08:14:01 Technology Responsible Use
|
|
- Introduction: This policy constitutes the management of all information technology resources, whether managed/supported by Technology Division or other Chattanooga State Community College departments and includes personal equipment/applications, i.e., mobile devices and Chattanooga State provided systems (laptops, iPads, etc.) use for telecommuting.
- The rights of academic freedom and freedom of expression apply to the use of the Chattanooga State information technology systems and resources; along with the responsibilities and limitations associated with those rights. The use of these resources must comply with all Chattanooga State Technology Division Policies and applicable Federal, State and Tennessee Board of Regents laws and policies. This list of unlawful activities is illustrative and not intended to be exhaustive. Electronically available information may not:
- Contain copyrighted material or software unless the permission of the copyright owner has been obtained, except where allowed by law.
- Violate College policy prohibiting harassment.
- Be used for commercial purposes.
- Appear to represent Chattanooga State without appropriate permission, or to represent others.
- Contain scripts or code that could cause a security breach or permit use of resources in opposition to Technology Division or College policy.
- Be used for file sharing/gaming software/applications on Chattanooga State equipment. This includes such software as Peer-to-Peer (P2P), Bit Torrent and other software that falls into this category. This is to ensure copyright laws are not violated, to protect the Chattanooga State network from an overload situation and to prevent a conduit for viruses. For business needs that require this type of software/applications, please submit an online service request to Technology Service Desk containing the business justification. If you are unsure that the software/application falls into one of these situations, please contact Technical Services Desk.
- Infringe on a copyright. If copyright infringement complaint is received, the individual should notify Chattanooga State Internal Auditor. The complaint will be logged, if necessary, and sent to TBR General Counsel and TBR area representative for action. The TBR Chief Information Officer or his/her designee will be promptly informed of as appropriate for complaints received.
- Send or attempt to send unsolicited junk mail or chain letters.
- Contain illegal or potentially damaging software on a client machine. The Technology Division reserves the right to disconnect client machines where such software is found to exist. A client machine may also be disconnected if the client’s activity adversely affects the network’s performance or is considered a security risk to protected data or the College. Review the Digital Millennium Copyright Act of 1998, Tennessee Code Annotated §49-7-1(c) and TBR Guideline G-054 for specific instructions.
C. Users shall not intentionally, recklessly, or negligently misuse, modify, damage or vandalize Chattanooga State information technology resources or engage in unlawful uses of the information technology system resources of College. Unlawful activities are in violation of this guideline and may also subject persons engaging in these activities to civil and/or criminal penalties.
D. The distribution and display of obscene materials is prohibited by the laws of the State of Tennessee (see Tenn. Code § 39-17-902). Obscene materials are defined under Tennessee law (see T.C.A.39-17-901(10). Gambling, including that performed with the aid of the Internet, is prohibited under Tennessee state law (see Tenn. Code Ann. § 39-17-502).
E. Marketing must be contacted for any requests concerning WWW pages and/or use of Chattanooga State logos. For further guidance, review Chattanooga State policies and TBR G-054 IT Responsible Use.
F. In accordance with State of Tennessee and TBR 1:08:00:00 all access to the College’s computer systems must be approved. Access to departmental computer systems must be approved by the dean/supervisor or their designated representative(s) and be based on policy of least privilege. Approval requirement may vary depending upon the system. Minimum annual reviews of special Internet Native Banner granted accesses are required.
G. The College recognizes the importance of preserving the privacy of users and data stored in information technology systems and resources. Users must honor this principle by neither seeking to obtain unauthorized access to information technology systems and resources nor continued use of an account after the student enrollment or faculty/staff employment ends.
H. To protect network systems and sensitive data accessed through network systems, only college-owned or college-approved equipment may be attached to the College computer network via hardwire connections. All laptops or mobile devices are to connect only through the campus wireless network and not through hardwire connections. All vendor default settings must be checked and removed as necessary, before anything is connected to the network.
I. Security is everyone’s job at Chattanooga State and users are responsible for maintaining the security of their own information technology systems and resources accounts and passwords. Security Policies are located on the Technology Division Web Page and on Tiger Web. The following basic security rules are not meant to be all inclusive of the necessary security vigilance that is required in today’s technology environment.
1. In accordance with State requirements, all systems and devices owned and operated by or on behalf of Chattanooga State must display the approved security logon banner before the user logs in. Allowing friends, family, co-workers and/or vendors to use personal accounts, either locally or through the Internet, is a serious violation of these guidelines. This includes Chattanooga State provided technology systems (laptops, desktops, etc.,) used for telecommuting. Passwords are the most basic security protection. For more information, please review Chattanooga State Technology Policy 08:13 Password Security.
2. All accounts used by vendors for remote maintenance will be handled through the Technology Division service request system for both enabling and disabling these accounts. Accounts will only be enabled during the time needed and only for what access is needed to perform the work.
3. Users will not attempt to circumvent security. No local accounts or accounts with system level administrator privileges will be used without the Technology Division’s approval. No one has the authority to remove Chattanooga State installed anti-virus or other security related software/hardware. No software installed on Chattanooga State systems (desktop, etc.) may be removed without the Technology Division’s approval. Do not use knowledge of loopholes in computer system security or unauthorized knowledge of a password to damage any computing systems, to obtain extra computing resources, to take resources from another user or to gain access to unauthorized systems, either on or off campus. Users shall respect the privacy of other users, and specifically shall not read, delete, copy or modify another user’s data, information, files, email or programs without the other user’s permission.
4. All institutional data is considered a vital asset and is owned by the College. All data required by law to be protected from nondisclosure, unauthorized use, modification, or destruction under Family Educational Rights and Privacy Act, designation of Personally Identifiable Information, Red Flag or Payment Card Information designations shall be protected from unauthorized use, modification or destruction. Only when it is absolutely necessary to perform specific job related duties shall computing platforms, mobile or stationary, store FERPA, PII or PCI assets. In all cases, these types of assets must have approval from the asset custodian for access and should be encrypted while stored on mobile and stationary computing platforms/devices, where feasible. Never leave this type of information lying around while you are out of your office. Lock your office door whenever you leave to ensure data is protected. A clean desk policy is in effect, requiring all confidential data (including FERPA and PCI) to be removed from your desk and stored appropriately before leaving for the day.
5. Users of mobile computing platforms, including but not limited to laptops, any handheld devices (including mobile phones and tablets), and portable storage media, shall take every precaution to protect such platforms from theft or loss of data by any means. If a personal device is lost or stolen, Technical Services is authorized to wipe the device to ensure protection of data. See Chattanooga State Technology Division Policy 08:15 Security Incidence Report and 08:16 Data Security for more detailed information.
6. With Banner ‘A’ numbers and/or Tiger IDs being used as personal identifiers, computing platforms should not contain social security numbers. If an application requires the use of social security numbers, it must be identified in the risk assessment process and appropriate controls put in place. Losses of institutional assets or other Technology resources, no matter the format the data resides in, must be reported immediately in accordance with the College’s Technology Services Security Incident Response policy. For specific guidance for use of SSNs, review TBR G-053 Personally Identifiable Information policy. Data custodians are responsible for oversight of PII in their respective area of institutional operations.
J. Users shall at all times endeavor to use Chattanooga State technology resources in an efficient and productive manner, and shall specifically avoid game playing, or attempting to crash or tie-up computer resources. Any intentional misbehavior with respect to the electronic environment of the College or members of the College community, i.e., purposely destroying data on workstations or loading unauthorized software, installing unapproved software, etc., will be regarded as unethical and may lead to disciplinary action in accordance with College policy as outlined in the student and employee handbooks.
K. Electronic records needed to support College functions must be retained, managed, and made accessible in record keeping or filing systems in accordance with established records disposition authorization. Each employee, with the assistance of his or her supervisor as needed, is responsible for ascertaining the disposition requirements for those electronic records in his or her custody. Electronic mail is stored in the cloud and is managed by individual users. The Technology Division system administrator is not responsible for meeting the record retention requirements and the Technology Division reserves the right to purge electronic records, including email messages. To ensure that all record retention requirements are met, individuals should review TBR Guideline G-070, Disposal of Records and ChSCC Business and Finance Policy 04:11:00 Disposal of Records.
References:
- Digital Millennium Copyright Act, 2001
- Family Educational Rights and Privacy Act (FERPA), 12/2/2011
- Payment Card Industry (PCI) Compliance, 04/01/2016
- State of Tennessee Department of Finance and Administration Office/Office for Information Resources 12/15/2016
- Tennessee Code Ann. 39-17-902, 2015
- Tennessee Code Annotated §49-7-1(c) Tennessee Code Annotated, Title 10, Chapter 7, 506, 2014
- Tennessee Board of Regents (TBR) Information Technology Policy 1:08:00:00, 9/26/2014
- essee Board of Regents (TBR) Policy 4:01:05:60, Identity Theft Prevention, 6/19/2009
- Tennessee Board of Regents (TBR) Guideline -051 Password Management, 9/26/2014
- ssee Board of Regents (TBR) Guideline- 052, Access Control, 9/26/2014
- Tennessee Board of Regents (TBR) Guideline -053, Personal Identifiable Information, 9/26/2014
- Tennessee Board of Regents (TBR) Guideline -054, IT Acceptable Use, 2/21/2017
- Tennessee Board of Regents (TBR) Guideline -070, Records Retention and Disposal of Records, 2/21/2017
- Tennessee Board of Regents (TBR) Guideline - 075, Litigation Hold Notice, 11/6/2007
- Chattanooga State Community College Chattanooga State 04:11:00 Disposal of Records,
- Chattanooga State Community College Chattanooga State 08-15, Security Incidence Report, 9/30/2018
- Chattanooga State Community College Chattanooga State 08-17 Computer Access, 9/30/2018
- Chattanooga State Community College Chattanooga State 08-18 Network Access, 9/30/2018
Submitted to Policy Review Committee on February 28, 2021
Submitted to Policy Review Board on March 22, 2021
Approved by Policy Review Board on April 21, 2021
Previous Versions:
Submitted to Policy Review Committee on October 24, 2018
Submitted to Policy Review Board on November 30, 2018
Approved by Policy Review Board on December 6, 2018
|