1.0 Overview
It is the policy of The College of Saint Rose (the “College”) to maintain access for its community to local, national and international sources of information and to provide an atmosphere that encourages the free exchange of ideas and sharing of information. Access to this environment and the College’s information technology resources is a privilege and must be treated according to the highest ethical standards.

2.0 Purpose
The College expects all members of the community to use computing and information technology resources in a responsible manner and to respect the public trust through which these resources have been provided, the rights and privacy of others, the integrity of facilities and controls, all pertinent laws and College policies and standards.

This policy outlines the standards for acceptable use of technology resources, which include, but are not limited to, equipment, software, networks and data whether owned, leased, or otherwise provided by the College.

3.0 Scope
This policy applies to all users of the College’s technology resources including faculty, staff, students, and guest users.

4.0 Policy

4.1 General 
Preserving the access to information resources is a community effort that requires each member to act responsibly and guard against abuses. Therefore, both the community as a whole and each individual user have an obligation to abide by the following standards of acceptable and ethical computer use:

  • Use only those computing and information technology resources for which the user have authorization
  • Use computing and information technology resources only for its intended purpose
  • Protect the access and integrity of computing and information technology resources
  • Abide by applicable laws and College policies and respect the copyrights and intellectual property rights of others, including the legal use of copyrighted software
  • Respect the privacy and personal rights of others

Failure to comply with this agreement/policy will be addressed through the College’s Corrective Action process as noted in the College’s employee handbooks. If warranted, an employee’s failure to comply will result in disciplinary action up to and including termination of employment. Failure to comply may also be a violation of civil/criminal law and may cause the employee to be subject to applicable penalties.

The College reserves the right to limit or restrict the use of its computing and information technology resources based on institutional priorities and financial considerations, as well as when it is presented with evidence of a violation of College policies, contractual agreements, or applicable state and federal laws. Although all members of the College have an expectation of privacy, if a user is suspected of violating this policy, an individual’s right to privacy may be superseded by the College’s requirement to protect the integrity of information technology resources, the rights of all users and the property of the College. The College, thus, reserves the right to examine material stored on or transmitted through its network and telecommunications systems if there is reasonable cause to believe that the standards for acceptable and ethical computer use are being violated by a member of the College community. A reasonable attempt will be made to notify end users if a violation of these or other College policies is known or suspected before any specific action is taken.

4.2 Guidelines
Guidelines for Interpretation and Administration of the Acceptable Use Policy for Computing and Information Technology Resources:

These guidelines are intended to assist the College community in the interpretation and administration of the Acceptable Use Policy for Technology Resources. The guidelines outline the responsibilities each member of the College accepts when using computing and information technology resources. This is put forth as a minimum set of standards for all areas of the College and may be supplemented with unit specific guidelines. However, such additional guidelines must at a minimum comply with this policy and cannot supersede this document.

User Responsibilities:

Use of computing and information technology resources is granted based on acceptance of the following specific responsibilities:

Use only those computing and information technology resources for which the user has authorization.

For example, it is a violation to:

  • use resources the user has not been specifically authorized to use
  • use someone else’s account and password or share the user account and password with someone else to access files, data or processes without authorization
  • purposely look for or exploit security flaws to gain system or data access

Use computing and information technology resources only for their intended purposes.

For example: it is a violation to:

  • use electronic resources for harassment or to stalk other individuals
  • send bomb threats or “hoax messages” to send chain letters
  • intercept or monitor any network communications not intended for the user
  • use computing or network resources for consulting, advertising or other commercial purposes
  • attempt to circumvent security mechanisms
  • use privileged access for other than official duties
  • use former privileges after graduation, transfer or termination
  • use any or all parts of the College’s technology resource in violation of the laws of the United States of America, the State of New York or of any other local law or ordinance

Protect the access and integrity of computing and information technology resources.

For example: it is a violation to:

  • release a virus or worm that damages or harms a system or network
  • prevent others from accessing an authorized service
  • send email bombs that may cause problems and disrupt service for other users
  • attempt to deliberately degrade performance or deny service
  • corrupt or misuse information to alter or destroy information without authorization

Abide by applicable laws and university policies and respect the copyrights and intellectual property rights of others, including the legal use of copyrighted software.

For example: it is a violation to:

  • make more copies of licensed software than the license allows
  • download, use or distribute pirated software
  • operate or participate in pyramid schemes
  • distribute pornography to minors
  • upload, download, distribute or possess child pornography

Respect the privacy and personal rights of others.

For example: it is a violation to:

  • tap a phone line or monitor network activity without authorization
  • access or attempt to access another individual’s password or data without explicit authorization
  • access or copy another user’s electronic mail, data, programs, or other files without permission

System Administrator Responsibilities:

System Administrators and providers of technology resources have the additional responsibility of ensuring the integrity, confidentiality, and availability of managed resources. Persons in these positions are granted significant trust to use their privileges appropriately for their intended purpose and only when required to maintain the system. Any private information seen in carrying out these duties must be treated in the strictest confidence, unless it relates to a violation or the security of the system.

Security Caveat:

Be aware that although technology providers throughout the College are charged with preserving the integrity and security of resources, security sometimes can be breached through actions beyond their control. Users are therefore urged to take appropriate precautions such as safeguarding their account and password, taking full advantage of file security mechanisms, backing up critical data and promptly reporting any misuse or violations of the policy.

Commercial Use:

Commercial use is covered in both the policy and guidelines document. It is being mentioned here simply because commercial use is one of the most common violations of acceptable use. Here are some of the most common examples considered commercial use:

  • Using a College system to host a web page for any business, including the users private consulting practice, unless given permission to do so
  • Referring people to a College email address for commercial use (e.g. in print ads or public / private commercial web pages)
  • Email to large numbers of users

Currently, the e-mail systems are not configured to handle bulk e-mail. Sending e-mail to large numbers of users can cause significant problems for the system. Bulk e-mail (except to people who have requested it) is also considered a violation of good network citizenship. Therefore, it is considered a violation of acceptable use to send substantially the same e-mail message to more than 50 users. Exceptions are:

  • When the use has been approved by the system administrator
  • When the mail uses majordomo, listserv, or another facility that has been specifically engineered to handle mailing lists without causing problems for the receiving system. In almost all cases these systems will also allow users to join and leave lists themselves

Even for e-mail to fewer than 50 users, users must abide by other restrictions. This includes the restriction against commercial use, and the general requirement that all activities must abide by the law. There are laws against unsolicited commercial email.

Cooperation with System Administrators:

From time to time activities may interfere with or threaten the operation of the system, even though the activity may not clearly be prohibited by the Acceptable Use Policy for Technology Resources. In such cases, the system administrator or other College staff person may contact the user to request a stop to the activity. Users are expected to comply with such instructions. Once a user has received such a warning, any further activity of the same kind will be treated as a violation of the Acceptable Use Policy for Technology Resources. There may be times when activity may threaten the overall integrity, security and operation of information technology at the College. In this scenario, a system administrator may terminate access or otherwise block the activity to prevent the loss of system integrity or operation. If the offending party is located and identified, an attempt will be made to notify the user if deemed appropriate without compromising on going security procedures.

If a user thinks the staff member has acted inappropriately in directing the cessation of an activity, the user may ask either the Executive Director of Information Technology Services or the Director of ITS Infrastructure & Programming to review the decision. However, users will be expected to comply with the ruling of the staff while this review occurs.

How to Report Infractions Involving Technology Systems:

The majority of reports should be made through normal College support channels (i.e., the ITS web site). For more serious incidents, users or individuals may prefer to contact the Executive Director of Information Technology Services or the Director of ITS Infrastructure & Programming. For certain kinds of incidents, special reporting channels are appropriate. However if users have trouble determining what approach to use, it is always appropriate to consult ITS information channels, the Executive Director of Information Technology Services, the Director of ITS Infrastructure & Programming or the Director of Safety and Security.

The College of Saint Rose File Sharing Supplement to the Acceptable Use and Copyright Policies:

The following information pertains to students, faculty, administrators, staff, guests of the College, and all users of College resources.

Illegal music and movie file sharing and related copyright violations will not be tolerated at the College. If the College receives a reputable claim of copyright infringement, it will initiate an immediate investigation. If there is evidence that copyright infringement has occurred, access to network services will be terminated until the suspected violator meets with a College official to discuss the matter. If after an individual’s computer or other device is examined by College officials and the individual agrees to abide by all laws and College policies related to copyright, network access will be restored. Repeat violations will be referred to the appropriate College judicial system or corrective action process. Violators may also be subject to civil and criminal fines and possible jail sentences.

Failure to comply with this agreement/policy will be addressed through the College’s Corrective Action process as noted in the College’s employee handbooks. If warranted, an employee’s failure to comply will result in disciplinary action up to and including termination of employment. Failure to comply may also be a violation of civil/criminal law and may cause the employee to be subject to applicable penalties.
The College is not liable for violations of its Acceptable Use Policy for Technology Resources and Copyright Policy by students, faculty, administrators, staff, guests, and all users of College equipment.

The College respects copyright and will cooperate with any lawful investigations related to possible copyright infringement. Today’s technology allows for very easy tracking of music and movie file sharing over the College’s network. Copyright owners are able to detect the sharing of files on our network, including the date, time, file name and network port of the violation, and report this information to the College’s administration demanding immediate action. The College has implemented its own system to detect and deter the illegal sharing of music and movie files.

5.0 Enforcement
Failure of employees to comply with this agreement/policy will be addressed through the College’s Corrective Action process as noted in the College’s employee handbooks. If warranted, an employee’s failure to comply will result in disciplinary action up to and including termination of employment. Failure to comply may also be a violation of civil/criminal law and may cause the employee to be subject to applicable penalties.

Failure of students to comply with this agreement/policy will be addressed through the College’s Judicial System as noted in the College’s Student Handbook. If warranted, a student’s failure to comply will result in termination of access to College technology resources. Failure to comply may also be a violation of civil/criminal law and may cause the violator to be subject to applicable penalties.