Computing (Policy IT-2)
Policy:
The purpose of this policy is to set forth guidelines so that members of the Clarkson College community may use the campus network and computing facilities in ways that are responsible and respectful of privacy.
This policy applies to all users of Clarkson College’s information systems, including students, faculty, and staff, and any others granted the use of Clarkson College's information systems and data. It applies to the use of all computing facilities owned, leased, operated, or contracted by Clarkson College. As used in this policy, terms such as “computing,” “computing/information systems,” “information resources,” “devices,” etc., refer to all computers, communication systems, and peripherals, software, telephones, and systems with similar functions, which are owned or leased by Clarkson College, or which utilize Clarkson College infrastructure such as telephone lines or computer networks.
Although this policy does not attempt to address specific legal issues, Clarkson College employees are responsible for acting in compliance with the law, including any federal, state, and local laws governing computer and telecommunications use and all other applicable Clarkson College policies.
Procedure:
Privileges and Responsibilities
Every member of the Clarkson College community who uses computing and related communications systems at Clarkson College, or systems that belong to Clarkson College or which rely on Clarkson College’s infrastructure, has the responsibilities described in this policy. This includes members of the Clarkson College community who have restricted privileges. Individuals with personally owned devices but who rely upon Clarkson College’s network to connect those devices are expected to abide by the policies set forth in this document. Personally owned devices operating independently or networked through a non-Clarkson College connection are not covered under this policy.
Access to Clarkson College’s information systems is contingent upon being a member of the Clarkson College community and adhering to Clarkson College and Information Technology policies, guidelines, and procedures, including this policy. Misuse may result in the loss of access and/or Clarkson College disciplinary action. For some users and certain systems, access may be authorized by specific departments. In such cases, any department or group-specific policies and guidelines must be adhered to when using resources provided by the department or group. This is in addition to Clarkson College policies and Information Technology guidelines and procedures.
Any user who suspects a violation of Clarkson College’s Information Systems policies or knows of potential vulnerabilities or security loopholes in a system or network at Clarkson College should immediately notify the Information Security Team at [email protected].
Maintain the Security and Confidentiality of Accounts
Users assume personal responsibility for the actions associated with their computer accounts. This responsibility begins with selecting a secure password and involves maintaining its confidentiality. Employees should change their passwords regularly and/or enable multi-factor authentication in order to ensure the continued security of their accounts. For guidance on selecting a secure password and/or enabling multi-factor authentication, employees should contact the IT Help Desk if they believe someone has made unauthorized use of their account; that employee should change their password immediately and report the incident to the IT Help Desk. Without proper authorization, no employee may disclose their login IDs and passwords to anyone, including other Clarkson College employees.
Software Approval, Installation, and Use
Software and browser extensions are only permitted to be installed on Clarkson College equipment by IT personnel or with written approval from IT once they have been reviewed and approved by the Information Technology department. Software that can be installed without an administrator password, and any cloud software, must be evaluated by the Information Technology department prior to use. New software requests should be submitted via a ticket to the IT Help Desk. Personal licenses to software are not supported and will not be installed on college-issued computers.
Employees shall use computer software only in accordance with applicable licensing agreements. No employee may copy or attempt to copy copyrighted software, run or attempt to run illegally copied software (either at Clarkson College or by means of Clarkson College resources), or in any other way violate license agreements into which Clarkson College has entered.
Respect for Others’ Property and Privacy Rights
Users are responsible for respecting copyright agreements and intellectual property ownership. Any material that is the work of another, whether explicitly copyrighted or not, should not be distributed by any user without the appropriate acknowledgment and/or permission of the creator. Unless permission has been granted by the owner of copyright-protected materials, distribution of copyright-protected material via the Clarkson College network or information systems is prohibited. See policy Copyright (Policy IT-4) for more information.
Improper/Illegal Communications
Any communications that would be improper or illegal on any other medium are equally so on information systems: libelous material, obscene messages, harassment, forgery, threats, etc. However, this is not intended to restrict the free expression of ideas. Communication conducted in accordance with the Clarkson College Freedom of Expression (Policy EC-22) policy will not be considered a violation of this policy.
Risks of Data Loss and Data Persistence
Although Clarkson College will make efforts to secure the network and its controlled servers from abuse and damage, it cannot guarantee against data loss by a student, faculty, or staff member, either on a Clarkson College-operated or individually owned device.
Personal Use
College-issued computers are not personal devices and should not be used as such. While Clarkson College makes information systems available primarily to achieve its goals of academic advancement and administrative activities, it recognizes the need for minimal personal use of computing to serve the convenience of the campus community. Thus, it is reasonable to allow the use of information systems for activities that can facilitate convenience or enhance productivity to the extent that the activity is within the limits described by Information Technology’s Policies. Any personal use of Information Systems related to operating a personal business or commercial enterprise is prohibited unless permission to do so has been specifically granted by the Director of College Technology Services.
Clarkson College reserves the right to restrict personal use of Clarkson College systems and networks by individuals or the community at large if the use of resources for such activities becomes excessive.
External Devices
External devices (phones, lights, removable media, etc.) should not be plugged into a college-issued computer or docking station without prior approval from the Information Technology department. If an employee wishes to use external devices, such as a wireless keyboard and mouse, it must be approved by the Information Technology department prior to purchase.
Privacy
The user must presume that the contents of any other user’s directory are private unless expressly designated otherwise, just as one would presume that the contents of someone’s apartment or office are private. An unprotected account or shared device is not considered public unless the name or service expressly indicates that it is. In such cases, any files or other data that would appear to be private in nature by virtue of the file name or data stored, even if “publicly accessible,” should be considered private. The user accessing such files is responsible for asking the owner of the files or service if the files are intended to be publicly accessible before the user does more than a “cursory glance” sufficient to raise the question.
A user can explicitly grant access to their directories and files. However, users who issue general or vague invitations to browse their files incur a special obligation to protect any material they do not wish others to see. Indeed, all users are urged to maintain protection levels on their files consistent with the access they are willing to give to other users.
All data stored on Clarkson College systems and servers for the purpose of conducting operations is considered property of Clarkson College.
Clarkson College IT systems and resources may be subject to monitoring at any time, with or without notice, to verify that Clarkson College property is being used in a manner consistent with all Clarkson College policies.
Access to User Data
Electronic data on a user’s account, whether stored on a computer in the user’s office/room or elsewhere under the proprietary control of that user, may not be examined without the user’s consent, except in cases of emergency or security, in response to a valid subpoena, search warrant, order of a court, Information Security, or by specific request by the employee’s supervisor for the purpose of accessing work-related electronic data. Posting of data by a user on platforms available to the public or to users of Clarkson College shall be understood to imply consent, and electronic access granted by the user to specific parties will likewise imply consent for those parties to access the permitted data. Emergencies may include, for example, but are not limited to, the death, incapacity, or disappearance of the user, or the search for and examination of files used for apparently malicious activity in an account that endangers the integrity of information systems, the network, or other aspects of Clarkson College’s computing infrastructure.
Only specifically designated individuals are permitted to define an “emergency.” Such individuals may be specifically designated or may be designated by job position/description for employees. For students, the Vice President of Academic Affairs will be the designated employee to define an “emergency” aside from what was stated above.
Whenever possible and legally permissible, notification must be given to the user whose data is subject to a subpoena, search warrant, or court order prior to compliance. Any intrusion by an employee of Clarkson College into a user’s electronic data must be reported to the user as soon as possible and within five (5) days of the event via electronic mail unless prohibited by a court order or due to a continuance of an ongoing investigation by Clarkson College. Violation of any aspect of this policy is a sanctionable offense.
In cases where a staff member believes that electronic data in their account has been inappropriately accessed by another staff member, the incident should be reported to Human Resources. For students, it should be reported to the Vice President of Academic Affairs.
Note: Removable media (e.g., flash or external hard drive) in a faculty or staff office or a residence hall suite are not subject to search by Information Technology, though Information Technology will assist authorized law enforcement agencies or authorities in reading data after they are obtained, at the agencies or authorities’ request.
Protecting Confidential Information
Users who maintain confidential information, such as records relating to employees or students, are responsible for following privacy-related policies, laws, and data use agreements. See policy HR-5 Confidentiality for more information.
Protecting Personal Information
Data transmitted across Clarkson College’s network or stored on Clarkson College systems may be accessed by others. This access may be a result of misuse by an individual, as an incidental result of the routine operation of the network and systems, or in response to a court subpoena or Clarkson College investigation into suspected or alleged misuse. While complete privacy of personal data may not be possible, users who wish to ensure a higher degree of privacy for their data are encouraged to use encryption or other techniques to reduce the risk that others may access their data.
Misuse and Inappropriate Behavior
The following activities are expressly prohibited at Clarkson College:
|
Using a computer system without proper authorization granted by a Clarkson College official. Some activities, such as “port scanning,” are not expressly prohibited. However, if the target of such scanning requests that an individual or system stops performing such actions, the person or system performing the scans must stop scanning the target machine and/or networks unless the scans are being carried out by a privileged user who has the authority and responsibility over the machine(s) being scanned or for the network being used. |
|
Concealing personal identity or assuming the identity of another (e.g., by sending forged electronic mail). Note that some forms of electronic communication, such as browsing Web pages, passively “identify” users. Keeping one’s identity private, either by not setting an identity in the browser or by using a Web-anonymizer in order to protect oneself from being put onto mailing lists, is not a violation of this policy. |
|
Sharing accounts with the specific exception of staff or faculty members, allowing their administrative support personnel to access their accounts in order to provide services appropriate to their job functions. Note that individual account password sharing is explicitly forbidden. |
|
Using another person’s computer account, user ID, files, or data without appropriate permission, as described in the previous bullet (e.g., using an account found “logged in”). |
|
Deleting or tampering with another user’s files or with information stored by another user on any information-bearing medium (disk, tape, memory, etc.). Even if the user’s files are unprotected, apart from files obviously intended for public reading, such as Web pages, it is improper for another user to read them unless the owner has given permission (e.g., in an announcement in class). |
|
Attempting to “crack” or guess other users’ passwords. Privileged Users or those specifically designated by the administrator or owner of a system may attempt to crack passwords to test and enhance the security of the system. In cases where an individual or department “owns” machines that use password files controlled by another organization (e.g., Information security course machines or their like), the owner may not attempt to crack passwords without explicit permission from the owners of the password database. |
|
Obtaining passwords by other means, such as password capturing, phishing, and keylogging programs. |
|
Attempting to circumvent system security (e.g., breaking into a system or using programs to obtain “root” or “administrative” access), without the explicit permission of the owner of that system. |
|
Denying permitted and appropriate access to resources to other users (e.g., Denial of service attacks.). |
|
Releasing malicious code, malware, etc., that disrupts other users, damages software or hardware, disrupts network performance, or replicates itself for malicious purposes. |
|
Sending commercial solicitations via electronic means (i.e., spamming) to individuals or to newsgroups or mailing lists where such advertising is not part of the purpose of the group or list. |
|
Any “mass mailing” which is solicitous in nature, unless the mailing is in the conduct of Clarkson College business. |
|
Reselling of services based on the Clarkson College network, such as web hosting, mailing services, or the selling of shell accounts. |
|
Running a proxy server results in inappropriate or unauthorized access to Clarkson College materials by non-Clarkson College members. |
|
Advertising commercial businesses or ventures on Web pages hosted by Clarkson College, unless prior authorization has been granted. |
|
Using mail messages to harass or intimidate another person (such as by repeatedly sending unwanted mail or broadcasting unsolicited mail). |
|
Violations of any local, state, or federal laws, such as the distribution of copyright-protected materials (e.g., the distribution of commercial software, music, or films in electronic format without appropriate permissions by the owner, even if the user distributing the materials notifies others of their copyright status). |
|
Tampering with, willful destruction of, or theft of any computer equipment, whether it belongs to Clarkson College or an individual. Tampering includes any deliberate effort to degrade or halt a system or to compromise the system/network performance. Willful destruction includes any deliberate disabling or damaging of computer systems, peripheral equipment such as scanners or printers, or other facilities or equipment, including the network, and any deliberate destruction or impairment of software or other users’ files or data. |
|
The unauthorized removal of Clarkson College’s or another’s computing equipment constitutes theft. |
|
Watching streaming services for video or audio for non-business reasons, as well as checking personal email. |
This list is not considered to be complete or exhaustive. It should, however, serve as a set of examples of obviously inappropriate behaviors. Contact the Clarkson College IT Help Desk with any questions regarding the appropriate use of Clarkson College information technology.
Enforcement
Under the information security policies and regulations regarding faculty, staff, and students, inappropriate computer use is punishable. The offenses mentioned in this policy range from relatively minor to extremely serious, though even a minor offense may be treated severely if repeated or malicious. Certain offenses may also be subject to prosecution under federal, state, or local laws.
Appropriate disciplinary action depends not only on the nature of the offense but also on the intent and previous history of the offender. The range of possible penalties includes reprimands, loss of computing privileges, course failures for students, disciplinary probation, suspension, or dismissal from Clarkson College, and/or criminal prosecution.
Offenses that are minor or appear to be accidental in nature are often handled in a very informal manner, such as through electronic mail. More serious offenses involve formal procedures pursued by the Vice President of Academic Affairs for students, Human Resources, and/or the respective Vice President for staff and faculty.
Restrictions of Privileges During Investigations
During an investigation of alleged inappropriate or unauthorized use, it may be necessary to suspend a user’s network or computing privileges temporarily, but only after determining there is at least a prima facie case against the individual, as well as a risk to Clarkson College or its information resources if privileges are not revoked. In these cases, it is important to recognize that restricting network or computing privileges is intended to protect the system rather than punish the individual. For example, if a computer account has been used to launch an attack on another system, that account will be rendered inactive until the investigation and/or response effort is complete. This necessary action is taken to prevent further misuse and does not presume that the account holder initiated it. Unsubstantiated reports of abuse will not result in the suspension of accounts or network access unless sufficient evidence shows that inappropriate activity occurred. For example, if someone reports that their computer was “attacked” by a Clarkson College system, the burden will be upon the complainant to provide sufficient data logs or other evidence to show that the incident did at least appear to be an attack.
Adverse Impact on Shared Systems
Clarkson College reserves the right to discontinue communication with external systems that are known to harbor malicious actors and/or content (e.g., spammers, account crackers, and phishing sites) even though this may restrict certain acceptable communications. When deemed necessary, this action will be taken to protect the security and safety of our systems. Similarly, there may be cases where a particular service or activity on a given Clarkson College system will tend to generate attacks from other Internet sites by the very nature of its legitimate operation. If these attacks are frequent and severe enough to cause service interruptions for larger parts of the campus community, it may be necessary to temporarily or permanently remove these systems from the campus network. In cases where such an action is deemed necessary, network administrators will work with the maintainers of the system to identify alternative methods of network access. In cases where Clarkson College restricts access to external sites or removes network access for internal sites, the purpose of the action is to maintain the security and reliability of the computer systems and networks rather than to punish an individual or a site or to restrict the free expression of ideas.
This policy will be placed in the Clarkson College Academic Catalog for all students to read. An email will be sent annually to all students disclosing this policy.
Academic Policies and Procedures
- Academic Honors (Policy AA-16)
- Academic Integrity (Policy SW-25)
- Academic Probation (Policy AA-20)
- Academic Related Activities and Travel Release (Policy SW-40)
- Academic Travel Abroad Release (Policy SW-11)
- Academic Year
- Acceptable Use-Personal Device
- Access to Campus Facilities (Policy SW-28)
- Admissions (Policy AD-1, AD-2, and AD-11)
- Advanced Standing Credit (Policy AA-47)
- Application and Enrollment Fee Waivers (Policy AD-4)
- Articulation Agreements
- Assessment of Student Success Skills (Policy OG-23)
- Auditing a Course (Policy AA-35)
- Background Checks and Drug Screening for Students (Policy SW-23)
- Student in Crisis (Policy SW-24)
- Bookstore Voucher (Policy SA-2)
- Business Ethics (Policy EC-21)
- Cancellation of Course (Policy AA-36)
- Change of Personal Information
- Code of Conduct (Policy SW-18)
- Collection of Delinquent Student Accounts (Policy SA-9)
- Computing (Policy IT-2)
- Conditional Acceptance and Recitation Requirements (Policy AD-11)
- Copyright (Policy IT-4)
- Course Load Requirements (Policy FA-6)
- Coursework Categories for Undergraduate Degrees
- Credit Hour Definition (Policy AA-55)
- Crime Awareness & Campus Security (Policy SW-5)
- Crime Reporting and Disclosures
- Undergraduate Deans List (Policy AA-27)
- Degree Progress Audit (Policy AA-5)
- Disbursement of Financial Aid (Policy FA-2)
- Discontinuance of an Academic Program (EC-24)
- Dismissal (Policy AA-24)
- Drug and Alcohol (Policy SW-15)
- Computing Policy (Policy IT-2)
- Email (Policy IT-1)
- Emergency Notification, Response and Evacuation (Policy SW-30)
- Emotional Support Animal (Policy SW-38)
- Equal Opportunity and Non- Discrimination (Policy SW-1)
- Family Education Rights & Privacy Act (Policy SS-9)
- FERPA Identify Verification
- Financial Aid Award (Policy FA-19)
- Financial Aid Eligibility Requirements (Policy FA-20)
- Forms Submission
- Freedom of Expression (Policy EC-22)
- Grade Change (Policy AA-37)
- Grade Point Average (Policy AA-29)
- Grade Reports
- Graduation Eligibility (Policy AA-8)
- Health and Safety Requirements (Policy SW-7)
- Help Desk (Policy IT-7)
- Identification Badge (Policy SS-10)
- Incident Reporting (Policy OG-6)
- Incomplete Grades (Policy AA-10)
- Independent Study (Policy AA-41)
- Information Security (Policy IT-11)
- Institutional Repository (Policy OG-30)
- Institutional Review of Research Involving Human Subjects (Policy OG-8)
- International Admissions & Transcripts (Policy AD-2)
- Interprofessional Education, Intercultural Development Inventory (IDI), and Service (AA-54)
- Issuing Timely Warnings (Policy SW-32)
- Last Date of Attendance (Policy AA-63)
- Law Enforcement on Campus (Policy SW-33)
- Leave of Absence (Policy AA-30)
- Letter Grades and Quality Points (Policy AA-6)
- Liability Insurance (Policy SW-12)
- Library Collection Development (Policy OG-29)
- Media (Policy OG-12)
- Missing Student (Policy SW-34)
- Non-Smoking (Policy SW-16)
- Online Education
- Organizational Governance-Policy Guidelines (OG-15)
- Petition for a Course Offering
- Student Petition for Reconsideration (Policy SW-22)
- Privacy (Policy IT-3)
- Professional Judgment (Policy FA-17)
- Program Completion (Policy AA-17)
- Progression (Policy AA-2)
- Public Address System (Policy OG-3)
- Public Complaint (Policy EC-20)
- Readmission (Policy AD-10)
- Registration/Add a Course (Policy AA-32)
- Reporting Criminal Offenses (Policy SW-36)
- Credit Hour Residency Requirement (Policy AA-28)
- Records Retention (Policy EC-2)
- Satisfactory Academic Progress for Financial Aid Eligibility (FA-21)
- Security Awareness Programs (Policy SW-37)
- Service Animal (Policy SW-39)
- Sexual Misconduct (Policy SW-27)
- Social Media (Policy OG-28)
- State Authorization
- Statement of Financial Responsibility (Policy SA-12)
- Student Accommodations (Policy SW-2)
- Student Classifications & Status
- Student Emergency Fund
- Student Grievance (Policy SW-14)
- Student Location & Disclosures for Professional Licensure or Certification Disclosure (Policy OG-33)
- Student Parking (Policy SS-1)
- Teach-Out (Policy AA-64)
- Transcripts
- Transfer Credit (Policy AA-52)
- Tuition and Fees Payment Plan (Policy SA-10)
- Tuition Refund (Policy SA-6)
- Undergraduate Class Standing (Policy AA-38)
- Weather-Related School Closing (Policy OG-4)
- Withdrawal From Course Grade (Policy AA-3)
