POLICY TITLE: Responsible Use of Information Technology
POLICY NUMER: 8.1
POLICY SECTION: Information Technology
EFFECTIVE: January 1, 2002
REVISED: October 1, 2015
The information technology resources of the Community College of Rhode Island (CCRI) are owned and maintained by the College. Use of this technology is a privilege, not a right, and users have certain responsibilities. Use of the College's information technology resources should be in conformity with the mission, goals, and values of the Community College of Rhode Island. Therefore, use of the College's technology should be supportive of its educational and research roles, as well as its values and behavioral standards.
Acceptable use of the College's information technology resources is consistent with the principle of academic freedom. As is the case with the use of all other resources and activities provided or sponsored by the College, use of the College's information technology resources is contingent upon adherence to ethical and legal behavioral expectations and compliance with policies and procedures outlined in the College's Handbooks (Student, Faculty, and Staff). Legitimate use of a computer, computer system or network, does not extend to whatever is technically possible.
Effective security is a community-wide effort involving the support and participation of all CCRI students, employees and affiliates who deal with information and/or information systems. Members of the College community are expected to become familiar with this Responsible Use of Information Technology, to act with careful consideration of its requirements, and to seek assistance whenever necessary. This policy applies anywhere on any campus and to off campus personally owned digital devices that interact with the College information systems, network and other technology resources. College supplied accounts, including but not limited to a user's college logon ID, are the property of the College and may be revoked at any time in response to violation of the Responsible Use of Information Technology. Additionally, violation of this policy can result in further discipline under the appropriate College procedures and/or by civil or criminal prosecution. Questions regarding this policy or the application of this policy to a specific situation should be referred to the Director of Information Technology.
The purpose of this policy is to outline the acceptable use of computer systems, voice, video and data networks, information and data, and other information technology resources at the Community College of Rhode Island. These rules are in place to protect students, faculty, staff and the College. Inappropriate use exposes the College to a number of risks, including but not limited to virus attacks, the compromise of network systems and services, theft of Personally Identifiable Information, and legal liability.
Information technology includes but is not limited to desktop computers, workstations, network servers, mainframe computers, software, digital information and voice, video and data networks, including official College pages on social networking sites.
The activities listed below are prohibited. The list of prohibited activities is not all inclusive; rather, it includes examples of what the College considers to be clearly inappropriate behavior and unacceptable uses of its information technology resources.
Records maintained by the College, including those in computerized form, are vital College assets. Information contained in those records, including but not limited to academic, financial, and personnel records, are considered confidential and private. Every reasonable effort will be made to limit access of such records to authorized individuals only. However, the College may be compelled to release confidential records to comply with legal obligations.
Users of the College's information technology resources who are authorized to access confidential records must respect the privacy rights of others and use such data only for legitimate academic or administrative purposes. Users with access to confidential data must protect the accuracy, integrity, and confidentiality of that data by taking all necessary precautions and following established safeguarding procedures.
The College employs various measures to protect the security of its information technology resources and its users' accounts. Users should be aware, however, that the College cannot guarantee such security and confidentiality. Users should therefore engage in "safe computing" practices by establishing appropriate access restrictions for their accounts, guarding their passwords, and changing them regularly.
Users should be aware that their use of the College's information technology resources is not completely private. While the College does not routinely monitor individual use of its information technology resources, the normal operation and maintenance of the College's information technology resources require the backup and caching of data and communications, the logging of activity, the monitoring of general usage patterns, and other such activities that are necessary for the provision of service.
The College also may specifically monitor the activity and accounts of individual users of the College's information technology resources, including but not limited to, individual login sessions and communications, without notice, when:
Any such monitoring of communications, other than what is made accessible by the user, required by law, or necessary to respond to perceived emergency situations, must be authorized in advance by the appropriate Vice President in consultation with the General Counsel, or their respective designees.
The College, at is discretion, may disclose the results of any such general or specific monitoring, including the contents and records of individual communications, to appropriate College personnel and law enforcement agencies, and may use those results in appropriate College disciplinary proceedings. Communications made by means of College information technology resources are also generally subject to court orders, valid subpoenas, or other legally enforceable discovery requests to the same extent as they would be if the same information was available as a hard copy.
Members of the CCRI community who believe they have witnessed or been a victim of an incident which is in violation of this policy should notify or file a complaint with appropriate college offices as follows. Students should report suspected violations to the Dean of Students. Faculty members should report suspected violations to the Vice President of Academic Affairs. Staff members should report suspected violations to the Director of Information Technology. All listed above may report the problem to the Director of Human Resources. Reports of suspected unauthorized use or misuse of CCRI information technology resources will be investigated pursuant to standard college procedures.
Information technology users who are found in violation of this policy will be subject to CCRI disciplinary processes and procedures including, but not limited to, those outlined in the Student Handbook, the CCRI Employee Handbook, and any applicable bargaining unit contracts. Privileges to use CCRI information technology resources may be revoked. Illegal acts may also subject users to prosecution by local, state, and/or federal authorities.
This policy applies to students, faculty, staff and agents of the Community College of Rhode Island, including all personnel affiliated with third parties, and to all other users of information technology resources at the College.
The examples of unauthorized use of CCRI information technology resources identified above are not meant to be exhaustive. Questions regarding this policy or the application of this policy to a specific situation should be referred to the Director of Information Technology. Whenever you are in doubt regarding an issue of questionable use, it is in your best interest to resolve the issue before pursuing any questionable use of information technology resources.
This policy is supplemented by all other college policies and by the policies of those networks to which CCRI is interconnected, including but not limited to OSHEAN. Applicable local, state, and federal laws also apply to information technology users at CCRI.