All financial and administrative policies involving community members across campus are within the scope of this policy. If there is variance between departmental expectations and the common approach described through college policy, the college will look to the campus community to support the spirit and the objectives of college policy.
Information technology resources are central to the educational mission of Colorado College. CC students, faculty, and staff must respect the rights of others, abide by all college policies and applicable state and federal laws, and assume shared responsibility for safeguarding the college's information technology environment. Colorado College's computing resources may not be used for any activity that is illegal, unethical, or contrary to the educational goals of the college. Freedom of expression and the existence of an open environment conducive to inquiry and learning will be respected by the college with regard to use of information technology resources, but behavior that constitutes misconduct will not be protected.
To enable the appropriate educational and administrative use of information technology resources, the college provides a secure network. Absent connectivity standards, our campus community is at risk to damages from hardware or software that has not been appropriately configured or maintained. These damages could include financial losses, interruption of network services, and the loss of data. To minimize exposure to such damages, this policy also defines standards for connecting computers, servers, or other devices to the college’s network.
Authorities Delegated and Retained/Administrative Responsibility
The president of the college delegates administration of the college’s Acceptable Use Policy to the chief technology officer/vice president for information technology.
Common sense and respect for others are excellent guides to what constitutes appropriate behavior in the use of information technology resources. Prohibited conduct falls into several areas including, but not limited to, unauthorized access, copyright violations, acts of destruction, invasion of privacy, and harassment. The policies listed below are not exhaustive but should convey a broad sense of what behavior constitutes illegal, unethical, or inappropriate conduct. As in other aspects of college life, users are bound by the policies and guidelines published on the Colorado College policies website, in the Colorado College Pathfinder, and in Colorado College Faculty and Staff Handbooks,. By using CC’s information technology resources, students, faculty, staff, and others agree that they are familiar with and will abide by those policies as well as this acceptable use policy and any modifications made thereto in the future.
Unauthorized Account or System Use
Users may not access data or other information technology resources without proper authorization, regardless of whether any damage is done or whether the data or other information technology resource in question is owned by the college.
- Users may not access or use, or attempt to access or use, any network accounts other than their own assigned accounts or any computer system for which they have not been granted access. In other words, users should use only their own files, those that have been designated as public, or those that have been made available to them with the knowledge and consent of the owner.
- The college’s Honor Code and its prohibitions against plagiarism and cheating, among other things, applies to student use of any files and information obtained from CC’s information technology resources when used in the preparation of academic coursework.
- Passwords should not be revealed to anyone else and should be changed according to published password standards.
- Users may not attempt to determine the password of another person through any means.
- Impersonation of another person by sending forged information (e.g., sending email with an erroneous "sender") is prohibited.
Misuse of Information Technology Resources
Every person is expected to use information technology resources in a responsible manner which does not waste resources (e.g., printed paper, network storage space, processing time). The college’s policy regarding Misuse of College Resources applies to the use of all CC information technology resources.
- No person may store or use programs on college-owned systems that violate or hamper another person's use of the system. Examples of such programs include attempts to obtain another person's password, acquire another person's files, circumvent system security measures, or crash the system.
- Devising and/or intentionally spreading computer viruses is expressly forbidden.
- Non-academic or non-administrative use of college IT resources is prohibited on college-owned devices such as lab computers or workstations.
- No person may attempt to alter the condition or status of any networking component (such as wireless access points) in any manner to alter software owned by others or to copy software intended only for college use.
- No person should access or attempt to access server rooms or networking electronics closets on campus without explicit authorization.
- Only authorized personnel may attempt to fix hardware problems with college-owned computer systems, printers, or other devices. Such problems should be reported to ITS:.
- When using computer labs, users should refer to procedural guidelines posted on bulletin boards in all computer labs. Smoking, eating, drinking, and excessive noise is prohibited in public labs.
- Only ITS: personnel or authorized contractors may install or alter audio-visual and related technology in “smart” classrooms or event venues around campus.
- All technology equipment checked out from the Library or ITS: may be used only for appropriate purposes, and the person checking out that equipment assumes financial liability for it, including any late fees.
Copyright and License Protections
The author of a text or the creator of a graphic, program, or application is protected by copyright law unless s/he specifically releases that work into the public domain. In accordance with the college’s policies governing the treatment of copyrighted materials, users should always obtain written permission from the original author(s) before copying electronic materials that are not in the public domain.
- No user may copy, or attempt to copy, any proprietary or licensed software provided by or installed on college owned resources. Copyright laws and license agreements protect much of the software and data that reside on the college’s computer facilities. Unauthorized duplication of software may subject users and the college to both civil and criminal penalties under the United States Copyright Act.
- Stolen or bootleg copies of software are not allowed on any Colorado College computing systems.
- All shareware programs must be registered in accordance with their license and use provisions.
Information technology resources may not be used to intimidate, threaten, or harass other individuals.
- Colorado College's information technology resources may not be used for any activities that violate the college’s Anti-Discrimination Policy, Student Code of Conduct, workplace standards, or state or federal laws.
- Information technology resources may not be intentionally used to view, store, print or send obscene materials or slanderous, harassing or threatening messages.
Violation of Privacy
Respect the privacy of other users.
- Information, data files, external devices, email, and programs owned by individual people are considered private, whether or not the information is accessible by others.
- Access to private, financial, or personally identifiable information is restricted to authorized users, even in the case when users are accidentally granted permissions to files or folders they should not see.
- Tampering with email, interfering with or intercepting its delivery, and using email for criminal purposes may be felony offenses. The Electronic Communications Privacy Act places electronic mail in the same category as messages delivered by the US Postal Service.
Appropriate Connection Methods
Devices may be connected to the college’s network at appropriate connectivity points including voice/data jacks, through an approved wireless network access point, via a VPN, or through DSL, cable modems, and traditional modems over phone lines.
- Users may not make modifications or extensions to the network, such as installing a personal wireless access point that rebroadcasts Colorado College’s network.
- Users should consult ITS: if they discover a need to modify or extend the network.
Those using the college’s network may be required to authenticate when connecting a device. ITS: maintains a database containing machine identification, network addresses, and ownership information. This data is used to contact the registered user of the equipment in the event his/her computer is compromised.
Protection of the Network
ITS: uses multiple methods to protect the college’s network. These include monitoring for external attacks, scanning the network for anomalies, and proactively blocking harmful traffic. There may be times where more extensive procedures are required to address potential security exposures or to contain actual security exposures.
- By connecting to the college’s network, users acknowledge that network traffic to and from their computers may be scanned.
- By connecting to the college’s network, users acknowledge that if a device exhibits behaviors that ITS: believes to be a risk, the device will be removed from the network. Suspicious device behaviors include (1) using substantial network resources, (2) sending disruptive network traffic, or (3) exhibiting a pattern associated with scans or attacks.
Suspension or Revocation of Access
Use of CC’s information technology resources is a privilege. If a person is found to be in violation of these policies, this privilege may be revoked through temporary or permanent denial of access to such resources.
- People suspected of violating these policies may be temporarily denied access to CC’s information technology resources during investigation of the alleged abuse.
Additional Consequences of Misuse
Abusers of the college’s information technology resources will be subject to existing disciplinary procedures under current college policies in accordance with the abuser’s campus status. When appropriate or required by law, the college may request or provide assistance to law enforcement agencies to investigate suspected illegal activities.
- This policy does not require approval by the college’s Board of Trustees.
- Periodic review of policies shall take place in accordance with each policy’s individual review frequency.
Creating awareness of the importance of information technology security is an important component in establishing an environment in which each individual feels responsible and empowered to act in his/her own and the community’s best interests. All departments will provide opportunities for individuals to learn about their roles in creating a secure information technology environment.