Board of Trustees Policy
Subject: Acceptable Use of Technology
Date: December 2016
Supersedes:June 2008, June 2004
This policy preserves the stability and security of the College’s information technology resources, protects the College from inappropriate use, and ensures reasonable accessibility to technology resources for the College’s academic community. The policy also governs the access and use of all College technology and data, including any devicethat accesses or uses the College’s network or data.
This policy outlines the acceptable use of Montgomery County Community College’s computer and network resources (“Computer System”). Access to these resources is a privilege not a right. The College’s computing resources and facilities are intended for legitimate instructional and administrative use; computing facilities and network access cannot be used for commercial purposes without proper written authorization. The College makes no representation that its network resources will be available, or function as intended, at any time. Use of the College’s network resources is subject to the following rules and guidelines, as well as any other rules and/or guidelines that may currently exist or may exist in the future. Users are responsible for ensuring that use of the College’s network resources complies with this Policy Members of the user community must use only those resources to which they have been specifically granted access by the College; and by using the College’s technology resources, users assume personal responsibility for their appropriate use and agree to comply with this policy and other applicable College policies, procedures and guidelines, as well as applicable laws and regulations.
Relevant College policies include:
- 3.3 Student Academic Code of Ethics
- 4.1 Student Code of Conduct
- 4.5 Family Educational Rights and Privacy Act
- 5.11 Copyright Ownership
- 5.14 Right-to-Know
- 5.16 Red Flag
- 5.17 IT Security
- 6.9 Compliance with Health Insurance Portability and Accountability Act
Access to the Computer System
Use of the Computer System and connecting to the Internet through the Computer System to receive email, search the Internet, or engage in other Internet-based activities is provided subject to these conditions: (1) the user accepts the terms of this Policy, (2) the user is a properly registered student that is in good standing, a current employee, or a person that otherwise has been granted access by an authorized agent of the College, (3) the use has not otherwise been restricted or revoked by the College, and (4) the user is not otherwise prohibited from using the Computer Systems and/or connecting to the Internet by any law enforcement, judicial or regulatory body or organization.
Access to Internet Content
While the College does not actively screen or restrict access to any content placed on or accessible through the Internet, it does utilize a network firewall to protect the network’s integrity and, in certain instances. to block certain categories of content. The College also does not screen or restrict communications between parties via the Internet. Use of the Computer System is an acknowledgment that the user may receive or be exposed to content, goods or services that the user may consider to be improper, inaccurate, misleading, defamatory, obscene or otherwise offensive. Use of the Computer System constitutes agreement that the College is not liable for any action or inaction with respect to any such content on the Internet accessible through the Computer System. In addition, the College not responsible to the user for any content provided by third parties through the Computer System.
In making acceptable use of resources users are expected to:
- use resources only for purposes as outlined in this policy;
- protect their user ID, password, and system from unauthorized use;
- access only information that the user owns, that is publicly available, or to which the user has been given authorized access;
- be considerate in the use of shared resources;
- demonstrate respect for principles of open expression;
- comply with copyright laws and other restrictions on intellectual property as they apply to computer software and other materials that the user may access with College computing resources.
- In accessing the Computer System, the user certifies that he or she is not on the U.S. Department of Commerce’s Denied Person List or its affiliated lists or on the U.S. Department of Treasury’s Specially Designated Nationals list.
Unacceptable use of resources may include but is not limited to:
- use of another person’s system access, user ID, password, files, or data, or giving the use of one’s system, user ID, password, files, or data;
- use of computer programs to decode passwords or access control information;
- attempt to disguise the identity of the account or computer the user is employing;
- attempt to gain unauthorized access to resources and data, including other’s passwords;
- attempt to circumvent, subvert, or disable system or network security measures;
- engage in any activity that might be purposefully harmful to systems or to any information stored thereon, such as creating or propagating viruses, disrupting services;
- damage files or make unauthorized modifications to College data;
- make or use illegal copies of copyrighted materials, software, or music, store such copies on College resources, or transmit them over College networks. If the College receives notice under the Digital Millennium Copyright Act of an alleged infringement on the intellectual property rights of a third party, the College retains the right to take down or disable access to the allegedly infringing material. It is the College’s policy, in appropriate circumstances, to terminate the access of users who infringe the intellectual property rights of third parties;
- creation or display of threatening, obscene, racist, sexist, or harassing material which is in violation of existing law or College policy;
- engaging in any fraudulent activities, including impersonating any person or entity or forging anyone else’s digital or manual signature;
- engaging in the export or re-export of any product, technology, or information that the user acquires through use of the Computer System whose export would violate import and export regulations of the United States and any foreign country, agency, or authority any applicable laws, regulations, or restrictions;
- use of College resources for any other illegal activity;
- monopolizing systems, overloading networks with excessive data, degrading services, or wasting computer time, disk space, printer paper, printer toner, manuals or other resources. Users must ensure that their use does not improperly restrict, inhibit, or degrade any other user’s use of the Computer System, nor represent (in the College’s sole judgment) an unusually large burden on the network itself. In addition, users must ensure not to improperly restrict, inhibit, disrupt, degrade or impede the College’s ability to maintain the Computer System and monitor the Computer System, backbone, network nodes, and/or other network service. The College may, without notice, modify the speed of, interrupt, or prohibit such data traffic;
- use of the Computer System to send or collect responses to unsolicited bulk or commercial messages;
- running a server in connection with the Computer System or providing network services to others via the Computer System. Examples of prohibited uses include, but are not limited to, accessing or hosting bit torrent services, running servers for mail (pop3 & smtp), http, https, ftp, irc, dhcp and multi-user interactive forums;
- using any part of the Computer System or Internet access provided for the purpose of collecting, earning, mining any form of electronic currency, cryptocurrency or Internet currency (e.g., Bitcoins), or providing processing work in exchange for the foregoing;
- Operating any sort of wireless hotspot or other device to share a user’s connection to the Computer System;
- use of College’s resources or networks for personal profit;
- installation of hardware or software onto any College owned computer/network without following IT Security standards for hardware and software installations;
- use of personal computing devices to access the College’s network or data that does not meet established College technical security standards; or
- use of College technology resources or data in violation of the IT Security Policy and associated Compliance Standards.
Incidental Personal Use
Incidental personal use is an accepted and appropriate benefit of being associated with the College’s technology environment. This type of personal use must adhere to all College acceptable use policies and procedures. Employees’ supervisors may restrict personal activities of their employees if these personal activities are impacting the employees’ job performances.
Additionally, personal use by students is permitted as long as it adheres to these guidelines and doesn’t interfere with instructional processes. Faculty and staff may restrict personal use by students in these situations.
As above, while incidental personal use is permitted, users are strongly encouraged to carry out internet and email activities not related to the College off-site, using personal computer equipment, an outside service provider, and personal e-mail account.
Moreover, it will not be considered incidental personal use where the use interferes with job performance, interferes with the access of others to the technological resources of the College, incurs costs for the College or is done for monetary gain or is otherwise in conflict with the College’s mission or violates any College policy.
The College values fostering an environment of open debate, freedom of inquiry and expression of opinion. The College owned email system is a means by which open debate, freedom of inquiry and expression of opinion can occur. However, to support a truly open and productive work environment, members of the College community are expected to engage in email communication that is respectful, professional and limited to appropriate audiences.
Privacy and Use of Information
Employees are expected to be knowledgeable of, and to perform their duties in compliance with, federal, state, and local laws and college policies, including the provisions of the Family Educational Rights and Privacy Act (FERPA) and Health Insurance Portability and Accountability Act (HIPAA) designed to protect the confidentiality of data and the privacy of individuals. Confidential or demographic data that pertains to students, employees, or college operations, must be used in a manner consistent with College Privacy and IT Security Standards to protect rights of privacy and limit personal and institutional liability.
Users are responsible for any misuse of the Computer System, even if the inappropriate activity was committed by another person using the user’s credentials or equipment. Therefore, users must take steps to ensure that others do not gain unauthorized access to the Computer System. The Computer System may not be used to breach the security of another user or to attempt to gain access to any other person’s computer, software or data, without the knowledge and consent of such person. It also may not be used in any attempt to circumvent authentication or security of any host, network, or account. This includes, but is not limited to, accessing data not intended for the user, logging into or making use of a server or account the user is not expressly authorized to access, or probing the security of other networks. Use or distribution of tools designed for compromising security, such as password guessing programs, cracking tools, port scanners, packet sniffers or network probing tools, is prohibited. Users may not disrupt the Computer System. The Computer System also may not be used to interfere with computer networking or telecommunications services to any user, host or network, including, without limitation, denial of Computer System attacks, flooding of a network, overloading a Computer System, improper seizing and abuse of operator privileges and attempts to “crash” a host. The transmission or dissemination of any information or software that contains a virus, worm or other harmful feature also is prohibited. Users are solely responsible for the security of any device a user chooses to connect to the Computer System, including any data stored on that device.
Employees found to be in violation of this policy could be subjected to progressive disciplinary action up to and including termination of their employment. Students who violate this policy are governed by the Student Code of Conduct. The College reserves the right to withdraw access to its system to any user. The College also reserves the right to notify appropriate legal authorities in the event that its system is used in a manner that constitutes a violation of any local, state, or federal law.
The College is not responsible for the loss of information or interruption of electronic communications. The College reserves the right to discard incoming mass mailings (“spam”) without notifying the sender or intended recipient and to block all Internet communications from sites that are involved in extensive spamming or other disruptive practices, even though this may leave the College computer users unable to communicate with those sites.
While the College takes reasonable measures to protect the security of its computing resources, the College cannot guarantee absolute security and privacy. System users should have no expectation of privacy. In cases of Right-to-Know Act requests, administrative or judicial proceedings, law enforcement investigations, or similar inquiries, information stored electronically may be released to outside parties. While the College does not routinely monitor the activity of users for violation of this Policy, situations may arise where the College may have the need to view information or email or monitor user activity on the network. Causes for access may include, but are not limited to the health or safety of individuals or property; violations of College policies, or local, state or federal laws; discipline or investigation of an employee; and the need to locate information required for College business. The College reserves the right to investigate suspected violations of this Policy, including the gathering of information from users involved and the complaining party, if any, and examination of material on our servers and network. During the College’s investigation, the College may suspend user access and/or remove material that violates or potentially violates this Policy. A user authorizes the College to cooperate with (1) law enforcement authorities in the investigation of suspected criminal violations, and (2) system administrators or other network or computing facilities in order to enforce this Policy. Such cooperation may include providing IP address, contact information or other identifying information about a user. Information technology resources licensed to the College through external contractual agreements may include additional disclosure stipulations.
Any questions about this policy or the applicability of this policy to a particular situation should be referred to the Vice President for Information Technology.