Introduction
This
policy defines the boundaries of acceptable use of Spring Arbor University
(SAU) computing and communication resources, including computers, networks,
electronic mail services, electronic information sources, voice mail, telephone
services, and other communication resources. In addition, this policy reflects
the goal of SAU to foster academic excellence within the context of the SAU
Concept while respecting the principles of freedom of speech and the privacy
rights of SAU students, faculty, employees, and guests.
SAU.s
computing and communication resources are the property of SAU. They are to be
used for the advancement of SAU.s educational, research, service, community
outreach, administrative, and business purposes. Computing and communication
resources are provided for the use of faculty, staff, currently admitted or
enrolled students, and other properly authorized users. When a user.s
affiliation with SAU ends, SAU will terminate access to computing and communications
resources and accounts. SAU may, at its discretion, permit the user to have the
access to accounts and e-mail forwarded or redirected for a limited period of
time.
Users
of SAU.s computing and communications resources are required to comply with this
policy, other applicable SAU and Board of Trustee policies and state and
federal laws. When necessary, enforcement will be consistent with other
applicable Board of Trustee policies and SAU administrative policies and
procedures.
Requirements and Prohibited Uses
Requirements
for the Use of SAU Computing and Communications Resources
1. Users must comply with all
applicable local, state, and federal laws and regulations, and with SAU and
Board of Trustee policies.
2. Users must be truthful and
accurate in personal and computer identification.
3. Users must respect the
rights and privacy of others, including personal property rights.
4. Users must not compromise
the integrity of electronic networks, must avoid restricted areas, and must refrain
from activities that may damage the network, transmitted or stored data.
5. Users must maintain the
security of their personal account and are advised to protect and regularly
change their account passwords. Individuals responsible for system administration
are required to regularly change passwords to protect information and maintain
security.
Prohibited Uses of SAU Computing and Communications Resources
1. Unlawful communications
such as threats of violence, obscenity, and harassing communications, are
prohibited.
2. Use of SAU computer
resources for private business or commercial activities, fund-raising or
advertising on behalf of non-SAU organizations is prohibited.
3. The unauthorized reselling
of SAU computer resources is prohibited.
4. Unauthorized use of
university trademarks or logos and other protected trademarks and logos is prohibited.
5. University may include
links to commercial Web sites to provide information related to the mission or
function of the University or department. Any link that generates, or has the
potential to generate, revenue to the college or department must be approved
through the Office of Business Affairs.
6. Any alteration of
addresses, uniform resource locator (URL), or other action that masks the
arbor.edu or mysau.arbor.edu domains as a host site is prohibited.
7. Unauthorized anonymous and
pseudonymous communications are prohibited. All users are required to cooperate
with appropriate SAU personnel or other authorized personnel when investigating
the source of anonymous messages.
8. Misrepresenting or forging
the identity of the sender or the source of an electronic communication is
prohibited.
9. Unauthorized acquisition
attempts to acquire, and use of passwords of others are prohibited.
10. Unauthorized use and
attempts to use the computer accounts of others are prohibited.
11. Altering the content of a
message originating from another person or computer with intent to deceive is
prohibited.
12. Unauthorized modification of
or deletion of another person.s files, account, or news group postings is
prohibited.
13. Use of SAU computer
resources or electronic information without authorization or beyond one.s level
of authorization is prohibited.
14. Interception or attempted
interception of communications by parties not authorized or intended to receive
them is prohibited.
15. Making SAU computing
resources available to individuals not affiliated with SAU without approval of
an authorized SAU representative at or above the level of dean or director is
prohibited.
16. Intentionally or recklessly
compromising the privacy or security of electronic information is prohibited.
17. Infringing upon the
copyright, trademark, patent, or other intellectual property rights of others
in computer programs or electronic information (including plagiarism and
unauthorized use or reproduction) is prohibited. The unauthorized storing,
copying or use of audio files, images, graphics, computer software, data sets,
bibliographic records and other protected property is prohibited except as
permitted by law.
18. Interference with or
disruption of the computer or network accounts, services, or equipment of
others is prohibited. The intentional propagation of computer .worms. and
.viruses,. the sending of electronic chain mail, denial of service attacks, and
inappropriate .broadcasting. of messages to large numbers of individuals or
hosts are prohibited.
19. Failure to comply with
requests from appropriate SAU officials to discontinue activities that threaten
the operation or integrity of computers, systems or networks, or otherwise
violate this policy is prohibited.
20. Revealing passwords or
otherwise permitting the use by others (by intent or negligence) of personal
accounts for computer and network access without authorization is prohibited.
21. Altering or attempting to
alter files or systems without authorization is prohibited.
22. Unauthorized scanning of
networks for security vulnerabilities is prohibited.
23. Attempting to alter any SAU
computing or networking components (including, but not limited to, bridges,
routers, and hubs) without approval or beyond one.s level of authorization is
prohibited.
24. Wiring, including attempts
to create network connections, or any extension or retransmission of any
computer or network services unless approved by an authorized Technology
Services Network Administrator is prohibited.
25. Negligent or intentional
conduct leading to disruption of electronic networks or information systems is
prohibited.
26. Negligent or intentional
conduct leading to the damage of SAU electronic information,
computing/networking equipment, and resources is prohibited.
Information Posted to SAU Computers or Web Pages
Restriction on Use of SAU Web Pages
SAU
Web pages may be used only for SAU business and only authorized individuals may
modify or post materials to these pages. No other pages may suggest that they
are University Web pages. If confusion is possible, pages should contain a
disclaimer and links to SAU sites.
Responsibilities of Individuals Posting
Materials
By
posting materials and using SAU computing facilities, the user represents that
he or she has created the materials or that he or she has the right to post or
use the materials. The storage, posting, or transmission of materials must not
violate the rights of any third person in the materials, including copyright,
trademark, patent, trade secrets, and any rights of publicity or privacy of any
person. The materials posted must not be defamatory, libelous, slanderous, or
obscene.
Prohibition against Commercial Use
The
site may not be used for unauthorized commercial purposes.
University Control of SAU Web Pages
The
use of the site is at the sole discretion of SAU. SAU does not guarantee that
the user will have continued or uninterrupted access to the site. The site may
be removed or discontinued at any time at the discretion of SAU in accordance
with SAU policy, or as needed to maintain the continued operation or integrity
of SAU facilities.
SAU
makes reasonable efforts to protect the integrity of the network and related
services, but SAU cannot guarantee backup, disaster recovery, or user access to
information posted on personal computers or Web pages.
Access
to services and file storage must be approved for authorized SAU Technology
Services personnel.
Electronic Mail and Electronic Communications
Conditions
for Restriction of Access to Electronic Mail
Access
to SAU e-mail is a privilege that may be wholly or partially restricted without
prior notice and without consent of the user:
1. if required by applicable
law or policy
2. if a reasonable suspicion
exists that there has been or may be a violation of law, regulation, or policy
or
3. if required to protect the
integrity or operation of the e-mail system or computing resources or when the
resources are required for more critical tasks as determined by appropriate
management authority.
Access
to the e-mail system may require approval of the appropriate SAU supervisory or
management authority (e.g., department head, system administrator, etc.).
Conditions for Permitting Inspection,
Monitoring, or Disclosure
SAU
may permit the inspection, monitoring, or disclosure of e-mail, computer files,
and network transmissions when:
1. required or permitted by
law, including public records law, or by subpoena or court order
2. SAU or its designated agent
reasonably believes that a violation of law or policy has occurred
or
3. necessary to monitor and
preserve the functioning and integrity of the e-mail system or related computer
systems or facilities.
All
computer users agree to cooperate and comply with SAU requests for access to
and copies of e-mail messages or data when access or disclosure is authorized
by this policy or required or allowed by law or other applicable policies.
SAU Responsibility to Inform of Unauthorized Access or Disclosure
If
SAU believes unauthorized access to or disclosure of information has occurred
or will occur, SAU will make reasonable efforts to inform the affected computer
account holder, except when notification is impractical or when notification
would be detrimental to an investigation of a violation of law or policy.
Prohibition against Activities Placing Strain on
Facilities
Activities
that may strain the e-mail or network facilities more than can be reasonably
expected are in violation of this policy. These activities include, but are not
limited to: sending chain letters; .spam,. or the widespread dissemination of
unsolicited e-mail; and .letter bombs. to resend the same e-mail repeatedly to
one or more recipients.
Confidentiality
Confidentiality
of e-mail and other network transmissions cannot be assured. Therefore all
users should exercise caution when sending personal, financial, confidential,
or sensitive information by e-mail or over the network.
Privacy and Security
Routine
Logging and Monitoring
Certain
central service and network activities from workstations connected to the
network are routinely logged and monitored. These activities include:
1. use of passwords and
accounts accessed
2. time and duration of
network activity
3. access to Web pages
4. access to network software
5. volume of data storage and
transfers
and
6. server space used for
e-mail.
Detailed Session Logging
In
cases of suspected violations of SAU policies, especially unauthorized access
to computing systems, the System Administrator concerned may authorize detailed
session logging. This may involve a complete keystroke log of an entire
session. In addition, the system administrator of the facility concerned may
authorize limited searching of user files to gather evidence on a suspected
violation.
Responsibility for Data Security
Software
and physical limitations, computer viruses, and third party intrusions can
compromise security of data storage and communications. SAU takes reasonable
precautions to minimize risk. Technology Services is not obligated to maintain
backups of any file for any particular length of time. Users must protect and
back up critical data. Individual users and departments should develop policies
and practices to ensure regular backups of data and implement steps to ensure
that all critical data is compatible with all current generations of computing
equipment, storage media, and media readers.
Restriction of Access to Sensitive Data
All
SAU departments should implement policies to ensure that access to sensitive
data is restricted to those employees who have a need to access the
information. Passwords restricting access to information should be changed on a
regular basis and systems should be developed and implemented to assure
password records are regularly updated by appropriate supervisors.
Right to Examine Computers and Equipment
University-owned
computers and equipment may be examined to detect illegal software and to
evaluate the security of the network.
Violations and Enforcement
Reporting
Violations
Any
actual or suspected violation of the rules listed above should be brought to
the Director of Network Services or System Administrator of the equipment or
facility most directly involved. In the case of a serious violation, a report
may be made to Vice President/CIO of Technology Services.
SAU Response to a Reported Violation
Upon
receiving notice of a violation, SAU may temporarily suspend a user.s
privileges or move or delete the allegedly offending material pending further
proceedings.
A
person accused of a violation will be notified of the charge and have an
opportunity to respond before SAU imposes a permanent sanction. Appropriate
cases will be referred to the SAU Student Development office, employee.s
supervisor or to appropriate law enforcement authorities.
In
addition to sanctions available under applicable law and SAU and Board of
Trustee policies, SAU may impose a temporary or permanent reduction or
elimination of access privileges to computing and communication accounts,
networks, SAU-administered computer labs or rooms, and other services or
facilities.
If
SAU believes it necessary to preserve the integrity of facilities, user
services, or data, it may temporarily suspend any account, whether or not the
account user is suspected of any violation. SAU will provide appropriate notice
to the account user. Servers and computers that threaten the security of
University systems will be removed from the network and allowed to reconnect
only with the approval of Director of Network Services or the Vice President/CIO
of Technology Services.
Applicable Law and Policies
SAU students and
employees are bound by all applicable law and SAU Board of Trustee and
University policies.