Technology Resource Standards

PURPOSE

Yavapai College (the College) provides access to information technology resources in a manner consistent with the College mission, and in compliance with all state and federal regulations. 

POLICY APPLICATION

This policy applies to all employees, students, volunteers, District Governing Board members and any individual who uses the technology resources of the College. 

OPERATIONAL POLICY 

This policy establishes the Technology Resource Standards for use of the College technology, and the responsibilities. This is a supplement to general College operational policies, applicable law and other specific operational policies, including Electronic Communications, 5.29. 

I. COLLEGE RESPONSIBILITIES

1. The College provides access to technology and information resources which support the advancement of learning opportunities and operational needs. Consistent with constitutional and statutory mandates, the College has established clear guidelines to safeguard the use of technology resources which are acquired and maintained with public funds, and are required to be used for public business and not private purposes. 

II. USER RESPONSIBILITIES

1. All users of College technology resources are expected to be aware of, and understood how to comply with, the College Technology Resource Standards (Standards). In some cases, an individual area or department may establish guidelines for technology resource usage that supplement, but do not replace or waive, these college-wide Standards. All users are expected to complete any required technology and security training and to bring questions to their supervisor or the ITS department if they need clarification. Users are required to keep their passwords confidential and not share them with others. 

DEFINITIONS

Technology Resources: All technologies that produce, manipulate, store, communicate or disseminate information. These resources include wired and wireless data, video and voice networks, computers for processing information, and other devices for storing and archiving information. 

Incidental Personal Use: Occasional or infrequent personal use with little or no cost to the College and which, considering its value and the frequency with which it is used, is so small as to make accounting for it unreasonable or impractical. 

PROCEDURE DESCRIPTION

This procedure outlines the necessary guidelines and processes to govern the responsible use of the College's technology resources consistent with the standards established in the Technology Resource Standards, 5.27 policy.

PROCEDURE RESPONSIBILITY

This procedure is administered and maintained by the Chief Information Officer or designee.

PROCEDURE

I. ACCESS AND USE

1. Faculty, staff, and students and, in a limited number of cases, contracted workers and the public, have access to the College technology resources for legitimate purposes including educational, research, service, operational and management purposes. College technology resources include, but not limited to, desktop and laptop systems, tablets, printers, central computing facilities, the College internal networks, telephones, internet access, and email) of the College are available to faculty, staff, and students and, in a limited number of cases, the College contractors and the public. 
2. Use of the College's technology resources, including websites created by the College employees and students, is limited to educational, research, service, operational, and management purposes of the College. Likewise, data, voice, images, and links to external sites posted on or transmitted via the College's technology resources are limited to the same purposes.
3. Acceptable use of these resources requires reasonable care and compliance with applicable laws, regulations and the College operational policies.
4. Limited incidental personal use of the College technology resources, including through the use of personal email systems, is permitted, except as described under "Prohibited Conduct." The College employees are responsible for exercising good judgment about personal use following this operational policy and ethical standards. Personal use refers to activities that only affect the individual and are unrelated to an employee's outside business. The College employees must behave in a way that will not raise concern that they are or might be engaged in acts in violation of the public trust.

II.  ACCEPTABLE USE STANDARDS

Access to the college's technology resources can generally be obtained only through use of a password known exclusively to the user. It is those users' responsibility to keep a password confidential. In addition, the standards for the acceptable use of computer resources require users to exercise care as follows: 

1. Responsible behavior with respect to the electronic information environment at all times;
2. Behavior consistent with the mission of the College and with authorized activities of the College or members of the College community;
3. Respect for the principles of open expression;
4. Compliance with all applicable laws, regulations, and the College operational policies;
5. Truthfulness and honesty in personal and computer identification;
6. Respect for the rights and property of others, including intellectual property rights;
7. Behavior consistent with the privacy and integrity of electronic networks, electronic data and information, and electronic infrastructure and systems; and
8. Respect for the value and intended use of human and technological resources.

III.  USE OF NON-COLLEGE TECHNOLOGY

1. Under Arizona's public records law, the College is required to transact business so that its records are accessible and retrievable. The operational policy underlying the law is that work done in the name of the public must be transparent. Thus, any member of the public may request public records and, except in a few specific instances, are entitled to get copies of them.
2. The College records are retained for the period of time required by, and disposed of, according to record retention mandates established by Arizona State Library, Archives and Public Records.
3. Each individual user is responsible for ensuring that the records they create, receive, or manipulate are retained and disposed of consistent with the College's processes. Therefore, an employee's use of non-College technology resources for communication of any type of the College business is strongly discouraged because those records are less capable of being managed according to the College's process.
4. Additional information on retention, retrieval and disclosure processes are found in Policy 5.28. Retrieval, Disclosure and Retention of Records. Note that Operational Policy 5.29 - Electronic Communications provides additional context on permissible and impermissible electronic communication, particularly use of non-College technology to conduct college business.

IV. INCIDENTAL COMPUTER AND TECHNOLOGY USAGE

1. Limited incidental personal use of the College technology resources including through use of personal email systems is permitted, except as described in item 16 in Section V. Prohibited Conduct. Users are responsible for exercising good judgment about personal use in accordance with this procedure and ethical standards.
2. Personal use refers to activities which only affect the individual and that are not related to a user's outside business.
3. Employees and other users are required to conduct themselves in a manner which will not raise concern that they are, or might be, engaged in acts in violations of the public trust.

V.  PROHIBITED CONDUCT

Examples of prohibited conduct include, but are not limited to, the following:

1. Posting to the network, downloading or transporting any material that would constitute a violation of the College contracts.
2. Unauthorized attempts to monitor another user's password protected data or electronic communication, or delete another user's password protected data, electronic communications or software, without that person's permission.
3. Installing or running on any system a program that is intended to or is likely to result in eventual damage to a file or computer system.
4. Performing acts that would unfairly monopolize technology resources to the exclusion of other users, including (but not limited to) unauthorized installation and utilization of unsanctioned system software.
5. Developing or maintaining an unauthorized website, social media presence, or similar, that uses the College name or branding.
6. Use of technology resources for non-college commercial purposes, including advertising personal services, regardless of financial gain.
7. Use of software, graphics, photographs, or any other tangible form of expression that would violate or infringe any copyright or similar legally-recognized protection of intellectual property rights.
8. Activities that would constitute a violation of any the College operational policy.
9. Transmitting, storing, or receiving data, or otherwise using technology resources in a manner that would constitute a violation of state or federal law, or the College operational policy including, but not limited to, obscenity, defamation, threats, harassment, and theft.
10. Attempting to gain unauthorized access to a computing or network resource, or attempting to identify or enumerate devices, ports, software, or hardware installed on computing and network resources to identify potential vulnerabilities or perform malicious acts.
11. Exploiting any technology resources by attempting to prevent or circumvent access, or using unauthorized data protection schemes.
12. Deliberately performing any act that would disrupt normal operations of the college systems or network.
13. Using technology resources to wrongfully hide the user's identity or pose as another person.
14. Allowing any unauthorized access to the college technology and non-technology resources.
15. Making personal long distance or other toll calls, except where the charges for the calls are incurred directly by the caller or arrangements are otherwise made at the time of the call to bill the caller directly.
16. Intermittent use of technology resources that interferes with the performance of an employee's responsibilities.
17. Deleting or altering a public record in violation of public records retention requirements, or in anticipation of receiving or after receipt of a public records request, subpoena or a complaint filed as part of a grievance, investigation or review, or other lawful request for the record. (Reference Retrieval, Disclosure and Retention of Records, 5.28)
18. The College's technological equipment and resources must be used following the Copyright Use operational policy. Using the College's technological equipment and resources to illegally copy, download, access, print, or store copyrighted material is forbidden. For example, file-swapping copyrighted material such as music or movies is prohibited. Users found to violate this operational policy will have their accounts terminated and their privileges to use the College's technological equipment and resources revoked. Peer-to-Peer file sharing (P2P) is prohibited on the campus network (Reference Peer-to-Peer (P2P) File Sharing Policy: 5.26).

VI.  EXPECTATION OF PRIVACY

1. The maintenance, operation and security of the College technology resources, require that authorized personnel have access to those resources and, on occasion, review the content of data and communications stored on or transmitted through those resources. It is not the College practice to actively monitor the content of emails, files, images, links or other data stored on or transmitted through the College technology resources.
2. Any other review may be performed exclusively by persons expressly authorized for such purpose and only for sufficient cause. To the extent possible in the electronic environment and in a public setting, a user's privacy will be honored. Nevertheless, that privacy is subject to Arizona's public records laws and other applicable state and federal laws, all of which may supersede a user's interests in maintaining privacy in the information contained in the College's technology resources.
3. While the College takes reasonable measures to ensure network security, it cannot be held accountable for unauthorized access to its technology resources by other persons, both within and outside the College community. Moreover, it cannot guarantee employees and students protection against reasonable failures.

VII.  MISUSE OF RESOURCES

1. Complaints or allegations of a violation of this operational policy will be addressed through the College's normal grievance process (Performance Expectations and Corrective Action: 2.21) for employees, or the Student Code of Conduct for students.
2. If any user is determined to be in violation of these standards, the College may unilaterally delete any offending content and terminate the user's access to the College technology resources.
3. It is the user's responsibility to demonstrate and/or establish the relevance of content in the event that a content complaint is made official. Users retain the right to appeal actions through the College's grievance procedures.

VIII. DISCLAIMER NOTICE

1. All information published online by the College is subject to change without notice. The College is not responsible for errors or damages of any kind resulting from access to its internet resources or use of the information contained therein. Every effort has been made to ensure the accuracy of information presented as factual; however, information is provided by many different people and errors may exist. Users are directed to counter-check facts when considering their use in other applications.
2. The College is not responsible for the content or functionality of any technology resource not owned by the institution.
3. The statements, comments, or opinions expressed by users through the use of the College's technology resources are those of their respective authors, who are solely responsible for them and do not necessarily represent the views of the College.