11.2.2 Appropriate Use Policy
| Proposed: | 03/30/2018 |
| Adopted: | 05/01/2018 |
| Last Reviewed: | 04/20/2022 |
| Effective: | 05/20/2022 |
1.0 Overview
It is the policy of Middle Georgia State University (MGA) to provide an environment that encourages the free exchange of ideas and sharing of information. Access to this environment and Middle Georgia State University’s information technology (IT) resources is a privilege and must be treated with the highest standard of ethics.
Middle Georgia State University expects all users to use IT resources in a responsible manner, respecting the public trust through which these resources have been provided, the rights and privacy of others, the integrity of facilities and controls, state and Federal laws, University System of Georgia (USG) and Middle Georgia State University (MGA) policies and standards.
2.0 Purpose
This policy outlines the standards for appropriate use of Middle Georgia State University IT resources, which include, but are not limited to, equipment, software, networks, data, and telephones whether owned, leased, or otherwise provided by Middle Georgia State University. All technology provided by the University is the property of the University and not the employee.
3.0 Scope
This policy applies to all users of Middle Georgia State University IT resources including faculty, staff, students, guests, external organizations and individuals accessing network services, such as the Internet via Middle Georgia State University resources.
4.0 Policy
- Use only resources for which authorization is granted
- Use resources only for their intended purposes
- Respect the privacy and personal rights of others
- Protect access, integrity and confidentiality of MGA resources
- Respect intellectual property and copyrights of others
5.0 Guidelines
User Responsibilities
Use of Middle Georgia State University IT resources is granted based on acceptance of the following specific responsibilities:
1. Use only resources for which authorization is granted.
For example, it is a violation to:
- Prevent others from accessing a service to which they are authorized;
- Use resources for which the user is not specifically authorized
- Use someone else's user account and password
- Share user accounts and passwords with someone else
- Use privileged access for purposes other than official duties
- Use unauthorized third-party software or information services to store, access or process MGA information
2. Use resources only for their intended purposes.
For example, it is a violationto :
- Use resources for advertising or commercial purposes other than for official MGA business
- Misuse software to conceal anyone’s identity or attempt to circumvent security safeguards
- Interfere with resources that impair or inhibit the work of other users
- Create or forward threats, hoaxes, chain letters or forged email, except to report them
- Intercept or monitor any network communications not intended for you without permission or in support of official duties
3. Respect the privacy and personal rights of others.
For example, it is a violation to:
- Disclose information about faculty, staff and students in violation of federal, state, local law, directives or MGA guidelines
- Access or attempt to access MGA resources or other user accounts or credentials without authorization
- Monitor or tap data communications or traffic on MGA IT resources without express permission
- Access or copy communications, data or files of other users without permission
4. Protect access, integrity and confidentiality of MGA resources.
For example, it is a violation to:
- Release malicious software that damages or harms any MGA resources, including systems or networks
- Attempt to deliberately degrade performance or deny services of MGA IT systems
- Corrupt, misuse alter or destroy information without authorization
- Purposely seek or exploit security flaws to gain system or data access
- Store protected or confidential information in unintended or unprotected locations
5. Respect intellectual property and copyrights of others.
For example, it is a violation to:
- Use unsupported or expired software in violation of MGA guidelines
- Download, use or distribute copyrighted materials without permission
- Make or use more copies of licensed software than permitted
System and Network Administrator Responsibilities
System Administrators and providers of Middle Georgia State University computing and IT resources have the additional responsibility of ensuring the confidentiality, integrity, and availability of the resources they are managing. Persons in these positions are granted significant trust to use their privileges appropriately for their intended purpose and only when required to maintain the system. Any private information seen in carrying out these duties must be treated in the strictest confidence, unless it relates to a violation or the security of the system.
Mobile Workforce Requirements
Although MGA IT service providers are charged with preserving the integrity, confidentiality, availability and security of MGA managed data and information resources, security may be compromised through actions beyond any user’s control. Among these, personally owned or so-called bring-your-own-devices (BYODs) used by any user presents a special risk to MGA resources because device owners install and configure software applications, security settings and perform their own maintenance and may share the device with others.
Responsibilities for employee users of BYODs are, at a minimum:
- Safeguarding MGA account credentials and using multi-factor authentication where possible
- Use of a Virtual Private Network (VPN) connection when accessing campus (on-premises) resources remotely (e.g. accessing your office workstation remotely using Remote Desktop)
- Enabling personal firewall and installing or activating antivirus protection
- Backing up MGA data regularly
- Storing all MGA data in MGA-managed infrastructure
- Avoiding the use of unauthorized third-party software or storage facilities (e.g., cloud) for MGA information
- Installing security patches in a timely manner
- Promptly reporting MGA data loss from BYOD, misuse or violation of this policy
- Complying with applicable policies and laws when using personally owned devices
Violations
Every user of Middle Georgia State University resources has an obligation to report suspected violations of the Appropriate Use Policy for Information Technology (IT) Resources. Reports should be directed to the institution, unit, center, office, division, department, school, or administrative area responsible for the particular system involved.
6.0 Enforcement
Because all the computer systems and software, as well as e-mail and internet connections, are the property of the university, all university policies apply to their use and are in effect at all times.
Failure to comply with the appropriate use of these resources threatens the atmosphere for the sharing of information, the free exchange of ideas, and the secure environment for creating and maintaining information property, and subjects one to discipline. Any user engaging in unethical and/or inappropriate practices that violate MGA standards is subject to disciplinary proceedings that may include suspension of system privileges, expulsion, termination and/or legal action as appropriate.
If a user is suspected of violating MGA standards or policy, any right to privacy may be superseded by MGA’s requirement to protect the integrity of IT resources, the rights of all users, and state assets. MGA reserves the right to examine material stored on or transmitted through IT resources to maintain appropriate standards of conduct and duty of care.
Any questions regarding the implementation of or the interpretation of this policy should be directed to Middle Georgia State University’s Chief Information Officer or his or her designees.
7.0 Revision History
05/11/2011 - Replaces Computer and Network Usage Policy04/18/2013 - Changed institution name to reflect consolidation
08/4/2015 - Changed institution name to reflect University status
03/30/2018 - Clarified Purpose, Guidelines, and Enforcement
03/10/2022 – Significant content and format changes to align with the USG Appropriate Usage Standard