Acceptable Use - Computer Network

I. PURPOSE

This document is written to inform the users as to what policies they should adhere to and procedures to follow regarding the acceptable use and protection of informational technology and data. It defines the intended uses of the network including unacceptable uses and the consequences for non-compliance. It also covers provisions for network etiquette, limits on the use of network resources, and indicates the level of privacy a user on the network should expect. For users who are employees of Saint Vincent, this document is to be signed off at time of employment, with a copy stored in the user’s employee file in Human Resources and a copy is to be provided to the user.

II. IMPACT

Participants (scope): All end users (administration, faculty, staff, students, monks, priests, and alumni with accounts) of the Saint Vincent community.
Implementation: The CIO is responsible for implementation and interpretation.
Other Affected Parties: All stakeholders.
Potential Impact: There is a substantial budgetary, legal, and logistical impact required to ensure this policy is enforced; however it is essential to protecting the intellectual data and physical technological assets of the institution.
Exceptions: N/A

III. COMPLIANCE

Strategic Plan (if applicable): IT Strategic Plan.
Applicable Laws (if applicable): Policy makes best effort to support compliance of GLBA Safeguards Rule, DMCA, HEOA, CALEA, HIPAA, CAN-SPAM Act, Fair Credit Reporting Act, USA PATRIOT Act, FTC Red Flags Rule, Fair and Accurate Credit Transactions Act, and dozens of other privacy/security-related laws and regulations.
Penalties (if applicable): Users who violate any of these policies and procedures will be subject to possible disciplinary action up to termination if warranted.
Authorization: President and CIO have authorization for approving this policy.
Exceptions: Any member of the President’s Senior Cabinet/Council can request day-to-day policy exceptions, but notice should be provided accordingly as granted.

IV. POLICY AND PROCEDURE ELEMENTS: Provide the following policy elements if appropriate.

Index: N/A
Definitions: N/A
Statement of Need, History: To meet internal and external compliance and audit requirements.
Body of policy and procedures: as follows

V. APPLICABILITY
The following is an articulation of the policies and procedures the Information Technology Department will employ in dealing with issues regarding the acceptable use of informational technology on the Saint Vincent campus.

This articulation applies to all members of the Saint Vincent community (employees and administrators of the College, Seminary, Archabbey and Parish, and students of the College and Seminary).

With respect to members of the Saint Vincent College Faculty, this document is not meant to conflict with, alter or modify in any way the policies and procedures set forth in Section 3.4.2 (Computer Usage) of the Faculty Handbook. To the extent that there is any perceived inconsistency between Section 3.4.2 and this document, the provisions of Section 3.4.2 prevail with respect to any matter dealing with a member of the College Faculty.

VI. GENERAL PRINCIPLES
Electronic resources, including computer email, network servers/storage, web pages and Internet access that are provided to the members of the Saint Vincent Community are provided by Saint Vincent solely for the use of these members in carrying out the mission and purpose of the institution.

These resources are and remain at all times the sole property of Saint Vincent. Because these resources constitute a powerful tool in the hands of a user, Saint Vincent is obligated to ensure that they are used only for the proper purposes for which they have been provided. While Saint Vincent recognizes the value of privacy within this institution, and the related principles of academic freedom as they relate to members of the faculty, and will honor those ideals, there should be no expectation of privacy of information stored or sent through IT resources owned by Saint Vincent.

VII. ACCOUNT ACCESS AND MANAGEMENT
Access to the computer resources on the Saint Vincent network must be approved by the Information Technology Department which will assign accounts to individuals. An individual account may not be used by a person other than the one to whom it has been assigned. No one may attempt to gain unauthorized access to the account or files of another user.

The accounts of employees of Saint Vincent will be closed immediately upon their separation from employment unless arrangements are made with the employee’s supervisor to permit access for an additional brief period. The accounts of graduates will be closed 120 days after graduation or if an account has been inactive for that same period.

VIII. INTERNET USE AND MANAGEMENT
The electronic resources provided by Saint Vincent are to be used solely for the purpose of carrying out the mission and purpose of Saint Vincent. Any use of the account provided by Saint Vincent and/or the electronic resources otherwise made available that is contrary to the mission and purpose of the institution is strictly prohibited.

Users of the account and electronic resources of the Saint Vincent network [“users”] are reminded that they must comply with all state, federal and local laws, and the policies promulgated by Saint Vincent as articulated in the various Handbooks and otherwise.

Users may not use these resources for personal business ventures, commercial development, political endeavors or other wholly personal uses that are not consistent with the mission and purpose of the institution. Incidental and occasional personal use of email and electronic resources is permitted as long as it does not otherwise violate federal, state or local laws, or policies of the institution, otherwise significantly detract from the mission and purpose of the institution, increase security risks to the network or negatively impact the performance of the system on campus.

No user may upload or copy any files or programs that are designed to hinder, damage or disrupt the Saint Vincent computer resources.

Users are responsible for adherence to federal copyright laws. Saint Vincent will fully comply with any investigation of copyright violations brought to its attention.

Users are advised that most of the software available through the Saint Vincent network is protected by licensing agreements and that no individual may copy or distribute such materials to unlicensed users.

IX. ENFORCEMENT
The Saint Vincent community is advised that Saint Vincent, as the owner of the electronic resources it otherwise provides to its members, reserves the right to track and analyze network traffic for routine administrative purposes to ensure the proper functioning of the network.

Additionally, Saint Vincent reserves the right to track and analyze network traffic, email messages and attachments, Internet sites visited, electronic files and data to ensure that they are being used solely for the purposes for which they have been provided. Tracking of this nature will be approved in advance by the Archabbot and either the President of the College, the Rector of the Seminary or the Prior of the Archabbey, depending upon the location of the computer to be monitored. Notice of the analysis and tracking will be given to the individual affected when feasible.

X. DISCIPLINARY ACTION
Any violation of the policies and procedures set forth herein will be immediately referred for possible disciplinary action to the supervisor having jurisdiction over the alleged offender. The Information Technology Department will provide technical support in determining whether such an offense has taken place.

Disciplinary actions will proceed in the manner prescribed by the Handbook and policies of the relevant segment of the community in which the violation took place. In addition to any other discipline that may be imposed for a proven violation, the individual violator may be denied or severely limited in their further access to the electronic resources of the institution.

XI. SERVICE MANAGEMENT
Requests for service, training, reporting problems, etc., should be handled by calling the IT Service Desk at (724) 805-2297, stopping by the IT Service Desk on the ground floor of Alfred Hall, or by email to servicedesk@stvincent.edu. Each request will be logged through the IT Service Request database to insure a proper response.

Users must note that when a Saint Vincent device is being serviced or replaced by the IT Service Desk, non-Saint Vincent related software could be removed unless specific to the proper needs of the department. Favorites, Instant Messaging software, Web software, Music, Videos, etc., may fall into this category.

When personally-owned devices are being serviced, the IT Department will make a best effort attempt to troubleshoot these devices for users, but users must sign a Liability Waiver releasing the Information Technology Department and Saint Vincent for liability for any loss of software, files or data that may occur during the repair or reconfiguration of these devices.

All users should be aware that the maintenance of electronic devices by the IT Department may require department personnel to have access to the files of said devices. Any user-specific service conducted by the IT staff outside of the Service Desk area (in a user’s office or work space) will be conducted in the presence of the user or their designee. If questionable material is discovered during any such service, IT personnel will immediately advise the CIO who will thereafter refer the findings to other appropriate supervisory officials of Saint Vincent.

Users must recognize that network service may be intentionally interrupted from time to time for maintenance purposes. Every effort will be made to have all planned interruptions occur during nonpeak hours, with sufficient notice provided to all users affected by the outage. However, service may have to be interrupted during peak hours if warranted, and IT will make every effort to give adequate notification if at all possible.

Because of a limited amount of disk space available on the network, from time to time restrictions/quotas may be placed on how much material individuals may store on the system. Requests for additional disk space or instruction on other methods for archiving data can be made by submitting an IT Service Request via email or by calling the IT Service Desk.

To reduce security risk, “personally” owned laptops, MacBooks, etc. are not to be connected to the network jacks via a patch cable in the classrooms, computer labs, or offices, unless it is under the direction of the IT Department. Mobile devices should only use the wireless network provided by the College or the 3rd party Resnet provider. Laptops and other mobile devices that are “property of the College” should be connected by patch cable to the network jack if at all possible when the device is in an office or classroom and a network jack is available because it allows for more efficient processing and better security. However, if wireless is the only feasible option, College owned devices should connect to the SVC wireless network (not the guest option), which requires an ID and password. Connecting via a network jack or SVC network wireless ensures the device will receive auto-updates of the latest antivirus and O/S patches. Additionally, the wireless signal should be turned off when the device is connected by cable. Having both connections active can cause problems with the laptop or mobile device, and it can also cause problems on the network.