NDSCS College Catalog
|
|
| North Dakota University System Computer and Network Usage Policy |
| |
| The following are excerpts from NDUS policy. To see full policy refer to: Full Policy |
| |
| Authorized use: |
| Use of computing and networking resources shall be limited to those resources and purposes for which access is granted. Use for political purposes is prohibited. (see section 39-01-04 of the ND Century Code) Use for private gain or other personal use not related to job duties or academic pursuits is prohibited, unless such use is expressly authorized under governing institution or system procedures, or, when not expressly authorized, such use is incidental to job duties or limited in time and scope, and such use does not: (1) interfere with NDUS operation of information technologies or electronic mail services; (2) burden the NDUS with incremental costs; or (3) interfere with the user’s obligations to the institution or NDUS. |
| |
| Authorized user(s): |
| Computing and networking resources are provided to support the academic research, instructional, outreach and administrative objectives of the NDUS and its institutions. These resources are extended to accomplish tasks related to the individual’s status with NDUS or its institutions. Authorized users are (1) current faculty, staff and students of the North Dakota University System; (2) individuals connecting to a public information service (see section 5.3); and (3) other individuals or organizations specifically authorized by the NDUS or an NDUS institution. For the purposes of this policy, no attempt is made to differentiate among users by the user’s group. These policies treat all users similarly, whether student, faculty, staff or other authorized user, in terms of expectations of the user’s conduct. |
| |
| Privacy |
| In general, all electronic information shall be free from access by any but the authorized users of that information. Exceptions to this basic principle shall be kept to a minimum and made only when essential to: |
| 1. meet the requirements of the state open records law and other statutory or regulatory requirements; |
| 2. protect the integrity College or University and the rights and property of the State; |
| 3. allow system administrators to perform routine maintenance and respond to emergency situations such as combating “viruses” and the like (see sections 4.3, 4.4). |
| |
| Encryption and password protection |
| When using encryption utilities or password protection schemes on institutional information or computing equipment, a unit-level recovery process must be used. No data protection schemes may be used to deprive a unit or institution from access to data or computing equipment to which they are entitled. |
| |
| Freedom from harassment and undesired information |
| All members of the campus community have the right not to be harassed by computer or network usage of others (see section 3.1.3.). |
| |
| Appeals of sanctions |
| Individuals may appeal any sanctions according to the process defined for their institution. |
| |
| Individual Responsibilities |
| Each member of the campus community enjoys certain privileges and is responsible for the member’s actions. The interplay of these privileges and responsibilities engenders the trust and intellectual freedom that form the heart of this community. |
| |
| Respect for rights of others and legal and policy restrictions |
| Users are responsible to all other members of the campus community in many ways. These include the responsibility to: |
| - respect and value the right of privacy; |
| - recognize and respect the diversity of the population and opinion in the community, and; |
| - comply with NDUS and institution policy and all laws and contracts regarding the use of information that is the property of others. |
| |
| Encryption and password protection |
| When using encryption utilities or password protection schemes on institutional information or computing equipment, a unit-level recovery process must be used. No data protection schemes may be used to deprive a unit or institution from access to data or computing equipment to which they are entitled. |
| |
| Freedom from harassment and undesired information |
| All members of the campus community have the right not to be harassed by computer or network usage of others (see section 3.1.3.). |
| |
| Appeals of sanctions |
| Individuals may appeal any sanctions according to the process defined for their institution. |
| |
| Individual Responsibilities |
| Each member of the campus community enjoys certain privileges and is responsible for the member’s actions. The interplay of these privileges and responsibilities engenders the trust and intellectual freedom that form the heart of this community. |
| |
| Respect for rights of others and legal and policy restrictions |
| Users are responsible to all other members of the campus community in many ways. These include the responsibility to: |
| - respect and value the right of privacy; |
| - recognize and respect the diversity of the population and opinion in the community, and; |
| - comply with NDUS and institution policy and all laws and contracts regarding the use of information that is the property of others. |
| |
| Privacy of information |
| All electronic information which resides on NDUS and institution computers, and any data on any device that connects, wired or wireless, to the campus network may be determined to be subject to the open records laws of North Dakota. |
| Individuals are prohibited from looking at, copying, altering, or destroying another individual’s electronic information without explicit permission (unless authorized or required to do so by law or regulation). The ability to access a file or other information does not imply permission to do so unless the information has been placed in a public area such as a Web site. |
| The NDUS CIO is authorized to develop and publish standards for the NDUS institutions. The NDUS Data Classification and Information Technology Security Standard further defines and explains NDUS and institution data classifications, standards, and security responsibilities. |
| Except to the extent that a user lacks control over messages sent to the user, electronic information is deemed to be in the possession of a user when that user has effective control over the location of its storage. |
| |
| Intellectual property |
| Users are responsible for recognizing and honoring the intellectual property rights of others. Users are prohibited from using, inspecting, copying, storing, and redistributing copyrighted material and computer programs in violation of copyright laws. Software subject to licensing must be properly licensed and all users must strictly adhere to all license provisions (installation, use, copying, number of simultaneous users, term of license, etc.). |
| When reproducing or distributing information, users are responsible for the observation of copyright rights and other intellectual property rights of others and all state and federal laws, Institutional and NDUS policies. Generally materials owned by others cannot be used without the owner’s permission. Written consent from the copyright owner is normally necessary to reproduce or distribute copyrighted material. There are some exceptions such as fair use in teaching and in research. |
| Documentation of consent to use copyrighted materials must be kept on record and made available to institution officials upon request. The NDUS assumes no obligation to monitor users for infringing activities, but will, when such activities are called to the appropriate official’s attention, investigate to determine if there is likely infringement and make appropriate responses. |
| Users should also be careful of the unauthorized use of trademarks. Certain uses of such marks online on Web sites or in domain names can constitute trademark infringement. Unauthorized use of an institution’s name in these situations can also constitute trademark infringement. |
| |
| Harassment |
| Users may not use NDUS or NDUS Institution computers or networks to harass any other person. |
| Prohibited activities include, but are not limited to: (1) intentionally using the computer to annoy, harass, terrify, intimidate, threaten, offend or bother another person by conveying obscene language, pictures, or other materials or threats of bodily harm to the recipient or the recipient’s immediate family; (2) intentionally using the computer to contact another person repeatedly with the intent to annoy, harass or bother, whether or not an actual message is communicated, and/or the purpose of legitimate communication exists, and where the recipient has expressed a desire for the communication to cease; (3) intentionally using the computer to contact another person repeatedly regarding a matter for which one does not have a legal right or institutional sanction to communicate, once the recipient has provided reasonable notice that he or she desires such communication to cease; (4) intentionally using the computer to disrupt or damage the academic, research, administrative, or related pursuits of another; or (5) intentionally using the computer to invade the privacy, academic or otherwise, of another or the threatened invasion of the privacy of another. |
| |
| Attempts to circumvent security |
| Users are prohibited from attempting to circumvent or subvert any system’s security measures. Any security incidents should be reported to the system administrators and the Campus IT Security Officer. |
| |
| Decoding access control information |
| Users are prohibited from using any computer program or device to intercept or decode passwords or similar access control information. |
| |
| Denial of service |
| Deliberate attempts to degrade the performance of any computer system or network or to deprive authorized personnel of resources or access to any computer system or network are prohibited. |
| |
| Harmful activities |
| Harmful activities are prohibited. Examples include, but are not limited to: IP spoofing; creating and propagating viruses; port scanning; disrupting services; damaging files; or intentional destruction of or damage to equipment, software or data. |
| |
| Unauthorized activities |
| Authorized users may not: |
| - damage computer systems; |
| - obtain extra resources not authorized to them; |
| - deprive another user of authorized resources, or |
| - gain unauthorized access to systems by using knowledge of: |
| a special password; |
| loopholes in computer security systems; |
| another user’s password; or |
| access abilities used during a previous position. |
| |
| Unauthorized monitoring |
| Authorized users may not use computing resources for unauthorized monitoring or scanning of electronic communications without prior approval of the campus CIO or the campus or NDUS IT Security Officer. |
| |
| Personal business |
| Computing and networking resources may not be used in connection with compensated outside work or for private business purposes unrelated to the NDUS or institutions, except in accordance with the NDUS Consulting Policy. |
| |
| NDUS and NDUS Institutional Privileges |
| Imposition of sanctions |
| The institution may impose sanctions on anyone who violates the Computer and Network Usage Policy. |
| |
| Suspension of individual privileges |
| NDUS and institutions operating computers and networks may suspend computer and network privileges of a user: |
| - to protect the integrity, security or functionality of the institution or NDUS and/or their resources or to protect the institution or NDUS from liability; |
| - to protect the safety or well-being of members of the community, or |
| - upon receipt of a legally served directive of appropriate law enforcement agencies or others. |
| Access will be promptly restored when the protections are assured, unless access is suspended as a result of formal disciplinary action imposed by Campus Judicial Officers, HECN or other legal officers. |
| |
| First and minor incident |
| Minor infractions of these policies are generally resolved informally by the unit administering the accounts or network in conjunction with the Campus Information Technology Security Officer. Minor infractions are those in which the impact on the computer or network resource is minimal and limited to the local network. Resolution of the infraction will include referral to the Code of Student Life, staff or faculty handbooks, or other resources for self-education about appropriate use. In the case of students, a copy of the resolution will be sent to the Campus Judicial Officer. |
| |
| Subsequent and/or major violations |
| Repeated minor infractions or more serious misconduct may result in immediate loss of computer access privileges or the temporary or permanent modification of those privileges. More serious violations include, but are not limited to, unauthorized use of computing facilities, attempts to steal passwords or data, unauthorized use, distribution or copying of licensed software, or other copyrighted materials, use of another’s account, harassment or threatening behavior, or crashing the system. Policy violators will be referred by the campus Information Technology Security Officer to the Campus Judicial Officer for further action. |
| |
| Range of disciplinary sanctions |
| Users who violate this policy are subject to the full range of sanctions, including the loss of computer or network access privileges, disciplinary action, dismissal from the institution, and legal action. Use that is judged excessive, wasteful, or unauthorized may result in denial of access to computing and networking resources and may subject the user to appropriate disciplinary and/or legal procedures. Any offense which violates local, state, or federal laws may result in the immediate loss of all computing and networking resource privileges and will be referred to appropriate college or university offices and/or law enforcement authorities. |
| |
| Appeals |
| Notice of violations and appeals of decisions will follow campus procedures. |
| |
