11.2.2 Appropriate Use Policy

11.2.2

Appropriate Use Policy

Edited/Revised: March 30, 2018

Revised Effective: May 1, 2015

1.0 Overview

It is the policy of Middle Georgia State University to provide an environment that encourages the free exchange of ideas and sharing of information. Access to this environment and Middle Georgia State University’s information technology (IT) resources is a privilege and must be treated with the highest standard of ethics.

Middle Georgia State University expects all users to use IT resources in a responsible manner, respecting the public trust through which these resources have been provided, the rights and privacy of others, the integrity of facilities and controls, state and Federal laws, and Middle Georgia State University policies and standards.

2.0 Purpose

This policy outlines the standards for appropriate use of Middle Georgia State University IT resources, which include, but are not limited to, equipment, software, networks, data, and telephones whether owned, leased, or otherwise provided by Middle Georgia State University. All technology provided by the University is the property of the University and not the employee.

3.0 Scope

This policy applies to all users of Middle Georgia State University IT resources including faculty, staff, students, guests, external organizations and individuals accessing network services, such as the Internet via Middle Georgia State University resources.

4.0 Policy

  • Use only those IT resources for which you have authorization
  • Protect the access and integrity of IT resources
  • Abide by applicable local, state, federal laws, University policies and respect the copyrights and intellectual property rights of others, including the legal use of copyrighted material
  • Use IT resources only for their intended purpose
  • Respect the privacy and personal rights of others
  • Do no harm

5.0 Guidelines

User Responsibilities

Use of Middle Georgia State University IT resources is granted based on acceptance of the following specific responsibilities:

Use only those computing and IT resources for which you have authorization.

For example, it is a violation:

  • To use resources you have not been specifically authorized to use
  • To use someone else’s account and password or share your account and password with someone else
  • To access files, data, or processes without authorization
  • To purposely look for or exploit security flaws to gain system or data access

Protect the access and integrity of computing and IT resources.

For example, it is a violation:

  • To use excessive bandwidth
  • To release a virus or a worm that damages or harms a system or Network
  • To prevent others from accessing an authorized service
  • To send email that may cause problems and disrupt service for other users
  • To attempt to deliberately degrade performance or deny service
  • To corrupt or misuse information
  • To alter or destroy information without authorization

Abide by applicable local, state, federal laws, University policies and respect the copyrights and intellectual property rights of others, including the legal use of copyrighted material.

For example, it is a violation:

  • To download, use or distribute copyrighted materials, including pirated software or music or videos or games (aka: illegal peer-to-peer file sharing)
  • To make more copies of licensed software than the license allows
  • To operate and participate in pyramid schemes
  • To view, upload, download, distribute or possess pornography
  • To view, upload, download, distribute or possess child pornography

Use IT resources only for their intended purpose.

For example, it is a violation:

  • To use computing or network resources for advertising or other non-University commercial purposes
  • To distribute copyrighted materials without express permission of the copyright holder
  • To send forged email
  • To misuse Internet Relay Chat (IRC) software to allow users to hide their identity, or to interfere with other systems or users
  • To send or arrange to receive any material that may defame, libel, abuse, tarnish, present a bad image of, or portray in false light, the University, the University System, the recipient, the sender, or any other person
  • To send terrorist threats or “hoax messages”
  • To send chain letters
  • To intercept or monitor any network communications not intended for you
  • To promote or use to conduct a personal or private business
  • To disclose restricted University information
  • To engage in conduct that is inconsistent with the stated goals and mission of the university.
  • To attempt to circumvent security mechanisms
  • To use privileged access for other than official duties
  • To use former privileges after graduation, transfer or termination, except as stipulated by Middle Georgia State University

Respect the privacy and personal rights of others.

For example, it is a violation:

  • To use electronic resources for harassment or stalking other individuals
  • To tap a phone line or run a network sniffer or vulnerability scanner without authorization
  • To access or attempt to access other individual’s password or data without explicit authorization
  • To access or copy another user’s electronic mail, data, programs, or other files without permission
  • To disclose information about students in violation of Middle Georgia State University guidelines
  • Initiating or forwarding spam (mass unsolicited and unofficial e-mail) using your university email or personal email
  • To release any student information to a third party. Disclosure to unauthorized parties violates the Family Educational Rights and Privacy Act (FERPA)

System and Network Administrator Responsibilities

System Administrators and providers of Middle Georgia State University computing and IT resources have the additional responsibility of ensuring the confidentiality, integrity, and availability of the resources they are managing. Persons in these positions are granted significant trust to use their privileges appropriately for their intended purpose and only when required to maintain the system. Any private information seen in carrying out these duties must be treated in the strictest confidence, unless it relates to a violation or the security of the system.

Security Caveat

Be aware that although computing and IT providers throughout Middle Georgia State University are charged with preserving the integrity and security of resources, security sometimes can be breached through actions beyond their control. Users are therefore urged to take appropriate precautions such as:

  • Safeguarding their account and password
  • Taking full advantage of file security mechanisms
  • Backing up critical data on a regular basis
  • Promptly reporting any misuse or violations of the policy
  • Using virus scanning software with current updates
  • Using personal firewall protection on personal computers
  • Installing security patches in a timely manner

Violations

Every user of Middle Georgia State University resources has an obligation to report suspected violations of the Appropriate Use Policy for Computing and IT Resources. Reports should be directed to the institution, unit, center, office, division, department, school, or administrative area responsible for the particular system involved.

6.0 Enforcement

Failure  to  comply  with  the  appropriate  use  of  these  resources  threatens  the  atmosphere  for  the  sharing  of information, the free exchange of ideas, and the secure environment for creating and maintaining information property, and subjects one to discipline. Any user of any Middle Georgia State University system found using IT resources for unethical and/or inappropriate practices has violated this policy and is subject to disciplinary proceedings including suspension of system privileges, suspension/expulsion from the institution, termination of employment and/or legal action as may be appropriate.

Because all the computer systems and software, as well as e-mail and internet connections, are the property of the university, all university policies apply to their use and are in effect at all times. Any employee who abuses the university provided access to e-mail, the internet, or other electronic communications of networks, including social media, may be denied future access, and, if appropriate, be subject to disciplinary action up to and including termination, within the limitations of any applicable federal, state or local laws, or University policies.

Any questions regarding the implementation of or the interpretation of this policy should be directed to Middle Georgia State University’s Chief Information Officer or his or her designees.

7.0 Revision History

05/11/2011 – Replaces Computer and Network Usage Policy

04/18/2013 – Changed institution name to reflect consolidation

08/04/2015 – Changed institution name to reflect University status

03/30/2018 – Clarified Purpose, Guidelines, and Enforcement