Information Technology General Acceptable Use Policy

Mount Wachusett Community college provides information technology resources for students, faculty and staff.

This document:

• Provides guidelines for responsible use of Mount Wachusett Community College’s technology resources by all members of the college community.
• Provides policies that Mount Wachusett Community College uses in providing technology resources and network services to the college community.
• Explains enforcement procedures of these policies.
• Applies to all those using college computing equipment whether the individual is on or off campus.

This document provides high-level explanations of college policies regarding the use of information technology. For more detailed explanations refer to the Information Technology Acceptable Use Policy (“AUP”).

Guidelines for Responsible Use of College Technology Resources

Mount Wachusett Community College recognizes that free expression of ideas is central to the academic environment. For this environment to flourish, all users must adhere to the guidelines established in this Information Technology Acceptable Use Policy (“AUP”).

Mount Wachusett Community College provides computing equipment and services. The primary purposes of this computing equipment are the academic, research, administrative and college business-related communication needs of its students, faculty and staff. All use of college computing equipment shall be consistent with the terms and conditions of the AUP and shall not violate or conflict with (a) any federal, state or local law; or (b) the college mission or policies. Access to all Mount Wachusett Community College owned and/or operated computing and electronic communications systems and equipment is a privilege and not a right. Individuals who refuse to accept and follow the AUP will not be granted user accounts. All users of the college’s computer equipment, including email, shall have NO EXPECTATION OF PRIVACY over such use.

Violations of the AUP by individuals with accounts may result in penalties including but not limited to closure of all accounts and revocation of all computing privileges. Other penalties may be levied up to and including dismissal from the college or termination of employment.

User responsibilities include, but are not limited to:

• Maintaining privacy and security by keeping all passwords confidential.
• Honoring all computing security procedures implemented by the college.
• Being reasonable and prudent in the consumption of college computing and network resources.
• Deleting old and unused e-mail and file(s) on a regular basis.
• Maintaining the accuracy of private mail groups by updating when members change.
• Developing adequate proficiency in the tools and technologies appropriate to his/her needs.

College Network Usage Guidelines include, but are not limited to:

• No one may misuse, abuse or otherwise damage college computer or network equipment.
• No one may install or use any software or hardware designed to disrupt the security of any computing equipment, whether owned by the college or by others.
• No one other than Media Services or Information Technology staff may download or install any software on any college computer.
• No one may use college resources to support political or non-college related business interests.
• No one may sell or provide access to Mount Wachusett Community College’s computing resources to individuals, groups or businesses outside the college community except (1) as authorized in writing by an appropriate senior officer of the college and (2) for authorized college business relationships.
• Recreational uses – such as game playing or music or video file sharing – constitute an unacceptable use of college computing equipment except if such activities are part of an instructional plan.
• No one may engage in any activities designed to spy on network traffic or to access passwords, user IDs, files or programs of other users.
• No one may engage in software piracy or copyright infringement. All software installed on college computers must be used in conformance with the license granted by the developer. Unlicensed products will be removed from college computers.
• No one may send, store, print or solicit receipt of e-mail messages, files or programs that contain fraudulent, harassing, racist or obscene language, visual, or audio content. Exceptions may be made for legitimate academic research purposes with prior approval.
• Note that any e-mail message (other than official college business) sent to an individual after that individual has indicated through any method that they no longer want to receive e-mail from the sender constitutes harassment. Complaints are handled via the Enforcement Procedures section (see below).
• No one may use e-mail to engage in “chain letter” or “spamming” [bulk “junk” e-mail activity].
• No one may send, store, print or solicit receipt of e-mail messages, files or programs that are inconsistent with the terms and conditions of the AUP, in conflict with the Mission Statement of Mount Wachusett Community College, or that violate federal and/or state laws.
• No one may use college computing resources for illegal behavior or illegal activities as defined by federal, state and/or local laws.

College Technology Resources and Network Services Policies

Disclaimer: The responsibility for the content of personal files, programs, web pages and e-mail rests solely with the individual and not with the college. Mount Wachusett Community College does not monitor the contents of embedded links of personal user accounts or personal web pages although it expressly reserves the right to do so.

To preserve the integrity and maintain efficient functioning of the college’s computing facilities, the college enforces the following policies:

The creation of public mail groups is limited to college departments, committees and official student organizations.

Email users should exercise prudent judgment when sending “All MWCC” emails. Use of this list for any commercial purpose not directly connected to college sponsored events requires approval of the President or his designee prior to sending the email.

Computing resources are provided for academic, research, administrative and college business-related communications uses.

The college reserves the right to establish time limits on the use of public workstations as needed.

MWCC realizes that the free expression of ideas is central to academia, but will not tolerate the display of pornographic, obscene, abusive, racist, or other inappropriate material at any public workstation. The college reserves the right to determine the appropriateness of material displayed on public workstations.

The MWCC computing facilities constitute a private system. As such, the information stored on the college equipment is the property of the college and the Commonwealth of Massachusetts with the possible exception of material expressly developed by faculty, staff, and students for publication. Copyright and ownership of such content must be expressly and clearly stated in such works. Individuals who place content owned by others on computers under their control accept full responsibility for maintaining compliance with copyright laws.

Users of the college’s computing equipment, including email, shall have NO EXPECTATION OF PRIVACY over such use. The college reserves the right to access the personal files or monitor the system usage of any authorized user without that individual’s consent, under the following circumstances:

• A subpoena or other properly served request from enforcement officers. All such requests must be served by an officer of the court that has jurisdiction and be reviewed and approved in writing by a senior officer of the college. Review by college counsel may be appropriate.
• A written request from an appropriate senior officer of the college to provide information as part of an ongoing investigation and or disciplinary matter.
• A written request from a Systems Administrator, based on reasonable evidence that files or programs stored in an authorized user’s directory are the source of interference with the efficient functioning of the college computing facilities, that such files are violations of any part of this policy, or are infringing on copyright or intellectual property rights. The Executive Director of Information Technology must endorse such a request.
• A written request from the President of the college.
• A written request from College Counsel in support of an ongoing investigation or inquiry.
• A written request from the appropriate college officer as a part of a termination of employment action.

Information Technology will maintain records of all of these requests for access and will report the number of requests annually to the college administration.

Electronic files are treated like paper files and subject to subpoena or discovery in legal actions and disclosure if such files constitute public records under Massachusetts law.

Employee accounts are disabled as soon as the IT Department is notified of termination of employment. Human Resources should notify the Executive Director immediately when such personnel actions are imminent.

Passwords to terminated employees accounts will not be provided to other individuals. File access can be provided through system delegation facilities.

Enforcement Procedures

The College retains right without restriction to monitor, authorize, control, or stop the use of any technology found on its computers or networks.

Violations of the Acceptable Use Policy will be referred to the appropriate senior officer of the college for action through the established disciplinary processes of the college. The results of such referral may include but is not limited to:

• Files and/or programs may be deleted.
• User access privileges may be inactivated.
• User accounts may be removed.
• Users may be suspended, expelled or terminated from college employment.

If a member of the college community believes that another has violated his or her rights, he/she should report the incident to the Executive Vice President and his/her department head.

MWCC Administrative Computing Use Policy

The Family Educational Rights and Privacy Act of 1974 (FERPA), plus its amendments, set forth rights and responsibilities regarding the privacy of student record information. FERPA governs release of student records maintained by the college and access to these records. For detailed information about FERPA contact the Office of the Registrar or visit the American Association of Collegiate Registrars and Admissions Officers (AACRAO).

All employees of the MWCC are required to abide by the regulations of FERPA and those of the college regarding access to and use of student information, college financial information and college alumni development information. Student access to Banner for data entry purposes is expressly prohibited.

Department heads, Division heads, Directors and other supervisory personnel are responsible for ensuring that their respective employees follow the FERPA and college guidelines. The college houses its administrative data on its servers. The software package includes Admissions, Registration Records, Grading, Financial Aid Management, Billing, Accounts Payable, General Ledger and Alumni Development Records. Employees who have access to administrative system data must understand and accept the responsibility of working with confidential data. In addition to FERPA, college rules apply to all employees with an administrative system account.

Each employee is given a username and password. This account is for the employee’s use only and should not be shared with supervisors, co-workers, family, or friends. In no case is the sharing of access accounts or passwords authorized.

Each employee will be held responsible for any data input into or retrieval from the administrative system via his/her account. Employees are fully responsible for any system actions initiated under the employee’s user id and password.

An administrative computing account is for use for work-related activities only. Access at other times is prohibited.

Information that does not relate to the work assigned by your supervisor should not be viewed (e.g. looking up friends or co-workers) or altered (e.g. changing a friend’s address) in any way.

Since administrative data is confidential, no employee will discuss or share any data with any other person except as is needed to carry out his/her job responsibilities.

All access to electronic data and reports shall be secured. Sign off the system, put reports away in drawers and/or cabinets when leaving your work areas, especially for long periods of time. Ensure that your computer uses a password protected screen saver to minimize unauthorized disclosure of confidential information.

Mount Wachusett Electronic Communications Acceptable Use Policy

Mount Wachusett Community College works in a large, complex information technology environment requiring communications involving both confidential and public data. New technologies offer the college methods to make this communication easier between students, staff, departments, campuses, other colleges, and others. The college has several types of electronic mail systems on its various computer systems, enabling its students and employees to take advantage of these technologies. In addition several types of electronic communications services, including chat, discussion lists, voice mail, and instant messaging services are used by the college community.

However, with this open communication network, vulnerabilities to the privacy of electronic messages possibly containing confidential or proprietary information arise. College electronic communications users need to be aware of the vulnerabilities in electronic communications and of the legal responsibilities that accompany the use of this medium.

Purpose

These standards:

• Define who may use the electronic communications systems controlled and administered by MWCC.
• Outline responsibilities related to maintenance and use of such systems.
• Provide guidelines for the security and confidentiality of college electronic mail, and other forms of electronic communications.
• Provide methods for monitoring, enforcing and dealing with exceptions to this policy.

Scope

College Electronic Communications Polices shall apply to all:

• Electronic mail (email) created, sent or maintained within, administered by or networked to the electronic mail systems of MWCC.
• College email users.
• All other forms of electronic communications, including voice systems and instant messaging services, and other forms of electronic communications listed in the introduction and to any new forms of electronic communications that may be introduced.

Responsibilities

The President, together with the senior officers of the college, determines what categories of individuals (e.g., full time, part-time, staff, students, economic partners, other educational institutions, general public, etc.) may access college electronic communications systems. These individuals will determine which college department(s) shall be responsible for administering electronic communications systems and security, and procedures for monitoring. Campus Electronic Communications Policies will ensure that Electronic Communications Administrators are responsible for:

• Determining what categories of individuals, within the guidelines set by the President and campus administrators, may access the communications system under their control.
• Ensuring that a security plan for the email system for which they are responsible has been developed, implemented, and is maintained. The security plan should include an analysis of whether message encryption is needed.
• Ensuring that a backup plan to allow for message/system recovery in the event of a disaster has been developed, tested, and implemented.
• Periodically assessing the level of risk within the mail system.
• Ensuring that filters to keep text from view of system maintenance personnel have been installed, when technologically possible.
• Ensuring that appropriate steps are taken to prevent a system break-in or intrusion through the electronic communications application.
• Providing information regarding electronic mail vulnerabilities to email users so that they may make informed decisions regarding how to use the system.
• Ensuring that all electronic mail ids for individuals with email accounts on college systems have been deleted when: an authorized user has terminated employment, graduated or withdrawn from the college, and when a "courtesy account" is inactive or no longer needed.
• Ensuring that email message retention standards, within the guidelines of these and other college policies have been developed and are implemented for their electronic mail system.

Campus Electronic Mail Policies will ensure that employees responsible for maintaining, repairing and developing email resources will exercise special care and access email messages only as required to perform their job function. These employees will not discuss or divulge the contents of individual email messages viewed during maintenance and trouble-shooting.

Campus Electronic Mail Policies will ensure that college email users will:

• Use email in a responsible manner consistent with other business communications (e.g., phone, correspondence).
• Safeguard the integrity, accuracy and confidentiality of college electronic mail.
• Only use mail ids assigned to them.
• Remove mail from their mailbox consistent with college, campus, departmental or electronic mail administrator message retention policies and standards.

Campus Electronic Mail Policies prohibit college email users from:

• Sending any unsolicited mail or materials that are of a fraudulent, defamatory, harassing, or threatening nature.
• Posting materials that violate existing laws or college codes of conduct, are inconsistent with the college mission, or are commercial advertisements or announcements on any electronic bulletin boards.
• Forwarding any other form of unnecessary mass mailing (such as chain letters) to college or external email users.
• Using their email access to unlawfully solicit or exchange copies of copyrighted materials in any form.

Electronic Communications Security and Confidentiality Standards

Campus Electronic Communications Policies will ensure that those who access and use these systems are aware and understand that:

The college considers an electronic communications message to be a personal or business correspondence that should, therefore, be dealt with in the same manner as paper correspondence items.

Although electronic communications may be considered the property of the sender and/or receiver, these messages are stored on college computer systems. Therefore, administration of electronic communications systems may require that administrative staff read or access in other ways message contents. Users shall have NO EXPECTATION OF PRIVACY over the content of electronic communications maintained on the college’s computer system.

The college will not routinely monitor the content of electronic documents or messages. Electronic documents and messages may be accessed by technical maintenance, security and troubleshooting staff while performing their duties. Such access may occur when a problem in the software or network arises. Additionally electronic mail may pass out of one computer environment, across a network, and into another computer environment even within the college system. This transport becomes increasingly complicated as mail travels between departments, campuses, universities, states, or nations. The level of security over your messages is affected each time the computer hardware, software and environment changes. Untraceable leaks may occur.

If there is a college investigation for alleged misconduct, the President or his designee may authorize that electronic communications or files may be locked or copied to prevent destruction and loss of information. Additionally, the college may monitor the content of electronic documents and messages, or access email backups or archives as a result of a college investigation, legal discovery, writ, warrant, subpoena, or when there is a threat to the computer systems integrity or security.

The confidentiality of the contents of email messages that include certain types of information (e.g., student related, medical, personal) may be protected by the Family Educational Rights and Privacy Act of 1974 (as amended) and/or the Electronic Communications Privacy Act of 1986. Additionally, the contents of email messages may be classified as public by the Massachusetts Fair Information Practices Act (MGL Title X, c66A, refer to https://malegislature.gov/Laws/GeneralLaws/PartI/TitleX/Chapter66A ) and/or the Massachusetts Public Records Act (MGL Title X, c66, refer to https://malegislature.gov/Laws/GeneralLaws/PartI/TitleX/Chapter66). Further recent federal legislation, referred to as the Patriot Act, may require the college to disclose to law enforcement officers’ information previously considered to be privileged without notification.

The authenticity of an email message cannot be assured due to the state of present email technology. This means that the authorship or source of an email message may not be as indicated in the message. Methods exist to provide for authentication of email messages. Email clients who require this level of security are to contact the Help Desk for assistance in obtaining a digital certificate.

College Email Users may retain active mail files for the retention period instituted by the Electronic Mail Administrator. Deleted and expired email messages will be irretrievable after 90 days.

Electronic Mail Use Standards

The following policies govern the use of college email equipment/systems:

Individuals are prohibited from using an electronic mail account assigned to another individual either to send or receive messages. If it is necessary to read another individual's mail (e.g., while they are on vacation, on leave, etc.), delegation or message forwarding should be requested from the email administrator.

College Email Users are encouraged to use these communications resources to share knowledge and information in support of the college's mission. Occasional and incidental social communications using electronic mail are not prohibited; however, such messages should be limited and not interfere with an employee’s job function.

Individuals with email ids on college computer systems are prohibited from sending messages which: violate existing laws or college codes of conduct or policies; are inconsistent with the college mission; or are advertisements or announcements for a commercial business without prior approval of the President or his/her designee.

Authorized users should not "rebroadcast" information obtained from another individual that the individual reasonably expected to be confidential.

Bulletin boards used for soliciting or exchanging copies of copyrighted software are not permitted on college systems.

Authorized users are prohibited from sending, posting, or publicly displaying or printing unsolicited mail or material that is of a fraudulent, defamatory, harassing, abusive, obscene or threatening nature on any college system. The sending of such messages/materials will be handled according to current college codes of conduct, policies and procedures.

The college accepts no responsibility for the content of electronic mail received. If a student, faculty, or staff member receives electronic mail that is considered harassing, threatening or offensive, he/she should contact the appropriate college office for assistance.

Federal and state laws and college policies against racism, sexism and sexual harassment apply to electronic communications. Additionally, the college has special concern for incidents in which individuals are subject to harassment or threat because of membership in a particular racial, religious, gender or sexual orientation group.

Social Media Use Standards

In an effort to foster a professional work environment for all employees and to protect the interests of Mount Wachusett Community College the following policies govern the use of all personal social media channels by the employees at Mount Wachusett Community College.