ISP-02 - Responsible Use Policy

PARKLAND COLLEGE INFORMATION SYSTEM RESPONSIBLE USE POLICY


 

Policy Objective

Parkland College provides access to systems and data for purposes related to the responsibilities and necessary activities of its faculty, students, and staff and to its mission. This responsible use policy, also known as an acceptable use policy, defines user and Parkland College responsibilities with respect to the use of Parkland College systems and data in accordance with the published Parkland College information security policies.

This policy is intended to define, promote, and encourage the responsible use of Parkland College systems and data. This policy is not intended to prohibit, inhibit, or prevent the legitimate and authorized use of Parkland College systems and data as required to meet the College’s core mission, including administrative and academic purposes.

The requirements stated within this policy do not supersede or conflict with applicable laws, regulations, collective bargaining agreements, or other Parkland College policies, initiatives, or requirements.


 

Scope

It is the responsibility of all users to ensure the confidentiality, integrity, and availability of systems and data owned, leased, or entrusted to Parkland College and that these assets are to be used in an ethical, effective, efficient, and legal manner.

This policy establishes basic responsibilities for all users and describes expectations for responsible use of information systems and assets.

The Parkland College Responsible Use Policy shall apply to the following:

  1. All Faculty, Staff, and Students affiliated with Parkland College.
  2. Centrally and departmentally managed systems and data.
  3. All users employed by Parkland College or any other person with access to Parkland College systems and data.
  4. All types of information on any medium in which the information asset is stored, transmitted, accessed, or used (e.g., physical, or electronic).
  5. Applications, network resources, technology facilities, hardware, and other information systems owned or managed by Parkland College.
  6. External Entities, businesses, auxiliary organizations, and any other entity that use or access Parkland College systems and data.

Policy

Section 1 – General Precepts


 

  1. The purpose of these precepts is to provide context and a referential standpoint for user responsibilities and to promote the legal, secure, and ethical use of Parkland College resources.

  2. Use of Parkland College systems and data shall be consistent with applicable laws, regulations, Parkland College policies, and the mission of the College.

  3. All users, including faculty, staff, students, and third parties, among others, are required to comply with Parkland College’s information security policies and standards.

  4. All users, including faculty, staff, students, and any other users of Parkland College systems or data, are required to help sustain a safe computing environment by notifying appropriate Parkland College personnel of known vulnerabilities, risks, and breaches regarding Parkland College data and systems and data.

  5. All users, including those with elevated privileges (system administrators, service providers, etc.), shall respect the privacy of individual and one-on-one communications in all forms.

  6. Parkland College reserves the right to use appropriate measures to protect its data, preserve the integrity of its information systems, and ensure uninterrupted continuity and delivery of services to users. These activities are not intended to monitor or restrict the content of legitimate academic and educational communications.

  7. In the normal course of system and information security maintenance, information technology, information security, and other personnel may be required to view files and scan or audit content on the Parkland College systems and networks. These individuals shall preserve the privacy and confidentiality of the information unless otherwise required by law or published policy.

  8. All investigations of Parkland College policy violations, violations, or lack of compliance with laws and regulations or College contractual agreements will be conducted by the appropriate personnel and in accordance with the laws and procedures that have been established by either governmental agencies or Parkland College.


 

Section 2 – User Responsibilities

This section defines the responsibilities of users regarding access, responsible use, information system integrity, and incidental use. These are not intended to prohibit, inhibit, or prevent users from fulfilling the mission of Parkland College. Instead, these statements are intended to support an environment of learning and education by ensuring that Parkland College resources are used in an appropriate way.

Section 2a – Responsible Use of Systems and Data

  1. Users are expected to use good judgment and reasonable care to protect and preserve the integrity of Parkland College systems and data.

  2. Users must not use or access Parkland College systems or data in a way that:

    1. Is not congruent with the mission of Parkland College

    2. Violates any laws, regulations, Parkland College policies or standards, or contractual agreements

    3. Corrupts, contaminates, or otherwise damages Parkland College systems and data or the productivity of Parkland College users by negligent, reckless, or intentional action.

    4. Engages in or enables instances of cheating, plagiarism, or infringement of copyright and/or intellectual property

  3. Users must take all reasonable measures to avoid introducing harmful programs or applications, such as viruses and malware, into Parkland College networks and systems.

  4. Users must not install or run unauthorized applications on Parkland College equipment.

  5. Unless appropriately authorized, users must not knowingly tamper with or disable any safeguards applied to Parkland College systems, including anti-virus, automated updates, or other software or systems.

  6. Users must take reasonable precautions to ensure their personal and/or Parkland College devices are secure before connecting to Parkland College networks, systems, and data. Minimum standards shall be published and communicated.

  7. If a Parkland College computing device was provided to the user, the user must primarily use that device. Personal devices should not be used in lieu of Parkland College-provided devices provided for the same purpose.

  8. Users must secure or terminate connections to Parkland College networks, systems, and data (i.e., remote desktop, VPN (Virtual Private Network) connections, etc.) when the device is left unattended and when they have completed Parkland College-related activities.

  9. Users must promptly report the loss or theft of any device which grants physical access to Parkland College facilities (keys, access cards, etc.), or electronic access (passwords, MFA (Multi Factor Authentication) tokens, cell phones with authenticators, etc.) to appropriate Parkland College personnel.

  10. Users who publish or maintain information on Parkland College systems are responsible for the compliance of that information with applicable laws, regulations, and Parkland College copyrighted material and fair use policies.

  11. All software must be used in a way that is consistent with the software license agreement.

  12. Unauthorized copies of licensed or copyrighted software are not permitted.

  13. A user who has knowledge or reasonable suspicion of a violation of this policy must report the violation to the appropriate Parkland College personnel.

Section 2b – Protection from Data Loss

  1. Individuals who access, transmit, store, or delete data classified as “Confidential” or “Private” as defined in the Parkland College Data Classification scheme must use all reasonable efforts to prevent unauthorized access and disclosure of confidential, private, or sensitive information.

  2. Users must not provide access or transmit “Confidential” or “Private” classified data to another user without prior approval from the data owner or custodian.

  3. Users must not access or transmit unencrypted “Confidential” classified data over a public network.

Section 2c – Unauthorized Monitoring and Browsing

  1. To protect the confidentiality and integrity of information deemed personal or otherwise protected by privacy laws or statutes, Parkland College places some restrictions on the use and transmission of this data.

  2. Users must not access, monitor, alter, corrupt, or intercept email messages or files stored in another user’s account unless specifically approved and authorized by that user. This activity may be permitted, however, in the following circumstances:

    1. The activity is permitted to comply with Parkland College policy.

    2. The activity is part of the user’s job description.

    3. The activity is conducted under the authority and supervision of an approved Parkland College designee acting within his or her job duties and responsibilities.

    4. The activity is part of a legitimate classroom exercise performed under the supervision of a faculty member. In this event, the faculty member must ensure the educational activity does not result in a breach of the confidentiality, availability, and/or integrity of Parkland College systems and data.

    5. The activity is performed to comply with an applicable law, regulation, or at the direction and guidance of law enforcement or legal counsel.

Section 2d – Responsibilities of Account Owners

  1. The owner or custodian of account credentials, such as a username and password, token, or other factor, that permit access to Parkland College information system or network resource is responsible for all activity performed under their credentials.

  2. The user shall assist in the investigation and resolution of a security incident whether the activity occurred without the user’s knowledge or as a result of occurrences beyond their control.

  3. Users must take reasonable steps to protect their credentials from becoming known or used by others.

    1. Users must keep their credentials secret and safe and comply with relevant Parkland College policies and procedures regarding authentication and access

    2. Users shall not disclose passwords or other credentials in any way, including writing them in documents and saving them in an unencrypted format.

    3. Users shall not embed clear text credentials in software code.

  4. Users shall not view, download, or open, or attempt to view, download, or open systems and data to which they have no legitimate need to know and to which they are not authorized to access in the normal course of study, education, or business, whether they have access to it or not.

  5. Except for Parkland College systems and data classified as “Public,” users must not make access available to Parkland College systems and data for external individuals or groups without authorization by an appropriate Parkland College resource.

  6. Users of Parkland College systems and data must not, either directly or indirectly, intentionally misrepresent their identity for the purpose of using false identities for inappropriate purposes.

Section 2e – Incidental Use

  1. Parkland College systems are provided to facilitate an individual’s work as a student, employee, or other role within the College.

  2. The use of Parkland College computer systems for professional development or academic activities such as research or publication is permitted.

  3. Individuals may use Parkland College systems for occasional, incidental, and minimal personal use provided such use:

    1. Does not violate any laws, regulations, policies, contracts, or any other provision.

    2. Is not in pursuit of the individual’s private financial gain or advantage.

    3. Does not impede the operation or maintenance of Parkland College systems and data.

    4. Does not deter or interfere with the use of Parkland College systems by others.

    5. Does not hinder the performance of the duties of a Parkland College employee.

    6. Does not result in a loss of any kind to Parkland College.

Section 3 – Policy Enforcement

  1. If found in violation of Parkland College Information Security policies, disciplinary action may be taken in accordance with appropriate Parkland College policies, contracts, collective bargaining agreements, and employment terms.

  2. Parkland College reserves the right to terminate access temporarily or permanently to systems and data when it reasonably appears necessary to do so to protect the confidentiality, integrity, availability, or functionality of Parkland College resources or to protect the College from liability.

  3. Student infractions of Parkland College Information Security policies must be handled in accordance with established student processes.

  4. Parkland College may also refer violations to appropriate law enforcement agencies, where necessary.


 

Details

Article ID: 156034
Created
Wed 5/31/23 2:30 PM
Modified
Wed 5/31/23 4:27 PM

Related Articles (1)

Information Security Term Definitions
Definitions of terms used across policies and standards