HomeSt. Matthew's University

A. Complaint Filing

a. Complaints may be filed with Information Technology Services via e-mail (This email address is being protected from spambots. You need JavaScript enabled to view it.This email address is being protected from spambots. You need JavaScript enabled to view it.), in writing, in person, or internally through routine monitoring and detection of a system/network problem or unusual event.

b. Complaints must be filed by the individual who was harmed.  St. Matthew's University will respond to requests for assistance from law enforcement accompanied by a court order, subpoena or search warrant.

c. St. Matthew's University will act on anonymous and third party complaints only in the event of a health and safety issue.  Otherwise, the individual who has been harmed will be contacted and asked to file a formal complaint.

f. ITS may also be contacted to report infractions when the complainant is unable, or it is not desirable, to do so through other channels.

B. Complaint Review and Investigation

a. The Director of Information Technology or designee reviews each complaint to initially determine whether a potential policy or legal violation has occurred based on the evidence provided. 

1) If not, the complainant is notified in writing as to why it does not constitute a violation and the incident will be closed.

2) If yes, but additional information is needed, the complainant will be asked to provide it, e.g., system logs, e-mail headers.

3) If yes, but the violation does not involve University resources, the complainant will be advised on what if any action they can take.

4) If the complainant fails to produce enough evidence to make a determination, they will be notified and the incident will be closed and filed for future reference.

b. If it appears a violation has occurred and sufficient evidence has been gathered, ITS will make an initial determination as to what happened, where it happened, and who initiated the activity.  A trouble ticket will be created for each unique event to track and record the incident investigation and resolution.

3) If the event involves a breach of system security in which any individualÂ’s unencrypted personal information was, or is reasonably believed to have been, disclosed to an unauthorized person, the breach should be reported immediately to ITS.

c. A serious incident may result in simultaneous investigations and actions by ITS, non-ITS system/network administrators and law enforcement.

d. Administration will be contacted to represent the University if the matter requires interaction with the public, media or other outside interests.

e. ITS will assist University officials with securing and interpreting evidence and conducting investigations when requested or legally required to do so.

C. Informal Resolution

a. Once ITS has determined that a violation has occurred and the nature of the violation is known, the Director of Information Technology or designee will contact the alleged violator by e-mail, phone or in-person to informally resolve the complaint.

b. The individual will be advised of the nature of the complaint and the evidence collected and asked to provide an explanation.

c. If the individual does not appear to be responsible (e.g., a third party misused their account), ITS will counsel the user on how to prevent future occurrences of the specific problem and continue its investigation.

d. If a St. Matthew's University community member is responsible but the violation appears to be accidental or unintentional on their part, ITS will counsel the user on how to prevent future occurrences of the specific problem.

e. If they have no history of prior violations, they will generally be given a warning and advised that future violations will result in formal action. 

f. Individuals with a prior history of violations or involved in a serious violation will be referred to the appropriate campus authority for formal action and resolution.

D. Formal Resolution

a. Formal actions, including disciplinary hearings, imposition of sanctions, and appeals will be handled through existing disciplinary/grievance processes for St. Matthew's University students, faculty and staff.

c. It will be the Director of IT's role and responsibility to advise and counsel the appropriate disciplinary authorities regarding the nature of the violation and its impact on campus resources, policy and practices, and to assist them in determining the seriousness of the offense if necessary.

f. Potential legal violations and threats to individual health and safety will be referred to local law enforcement.

g. ITS may confer with University Legal Counsel to help determine if a legal violation has occurred before referring the matter to law enforcement officials. 

E. Final Disposition

a. ITS will notify the complainant as to the disposition of their complaint. This could range from advising as to why the matter does not constitute a violation to providing final notice that the matter has been resolved.

b. Specific information about the individual involved will not be disclosed.

c. ITS will record each incident and its resolution to track recurring violations and repeat offenders and to inform future changes to the policy/practices.

d. ITS will implement technical sanctions imposed by the designated campus authority as a result of a formal disciplinary process or as required by law.

Return to Responsible Use Policy

The primary content of this policy has been generously provided, with written permission, by the California Polytechnic State University.

Return to Responsible Use Policy

Access

 

Ability given to individual or groups of users to use information stored on or via University resources. This includes but is not limited to the ability to read, write, view, create, alter, store, retrieve, and disseminate information.

Account

 

That combination of user name and password that provides an individual with access to a computer system or computer network

Administrator

An individual responsible for administering a computer system or campus unit

Authorized University Officials

 

Administrators or designees with the authority to make decisions about or approve a specific action, activity, service or use of a specific resource

Non-Authorized, Unauthorized

 

Applies to individuals without the authority or permission, as defined by the University, to initiate or approve an activity or service and/or to access or use a specific resource

Broadcast

 

Method for sending a uniform message to an entire set of users qualified by membership in a definable group such as faculty, staff, students, engineering majors, etc.

Campuswide Shared IT Resources

 

Information technology resources implemented and managed by Information Technology Services. Examples include the St. Matthew's University network , file servers, web servers, open access computer stations, etc.

Chain Letter

 

An e-mail message asking the recipient to indiscriminately forward or pass it along; may involve money-making pyramid schemes or be disguised as innocent (e.g., collecting post cards for a dying child) or helpful (e.g., warnings about computer virus hoaxes)

Commercial Activity

 

An activity conducted for commercial/private profit or gain or non-profit fundraising. This includes but is not limited to soliciting sales or funds, marketing or advertising a product or service, posting an advertisement to a newsgroup, and reselling University resources. University authorized commercial activities are excepted.

Computer Systems

 

Any computing resource, service, or network system, including workstations, servers, networks, storage devices, peripheral equipment, input/output and connecting devices, data processing functions, and related records, programs, software and documentation.

Copyright Infringement

 

Copying, distributing, publicly performing, publicly displaying a copyrighted work, or creating a derivative work, without the permission of, or a license from, the copyright owner

Electronic Communications

 

Any electronic method used to communicate, including but not limited to electronic mail, the Internet/World Wide Web, video recordings, facsimiles, pagers, telephones, etc.

E-mail

 

Electronic method of sending and receiving messages from and to electronic addresses associated with specific owners

E-Mail Reflector

 

The automated or otherwise forwarding of an e-mail message to multiple recipients triggered by the content of the mail message being forwarded

Inappropriate Use

 

Activities that interfere with the primary intended use of supporting instructional activities, e.g., excessive game playing

Information Technology Resources

 

Any data or information stored in digital form and the computer systems or other means used to access that information.

IT Department / Information Technology Services

 

The administrative entity charged with implementing and managing campuswide information technology resources under the direction of the Director of Information Technology.

Institutional Data

 

Information about individuals and departments that is recorded, maintained, administered and retained by the University, e.g. information in student records and employee files, financial data, etc.

Intellectual Property

 

Inventions, discoveries, innovations, and literary and artistic works that may be patented, copyrighted, trademarked or licensed for commercial purposes

Mail Bombing

 

The practice of bombarding someone with a large volume of unsolicited mail in an attempt to disrupt them or their site

Monitoring

 

A standard practice by information technology resource administrators of reviewing transaction activity and other similar logs generated by the system/network, analyzing performance anomalies and traffic patterns, and/or running programs designed to identify the source of a specific problem, alarm or pattern potentially indicative of illegal or inappropriate use

Network

 

A group of computers and the associated equipment and transmission media used for the purpose of sending and receiving data, voice or video signals

Networked Device

 

A networked device includes but is not limited to the following types of equipment assigned to individuals, departments, clubs, auxiliary organizations or individuals from off-campus utilizing university network resources: personal computers, laptops, workstations, wireless devices (e.g. PDAs, laptops, handheld phones, base stations or pods), networked printers/copiers, servers, switches, routers, hubs, mini-hubs, splitters, wireless access points, firewalls, network security devices, network appliances, modem pools, or any device that is network-capable and connected to university network resources.

Network Communication Device

 

A network communication device includes but is not limited to the following types of equipment assigned to individuals, departments, clubs, auxiliary organizations or individuals from off-campus utilizing university network resources: switches, routers, hubs, mini-hubs, splitters, wireless access points, firewalls, network security devices, network appliances, modem pools, or any device connected to university network resources whose function is to transport electronic information.

Network/System Integrity and Reliability

 

Maintaining optimum performance and availability of information technology resources in support of the University mission

Newsgroup

 

E-mail discussion group using a "news" message distribution protocol organized around named topics. Newsgroups can be global, regional, or local with regard to their access and distribution. While messages are submitted using e-mail, they are read from a central repository instead of being delivered to individual e-mail addresses.

Personal Gain

 

Receiving money or other goods or services as a result of soliciting, promoting, selling, marketing or advertising products or services

Personal Information

 

In the context of disclosure of system security breaches: IndividualÂ’s first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted: (1) Social Security number; (2) driverÂ’s license number or government issued identification card number; (3) account number (which could include a student identification number), credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individualÂ’s financial account.

Political Advocacy

Promoting, advocating or supporting a specific candidate, political party or issue

Port Scanning

Using software to access or query all known TCP ports on a system to try to identify which services and levels of security are associated with those ports. A method for determining if a network or system can be compromised.

"Spam"

Indiscriminate mailing or forwarding of unsolicited e-mail to a larger group of users

System Administrator

Person responsible for administering the hardware, operating system, and software that constitutes a computer system or network

Systems

See "Computer System"

Trade Secret

A process, method, plan, formula or other information unique to a manufacturer, which gives it an advantage over competitors, and therefore must be kept secret to be of special value. May be legally protected against use or revelation by others.

Trademark

A name, symbol, or other device identifying a product, legally restricted to the use of the owner or manufacturer

Trojan Horse

A malicious, security-breaking program that is disguised as something benign, e.g., a directory lister, archiver, or game

University / St. Matthew's University / SUSOM

The institution as a whole or the collective authority of the institution represented by established policies and designated officials responsible for enforcing them

University Resources

Any resource belonging to or employed by the University, including equipment, facilities, and staff

User

Anyone who has been provided access to St. Matthew's UniversityÂ’s information technology resources, including the general public

Virus

A program that searches out other programs and "infects" them by embedding a copy of itself in them. When these programs are executed, the embedded virus is executed too, thus propagating the "infection." A virus may write messages on the terminal, or play strange tricks with the display or cause irreversible damage such as deleting all of a user's files. Unlike a worm, a virus cannot infect other computers without assistance.

Web Site

Web page files (beginning with an initial home page) located on either a 3rd party hosted server or a campus server and owned through a computer account by University faculty, staff, students, administrative units, organizations, clubs and auxiliaries

Worm

A program that propagates itself over a network, reproducing itself as it goes

Return to Responsible Use Policy

Appropriate Uses

Authorized Use

  • A student browses web sites not directly related to their role at the University.
  • A very ill student gives their password to another student to check e-mail on their behalf.
  • A staff member away from campus delegates another staff member to read and respond to e-mail and calendar items in their absence. They provide their login ID and password to the same staff member to permit others to access files in their absence.
  • A St. Matthew's University staff member uses the St. Matthew's University network to "telecommute" from home.
  • Students in a class use a single ID and password to access shared course materials and to complete class assignments. The professor uses the same ID and password to review completed assignments and post new materials.
  • At the request of the user, an IT technician logs into the userÂ’s account to repair a problem, but carefully avoids accessing any files not directly related to the problem being diagnosed.

Network/System Integrity

  • A student sets up a web site on their computer in the residence halls and grants permission to other users to download via St. Matthew's University's network some audio/video clips that he created.
  • A student makes an intra-campus file transfer to a designated computer in order to share a file that one or more students are using in a class.
  • A student creates user accounts on their own computer to allow access to shared files for a group project via the St. Matthew's University network.
  • A student resident runs a web server on their own computer that provides pictures of a recent trip to a neighboring island.
  • A student uses the St. Matthew's University network to play online games provided other network users are not adversely impacted.
  • A network administrator conducts a port scan of the computers attached to that network.

Commercial Use

  • A faculty member uses their St. Matthew's University e-mail account to communicate with a publisher about a textbook they are developing for a course they teach.
  • Posting a notice about items for sale to a newsgroup intended for that purpose or to an off-campus commercial web site, such as e-bay.
  • Using St. Matthew's University e-mail to communicate with potential employers.
  • A student club uses its St. Matthew's University web page to announce an upcoming, approved event for which students will be charged a fee.

Electronic Communications

  • A student uses their St. Matthew's University e-mail account to send e-mail to friends and family.
  • Incidental personal use by faculty and staff is reasonable provided it does not interfere with assigned work or negatively impact other users.
  • A faculty member e-mails an assignment to all the students in a course.
  • A student, faculty or staff member deletes "spam" e-mail originating from a system other than St. Matthew's University or responds to the sender and asks to be removed.
  • A faculty member creates a web page and includes a link to someone else's web page.
  • Using St. Matthew's University e-mail to apply for an institutional grant.

Copyright

  • A staff member is beta-testing software that can fix a problem on another staff member's machine. They contact the manufacturer and get permission to install the upgrade on the other person's machine which has a legally obtained copy of the current product installed.
  • A student uses the same commands another person used to create a table on the web.
  • A student posts photographs they took on their web page.
  • A faculty member incorporates copyrighted materials in their course materials after first obtaining permission of the publishers of the materials.
  • A faculty member distributes copies of a brief excerpt from a larger work in class and then retrieves the copies after class is over.

Data Security

  • A faculty member retrieves online information about a student in their class. A counselor reviews a student's record in order to counsel them regarding school related issues.
  • A counselor reviews a student's record in order to counsel them regarding school related issues.
  • A staff member uses IT resources to generate a report about all the students in a given semester and their current status for a faculty member to review.
  • With the permission of the user, an IT technician helps to locate and interpret the headers in a harassing e-mail message to determine where the message came from.
  • In response to a search warrant or court order, IT technicians secure specified electronic files, including e-mail, stored on University computers to the extent required by the law.

Harassment

  • A student working on a computer in a lab creates or downloads one or more images that may disturb or offend others. They remove the images before leaving the facility or relocate to another workstation that is less visible to other users to work on this project.

Political Advocacy

  • Posting an opinion about a candidate or issue to a newsgroup intended for that purpose.
  • A student running for an SGA office uses a web page to discuss their platform and to collect e-mail addresses of potential supporters. The student uses the addresses to disseminate an e-mail message encouraging them to get students to vote in the election.

Trademarks and Patents

  • Displaying the St. Matthew's University logo on an "official" St. Matthew's University web page.

Inappropriate Uses

Authorized Use

  • A student gives their login ID and password to a relative or friend outside of St. Matthew's University so they can post materials to the student's web site.
  • A faculty member allows family members to use a St. Matthew's University account and Internet connection to browse the web and to send e-mail from the Library computers.
  • Without permission, a student accesses a faculty member's computer to view an insecure file containing test questions.

Commercial Use

  • Displaying commercial advertisements on a web page hosted on University resources.
  • Using a St. Matthew's University account to operate or conduct non-University related business activities, including financial management, advertising and promotion, correspondence, web sites, etc.
  • An administrative assistant supplements income by typing student projects using a University workstation and laser printer in the office.
  • A faculty member with an outside consulting business or working on a personal/individual contract or grant not approved by the University makes extensive use of University resources without compensating the University.
  • Using the St. Matthew's University network to "telecommute" to non-University employers.

Electronic Communications

  • A St. Matthew's University user forwards e-mail about a sick child and efforts to raise funds or send wishes or good luck to several other people on campus. The e-mail encourages recipients to pass the message along to as many people as possible.
  • A St. Matthew's University user broadcasts a message on a current topic of interest to several newsgroups or system aliases, none of which have to do with that particular topic. For example, a user posts a message about abortion issues to a newsgroup about English poetry.

Copyright

  • A department buys a single license copy of a software product and installs it on all the workstations in a student computer lab.
  • Extensive excerpts from a copyrighted work are distributed by e-mail or displayed on a web page without obtaining the permission of the author/publisher.
  • Photographs or images taken from another web page without the owner's permission are displayed on a web page residing on or accessed via University resources.
  • In violation of the manufacturer's license agreement, a faculty or staff member installs software purchased for departmental use on their home computer or allows students to borrow software to install on their home machines.
  • A student redistributes copies of software, music or other digital materials via the Internet. The student may have legally obtained these materials but does not have permission to redistribute them to others.
  • Using anonymous FTP, web sites, web servers, peer-to-peer applications or similar programs to provide access to illegally obtained or copyrighted materials used without proper permissions.

Data Security

  • A faculty member is curious about the activities of a student and attempts to gain access to that student's central email account or files.
  • A staff member discloses personal information to a relative of a student who has requested that their information not be disclosed.
  • A staff member uses University resources to look up the home address and telephone number of a faculty member and gives that information to a student.
  • A faculty member uses University resources to generate a mailing list of students in a specific class for the purpose of sending personal mail from home that is unrelated to University business.
  • An IT technician repairing a faculty workstation finds classified documents and discloses this information to an unauthorized person or persons outside the University.
  • A student assistant working on a staff or faculty computer discovers the final exam for class and passes it on to their roommate who is attending that class.
  • A technician is persuaded by law enforcement personnel to disclose information and/or turn over evidence regarding a potential violation without first obtaining a valid legal order.

Network/System Integrity

  • Using St. Matthew's University resources, including the network, to propagate a computer virus, Trojan Horse, worm, and/or denial of service attack.
  • A faculty member recklessly initiates a process on the network that causes response times to slow to a crawl.
  • Using any program that in anyway disrupts, harms, or infiltrates another computer, such as WinNuke, BackOrafice or a packet sniffer.
  • Making extensive use of chat rooms and interactive games on the web, causing network and/or system performance to degrade.
  • A dorm resident conducts a port scan of the residence hall network without permission of the network administrator.
  • Anyone conducts any port scan of an external network via the St. Matthew's University network without permission of the network administrators.

Political Advocacy

  • A faculty or staff member creates and uses an e-mail distribution list to solicit contributions, signatures, or other support on behalf of a particular candidate or ballot measure.

Harassment

  • Displaying an intimate, suggestive or disturbing image which a reasonable person would consider objectionable as the "wallpaper" or screen saver on a computer that is routinely visible to other students, staff and faculty.
  • Repeatedly sending threatening or harassing e-mail or voice mail to another individual.

Trademarks and Patents

  • Without obtaining permission in advance, a non-St. Matthew's University web site displays the St. Matthew's University logo, displays the St. Matthew's University home page design, or displays the University name in such a way as to imply University endorsement or affiliation.
  • Without permission of the manufacturer, a user beta testing a new commercial software product loads it on a server and posts a message announcing that the software is available to anyone at that location.

Return toResponsible Use Policy

Information Technology Resources
Responsible Use Policy

Preface

As an institution of higher education, St. Matthew's University is committed to fostering an educational climate in which students, faculty and staff can approach their respective roles with a sense of high purpose and in which they may study and work free from harassment and intimidation. The University's Responsible Use Policy for Information Technologies (RUP) recognizes that personal viewing or transmittal of potentially offensive digital materials (for example, sexually explicit materials) may result in excessive use of campus computer and network resources inconsistent with professional responsibilities and ethical standards. Such practices may also result in educational and work environments that are hostile or are perceived to be hostile. In consequence, all members of the campus community are advised that the University does not condone and will not tolerate any such actions that are proven to constitute excessive use, to create a hostile work environment, or to have the effect of harassing or intimidating members of the campus community. In addition, any viewing or transmitting of illegal materials (for example, child pornography or obscene materials) is explicitly prohibited. The University also emphasizes that its policies are not aimed to impair free expression and open inquiry or unduly to restrict access to any lawful digital materials by those who would do so within the guidelines of the RUP.

Table of Contents

  1. Scope
  2. Purpose
  3. Guiding Principles
  4. Policy Application
  5. Policy Provisions
    1. Authorized Use/Access
    2. Data Security, Confidentiality and Privacy
    3. Electronic Information Retention and Disclosure
    4. Network and System Integrity
    5. Commercial Use
    6. Harassment
    7. Copyright and Fair Use
    8. Web Sites
  6. Policy Compliance
  7. Consequences of Non-Compliance
  8. Reporting Irresponsible or Inappropriate Use
  9. Policy Review and Practices Oversight
  10. Glossary and Definition of Terms
  11. Specific Examples of Responsible and Irresponsible Use
  12. References and Works Cited
  13. Policy Implementation and Practices

 

St. Matthew's University School of Medicine, St. Matthew's, Cayman

Information Technology Resources
Responsible Use Policy

A. Scope

This policy applies to any user of the University's information technology resources, whether initiated from a computer located on or off-campus. This includes any computer and information system or resource, including means of access, networks, and the data residing thereon.This policy applies to the use of all University information technology resources. Users are subject to both the provisions of this policy and any policies specific to the individual systems they use.

B. Purpose

The principal concern of this responsible use policy is the effective and efficient use of information technology resources. The primary focus is to insure that the resources are used in a manner that does not impair or impede the use of these resources by others in their pursuit of the mission of the University. This policy is intended to ensure

  1. the integrity, reliability, and good performance of University resources;
  2. that the resource-user community operates according to established policies and applicable laws;
  3. that these resources are used for their intended purposes; and
  4. that appropriate measures are in place to assure the policy is honored.

The policy is intended to permit, rather than proscribe, reasonable resource-user access within institutional priorities and financial capabilities.

This policy is intended to promote and encourage responsible use while minimizing the potential for misuse and not imposing broad-based restrictions on all users.

This policy is not intended to prevent or prohibit the sanctioned use of campus resources as required to meet St. Matthew's University's core mission and academic and administrative purposes.

C. Guiding Principles

The following principles underlie this policy and should guide its application and interpretation:

    1. Freedom of thought, inquiry, and expression is a paramount value of the St. Matthew's University community. To preserve that freedom, the community relies on the integrity and responsible use of University resources by each of its members.
    2. Information technology resources are provided to support the University's mission of education, research and service. To ensure that these shared and finite resources are used effectively to further the University's mission, each user has the responsibility to:
      • a. use the resources appropriately and efficiently;
      • b. respect the freedom and privacy of others;
      • c. protect the stability and security of the resources; and
      • d. understand and fully abide by established University policies and applicable public laws.
    3. Responsible use of University resources will be given priority over the current or potential design, capability or functionality of specific information technology resources including operating systems, hardware, software, and the Internet.
    4. Users of information technology resources are expected to uphold the highest academic standards in accordance with the Student Honor Code and other University policies and practices.

D. Policy Application

As a general guideline, the institution regards the principle of academic freedom to be a key factor in assuring the effective application of this policy and its procedures and practices. The law is another source of guidance. The University's roles in supporting or acting to enforce such law is also critical to how this policy will be applied.

    1. All existing laws of the Netherlands Antilles and St. Matthew's University regulations and policies apply, including not only laws and regulations that are specific to computers and networks, but also those that may apply generally to personal conduct. This may also include laws of other states and countries where material is accessed electronically via University resources by users within those jurisdictions or material originating within those jurisdictions is accessed via University resources.
    2. The accessibility of certain University information technology resources, such as network-based services, implies a degree of risk that the existence, viewing or receipt of such information/content may be offensive. As a matter of policy, the University protects expression by members of its community and does not wish to become an arbiter of what may be regarded as "offensive" by some members of the community. However, in exceptional cases, the University may decide that such material directed at individuals or classes of individuals presents such a hostile environment under the law that certain restrictive actions are warranted.
    3. The University reserves the right to limit access to its resources when policies or laws are violated and to use appropriate means to safeguard its resources, preserve network/system integrity, and ensure continued service delivery at all times. This includes monitoring routing information of communications across its network services and transaction records residing on University resources, scanning systems attached to the St. Matthew's University network for security problems, disconnecting systems that have become a security hazard, and restricting the material transported across the network or posted on University systems.

E. Policy Provisions

This section is not intended to provide a full accounting of applicable laws and policies. Rather, it is intended to highlight major areas of concern with respect to responsible use of St. Matthew's University resources and specific issues required by law or SUSOM policy to be included.

1. Authorized Use / Access

Access to St. Matthew's University's information technology resources is a privilege granted to faculty, staff and students in support of their studies, instruction, duties as employees, official business with the University, and/or other University-sanctioned activities. Access may also be granted to individuals outside of St. Matthew's University for purposes consistent with the mission of the University.

With the exception of implicitly publicly accessible resources such as website, access to St. Matthew's University information technology resources may not be transferred or extended by members of the University community to outside individuals or groups without prior approval of an authorized University official. Such access must be limited in nature and fall within the scope of the educational mission of the institution. The authorizing University official is expected to ensure that such access is not abused.

Gaining access to the University's information technology resources does not imply the right to use those resources. The University reserves the right to limit, restrict, remove or extend access to and privileges within, material posted on, or communications via its information technology resources, consistent with this policy, applicable law or as the result of University disciplinary processes, and irrespective of the originating access point.

It is expected that these resources will be used efficiently and responsibly in support of the mission of the University as set forth in this policy. All other use not consistent with this policy may be considered unauthorized use.

2. Data Security, Confidentiality and Privacy

St. Matthew's University users are responsible for ensuring the confidentiality and appropriate use of institutional data to which they are given access, ensuring the security of the equipment where such information is held or displayed, ensuring the security of any accounts issued in their name.

Electronic mail and computer files are considered private to the fullest extent permitted by law. Access to such files will generally require permission of the sender/recipient of a message or the owner of the account in which the material resides, court order, or other actions defined by law. However, in the event of a sanctioned University investigation for alleged misconduct, e-mail or files may be locked or copied to prevent destruction and loss of information. Users may employ methods to increase the privacy of their files, provided they do not violate any provision of this policy or degrade system/network performance.

All users of St. Matthew's University's information technology resources are advised to consider the open nature of information disseminated electronically, and should not assume any degree of privacy or restricted access to such information. St. Matthew's University strives to provide the highest degree of security when transferring data, but cannot be held responsible if these measures are circumvented and information is intercepted, copied, read, forged, destroyed or misused by others.

3. Electronic Information Retention and Disclosure

Original electronic materials and/or copies may be retained for specified periods of time on system backups and other locations; however the University does not warrant that such information can be retrieved. Unless otherwise required by law and/or policy, St. Matthew's Univeristy reserves the right to delete stored files and messages to preserve system integrity. Except in an emergency, users will be given advance notice to delete files and messages.

Disclosure of confidential information to unauthorized persons or entities, or the use of such information for self-interest or advantage, is prohibited. Access to non-public institutional data by unauthorized persons or entities is prohibited.

Requests for disclosure of confidential information and retention of potential evidence will be honored when approved by authorized University officials or required by law.

4. Network and System Integrity

In accordance with St. Matthew's University policy and applicalbe laws, activities and behaviors that threaten the integrity of computer networks or systems are prohibited on both University-owned and privately-owned equipment operated on or through University resources. These activities and behaviors include but are not limited to:

    1. Interference with or disruption of computer systems and networks and related services, including but not limited to the propagation of computer "worms," "viruses" and "Trojan Horses"
    2. Intentionally or carelessly performing an act that places an excessive load on a computer or network to the extent that other users may be denied service or the use of electronic networks or information systems may be disrupted
    3. Failure to comply with authorized requests from designated University officials to discontinue activities that threaten the operation or integrity of computers, systems or networks
    4. Negligently or intentionally revealing passwords or otherwise permitting the use by others of University-assigned accounts for computer and network access. Individual password security is the responsibility of each user. The user is responsible for all uses of their accounts, independent of authorization.
    5. Altering or attempting to alter files or systems without authorization
    6. Unauthorized scanning of ports, computers and networks
    7. Unauthorized attempts to circumvent data protection schemes or uncover security vulnerabilities
    8. Connecting unauthorized equipment to the campus network or computers. University authorized business and other activities directly related to the academic mission of the University are excluded; however, network communication devices must have prior approval from Information Technology Services before they can be connected to the campus network. Unauthorized network communication devices or any networked device that may negatively impact management, reliability or integrity of the campus network or other University resource may be disconnected from the network.
    9. Attempting to alter any University computing or network components without authorization or beyond one's level of authorization, including but not limited to wireless access points, bridges, routers, hubs, wiring, and connections.
    10. Utilizing network or system identification numbers or names that are not assigned for one's specific use on the designated system
    11. Using campus resources to gain unauthorized access to any computer system and/or using someone else's computer without their permission
    12. Providing services or accounts on University computers or via University networks to other users from a personal computer unless required to meet the normal activities of students working as individuals or in collaborative groups to fulfill current course requirements. University authorized business and other activities directly related to the academic mission of the University, are also excluded; however, any computers running services that may negatively impact management, reliability or integrity of the campus network or other University resource may be disconnected from the network;
    13. Registering a St. Matthew's University IP address with any other domain name

5. Commercial Use

Use of the University's information technology resources is strictly prohibited for unauthorized commercial activities, personal gain, and private, or otherwise unrelated to the University, business or fundraising. This includes soliciting, promoting, selling, marketing or advertising products or services, or reselling University resources.

Campus auxiliary organizations are authorized to provide services and products to students, faculty and staff, and invited guests of the University through operating and service support leases. The University President or designee may authorize additional limited commercial uses under separate policy provisions. Such uses are excepted from the above prohibitions. These prohibitions are not intended to infringe on authorized uses that enable students, staff and faculty to carry out their duties and assignments in support of the University mission.

6. Harassment

Harassment of others via electronic methods is prohibited by law and University policies. It is a violation of this policy to use electronic means to harass, threaten, or otherwise cause harm to a specific individual(s), whether by direct or indirect reference. It may be a violation of this policy to use electronic means to harass or threaten groups of individuals by creating a hostile environment.

7. Copyright and Fair Use

Copyright law applies to all forms of information, including electronic communications, and violations are prohibited under this policy. Infringements of copyright laws include, but are not limited to, making unauthorized copies of any copyrighted material (including software, text, images, audio, and video), and displaying or distributing copyrighted materials over computer networks without the author's permission except as provided in limited form by copyright fair use restrictions. The "fair use" provision of the copyright law allows for limited reproduction and distribution of published works without permission for such purposes as criticism, news reporting, teaching (including multiple copies for classroom use), scholarship, or research. The University will not tolerate academic cheating, plagiarism or theft of intellectual property in any form.

8. Web Sites

An official St. Matthew's University web page is one that is formally acknowledged by the chief officer of a University college, department or division as representing that entity accurately and in a manner consistent with St. Matthew's University's mission. Without such acknowledgment, a web site, regardless of content, is not "official."

"Unofficial" information may also be posted and maintained by individual students, faculty, staff and student organizations. St. Matthew's University does not undertake to edit, screen, monitor, or censor information posted by unofficial authors, whether or not originated by unofficial authors or third parties, and does not accept any responsibility or liability for such information even when it is conveyed through University-owned resources.

Both official and unofficial web sites are subject to the other provisions of this policy if they use University resources such as University-owned servers and the St. Matthew's University network to transmit and receive information.

F. Policy Compliance

The St. Matthew's University Director of Information Technology is authorized by the Dean to ensure that the appropriate processes to administer the policy are in place, communicated to and followed by the University community. The Director of IT or designee will ensure that suspected violations and resultant actions receive the proper and immediate attention of the appropriate University officials, law enforcement, outside agencies, and disciplinary/grievance processes in accordance with due process.

The Director of Information Technology or designee will inform users about the policy; receive and respond to complaints; collect and secure evidence as required; advise and assist University offices on the interpretation, investigation and enforcement of this policy; consult with University Legal Counsel on matters involving interpretation of law, campus policy, or requests from outside law enforcement agencies and/or legal counsel; and maintain a record of each incident and its resolution to inform future policy changes.

G. Consequences of Non-Compliance

Enforcement will be based upon receipt by Information Technology Services of one or more formal complaints about a specific incident or through discovery of a possible violation in the normal course of administering information technology resources.

First offense and minor infractions of this policy, when accidental or unintentional, such as consuming excessive resources or overloading computer systems, are generally resolved informally by the IT Department. This may be done through e-mail or in-person discussion and education.

Repeated offenses and serious incidents of non-compliance may lead to University disciplinary action under University disciplinary policies and procedures for students and employees, employee contract provisions where appropriate, private civil action, and/or criminal charges. Serious incidents of non-compliance include but are not limited to unauthorized use of computer resources, attempts to steal passwords or data, unauthorized use or copying of licensed software, repeated harassment, or threatening behavior.

In addition to the above, inappropriate use of information technology resources may result in personal criminal, civil and other administrative liability.

Appeals of University actions resulting from enforcement of this policy will be handled through existing disciplinary/grievance processes for St. Matthew's University students and employees.

H. Reporting Irresponsible or Inappropriate Use

 

Suspected infractions of this policy should be reported to Information Technology Services at This email address is being protected from spambots. You need JavaScript enabled to view it.This email address is being protected from spambots. You need JavaScript enabled to view it. in accordance with Appendix D, Policy Implementation and Practices. There might be situations when the following additional offices/officials should be notified of suspected violations when filing a complaint:

I. Policy Review and Practices Oversight

The Director of Information Technology is responsible for application and enforcement of this policy. A committee will review this policy on an annual basis or as the need arises, make recommendations for any changes, and provide oversight and periodic review of the practices used to implement this policy. Recommended changes shall be reviewed and approved by The Director of Information Technology in consultation with the commitee. The current version of the policy will be posted and maintained on the St. Matthew's University web site. A hard copy will be available at the Library Distribution Desk.

J. Glossary and Definition of Terms

Appendix A - Glossary and Definition of Terms - Updated August 31, 2010

K. Specific Examples of Responsible and Irresponsible Uses

Appendix B - Specific Examples of Responsible and Irresponsible Use - Updated August 31, 2010

L. References and Works Cited

Appendix C - References and Works Cited - Updated August 31, 2010

M. Policy Implementation and Practices

Appendix D - Policy Implementation and Practices- Updated August 31, 2010

Please refer any questions to This email address is being protected from spambots. You need JavaScript enabled to view it.This email address is being protected from spambots. You need JavaScript enabled to view it.