Computer Usage Policies - Misericordia University
The computing resources at Misericordia University support the instructional, research, and administrative activities of the University. Examples of these computing resources include, but are not limited to, the central computing facilities, the campus-wide network, local-area networks, electronic mail, access to the Internet, voice mail, departmental networks, the public computing, residential student computers or remote access to resources, facilities and related services. Users of these services and facilities have access to valuable University resources, to sensitive data and to external networks. Consequently, it is appropriate for all users to behave in a responsible, ethical and legal manner. In general, appropriate use means respecting the rights of other computer users, the integrity of the physical facilities and all pertinent license and contractual agreements. These regulations apply to all computing systems owned or managed by Misericordia University. Individual departments and other institutions may have additional guidelines regarding computing equipment held in those departments or institutions. Interested parties should contact the appropriate person for more information about computing guidelines in a specific department or institution.
Access to the University's computing facilities is a privilege granted to University students, faculty and staff. Data owners - whether departments, groups, faculty, students, or staff - may allow individuals other than University faculty, staff and students access to information for which they are responsible, so long as such access does not violate any license or contractual agreement; University policy or guidelines; or any Federal, state, county, or local law or ordinance.
The University vests the responsibility for ensuring the integrity and performance of its computing systems in various system administrators. While respecting the rights of all users, when the integrity of the system is threatened, systems administrators are authorized to take those actions necessary to maintain the system and are fully accountable for their actions. The University views the use of computer facilities as a privilege, not a right, and seeks to protect legitimate computer users by imposing sanctions on those who abuse the privilege.
II. AUTHORIZED USE
These guidelines apply to all users, who make use of Misericordia University's information technology services from any location. Such users include, but are not limited to faculty and visiting faculty, staff, students, guests of the administration, external individuals or organizations and individuals accessing external network services, such as the Internet, via Misericordia University's computing facilities. University employees are also subject to the University's Computer Security Policy and the Internet Security Policy. The University reserves the right, in its sole and absolute discretion, to refuse access to computing resources at the University to anyone who is not a member of the University community. By accepting use of the computer services provided by the University, the user agrees to comply with the policies.
III. RIGHTS, PRIVILEGES and RESPONSIBILITIES
1. ACCESS TO COMPUTING RESOURCES
Faculty, graduate and undergraduate students, and University employees may use the central computing facility for activities related to research, instruction or University administration.
For information on access to departmental computing resources, contact the appropriate department chair.
When an individual has connected to a computer site that is external to Misericordia University the individual has the responsibility to abide by the regulations at that site.
Using Misericordia network / technology resources
It is possible for a user to access the University's Network from an external site that is not owned or managed by Misericordia University. When using Misericordia technology resources either on or off campus users must comply with University policies, including this Computer Usage Policy.
2. DATA SECURITY AND INTEGRITY
Users should use all available methods to protect their files, including the frequent changing of their passwords, encryption of data where appropriate, and storing back-up copies of information off site. In the event that data has been corrupted as a result of intrusion, a system administrator should be notified immediately. Every reasonable attempt will be made to restore files to their status prior to intrusion. However, full restoration cannot be guaranteed.
Misericordia University provides reasonable security against intrusion and damage to files stored on campus computing facilities. The University provides some facilities for archiving and retrieving files specified by users, and for recovering files after accidental loss of data. However, neither Misericordia University nor its computing staff can be held accountable for unauthorized access by other users, nor can they guarantee protection against media failure, fire, floods, or other disaster.
Although the University backs up some departmental computers and makes reasonable attempts to protect those computers from intrusion, it does not provide the same level of protection or offer restoration of files stored on departmental computers. Therefore, it is especially important that users back up their files and use all available means to protect their data on departmental systems.
Misericordia University participates in a range of computing networks, and many members of the community regularly use these networked computers in their work. Statements in public (i.e., not private) files in this medium are protected by the same laws, policies, and guidelines, and are subject to the same limitations, as communications in other media. The same holds true for electronic personal files and communications (e.g. e-mail). However, users should exercise caution when committing confidential information to electronic media, because the confidentiality of such material cannot be guaranteed. For example, routine maintenance or system administration of a computer may result in the contents of files and communications being inadvertently seen.
Network and system administrators are expected to treat the contents of electronic files as private and confidential and to respect the privacy of all users. Members of the computing staff are forbidden to log on to a user account or to access a users files unless the user gives explicit permission.
Exceptions to these privacy guidelines may be made, however, when a program or individual is suspected of threatening the integrity of the network or other shared services or as mandated by law or contract, when there is a suspected significant violation of a University policy, when required to protect the general welfare of the University community or any member of the public, or when there exists, as determined by the University other exceptional circumstances requiring such exceptions. In such instances, the Information Technology department will immediately notify the user that he or she has been disconnected from the Network. The proper University authority will be notified of such action. If an immediate response is required, it will be undertaken and careful records will be kept as to the accounts and files examined. Once the threat is removed and system integrity restored, the Information Technology Department will consult with all appropriate University parties involved in a timely fashion.
If the instance does not require immediate action but privacy must still be breached, then reasonable attempts will be made to contact the file-owner by telephone and e-mail. If the attempts are not successful or the file-owner refuses permission, the system administrator in conjunction with his/her supervisor, after consultation with an appropriate senior officer of the University, is permitted to examine the accounts and files involved. Afterward a written report will be forwarded to all known parties involved in a timely manner.
Any inspection of electronic files, and any action based upon such inspection, will be limited to what is necessary to restore the integrity of the system and will be governed by all applicable Federal and Commonwealth of Pennsylvania laws.
4. TEMPORARY DENIAL OF SERVICE
Similar principles and procedures apply to the temporary denial of service. In particular, a system manager cannot deny access to a user without following the due process procedures outlined above. Any extended denial of access can only result from a fair hearing in accordance with the University judicial procedures.
5. UNIVERSITY RESPONSIBILITY FOR ERRORS IN SOFTWARE, HARDWARE, NETWORKS AND CONSULTING
Misericordia University makes every effort to maintain an error-free hardware, software and networking environment for users and to ensure that the computing staff are properly trained. Nevertheless, it is impossible to ensure that hardware or system software errors will not occur or that staff will always give correct advice. Misericordia University presents no warranty, either expressly stated or implied, for the services provided. Damages resulting directly and indirectly from the use of these resources are the responsibility of the user.
6. CHANGES IN THE COMPUTING ENVIRONMENT
When significant changes in hardware, software, networks or procedures are planned, the University community will be notified through electronic and other media to ensure that all users have enough time to prepare for the changes and to voice any concerns that they might have.
IV. GUIDELINES FOR APPROPRIATE COMPUTING BEHAVIOR
Those who avail themselves of the campus technology or network computing resources are required to behave in a manner consistent with Misericordia University's code of conduct. The University supports computing activities which promote research and learning by the user of the computer system.
The University subscribes to the statement on software and intellectual rights distributed by EDUCOM, the non-profit consortium of colleges and universities committed to the use and management of information technology in higher education, and the Information Technology Association of America (ITAA), a computer software and services industry association:
"Respect for intellectual labor and creativity is vital to academic discourse and enterprise. This principle applies to work of all authors and publishers in all media. It encompasses respect for the right to acknowledgment, right to privacy, and right to determine the form, manner, and terms of publication and distribution."
"Because electronic information is volatile and easily reproduced, respect for the work and personal expression of others is especially critical in computer environments. Violations of authorial integrity, including plagiarism, invasion of privacy, unauthorized access, and trade secret and copyright violations, may be grounds for sanctions against members of the academic community."
Misericordia University maintains a Higher Education Opportunity (HEOA) Electronic Copyright Protection Plan, a HEOA compliance statement, and a File Sharing (P2P) Policy.
The following list does not cover every situation which pertains to proper, or improper, use of computing resources, but it does suggest some of the responsibilities which you accept if you choose to use a computing resource or the network access which the University provides. The pronoun “you" in these policies apply to each and every user.
1. If you have any computer account, you are responsible for the use made of that account. You should set a password which will protect your account from unauthorized use, and which will not be guessed easily. If you discover that someone has made unauthorized use of your account, you should change the password and report the intrusion. You should change your password on a regular basis, to assure continued security of your account. You should only use a computer account or an ID that belongs to you.
2. You must not intentionally seek information, browse, obtain copies, or modify files, passwords, or tapes belonging to other people, whether at Misericordia University or elsewhere, unless specifically authorized to do so by those individuals. (Note: if an individual has explicitly and intentionally established a public server, or explicitly designated a set of files as being for shared public use, others may assume authorization to use that server or those files.)
3. You must not attempt to decrypt or translate encrypted material to which you are not entitled. Nor may you seek to obtain system privileges to which you are not entitled. Attempts to do any of these things will be considered serious transgressions.
4. If you encounter or observe a gap in system or network security, you must report the gap to a system or network administrator. You must not exploit any such gaps in security.
5. You must refrain from any unauthorized action which deliberately interferes with the operating system or accounting functions of the systems or that is likely to have such effects.
6. You must be sensitive to the public nature of shared facilities, and take care not to display on screens in such locations images, sounds or messages which could create an atmosphere of discomfort or harassment for others. You must also refrain from transmitting to others in any location inappropriate images, sounds or messages which might violate the University statements on harassment. It should, however, be noted that due to a diverse society, the University cannot protect individuals against the existence or receipt of material that may be offensive to them.
7. You must avoid the following activities: tying up shared computing resources for excessive game playing or other trivial applications; sending frivolous or excessive mail or messages locally or over an affiliated network; or printing excessive copies of documents, files, images or data. You must refrain from using unwarranted or excessive amounts of storage; printing documents or files numerous times because you have not checked thoroughly for all errors and corrections; or deliberately running grossly inefficient programs when you know that efficient ones are available. You must be sensitive to special needs for software and services available in only one location, and cede place to those whose work requires the special items.
8. You must not prevent others from using shared resources by running unattended processes or placing signs on devices to reserve them without authorization. Your absence from a public computer or workstation should be very brief. A device unattended for more than ten minutes may be assumed to be available for use, and any process running on that device terminated. You must not lock a workstation or computer which is in a public facility. You must also be sensitive to performance effects of remote login to shared workstations: when there is a conflict, priority for use of the device must go to the person seated at the keyboard rather than to someone logged on remotely.
9. The University presents for your use many programs and data which have been obtained under contracts or licenses saying they may be used, but not copied, cross-assembled, or reverse-compiled. You are responsible for determining that programs or data are not restricted in this manner before copying them in any form, or before reverse-assembling or reverse-compiling them in whole or in any part. If it is unclear whether you have permission to copy such software or not, assume that you may not do so.
10. Messages, sentiments, and declarations sent as electronic mail or sent as electronic postings must meet the same standards for distribution or display as if they were tangible documents or instruments. You are free to publish your opinions, but they must be clearly and accurately identified as coming from you. If you are acting as the authorized agent of a group recognized by the University, you must be clear and accurately identify your message as coming from the group you are authorized to represent. Attempts to alter the From line or other attribution of origin in electronic mail, messages, or postings, will be considered transgressions of University rules.
11. If you create, alter, or delete any electronic information contained in, or posted to, any campus computer or affiliated network, it will be considered forgery if it would be considered so on a tangible document or instrument.
12. You must not create, send, or forward electronic chain letters.
13. You shall not use any Misericordia University system as a staging ground to enter other systems without authorization.
14. In general, University-owned hardware, software, manuals, and supplies must remain at campus computing sites. Any exception to the rule requires proper authorization.
15. Computer policies on other computer systems do not pre-empt the policies of Misericordia University.
16. University owned programs and data should not be transferred to other sites. Users may not use programs obtained from commercial sources or other computer installations unless all licensing conditions are legally met.
17. By signing up for a University computer account all users agree to be in compliance with all federal laws, state laws, and all university regulations, related to any copying of computer software.
18. You must not break into another user's electronic mailbox.
19. You must not knowingly or carelessly run or install on any computer system or network, or give to another user, a program intended to damage or to place excessive load on a computer system or network. This includes, but is not limited to, programs known as computer viruses, trojan horses, and worms.
20. You must not attempt to circumvent data protection schemes or uncover security loopholes. This includes creating and/or tuning programs that are designed to identify security loopholes and/or decrypt intentionally secure data. This also includes programs contained within an account, or under the ownership of an account that are designed or associated with security cracking.
21. You are not allowed to create mail or electronic distribution lists larger than 10 addressees, without proper authorization.
22. You should not post on electronic bulletin boards materials that violate existing civil laws or Misericordia University policy.
23. You should not use the University computer systems for commercial or profit making purposes.
V. VIOLATIONS OF THESE GUIDELINES
Violations of the University Guidelines for Responsible Computing are treated like any other ethical violation as outlined in the Student Handbook, relevant contractual agreements, and applicable faculty and staff handbooks. Penalties may include but are not limited to, restricted access, no access, suspended access or other University actions as deemed necessary. Violators may also be subject to prosecution under applicable Federal and Commonwealth of Pennsylvania statutes.
VI. MISERICORDIA UNIVERISTY COMPUTER SYSTEM ADMINISTRATOR RESPONSIBILITIES
There is always the possibility of a system crash, network outage, or some other interruption of your work which may result in loss of your data, files, or software. Please take steps to minimize your risk; frequently back up any work that is important to you. The University Computing Center takes its own safety and security measures, but they may not be sufficient for your purposes. The system administrator's use of the University's computing resources is governed by the same guidelines as any other user's computing activity. However a system administrator has additional responsibilities to the users of the network, site, system, or systems he or she administers:
1. A system administrator ensures that all users of the systems, networks, and servers that he or she administers have access to the appropriate software and hardware required for their University computing.
2. A system administrator is responsible for the security of a system, network, or server.
3. A system administrator must make sure that all hardware and software license agreements are faithfully executed on all systems, networks, and servers for which he or she has responsibility.
4. A system administrator must take reasonable precautions to guard against corruption of data or software or damage to hardware or facilities.
5. A system administrator must treat information about and information stored by the system's users as confidential.
6. In very unusual circumstances when system response, integrity or security is threatened, as outlined above, a system administrator is authorized to access files and information necessary to find and resolve the situation.
VII. ADMINISTRATION OF GUIDELINES
The University is committed to providing the best possible service to all of its computer constituents. However, this is not a guarantee that the necessary resources will always be available to respond to all "immediate" crises and situations which clearly require attention.
This document contains excerpts and paraphrased sections from similar documents prepared by Montclair State University, American University, Barry University, Catholic University of America, and the University of Laverne. We gratefully acknowledge their contributions.