Appropriate Use of Technology Policy

Network Access

Bring Your Own Device is a policy that allows students to bring personally owned mobile devices onto the campus to access privileged Tusculum resources such as email, file servers, and databases as well as their personal applications and data.

We highly recommend that each student bring a personal computing device to campus with them. Some academic disciplines mandate the student having a computer or device.

Notably: In order to maintain full compliance with the Tusculum Network Policy, the Tusculum IS Department utilizes a Network Access Control appliance (NAC). The NAC requires each user to register each device and bring that device into compliance before being granted network access.

May Bring

Most devices can access the Tusculum student network without any difficulty. A quick (incomplete) list of devices that we’ve successfully connected to the network includes:

  • Apple iPhones and iPads with IOS 9 or newer
  • Android devices with version 2.2 or newer
  • XBox 360 and XBox One
  • PS3 and PS4
  • Roku streaming boxes
  • SMART TVs from several different manufacturers
  • Windows based laptop computers
  • MacOS based laptop computers

May Not Bring

  • Wireless printers
  • Personal wireless routers or wireless access points
  • Chromecast streaming devices
  • Amazon Echo or similar devices

What if it breaks?

Each student will be responsible for the maintenance and upkeep of his or her own device. The IS department will assist students with connectivity issues, and can make recommendations about hardware or software issues students may experience. The Tusculum IS department cannot work on personally owned devices.

Software Requirements

Listed below are the basic requirements for the software you’ll need on your computer while you are a student at Tusculum. Individual academic schools and majors may have other requirements that augment or supersede this list.

  • Microsoft Office 2013 or newer (Word, Excel, PowerPoint) There is a version of Office 365 available with your student email account.
  • Microsoft Office for Mac 2011 or newer (Word, Excel, PowerPoint)
  • Adobe Reader
  • Antivirus Software with a current update subscription

CONTACT

The Help Desk strives to respond to each inquiry and each in-person visit in a timely manner. We may ask for additional information about each caller and each problem so that calls can be logged and problems tracked to resolution. It is our goal to resolve the issue during the initial call. If this is not feasible, we strive to resolve the issue within a reasonable timeframe. Since the Help Desk strives to respond to all its customers, the time spent on each individual contact is necessarily limited. Certain problems may need to be researched or escalated to the next level of support in order to be resolved. The Help Desk will assign such problems to the appropriate group or individual. All calls are put into a service queue based on the priority determined. Emergency after hour calls (System Down) will be escalated to our staff so that we can address the emergency as quickly as possible. The Help Desk issues computers with a standard set of university approved software applications. Any software/hardware/technology not installed or configured by IS may be outside of this scope and of the Help Desk support parameters. Please note that this does not necessarily mean other software, hardware, and technology is “banned” or “not recommended”. This simply signifies that the Help Desk cannot provide assistance with every technology.


Appropriate Use

Information Technology (IT), encompasses a vast and growing array of computing and electronic communications, facilities, and services. These facilities and services provide the means for Tusculum University students, faculty, and staff to meet their daily requirements in meeting the overall mission of the university.

Users of these IT resources have a responsibility not to abuse those resources and to respect the rights of the members of the community as well as the university itself.

This IT Appropriate Use Policy (AUP) provides guidelines for the appropriate use of Tusculum University IT resources as well as for the university’s access to information about and oversight of these resources.

Most information technology usage parallels familiar activity in other media and formats, making existing university policies important in determining what use is appropriate.

Using email instead of standard written correspondence, for example, does not fundamentally alter the nature of the communication, nor does it alter the guiding policies.

University policies that already govern freedom of expression and related matters in the context of standard written expression govern electronic expression as well. The AUP addresses circumstances that are particular to the IT arena and is intended to augment but not to supersede other relevant university policies.

Definitions

The following definitions apply to the Tusculum University AUP:

  1. IT Systems: These are the computers, terminals, phones, switches/hubs, printers, networks, modem banks, online and offline storage media and related equipment, software, and data files that are owned, managed, or maintained by students, faculty, and staff of Tusculum University. For example, IT Systems include institutional and departmental information systems, faculty research systems, desktop computers, the university’s campus network (wired and wireless), and university general access computer clusters.
  2. Users: A “User” is any person, whether authorized or not, who makes any use of any Tusculum University IT System from any location.
  3. Systems Authority: While Tusculum University is the legal owner or operator of all IT Systems, it sometimes delegates oversight of particular systems to other departments or to a specific individual. That department or individual would then be responsible and would have “Systems Authority” for that particular system.
  4. Systems Administrator: Systems Authorities may designate another person as “Systems Administrator” to manage the particular system assigned to him or her. Systems Administrators oversee the day-to-day operation of the system and are authorized to determine who is permitted access to particular IT resources.
  5. Certifying Authority: This is the Systems Administrator or other university authority who certifies the appropriateness of an official university document for electronic publication in the course of University business.
  6. Specific Authorization: This means documented permission provided by the applicable systems administrator.

Purpose

The purpose of this policy is to ensure an IT infrastructure that promotes the basic mission of the university in teaching, learning, research, and administration. In particular, this policy aims to promote the following goals:

  1. To ensure the integrity, reliability, availability, and superior performance of IT Systems
  2. To ensure that use of IT systems is consistent with the principles and values that govern use of other university facilities and services
  3. To ensure that IT Systems are used for their intended purposes
  4. To establish processes for addressing policy violations and sanctions for violators

Scope

The AUP applies to all users of IT systems, including but not limited to university students, faculty, and staff. It applies to the use of all IT systems. These include systems, networks, computers and facilities administered by the Tusculum University Department of Information Systems (TUDIS), as well as those administered by individual schools, departments, university laboratories, and other university-based entities. Use of IT systems, even when carried out on a privately owned computer that is not managed or maintained by Tusculum University, is governed by this policy.

Use of IT Systems

Although this policy sets forth the general parameters of appropriate use of IT Systems, faculty, students, and staff should consult their respective governing policy manuals for more detailed statements on permitted use and the extent of use that the university considers appropriate in light of their varying roles within the community. In the event of conflict between IT policies, this AUP will prevail.

Appropriate Use

IT Systems may be used only for their authorized purposes — that is, to support the research, education, clinical, administrative, and other functions of Tusculum University. The particular purposes of any IT system as well as the nature and scope of authorized, incidental personal use may vary according to the duties and responsibilities of the User.

Proper Authorization

Users are entitled to access only those elements of IT Systems that are consistent with their authorization.

Specific Proscriptions on Use

The following categories of use are inappropriate and prohibited:

  • Use that impedes, interferes with, impairs, or otherwise causes harm to the activities of others: Users must not deny or interfere with or attempt to deny or interfere with service to other users in any way, including by “resource hogging,” misusing mailing lists, propagating “chain letters” or virus hoaxes, “spamming” (spreading email or postings widely and without good purpose), or “bombing” (flooding an individual, group, or system with numerous or large email messages). Knowing or reckless distribution of unwanted mail or other unwanted messages is prohibited. Other behavior that may cause excessive network traffic or computing load is also prohibited.
  • Use that is inconsistent with Tusculum University’s non-profit status: The University is a non-profit, tax-exempt organization and, as such, is subject to specific federal, state, and local laws regarding sources of income, political activities, use of property, and similar matters. As a result, commercial use of IT systems for non-university purposes is generally prohibited, except if specifically authorized and permitted under University conflict-of-interest, outside employment, and other related policies. Prohibited commercial use does not include communications and exchange of data that furthers the university’s educational, administrative, research, clinical, and other roles, regardless of whether it has an incidental financial or other benefit to an external organization. Use of IT systems in a way that suggests university endorsement of any political candidate or ballot initiative is also prohibited. Users must refrain from using IT systems for the purpose of lobbying that connotes university involvement, except for authorized lobbying through or in consultation with the University’s Administrative Offices.
  • Harassing or threatening use: This category includes, for example, display of offensive, sexual material in the workplace and repeated unwelcome contacts with another.
  • Use damaging the integrity of university or other IT Systems: This category includes, but is not limited to, the following 6 activities:
    1. Attempts to defeat system security: Users must not defeat or attempt to defeat any IT system’s security — for example, by “cracking” or guessing and applying the identification or password of another User, or compromising room locks or alarm systems. (This provision does not prohibit, however, TUDIS or Systems Administrators from using security scan programs within the scope of their Systems Authority.)
    2. Unauthorized access or use: Tusculum recognizes the importance of preserving the privacy of users and data stored in IT systems. Users must honor this principle by neither seeking to obtain unauthorized access to IT systems, nor permitting or assisting any others in doing the same. For example, a non-Tusculum organization or individual may not use non-public IT Systems without specific authorization. Privately owned computers may be used to provide public information resources, but such computers may not host sites or services for non-Tusculum organizations or individuals across the university network without specific authorization. Similarly, Users are prohibited from accessing or attempting to access data on IT systems that they are not authorized to access. Furthermore, Users must not make or attempt to make any deliberate, unauthorized changes to data on an IT system. Users must not intercept or attempt to intercept or access data communications not intended for that user.
    3. Disguised use: Users must not conceal their identity when using IT systems, except when the option of anonymous access is explicitly authorized. Users are also prohibited from masquerading as or impersonating others or otherwise using a false identity.
    4. Distributing computer viruses: Users must not knowingly distribute or launch computer viruses, worms, or other rogue programs.
    5. Modification or removal of data or equipment: Without specific authorization, users may not remove or modify any university-owned or administered equipment or data from IT Systems. This includes the loading of “pirated” software.
    6. Use of unauthorized devices: Without specific authorization, Users must not physically or electrically attach any additional device (such as an external disk, printer, or video system) to IT Systems.
  • Use in violation of law: Illegal use of IT Systems — that is, use in violation of civil or criminal law at the federal, state, or local levels — is prohibited. Examples of such uses are: promoting a pyramid scheme; distributing illegal obscenity; receiving, transmitting, or possessing child pornography; infringing copyrights; and making bomb threats. With respect to copyright infringement, Users should be aware that copyright law governs (among other activities) the copying, display, and use of software and other works in digital form (text, sound, images, and other multimedia). The law permits use of copyrighted material without authorization from the copyright holder for some educational purposes (protecting certain classroom practices and “fair use,” for example), but an educational purpose does not automatically mean that the use is permitted without authorization.
  • Use in violation of Tusculum University contracts: All use of IT Systems must be consistent with the University’s contractual obligations, including limitations defined in software and other licensing agreements.
  • Use in violation of Tusculum University policy: Use in violation of other university policies also violates this AUP. Relevant University policies include, but are not limited to, those regarding sexual harassment and racial and ethnic harassment, as well as University, departmental, and work-unit policies and guidelines regarding incidental personal use of IT Systems.
  • Use in violation of external data network policies: Users must observe all applicable policies of external data networks when using such networks.

Free Inquiry & Expression

Users of IT systems may exercise rights of free inquiry and expression consistent with the limits of the law.

Personal Account Responsibility

Users are responsible for maintaining the security of their own IT Systems accounts and passwords. Any User changes of password must follow published guidelines for passwords. Accounts and passwords are normally assigned to single Users and are not to be shared with any other person without authorization by the applicable Systems Administrator. Users are presumed to be responsible for any activity carried out under their IT Systems accounts or posted on their personal web pages.

Responsibility for Content

Official university information may be published in a variety of electronic forms. The Certifying Authority under whose auspices the information is published is responsible for the content of the published document. Users also are able to publish information on IT Systems or over Tusculum University’s networks. Neither the university nor individual Systems Administrators can screen such privately published material nor can they ensure its accuracy or assume any responsibility for its content. The university will treat any electronic publication provided on or over IT Systems that lacks a Certifying Authority as the private speech of an individual user.

Personal Identification

Upon request by a Systems Administrator or other university authority, Users must produce valid university identification.

Computer Resources Code of Ethics

Ethical and Responsible Use

All Users of any institutionally maintained electronic data, data files, software, and networks are expected to handle the resource in a responsible and ethical manner. A User’s access to IT resources ceases when it invades the right of personal and/or institutional privacy; results in the destruction of personal and/or institutional property; demonstrates a potential for loss, embarrassment, litigation to the individual and/or institution; or causes a limited resource to be used in a wasteful or careless manner.

Confidentiality

All information processed through Computer Systems is considered sensitive and/or confidential. The responsibility for the release or discussion of data is assigned to the official custodian of the data file(s). Access to information is based on a legitimate “need to know” and directly related to assigned duties.

Examples of Irresponsible Use

The following examples attempt to convey the intent of irresponsible and/or unethical use: violation of the Family Educational Rights and Privacy Act of 1974; use of the resource for obscene material; deliberate wasteful use of the resource; unauthorized altering of hardware, software, or data; piracy of data or software belonging to another person; or careless use of the resource which may result in the release of restricted information.

Code for Computer Resource Use

Ethical & Responsible Use

Computer resources at Tusculum University are available to authorized students, faculty, staff and off-campus constituents. Access to these resources is obtained from the Systems Administrator and is granted with the understanding that they will be used as stated in the request and in keeping with the idea that one’s interest ceases when it invades the right of personal and/or institutional privacy, results in the destruction of personal and/or institutional property, demonstrates a potential for loss, embarrassment, litigation to the individual and/or institution, or because of an otherwise irresponsible use of a limited resource. It is the policy of the office of information systems to avail these resources to as many users as possible and, to the extent possible, keep the number of restraints and restrictions on the individuals to a minimum with the ability to provide service to all who request use.

For such a policy to work, it is essential that users observe responsible and ethical behavior in the use of the resources. In an effort to assist the user community in effective use of the limited computer resources, it seems reasonable to highlight some specific responsibilities and type of behavior that represent abuse of a User’s privileges. The examples do not constitute a complete list but are intended to convey the intent of the code.

  1. Users should not damage or attempt to damage equipment or to modify or attempt to modify equipment so that it does not function as originally intended. It is equally wrong to damage or modify or attempt to damage or modify the software components: operating system, compilers, utility routines, etc.
  2. Users should not use or attempt to use an account without authorization from the owner of the account. Users have the responsibility of protecting their accounts through the proper use of passwords, but the fact that an account is unprotected does not imply permission for an unauthorized person to use it. Further, accounts are to be used only for the purposed for which they have been established. Additionally, it is wrong to use a university-sponsored account for funded research, personal business, or consulting activities. There are special accounts for such purposes.
  3. Users should not use private files without authorization. Owners of such files should take precautions and use security mechanisms available. However, the fact that a file is not protected does not make it right for anyone to access it, unless it is specifically designated as a public access file. It is equally wrong for anyone to change or delete a file that belongs to anyone else without authorization. Violation or property rights and copyrights covering data, computer programs, and documentation is also wrong. In the event of accidental access of private files, confidentiality of those files must be maintained.
  4. Any deliberate wasteful use of resources is irresponsible; it encroaches on other’s use of facilities and deprives them of resources. Printing of large unnecessary listing and the playing of games solely for entertainment are examples of such abuse. Users are expected to be aware of the resources they are using and to make reasonable efforts to use these resources efficiently.
  5. Administrators, faculty, staff of the Office of Computer Systems, and others in positions of trust within the Tusculum University community have a professional responsibility to insure that the equipment, software, and services provide the most efficient levels of support and consider the needs of the total user community. Such persons in positions of trust who misuse computing resources or take advantage of their positions to access data not required in the performance of their duties are displaying unprofessional behavior.
  6. All state and federal copyright laws will be abided by at all times. Users must not copy any part of a copyrighted program or its documentation that would be in violation of the law or the licensing agreement without the written and specific permission of the copyright holder.

Conditions of University Access

The university places a high value on privacy and recognizes its critical importance in an academic setting. There are nonetheless circumstances in which, following carefully prescribed processes, the university may determine that certain broad concerns outweigh the value of a User’s expectation of privacy and warrant university access to relevant IT Systems without the consent of the User. Those circumstances are discussed below, together with the procedural safeguards established to ensure access is gained only when appropriate.

Conditions

In accordance with state and federal law, the university may access all aspects of IT Systems, without the consent of the User, in the following circumstances:

  • When necessary to identify or diagnose systems or security vulnerabilities and problems, or otherwise preserve the integrity of the IT Systems
  • When required by federal, state, or local law or administrative rules
  • When there are reasonable grounds to believe that a violation of law or a significant breach of university policy may have taken place and access and inspection or monitoring may produce evidence related to the misconduct
  • When such access to IT Systems is required to carry out essential business functions of the university
  • When required to preserve public health and safety

Process

Consistent with the privacy interests of Users, university access without the consent of the User will occur only with the approval of the VPAA (for faculty users), the Provost/Vice Presidents (for staff users), the Dean of Students (for student users), except when an emergency entry is necessary to preserve the integrity of facilities or to preserve public health and safety. The university, through the Systems Administrators, will log all instances of access without consent. Systems Administrators will also log any emergency entry within their control for subsequent review by appropriate University authority. A User will be notified of University access to relevant IT Systems without consent, pursuant to Section V. A. (1-5); depending on the circumstances, such notification will occur before, during, or after the access, at the university’s discretion.1.0 NOTICE TO USERS: It is the policy of Tusculum University to protect all institutional computing resources including, but not limited to, hardware and software, consisting of the actual equipment being supplied by the university as well as the programs and related materials used in conjunction therewith. In accordance with local, state, and federal law, indiscriminate examination of individual’s files is not permitted, nonetheless as a means of maintaining the integrity and security of those aforementioned resources.


Tusculum University retains the right to inspect accounts and files stored on any system owned, maintained and/or leased by said university. While no prior authorization by individual users is required to inspect those files and accounts, you are, by virtue of accepting the account offered by Tusculum University and “logging” on to its computing equipment, granting to the university prior unrestricted permission, subject to university policy, to review, examine and/or otherwise view, by any method at the sole discretion of the university and without any additional advance notice to said user, any account and/or file stored on university computer resources.

Should such a review take place, you will be given notice, as a courtesy only, of the results of said review within a reasonable time after the review is completed. While use of university computing resources for personal use is strictly forbidden, should you have materials for which you have reasonable expectation of privacy or which you consider to be confidential for any reason, you should retain those materials on a disk which can be secured as you would any other personal items or materials which you consider private in nature.

User Access Deactivations

In addition to accessing the IT Systems, the University, through the appropriate Systems Administrator, may deactivate a User’s IT privileges, whether or not the User is suspected of any violation of this policy, when necessary to preserve the integrity of facilities, user services, or data. The Systems Administrator will attempt to notify the User of any such action.

Use of Security Scanning Systems

By attaching privately owned personal computers or other IT resources to the University’s network, Users consent to University use of scanning programs for security purposes on those resources while attached to the network.

Logs

Most IT systems routinely log user actions in order to facilitate recovery from system malfunctions and for other management purposes. All Systems Administrators are required to establish and post policies and procedures concerning logging of User actions, including the extent of individually-identifiable data collection, data security, and data retention.

Encrypted Material

Encrypted files, documents, and messages may be accessed by the university under the above guidelines.

Enforcement Procedures

Complaints of Alleged Violations

An individual who believes that he or she has been harmed by an alleged violation of this AUP may file a complaint in accordance with established University Grievance Procedures (including, where relevant, those procedures for filing complaints of sexual harassment or of racial or ethnic harassment) for students, faculty, and staff. The individual is also encouraged to report the alleged violation to the Systems Authority overseeing the facility most directly involved, or to the TUDIS, which must investigate the allegation and (if appropriate) refer the matter to university disciplinary and/or law enforcement authorities.

Reporting Observed Violations

If an individual has observed or otherwise is aware of a violation of this AUP, but has not been harmed by the alleged violation, he or she may report any evidence to the Systems Authority overseeing the facility most directly involved, or to the TUDIS, which must investigate the allegation and (if appropriate) refer the matter to university disciplinary and/or law enforcement authorities.

Disciplinary Procedures

Alleged violations of this policy will be pursued in accordance with the appropriate disciplinary procedures for faculty, staff, and students, as outlined in the Faculty Handbook, Staff Personnel Policies, various student regulations, and other applicable materials. Staff members who are members of university-recognized bargaining units will be disciplined for violations of this policy in accordance with the relevant disciplinary provisions set forth in the agreements covering their bargaining units.

Penalties

Individuals found to have violated this policy may be subject to penalties provided for in other university’s policies dealing with the underlying conduct. Violators may also face IT-specific penalties, including temporary or permanent reduction or elimination of some or all IT privileges. The appropriate penalties shall be determined by the applicable disciplinary authority in consultation with the Systems Administrator.

Legal Liability for Unlawful Use

In addition to university discipline, Users may be subject to criminal prosecution, civil liability, or both for unlawful use of any IT System.

Appeals

Users found in violation of this policy may appeal or request reconsideration of any imposed disciplinary action in accordance with the appeals provisions of the relevant disciplinary procedures.


Policy Development

This AUP may be periodically reviewed and modified by the TUDIS and IT staffs, who may consult with relevant university committees, faculty, students, and staff.