before utilizing university technology resources. Any of the following actions signifies that an individual has read this Network and Technology Acceptable Use Policy and agrees to comply with it: (i) logging into network accounts or signing the mobile device policy for, or (ii) any use of technology resources. The use of Jessup network property or resources is not permitted for purposes that may be deemed inconsistent with Jessup's mission, , Community Covenant, Statement of Faith, and Employee/Student Handbook.

Accessing Technology Resources

  • Named network credentials may be created for employees and students. When necessary, volunteers and independent contractors may use role-based accounts which are delegated to and managed by the supervising employee. Credential requests for strategic partners will be evaluated as needed. All employees, volunteers, independent contractors, and strategic partners must have a clear background check to have access to the WJU network.
  • Individuals are prohibited from disclosing their own password to anyone. Individuals must safeguard their account and its contents and will be responsible for any misuse. Individuals may not search for, access, copy, or use passwords of others.
  • Individual accounts cannot be shared, transferred to or used by other users. Individuals may not access or copy directories, programs, files, data, or documents that do not belong to them without the permission of the account owner.
  • Shared or role-based accounts, intended to be used by more than one user, are permitted with prior authorization from the IT Services Director.
  • The account owner is responsible for all actions performed on university technology resources through the account owner’s account. The University reserves the right to hold an account owner responsible if, through negligence or deliberate action, university technology resources are misused in any way by the account owner or anyone using the account owner’s account.
  • Individuals may not attempt to gain access to university technology resources which they are not specifically authorized to access. Attempting to gain unauthorized access or assisting others in gaining unauthorized access to such university technology resources is strictly prohibited and may result in disciplinary action up to and including termination of employment or dismissal from the University.
  • After an account becomes inactive due to retirement, resignation, or termination of employment, all associated electronic data remains property of the University, including university-related files and all email. University data may be transferred to the supervisor of the employee after obtaining permission from, and at the sole discretion of, the IT Services Director. Prior to leaving, it will be the employee’s responsibility to remove all non-business information that may have been stored on university resources prior to the establishment of this policy.
  • Without limiting its rights in any way, the University specifically reserves the right, in its sole discretion, to limit, restrict, suspend or terminate any user’s account or use of university technology resources, for any reason.

Use of Technology Resources

  • E-mail and other computer files (collectively, “files”) should not be considered private, particularly in light of (i) the open nature of the Internet and related technology and (ii) the ease with which files may be accessed, copied and distributed. Individuals must not send messages by e-mail that include information protected by privacy laws such as FERPA or HIPAA.
  • Equipment provided by WJU is intended to be used in accomplishing the responsibilities of each employee’s job. Use of company equipment to engage in non-work- related (personal) activities is generally not permitted and should be limited. Internet bandwidth and technology resources should be reserved for activities that support the administrative, teaching, and learning processes.
  • WJU’s storage resources are to be used by employees in the performance of job duties. Employees will receive working directories on network storage. Any items that employees need to perform their duties should be stored here. It is the responsibility of the employee to clean up the storage space and ensure files that do not belong are removed.
  • Individuals and IT Services may not copy any software unless they are licensed by the software licensor to do so.
  • Individuals may not remove fixed university technology resources from their designated places without first obtaining permission of the IT Services Department.
  • Individuals may not use university technology resources to impede, interfere with or otherwise cause harm to others or their activities or create or constitute an unacceptable burden on university technology resources.
  • Individuals may not use or permit another person or entity to use university technology resources (including without limitation processing power, memory, and connectivity to the Internet) for running online advertising, storing data, or engaging in distributed processing, other than such uses which are in furtherance of legitimate and approved university purposes.
  • Individuals may not use university technology resources in connection with activities prohibited by any applicable WJU policy or by any applicable laws, ordinances, rules, regulations, or orders of any public authority having jurisdiction.
  • Individuals may not use e-mail for unauthorized mass messaging, such as distribution of chain, spam e-mail, messages that do not adhere to the strict guidelines as defined by the Federal Trade Commission: (http://www.business.ftc.gov/documents/bus61-can- spam-act- compliance- guide-business), or phishing messages, which cause excessive strain on electronic communications
    resources.
  • WJU prohibits the use of peer-to- peer file sharing software and protocols. Use of this type of software will result in the disabling of the applicable network port and may lead to disciplinary action.
  • Individuals may not use university technology resources to send, forward, or otherwise disseminate nuisance messages. Nuisance messages include, without limitation, knowing or reckless distribution of unwanted messages, messages that would constitute a violation of the University’s harassment policies and messages to a recipient who has previously notified the individual that any messages (or messages of a particular type) from the sender are not welcome.
  • Use of any packet-capturing (“sniffing”) software, keystroke loggers, or any other device or software product that, in the sole discretion of the IT Services Department, can be used (or is deemed to be used) to circumvent security controls is strictly prohibited.

Privacy of Technology Resources

  • Computer systems and network devices may be monitored to ensure the security and protection of university technology resources. The IT Services Director may take action when he/she determines that there is a potential or actual threat to the security or integrity of university computers, computer systems or networks or their authorized use.
  • The privacy and security of files, electronic communications, and other information belonging to individual university users will be protected to the extent reasonably possible. However, computers, computer systems and networks generally, and the University network specifically, must never be considered private, particularly in light of (i) the open nature of the Internet and related technologies, and (ii) the ease with which files and data can be accessed, copied and distributed. Users must take all appropriate precautions to protect sensitive and confidential information stored on their systems.
  • All systems that contain sensitive or protected data that are under the stewardship of the University, including, but not limited to, social security numbers, academic records, protected health information, and financial data, must be protected regardless of the media on which it resides. Use, transmittal, and storage of protected information must follow approved business processes and privacy laws (including FERPA and HIPAA) that contain adequate technical controls to mitigate the risk of unauthorized disclosure.
  • All software applications, whether hosted on the University network or by a third party, that are intended to hold, process or otherwise handle protected information (including, but not limited to social security numbers) must be first reviewed by the University’s IT Services Director prior to the purchase or implementation of application occurs. Such software applications must conform to federal, state or other regulatory requirements as well as university policy.

Security Controls for Technology Resources

  • IT Services has the right to perform security assessments on any software or device that utilizes the University network.
  • IT Services is responsible for configuring and managing the University network as well as all wired and wireless connectivity to the University network. Devices connected to the University network must be approved by IT Services to ensure that the security and availability of our network is maintained.
  • The IT Services Director is responsible for determining the level of authentication required for remotely accessing systems containing sensitive or protected data.
  • All IP-capable devices installed on the University network shall have an IP address issued by IT Services. Operating equipment that supports the issuance of IP addresses, such as Dynamic Host Configuration Protocol (DHCP), is prohibited without prior written approval from IT Services.
  • IT Services may filter network traffic to exclude malicious traffic on both an incoming and an outgoing basis. Malicious traffic may include malware and unsolicited commercial e-mail
  • The purchase and use of information security tools including, but not limited to, firewalls, intrusion detection/prevention systems and security diagnostic/hacking tools is prohibited.
  • The use of VPN software that prevents packet analysis on the University’s network is prohibited.
  • Access to all university data centers and processing facilities shall be restricted to properly
    authorized users. Access is granted by the IT Services Director.

Mobile Device Usage

William Jessup University shall not fail to administer policy and procedures that guide university owned
mobile device usage.

Procedure:
WJU provides mobile devices to some employees whose department or position necessitates. Such devices may include laptops, mobile phones, tablets, wireless access devices, accessories, etc.
University owned mobile devices are intended for business-related use. Occasional, brief personal use is permitted within a reasonable limit. Employees are prohibited from incurring any fees or charges as a result of personal used of university- provided devices and subsequently billing those fees and charges to the University, including the cost of unapproved software applications and programs. If laptop, mobile phone, tablet computer, accessory and service fees or charges result from personal use of university-provided equipment, the user is responsible for making payment for those fees and charges and any related billing costs.

Users are prohibited from installing unapproved software on university-provided devices. Employees shall refrain from downloading additional software and services, including distinctive ring tones, games and other applications. No sensitive, proprietary, or confidential information is to be stored on mobile devices at any time. This includes, but is not limited to, un-encrypted lists of WJU passwords and data. If a university-provided mobile devices is lost, stolen or misplaced, the user much notifies the WJU IT Helpdesk at helpdesk@jessup.edu regardless of time of day or day of week so that appropriate steps can be taken to suspend device's voice and data services.

University-purchased laptops, mobile phones, tablets, and wireless access devices/hotspots remain in the perpetual possession and ownership of the University. Mobile devices and the devices telephone number are provided to the end user only while in the employment of the University. Employees who have access to a cell phone while in their cars must remember that their primary
responsibility is driving safely and obeying the rules of the road. Employees are prohibited from using cell phones to conduct business while driving.

Illegal Software/BitTorrenting

William Jessup University shall not fail to administer policy against illegal downloading of
software and BitTorrenting.

Rational:

  • It is stealing. (Exodus 20:15; Ephesians 4:28) Artists, writers, musicians, and other creators of intellectual property rely upon copyright to protect their works. Without copyright, there would be no way to protect their income and no incentive to make their works available to us through books, music CDs, videos, etc. When you violate copyright by downloading and sharing these works, you are stealing by depriving the artist of real income.
  • It is illegal. (Romans 13) Both the U.S. Copyright Act, and the Digital Millennium Copyright Act of 1998, prohibit the distribution or sharing of copyrighted works without the copyright owner’s permission. Research has “…found that 89 percent of the [BitTorrent] files…sampled were confirmed to be illegally shared, and most of the remaining ambiguous 11 percent were likely to be infringing.” (http://arstechnica.com/tech-policy/2010/07/only- 03-of- files-on- bit-torrent- confirmed-to- be-legal/) Individuals who participate in illegal file sharing may be prosecuted by law.
  • It is dangerous. The “peer-to- peer” software that is used for file sharing may bypass your computer’s operating system security and open your entire computer, along with your personal information, to anyone on the Internet.
  • It degrades our network performance. Because it is the nature of these programs to share your files with as many computers as possible, the resulting volume of network traffic can slow down or disable our entire network (i.e. other users).

Definitions:

  • BitTorrent – BitTorrent is a peer-to- peer (P2P) file sharing protocol designed to reduce the bandwidth required to transfer files. It does this by distributing file transfers across multiple systems, thereby lessening the average bandwidth used by each computer. For example, if a user begins downloading a movie file, the BitTorrent system will locate multiple computers with the same file and begin downloading the file from several computers at once. http://www.techterms.com/definition/bittorrent
  • File-sharing software/P2P – Stands for “Peer to Peer.” In a P2P network, the “peers” are computer systems which are connected to each other via the Internet. Files can be shared directly between systems on the network without the need of a central server. In other words, each computer on a P2P network becomes a file server as well as a client. While P2P networking makes file sharing easy and convenient, is also has led to software piracy and illegal music downloads. Therefore, it is best to be on the safe side and only download software and music from legitimate websites. http://www.techterms.com/definition/p2p

Procedure:
Illegally downloading or sharing copyrighted materials, including music, games, and/or videos using WJU’s computer network is strictly prohibited.
If your computer contains illegal files or file-sharing software, the IT Services Help Desk will no longer provide you with support services of any kind. If your computer is detected engaging in illegal file sharing, your connection to the University network will be immediately terminated. Before your connection can be restored, you will be required to read and sign an agreement stating that you have removed the offending files and software from your computer, and that you will no longer engage in the illegal downloading and sharing of copyrighted material.

Repeat offenders will be permanently removed from the network and will be referred for disciplinary action. If appropriate, you may also be reported to the police or other government officials.
If you are illegally downloading or sharing copyrighted material, we urge you to immediately remove these materials and file-sharing software from your computer. If you need help removing these files, contact the WJU IT Services Help Desk (916-577- 2345) and we will assist you without penalty.

Our mission is to provide our students with a safe and powerful computing environment. Therefore, we cannot permit our computer resources to be used for illegal purposes. It is our intention to strictly enforce WJU policy and we will obey and comply with all legitimate government laws and regulations. There are legal alternatives to unauthorized downloading. For a list of legitimate download sites, please go to:  http://www.educause.edu/legalcontent

Adapted from:http://www.temple.edu/cs/VPannouncements/filesharingpolicy.html Used with permission.