Acceptable Use Policy
Revised: 06/30/2009
1. Overview.
This policy is intended to protect the TCCC-RYSS’s faculty, employees, Students and employees as well as TCCC-RYSS from the consequences of illegal or damaging actions by individuals using the TCCC-RYSS Information Technology Network.
The TCCC-RYSS Information Technology Network includes: Internet/Intranet/Extranet-related systems, including but not limited to computer/Networking equipment, Software, Operating Systems, storage media, Network accounts providing electronic mail, Instant Messaging, student information system, WWW browsing, and FTP, which are the property of TCCC-RYSS. They are to be used for TCCC-RYSS business purposes and to serve the interests of TCCC-RYSS, and as well as all Authorized Users. Effective computer Security is a team effort requiring the participation and support of every TCCC-RYSS faculty member, employee, student and Authorized User who deals with information and/or information systems. It is the responsibility of every computer user to know the TCCC-RYSS Information Technology Policies and Procedures, and to comply with the TCCC-RYSS Information Technology Policies and Procedures.
2. Purpose.
This policy describes the Authorized Use of the TCCC-RYSS Information Technology Network and protects TCCC-RYSS and Authorized Users. Unauthorized uses expose TCCC-RYSS to many risks including legal liability, Virus attacks, and the compromise of Network systems, Services, and information.
3. Scope.
This policy applies to all persons with a TCCC-RYSS-owned, third party-owned, or personally-owned computing device that is connected to the TCCC-RYSS Information Technology Network. 4.
4. Policy.
a. General Use and Ownership.
1. Data created by Authorized Users that is on the TCCC-RYSS Information Technology Network is the property of TCCC-RYSS. There is no guarantee that information stored on the TCCC-RYSS Information Technology Network device will be confidential.
2. Authorized Use includes reasonable personal use of the TCCC-RYSS Information Technology Network by Authorized Users. TCCC-RYSS departments are responsible for creating guidelines concerning personal use of the TCCC-RYSS Information Technology Network. In the absence of such guidelines, employees should consult their supervisor, manager, or the Information Security Guidelines; Students should consult the Student Assistance Center.
3. Any information that an Authorized User considers to be sensitive or vulnerable should be encrypted. For guidelines on information classification, see Information Security's Information Sensitivity Policy. For guidelines on encrypting Email and documents, consult Information Security's Awareness Initiative.
4. Authorized TCCC-RYSS employees may monitor the TCCC-RYSS Information Technology Network traffic at any time, in accordance with the Information Security Audit Policy.
5. TCCC-RYSS reserves the right to audit Networks and systems on a periodic basis to ensure compliance with the TCCC-RYSS Information Technology Policies and Procedures.
b. Security and Proprietary Information.
1. Authorized Users are required to classify the user interface for information contained on the TCCC-RYSS Information Technology Network as “confidential” or “not confidential,” as defined by TCCC-RYSS Confidentiality Guidelines. Confidential information includes, but is not limited to: TCCC-RYSS private data, specifications, student information, and research data. Employees are required to take all necessary steps to prevent unauthorized access to this Sensitive Information.
2. Authorized Users are responsible for the Security of their passwords and accounts and must keep passwords confidential and are not permitted to share accounts.
3. Authorized Users are responsible for logging out of all systems and accounts when they are not being used; they must not be left unattended.
4. All laptops and workstations that are part of or connected to the TCCC-RYSS Information Technology Network are required to be secured with a password-protected screensaver with the automatic activation feature set at 10 minutes or less, or by logging-off when the device will be unattended.
5. Encryption of information must be used in compliance with Information Security's Acceptable Encryption Use Policy.
6. Authorized Users are required to exercise special care to protect laptop computers that are part of or connected to the TCCC-RYSS Information Technology Network in accordance with the “Laptop Security Guidelines.”
7. Postings by Authorized Users from a TCCC-RYSS Email address must contain a disclaimer stating that the opinions expressed are strictly those of the author and not necessarily those of TCCC-RYSS, unless posting has been done in the course of TCCC-RYSS business.
8. All computers used by Authorized Users that are connected to the TCCC-RYSS Information Technology Network, whether owned by the individual or TCCC-RYSS, must be continually executing approved Virus-scanning Software with a current Virus Database.
9. Authorized Users must use extreme caution when opening e-mail attachments received from unknown senders, which may contain Viruses, e-mail bombs, or Trojan Horse codes.
c. Unacceptable Use of the TCCC-RYSS Information Technology Network.
The following activities are prohibited, although TCCC-RYSS employees who are Authorized Users may be exempted from these restrictions during the performance of their legitimate job responsibilities. Under no circumstances is an Authorized User permitted to engage in any activity that is illegal under local, state, federal or international law while utilizing the TCCC-RYSS Information Technology Network.
Unacceptable use includes, but is not limited to the following activities:
System and Network Activities
The following activities are strictly prohibited, with no exceptions:
1. Violations of the rights of any person or company protected by copyright, trade secret, patent or other Intellectual Property, or similar laws or regulations, including, but not limited to, the installation or distribution of copyrighted or other Software products that are not licensed for use by TCCC-RYSS.
2. Unauthorized copying of copyrighted material including, but not limited to, digitization and distribution of photographs from magazines, books or other copyrighted sources, copyrighted music, and the installation of any copyrighted Software for which TCCC-RYSS or the Authorized User does not have an active license is strictly prohibited.
3. Exporting Software, technical information, Encryption Software or technology, in violation of international or regional export control laws, is illegal. TCCC-RYSS management must be consulted prior to export of any material that is in question.
4. Introduction of Malicious Software into the TCCC-RYSS Information Technology Network (e.g., Viruses, Worms, Trojan Horses, e-mail bombs, etc.).
5. An Authorized User’s revelation of that person’s account password to others or allowing use of an Authorized User’s account by others, including family and other household members when an Authorized User’s computer is connected to the TCCC-RYSS Information Technology Network from home or other non-TCCC-RYSS locations.
6. The use of a component of the TCCC-RYSS Information Technology Network or other computing asset to actively engage in procuring or transmitting material that violates sexual harassment or hostile workplace laws or that violates any TCCC-RYSS policy. Pornographic material is a violation of sexual harassment policies.
7. Making fraudulent offers of products, items, or services originating from any TCCC-RYSS account or otherwise made from a computer connected to the TCCC-RYSS Information Technology Network.
8. Causing Security breaches or disruptions of communication over the TCCC-RYSS Information Technology Network. Security breaches include, but are not limited to, accessing data or other communications of which the Authorized User is not an intended recipient or logging into an account that the Authorized User is not expressly authorized to access. For purposes of this section, "disruption" includes, but is not limited to, Network Sniffing, traffic floods, Packet Spoofing, Denial of Service, etc.
9. Port Scanning or Security Scanning is expressly prohibited unless prior notification to Information Security is made.
10. Executing any form of Network monitoring which will intercept data not intended for the Authorized User is expressly prohibited, unless this activity is a part of the Authorized User’s normal job/duty.
11. Circumventing User Authentication or Security of any device, Network, or account.
12. Interfering with or denying Service to any user other than the individual's Host (for example, a Denial of Service attack).
13. Using any Program/script/command, or sending messages of any kind, with the intent to interfere with or disable a user's terminal session, via any means locally or remotely.
14. Providing information about, or lists of, TCCC-RYSS employees or Students to non-TCCC-RYSS parties.
Email and Communications Activities
1. Sending unsolicited Email messages, including the sending of "junk mail" or other advertising material to individuals who did not specifically request such material (Email SPAM).
2. Any form of harassment via Email, instant messenger, telephone, or pager, whether through language, frequency, or size of messages.
3. Unauthorized use, or forging, of Email header information.
4. Solicitation of Email for any other Email address, other than that of the Authorized User’s own account, with the intent to harass or to collect replies.
5. Creating or forwarding Chain email, Phishing, or other scams of any type.
6. Use of the TCCC-RYSS’s name in any unsolicited Email on behalf of, or to advertise, any service or product without the explicit written permission of TCCC-RYSS.
7. Posting the same or similar non-business-related messages to large numbers of Usenet newsgroups (newsgroup SPAM).
5. Enforcement.
Any Authorized User found to be in violation of this policy will be considered an Unauthorized User, and as such are subject to disciplinary action pursuant with the Enforcement section of the Unauthorized Use Policy.
