Appendix B: Saint Mary’s College of California Technology Use Policy

Authority: Chief Technology Officer
(Rev Spring 2014)

1.0 Introduction

Saint Mary's College of California ("Saint Mary's") is a non-profit public benefit corporation dedicated to offering a Catholic, Lasallian, Liberal Arts education. To support the College's mission, Saint Mary's has developed a campus-wide computing system to provide to its members an electronic link to College digital resources and to the Internet.

This Policy presents guidelines for acceptable use of Saint Mary's Information Technology resources. It serves as a reference for all persons using Saint Mary's Information Technology resources or having a Saint Mary's E-mail Account. The Saint Mary's community is encouraged to make innovative and effective use of the College’s Information Technology resources within the requirements of this Policy, which provides standards for the quality and content of information while also requiring compliance with laws and with other Saint Mary's policies governing students, faculty, and staff.

This Policy is subject to amendment or revision as appropriate by approval of the Technology Planning and Policy Committee (TPPC).

2.0 Definitions

All defined terms shall appear in Title Case and Bold Font throughout this Policy.

Account: Special access to Saint Mary's Information Technology resources with unique User identification provided by Saint Mary's College. This includes, but is not limited to, having a Saint Mary's E-mail Account, having access to networks operated or maintained by Saint Mary's, and/or having access to the Internet through Saint Mary's Information Technology resources. Only Users, as defined in this Policy, may have an Account.

Information Technology resources: any computer and network hardware, including but not limited to wiring and cabling, and/or software owned or licensed by Saint Mary's, any Saint Mary's computing systems, or any service provided by Saint Mary's for access to the Internet. Also referred to as Saint Mary's Information Technology resources.

Electronic Information: any information or data (e.g. - E-mail, word processing files, data entered on online forms, web pages, etc.) placed on Saint Mary's Information Technology resources, whether through a Saint Mary's Information Technology resource or through an individual's own computer, or other personal electronic data storage device.

IT Services (ITS): The department at Saint Mary's primarily responsible for maintaining all Information Technology resources.

Policy: This Technology Use Policy.

Third Party User(s): Persons having access to Saint Mary's Information Technology resources who do not fall within the definition of User(s) and who therefore do not have an Account (e.g.- members of the public using Information Technology resources in the library and other Campus visitors). Such persons are required to agree to, and abide by, the terms of this Policy when using Information Technology resources.

User(s): Current (currently registered or currently employed) Saint Mary's students, faculty, Staff and other employees, including third party contractors, who have full time presence on campus and who need access for their official duties (e.g., Good Eats, Barnes and Noble etc.), Trustees, Regents and other members of official boards and committees as designated by the President, as well as Christian Brothers residing at or visiting Saint Mary's and needing access to Saint Mary's Information Technology resources.

3.0 Using Information Technology Resources

3.1 General

The use of Information Technology resources shall be consistent with the mission of the College, College policy and must not violate Federal, State or local laws or regulations. If a User has questions regarding the acceptability or appropriateness of a particular behavior while using Saint Mary's Information Technology resources, he or she should contact the appropriate College official. For example, an issue regarding one student allegedly harassing another via an Information Technology resource should be addressed to the Dean of Students, rather than IT Services. Additionally, IT Services staff can help Users address technical and non-substantive legal issues. If Users have questions regarding copyright and trademark issues, fair use, or other legal matters; please refer to Saint Mary's General Counsel web pages or contact Saint Mary's College Office of General Counsel.

3.2 Access

Information Technology resources are available to Users on campus as well as remotely through the internet, twenty-four hours a day, seven days per week. Technical support is limited to academic business hours, and Saint Mary's may on occasion temporarily interrupt access of Users to conduct ordinary as well as extraordinary business and maintenance.

3.2.1 Faculty and Staff

Use of Information Technology resources is limited to that which is necessary as part of a User's duties and responsibilities in User's employment. Incidental or minimal personal use during a User's working hours where such use does not interfere with a User's performance, or does not violate any applicable Policy, rule, or law, may be permitted. Specific questions regarding personal use of Information Technology resources during a User's working hours should be directed to the User's supervisor, Dean, department head, or vice president, as appropriate. Monitoring and control of personal use of Information Technology resources during a User's workday is at the discretion of the person under whose direction the User works. A User's performance appraisal may take into account personal use and a supervisor may limit personal use as a condition of employment where appropriate.

Use of Information Technology resources on User's own time is permitted to the extent that Information Technology resources are available. Users needing to use Information Technology resources for official Saint Mary's business, whether administrative or academic, shall always have precedence over any User using Information Technology resources for personal matters. Therefore, Users engaged in personal activities may be asked to discontinue such use to free Information Technology resources for Users needing to access Information Technology resources for non-personal matters.

E-mail may be used for incidental personal purposes provided that, in addition to the foregoing constraints and conditions, such use does not: (1) directly or indirectly interfere with Saint Mary's operation of Information Technology resources; (2) burden Saint Mary's with noticeable incremental cost; or (3) interfere with the User's employment or other obligations to Saint Mary's. Mobile Computing and Telecommunications Equipment

Mobile computing and telecommunications equipment belonging to the College, such as laptop computers, tablets or cell phones, may be issued to Faculty and Staff Users as needed for the requirements of the official academic or administrative tasks they perform. The equipment shall remain in the possession of the User until the end of the term specified in the Mobile Computing or Telecommunications lending agreements, which must be signed by the User. Saint Mary's reserves the right to recall the equipment for inventory, upgrades, repair/replacement or for any other reason, and the User will return the equipment in a timely fashion if recalled. Efforts will be made to minimize the inconvenience of a recall to the User. This equipment shall not be repaired or altered in any way except by IT Services or Telephone Services personnel. The User shall notify the ITS Service Desk promptly when either of these tasks is needed. The User must report any damage or loss of the equipment to IT Services or Telephone Services immediately. Stolen equipment must also be immediately reported to Public Safety and an Incident Report filed. Damage or loss caused by neglect or carelessness may cause all or a part of the repair or replacement costs to be charged to the User. Saint Mary's may consider a failure by the User to report loss or damage in a timely fashion as evidence of the User's responsibility for such loss or damage.

Mobile computing and telecommunications equipment belonging to Saint Mary's should be used primarily for college-related work. Excessive use for non-College related activities is not appropriate, and, in the case of mobile telephone equipment, the User may be charged for excessive personal calling if so deemed by the User's supervisor. Mobile computing equipment must be used in compliance with all applicable copyright laws. This means that only properly licensed software may be installed on the equipment. The User will ensure that any licensed software installed on College-owned mobile computing equipment which is not covered by licenses owned by Saint Mary's, or are open-sourced (free, without restriction), have licenses that permit the installation and use of the software on college-owned equipment. The User will also maintain records of the licenses and purchase information of any such software so that it can be produced if required during a copyright audit. Please refer any questions on this requirement to the IT Services Deputy CTO by calling the ITS Service Desk.

Failure by the User to abide this policy may result in the loss of all User privileges of mobile equipment owned by Saint Mary's.  Guidelines for Protection of Sensitive and Legally Protected Data on Mobile Computing Equipment:
  • Legally protected and sensitive data may not be stored on a laptop hard drive or portable digital media in unencrypted form
  • Legally protected and sensitive data must be stored on College file servers, and laptop Users should download such data to their computers only on an as needed basis, and remove it from the computer when it is no longer needed
  • Portable media containing legally protected or sensitive data should be stored separately from the laptop, if possible.
  • Legally protected and sensitive data must not be stored on personal computers not owned and maintained by the College.
  • Users must report the loss or theft of a laptop, tablets, portable digital media or any other device containing legally protected and sensitive information immediately to the Informatioin Security Officer (ISO), Public Safety and to their supervisors or department chairs.
  • Laptops, tablets and other portable computing devices must have current and active anti-virus and anti-spyware programs running at all times.

(Adopted 09-07-06 TAC) Management of Information Technology resources

All Saint Mary’s owned computing equipment is managed by IT Services. Management includes the installation and maintenance of all application and operating system software. This may include the installation of various software clients that aid in managing Saint Mary’s owned computing equipment. No employee is permitted to evade or compromise this management or the capability of management, including the changing of administrative passwords or rights, nor does the granting of administrative rights on any Saint Mary’s owned computer to a faculty or staff member confer the right to remove or alter any method of remote or local management by IT Services.

(adopted 03-08-07 TAC) Attachment and Use of personally-owned computing equipment on the Saint Mary’s Network by Faculty, Staff, Authorized Third-Party Users and Guests

All provisions of Section 6.0 (Residential and Wireless Networks – see below) also apply to the use of personally-owned computing equipment attached to any portion of the Saint Mary’s Network by Faculty and Staff members, by authorized Third-party Users, or by guests and visitors to the College. In all cases where licensing agreements prohibit it, Saint Mary’s cannot provide or install software licensed to the College on any non-Saint Mary’s owned computing equipment.

(adopted 03-08-07 TAC)

3.2.2 Students

Saint Mary's recognizes that access to, and use of, Information Technology resources contributes to an individual's personal and intellectual development. Therefore, student Users may use Information Technology resources for both academic and personal use. However, in an effort to allocate Information Technology resources fairly, Users engaged in personal activities that place an undue burden on Information Technology resources may be asked to discontinue such use.

3.3 Account

Generally, Users are issued an Account or Accounts at the beginning of his or her relationship with Saint Mary's to gain access to appropriate Information Technology resources. However, if an individual qualifies for an Account but does not have an Account, one may obtained by contacting the ITS Service Desk.

3.3.1 Passwords

The issuance of a user’s password or other means of access to College systems is intended to ensure the appropriate security of College data and information in the systems.  It does not guarantee complete privacy for users’ personal information or sanction improper use of College equipment, facilities or data. 

Saint Mary’s may, and from time to time, shall monitor any and all aspects of College systems, including but not limited to logon sessions, E-mail use, Internet use, Intranet use, and other uses of Saint Mary’s Information Technology resources to determine if a user is acting in violation of Saint Mary’s policies or rules.

In order to protect the security of the College’s systems and data, users are required to use strong passwords, and to change them at appropriate intervals.  Strong passwords are those which are at least eight characters long, containing both alphanumeric characters and non-alphanumeric characters (e.g. #, %, ^, &, etc.)

Password change is currently required of all Users every 180 days for all systems.

This password policy may be enforced by automated systems that will not allow users to log in without changing their passwords if they have not done so within the stated time intervals.

Approved by TAC Jan 15, 2009

3.4 Adding Computing Systems and Applications

The College seeks to provide necessary resources to meet needs. However, employees and departments seeking to add their own administrative or academic computing systems or applications to Saint Mary's Information Technology resources must obtain the approval of their supervisor (i.e., manager, department chair, or Dean), open a Service Request with IT Services and then meet with IT Services in order to determine whether Information Technology resources exist to meet the need, and that such hardware or applications are technically appropriate and secure, before any such added computer systems or applications are purchased and/or installed. Such requests may be classified a Project and referred to the TPPC for approval if that is appropriate or required by College policy. Depending upon the cost, scope and degree of wider use by the College community of the proposed additions, funding for such additions may have to be made available from sources outside of the IT Services operating budget, and it is the responsibility of the employee or department requesting such additions to identify the funding source during Project planning with IT Services.

3.4.1 Hardware and Software

IT Services requests that Users refrain from installing/attaching unauthorized (see 3.4 above) hardware and/or software to Information Technology resources. Upon the discovery of unauthorized hardware and/or software, it may be immediately removed from Saint Mary's Information Technology resources by IT Services. Saint Mary's is not responsible for any lost data due to such removal.

3.5 Archiving and Retention

Users' Electronic Information is copied in the normal course of business when Electronic Information is archived. Users of Information Technology resources should be aware that despite the sender and recipient having both discarded their copies of an electronic record, there may be retrievable back-up copies. Systems may be "backed-up" on a routine or occasional basis to protect system reliability and integrity, and to prevent potential loss of data. The back-up process results in the copying of data onto storage media that may be retained for periods of time and in locations unknown to the originator or recipient of Electronic Information. The practice and frequency of back-ups and the retention of back-up copies of Electronic Information vary from system to system.

Users should be aware that, during the performance of their duties, IT Services's staff and other personnel need from time to time to observe certain transactional addressing information to ensure proper functioning of Saint Mary's Information Technology resources, and on these and other occasions may see the contents of Electronic Information.

3.5.1 Back-up of College documents and data

In order for the College to properly protect College business documents and data that reside on the computing devices of employees of the College, employees must store or backup any such business documents and data files in their Saint Mary’s Google Drive. This method should be used for the proper and secure retention of electronic business documents and data.

3.6 Maintenance

Any publically posted Electronic Information that contains incorrect or out-date information may be removed until corrected. IT Services will attempt to provide reasonable notice of the removal of Electronic Information, but reserves the right to act without notice if the situation warrants.

4.0 Web Pages and Blogs

4.1 Introduction and Universal Policy: Applicable to all Web and Blog Pages

Saint Mary's College recognizes the educational value of the exchange of Electronic Information. Saint Mary's web pages and blogs provide the College with the opportunity to share itself, its mission, and its culture over the Internet. Therefore, it supports students, faculty, staff, and other employees in the electronic publication of information and collaborations.

Information posted or made available on Users' personal web or blog pages must be the original work of Users and must not be the intellectual property or copyrighted work of other persons or entities, unless appropriate permission has been obtained by the User.

Web pages that represent official information about the College are clearly different from those pages that are solely intended for the educational and personal use of Users. The College is sensitive to the desire of Users to express their ideas on User Web or Blog pages. Therefore, the College has set forth the following guidelines.

4.2 Saint Mary's Official Web Pages

4.2.1 Purpose

Official College pages communicate with internal as well as broad external audiences, including prospective students, alumni, constituents and the general public. Therefore, the appropriate supervisor (e.g., manager, department chair, or Dean), in collaboration with the Office of College Communications, shall review and approve the content of all official web pages. (Note: the appropriate supervisor for registered student clubs and organizations is the Director of Student Activities and Leadership Programs.) As well as adhering to this Policy, these pages must conform to aesthetic standards (e.g. - font, symbols, and other user interface elements) as well as style guidelines. These standards can be obtained from the Office of College Communications.

4.2.2 Official Content

The official Saint Mary's web pages are official publications of the College. Official pages include content related to academic programs, administrative and student support offices, programs and services, official College programs and intercollegiate athletic teams and activities.

Original text, photographs and graphics appearing on the official pages of Saint Mary's web site are copyrighted by Saint Mary's and may not be reproduced or altered without written permission from Saint Mary's.

4.2.3 Responsibility

The Office of College Communications provides the overall management of the official web pages, operational practices and policies and for the presentation of a consistent image within the College's publication standards. IT Services is responsible for maintenance and administration of web servers, including contract arrangements for cloud provisioning of these services, if employed.

4.3 Departmental and Student Organization Web Pages

Official Departmental and Student Organization web pages provide individual groups within the College an opportunity to share specialized interests and information over Saint Mary's Information Technology resources generally as well as over the Internet. Departments and Student Organization pages that bear official ties to the College must therefore conform to the requirements found in the section (above) pertaining to official web pages. Included in Departmental pages are any pages developed by faculty and staff to support the mission and business of the College.

Each Department or Student Organization with web pages has the responsibility to maintain its own pages by at least an annual review. Each department and Student Organization is responsible for the editorial content of these pages. IT Services provides support to Departments and Student Organizations in the maintenance of their web pages.

4.3.1 Domain Names

All domain names used in support of official College departments, programs or activities must be registered by the College, with the College as the official owner of the name and with IT Services as the Administrative Contact.  Such domain names should also be registered with the College's DNS servers as the authoritative DNS servers.

4.4 Personal Home Pages and Blogs

Personal home pages and blogs provide an individual with an opportunity to share personal interests and information to friends, family, and the world at large via the Internet. Personal pages and blogs concentrate primarily on personal information and non-professional interests of a User. Users are afforded extended creative license in structuring personal pages and blogs. However, Saint Mary's expects Users to maintain basic standards of decency, courtesy, civility, and maturity when creating personal pages and blogs using Saint Mary's Information Technology resources, or when posting personal web pages or Blogs. Any User not wishing to comply with this guideline has the option of using a personal Google account or finding an independent Internet service provider to host that User's personal home pages, at the User's own expense.

For system administration and general disclosure purposes, each personal web page should contain contact information for the person responsible for maintenance of the web page. Each page should also contain the date on which it was last updated. This information may be provided as text in the document or as a link. This encourages the page manager to keep it current, thus protecting the viewer from unknowingly reading outdated information.

Saint Mary's accepts no responsibility for the content of personal home pages or blogs. Saint Mary's College does not pre-approve, monitor, or exert editorial control over personal pages or blogs. Nonetheless, personal web sites and blogs must conform to all terms and conditions of this Policy.

Personal pages and blogs should not carry any Saint Mary's logo, the name, or any abbreviation of, Saint Mary's College of California in such a manner as to suggest that the page or blog is affiliated with Saint Mary's in any way. This does not include a factual statement regarding Saint Mary's being the User's place of employ or place of study.

The personal home pages or blogs of Saint Mary’s College students, staff and faculty do not in any way constitute official college content. The views and opinions expressed in the personal pages or blogs are strictly those of the page authors, and comments on the contents of those pages or blogs should be directed to the page or blog authors.

If activities or content is discovered that may constitute a violation of this Policy or is suspected of violating any law, Saint Mary's shall investigate the situation according to the applicable procedure.

SMC Google Sites are provided for personal web space, and SMC Google Blogger is provided for personal blogs. Both are available to a User through their Saint Mary’s GaelMail account.

5.0 Electronic Mail (E-Mail)

5.1 General Information: Security and Privacy

The nature of E-mail makes it less private than Users may anticipate. For example, E-mail intended for one person sometimes may be widely distributed because of the ease with which recipients can forward it to others. A reply to an electronic mail message posted on an electronic bulletin board or "listserver" intended only for the originator of the message may be distributed to all subscribers to the listserve. Furthermore, even after a user deletes an E-mail record from a computer or an Account, it may persist on backup facilities. Saint Mary's cannot protect Users against such eventualities.

Saint Mary's is not the arbiter of the contents of E-mail. Saint Mary's is not technologically capable of protecting Users from receiving E-mail that the Users may find offensive. Members of the Saint Mary's community are strongly encouraged to use the same personal and professional courtesies and considerations in E-mail as they would in other forms of communication, in addition to abiding by the terms of this Policy.

There is no guarantee that E-mail messages sent through Information Technology resources are in fact sent by the purported sender, since it is relatively straightforward, although a violation of this Policy, for senders to disguise their identity. Furthermore, E-mail that is forwarded could be modified by persons other than the original sender.

College E-mail addresses are owned by Saint Mary's. Electronic mail sent to/from a College email address, whether or not created or stored on Saint Mary's Information Technology resources, may constitute a College record subject to disclosure under certain laws.

Electronic Information, including E-mail, is backed up to assure system integrity, availability and reliability, not to provide for future retrieval, although backing up may at times serve the latter purpose incidentally. Under some circumstances, Saint Mary's could be required to disclose to outside parties certain electronic records, including but not limited to E-mail, web pages, or other electronic data archived by Saint Mary's. Saint Mary's may itself access or disclose User Electronic Information to law-enforcement agencies or other entities, consistent with this Policy and all applicable laws, court orders and rules of evidence requiring such disclosure.

5.2 Representations

E-mail Users shall not give the impression that they are representing, giving opinions, or otherwise making statements on behalf of Saint Mary's or any unit of Saint Mary's unless explicitly authorized (explicitly or implicitly) to do so by authorized and appropriate College authorities. Where appropriate, an explicit disclaimer shall be included unless it is clear from the context that the author is not speaking on behalf of Saint Mary's. An appropriate disclaimer is: "These statements are my own, not those of Saint Mary's College of California, its board of Trustees, or its Regents."

5.3 Lists and Aliases

Saint Mary's maintains e-mail lists and aliases to enhance the facilitation of communication among the Saint Mary's community, as well as with parties outside of the College community. Certain lists are for critical communication and are accessible only by members of the President’s Cabinet and certain other emergency managers. Other lists may be created, as necessary, by Users working with their appropriate academic or administrative supervisor and IT Services. Users who participate in e-mail lists are encouraged to exercise good judgment when posting to lists. Users posting to a list are also encouraged to be aware of the intended and expressed purpose of the list, as well as the other members of the list.

6.0 Residential and Wireless Networks

The Residential and Wireless Networks are shared, finite resources installed by the College to promote scholarship and learning for all students. Accidental or intentional disruption of the residential or wireless networks will deprive others of access to this Information Technology resource. Persons attaching computers to the College's residence hall or wireless networks must comply with all other portions of this Policy. Additionally, the residential and wireless networks have the following specific policies:

6.1 Responsibility

Users are responsible for all traffic originating from their machine, regardless of whether or not they generated it on purpose, even if they do not realize that they have violated any specific policies. In most cases, unintentional violations will result in a temporary loss of network access pending the resolution of the problem.

6.2 Identification

All machines connected to the wireless network must be authorized by IT Services before use. This is done by accessing the authentication web page upon opening a web browser and entering the User's Saint Mary’s Network Account username and password. Wireless network access is not allowed without this authorization.

6.3 Network Addresses

Network addresses on the residential or wireless networks are assigned by network DHCP servers. All machines connected to the residential or wireless networks must be configured to use DHCP to obtain their IP network address and configuration settings. Static addresses are not allowed. Any machine found with an address not assigned by the residential or wireless networks’ DHCP server will be disconnected.

Students and employees outside of authorized IT Services personnel may not register a domain name or alias with an outside provider that points to a machine on Saint Mary’s Information Technology resources

6.4 Routers and Servers

No personal routers, servers or wireless access points are permitted to be attached to the SMC residential or wireless networks. Any devices that provide such services will be immediately disconnected from the campus network upon discovery.

Most computer operating systems do not provide routing functionality and are by default safe to attach to the network. Some operating systems, however, do have the ability to provide routing functionality. If a User uses one of these operating systems, the User must make sure that all routing functionality is disabled. These operating systems also frequently provide server functionality by default. Users must make sure that all server services are disabled before attaching such a machine to the residential or wireless networks. Routing and some network services, such as DHCP servers can disrupt the ability of others to use the residential or wireless networks. If routers or servers are found to be operating, they will be immediately disconnected. All types of servers are prohibited, including but not limited to, web servers, FTP servers, IRC/chat servers, streaming audio/video servers, web cameras, DHCP servers, mail servers, anonymous remailers, and proxy and file servers. This includes Windows and MacOS personal file sharing services.

6.5 Network Traffic

Use of any type of "packet sniffing" or other similar program or device by Users is strictly prohibited. Users may run a packet sniffer in non-promiscuous mode (you may sniff your own machine's packets only).

It may not be feasible to provide unlimited connectivity for systems that are not strictly serving the College's missions. Because of this possibility, IT Services may limit network usage of residential systems. This may be implemented through bandwidth caps, restriction or blocking of services, or other means.

6.6 Security

Users are responsible for the security and integrity of their own systems. If a system has been "hacked" or otherwise compromised, IT Services may disconnect it from the network to prevent it from interfering with the proper operation of the network. In such a case, the User is responsible for removing all malware, and .the User must present evidence to IT Services that their equipment is clean before the system can be reconnected  Typical acceptable evidence would be a work order from an established repair facility attesting to the work performed by them to remove the malware, and final test results.

6.6.1 Virus Protection

The residential and wireless networks are shared community resources, which means that a computer "virus," "worm" or similar malware can compromise the functioning of the entire network and can infect other computers. Consequently, all computers attached to the residential or wireless networks are required to have an approved "virus protection" program installed, actively running and currently updated to include the most recent virus protection offered by the manufacturer. Additionally, Users' computers connected to the residential or wireless networks must have installed all the operating system "patches" provided by the operating system's software company to fix potential security risks in the operating system. Computers that use obsolete operating systems that are no longer supported by the manufacturer cannot comply with the above requirement and should not be connected to the Saint Mary's network

6.7 Abuse

Systems found to be running programs that disrupt network services or attack (including Denial of Service attacks) machines on or outside the campus network will be disconnected immediately. Depending upon the situation, disciplinary action may be taken by the College.

6.8 Common Problems: Music files and Software Piracy (warez)

The distribution of copyright protected materials without permission is illegal and is in direct violation of this Policy. Distribution of copyright protected software is similarly prohibited unless the copyright specifically allows redistribution, such as software covered under a "freeware" type license, such as the GNU general public license, or by express permission of the copyright holder.

7.0 Computer Laboratories

The Computer Laboratories maintained by Saint Mary's are resources installed by the College to promote scholarship and learning for all students. Accidental or intentional disruption of Computer Laboratories will deprive others of access to these important Information Technology resources. Any Person using Computer Laboratories must comply with all other portions of this Policy.

Additionally, the following specific policies apply:

7.1 Lab Physical Security

Keys to computer labs are issued for use only by the person to whom they are issued. Keys to computer labs are not to be loaned to anyone. The physical security of computer labs is not to be compromised in any way, including, but not limited to, leaving labs unlocked when not in use, or propping doors open.

7.2 Lab Supervision

Unless otherwise posted, computer laboratories shall not be accessible unless an IT Services authorized lab supervisor (i.e., Student Lab Monitor or Instructor with lab access) is on duty in the laboratory. Users of the computer labs shall obey the instructions of lab supervisors and other College employees. Behavior that is disruptive to other users of the facility is prohibited. Such behavior might include, but is not limited to, eating, drinking, making excessive noise, using aggressive or abusive language, or playing games.

7.3 Lab Software and User Courtesy

Users are responsible for leaving computers and workspace in laboratories clean and ready for the next User. This requires each User to close all open applications, log out of any attached servers, and remove personal items (including portable media and printouts) from the computer and workspace. Use of laboratory computers that are logged in under an Account other than one's own is prohibited.

8.0 Prohibited Activities

Users are subject to all Federal, State and local laws and Saint Mary's rules and College policies applicable to User conduct, including not only those laws and regulations that are specific to computers and networks but also those that may apply generally to personal conduct. Misuse of computing, networking, or information resources will result in disciplinary action, loss of computing privileges, and/or legal action.

8.1 Abuse of Confidentiality

Users who knowingly and without prior authorization disclose confidential matters as defined in the Saint Mary’s of California Institutional Information Security Policy, and/or those who intercept or enter into other College or User communications, whether or not these relate to confidential matters, will be subject to appropriate discipline by the College unless 1) the information was also intended to reach the individual receiving the correspondence, 2) the disclosure is necessary to correct improper message routing or to forward miss-routed communications to their intended recipients, 3) the disclosure is to the recipient's supervisor, or other appropriate authority, and the correspondence reached the recipient because of machine or sender routing error, or 4) the disclosure is to the recipients supervisor, and the correspondence seems to contain evidence of improper use of Information Technology resources, of conduct violating College rule or Policy, or of illegal activity.

8.2 Examples

Examples of misuse and prohibited conduct include, but are not limited to, the activities in the following list. It is against Saint Mary's Policy to engage in any of these actions:

  1. Reproducing, distributing or displaying copyrighted materials without prior permission of the copyright owner. This includes text, images, photographs, music files, sound effects, and other legally protected works.
  2. Using an Account, IP address, computer name or port that you are not authorized/assigned to use.
  3. Sharing a password for your Account.
  4. Deliberately or inadvertently wasting Information Technology resources.
  5. Using Information Technology resources to harass others, or to create, store, or transmit libelous or obscene materials.
  6. Sending chain, spam  or any other junk email, disseminating mass email without the permission of the appropriate College authority, or intentionally creating/distributing email that contains malware or phishing attempts.
  7. Using Saint Mary's Information Technology resources to gain unauthorized access to any computer system. This includes the use of any network monitoring software or any other software that is used to assist in the compromising of a computer system or User Account.
  8. Knowingly performing an act that will interfere with the normal operation of third party computers, peripherals, networks, or any Saint Mary's Information Technology resource.
  9. Knowingly running or installing on any computer system or network, or giving to another person, a program intended to damage or to place files on another Users' Account or system without their knowledge.
  10. Using applications that inhibit or interfere with the use of the network by others, intentionally or not.
  11. Attempting to circumvent data protection schemes or uncover security loopholes.
  12. Violating terms of applicable software licensing agreements or copyright laws.
  13. Masking the identity of an Account or machine, or using a false identity.
  14. Using Saint Mary’s Information Technology resources to post materials on web sites. blogs, social media or electronic bulletin boards that violate existing laws, Saint Mary's codes of conduct, or any other Saint Mary's Policy applicable to the User.
  15. Attempting to monitor or tamper with another person's electronic communications, or reading, copying, changing, or deleting another person's files or software without the explicit permission of the owner.
  16. Using Information Technology resources for personal or political gain, including running a business for profit or non-profit purposes, promoting and selling products and services, commercial advertising, commercial businesses not authorized by Saint Mary's, etc.
  17. Using Information Technology resources for political campaigning.
  18. Student Users may not provide services or Accounts from student User computers to anyone. (e.g. - web servers, FTP servers, file sharing software that functionally turns a personal computer into a server, etc.)
  19. Registering a Saint Mary's IP address with any other domain name (i.e., www. usersname .com).
  20. Capturing passwords or data on the network or Internet not meant for you.
  21. Providing a pass-through site or gateway to other campus hosts.
  22. Modifying or extending Saint Mary's network services and wiring beyond the area of its intended use. This applies to all network wiring, hardware and in-room jacks.
  23. Posting private personal information without permission, including but not limited to grades, medical records, or any other information that is protected by law or by Saint Mary's policies, including all Saint Mary’s College Information Security Policies .
  24. Web pages may not be established on Saint Mary's servers on behalf of non-Saint Mary's organizations, firms, or individuals.

9.0 Enforcement

9.1 Revocation of Privilege and Disciplinary Action

Saint Mary's reserves the right to limit or deny access to its Information Technology resources when any Saint Mary's policies or any applicable Federal, State, or local laws are violated, or when Saint Mary's receives notice or believes that there is a violation by a User. Saint Mary's College will investigate violations of this Policy in the same manner as it investigates violations of other Saint Mary's policies or other disciplinary matters. The particular investigative and disciplinary processes that shall be used will depend upon the status of the User (e.g., student, faculty, staff, or other). A reference to the full description of the applicable process can be found in the appropriate handbook, employment manual, or employment information packet. Third Party Users and other individuals who are subject to this Policy but might not be subject to any other Saint Mary's policy or disciplinary process (e.g., library patrons and Campus visitors), may lose the privilege to use Saint Mary's Information Technology resources for violating this Policy.

9.1.1 Minor Violations

In cases of minor violations, IT Services will attempt to contact the User by E-mail, telephone, or in person to explain the violation and to attempt a simple resolution of the issue. Should IT Services be unable to resolve cooperatively such issues, IT Services may take further action as may be necessary to mitigate any potential impairment of other User's ability to use Saint Mary's Information Technology resources, including the temporary removal of User's access to, or electronic information from, Saint Mary's Information Technology resources.

9.1.2 Major Violations

In cases of major violations, including but not limited to possible violations of law, in addition to invoking any applicable disciplinary process, IT Services will immediately attempt to mitigate any actual or potential impairment of other User's ability to use Saint Mary's Information Technology resources, and to mitigate any actual or potential damages that may occur as a result of the violation of Federal, State, or local law. Mitigation efforts may include, but are not limited to, suspension of a User's access to Saint Mary's Information Technology resources and the removal of a User's web page(s) or other electronic information or data stored on Saint Mary's Information Technology resources. Prior notice of the suspension or take down is not necessary. IT Services will notify the User of the violation and of the mitigation action as soon as is practicable under the circumstances.

9.2 Discovery of Policy Violations Through Routine Maintenance

IT Services staff occasionally, and randomly, examine the routing information of communications and monitor transactions and traffic across Information Technology resources, to evaluate, among other issues, volume of traffic, security breeches and the general use of system resources. Saint Mary's periodically may view the content of material transported across its networks or posted on Information Technology resources as part of its effort to maintain quality service and reliable delivery of electronic information. IT Services has the authority to immediately exclude a User from any Information Technology Resource where IT Services has a reason to believe that a User presently poses or may pose harm to the system or its information and/or data, or where IT Services discovers, inadvertently through its routine maintenance activities, possible violations of law or policy.

9.3 Reporting

If a User suspects that a particular behavior is in violation of this Policy, he or she should contact the ITS Service Desk. Saint Mary's does not expressly monitor the content of User web pages and other electronic information, including but not limited to E-mail, for the purpose of enforcement of this Policy. However, Saint Mary's will take appropriate action should it become aware of any suspected policy violations (See section 9.2 above).

Since it is impossible for Saint Mary's to anticipate and thus give examples of every possible violation of this Policy, other applicable policies, or law, it is incumbent upon each User to consider the consequences of his/her own actions. To the extent that a violation of this Policy is also a violation of any Federal, State, or local law, Saint Mary's shall assist and encourage full enforcement of such laws by the appropriate public entity.

9.4 Violations of Law

In addition to Saint Mary's disciplinary procedures, a User may face other serious consequences imposed by public authorities. Violations of law, if brought to Saint Mary's attention, may result in the temporary or permanent termination of User's access to Information Technology resources, and the User shall be referred to the appropriate party for disciplinary action.

In cases of alleged copyright infringement, Saint Mary's will comply with the Digital Millennium Copyright Act (the "DMCA"). In accordance with the DMCA, at 17 U.S.C. § 512 (a), et seq., upon receipt of proper notification by a copyright owner of an alleged copyright infringement, Saint Mary's will expeditiously take all appropriate and required actions, including but not limited to, the removal or disabling of access to the allegedly infringing material.

Policy last revised Fall 2013