Definitions used in this document:
- AUP: Acceptable Use Policy.
- FVCC: Flathead Valley Community College.
- FVCC computer system(s): computer equipment owned by and/or used under the auspices of Flathead Valley Community
- College, including but not limited to work stations, servers, network equipment, etc.
- User: a person who uses computer systems, particularly FVCC computer systems.
- MIS: Management Information Systems.
- System administrators: employees designated by the President of FVCC or the Director of FVCC MIS to have responsibility for FVCC computer systems.
- File: an identifiable collection of data that can be manipulated as a unit, particularly when stored on hard drives or other media.
This document sets forth acceptable uses of FVCC computer systems. In particular, the policy and procedures contained herein are intended to:
- Prevent misuse of and/or harm to FVCC computer systems.
- Protect the right to acknowledgment, right of privacy, and right to determine the form, manner, and terms of distribution of individual works.
- Protect individual rights of FVCC computer system users and others.
- Promote freedom of use of the computer systems in a manner consistent with applicable law and the policies and procedures of Flathead Valley Community College.
- Promote academic freedom.
- Promote a productive work environment for Flathead Valley Community College students and employees.
2: Use of Computer Systems
The computer systems at Flathead Valley Community College shall be used in a manner consistent with directives of system administrators and directives of hardware manufacturers and software publishers.
Users are expected to behave in an ethical manner, with due consideration for the impact of their actions upon other people.
3: Misuse of Computer Systems
The following list details prohibited misuses of the computer systems:
A. Theft of accounts or identity:
Users shall not fraudulently use or attempt to fraudulently use another user’s account or identity. Prohibited activities also include stealing another individual’s password through “social engineering” (duping someone into revealing a password), capturing passwords through the use of hardware or software, procuring or using tools which are designed to compromise system security, or otherwise gaining unauthorized access to any other user’s account. Exception: System administrators may use “cracking” tools to locate and close security holes in the computer systems.
B. Sharing personal accounts:
Users shall not share passwords or other information that enables an individual or a group to use another individual’s personal account.
Users shall not leave unsecured any passwords or other information that enables an individual or a group to use another individual’s personal account. In particular, users shall not write their passwords on monitors, keyboards, desks, walls, etc.
Users shall not log into a computer system and thereafter relinquish that computer system to another individual or group. Exception: short term use of another user’s account for the purpose of instruction or assistance with the computer system is permitted, provided the account owner has given his/her written permission and is present to supervise the short term user’s use of the computer system. Also, a user may permit his/her personal secretary to access electronic correspondence or similar proxy service, provided the secretary has a signed written statement from the account owner allowing such access. Both the account owner and third party computer system user will be accountable for security, policy, or procedure violations occurring during or as a result of said third party use.
C. Open door:
A user shall not leave unattended an unsecured computer work station which is actively logged into an FVCC computer system.
D. Personal use:
FVCC computer systems are intended to be used to further the mission and goals of FVCC. Other uses are prohibited, with one exception: users may make limited personal use of computing resources for non-FVCC related purposes, so long as such use does not negatively impact the College. Abuse of this privilege will result in corrective action as detailed under “Enforcement” (see Section #6 below).
E. Service denial:
A user shall not intentionally exhaust computer system resources (e.g., disk space, bandwidth, paper, CPU time, etc.), particularly when such resource exhaustion blocks authorized access to computer system resources.
Users shall not damage or destroy computer hardware, software, or data unless authorized to do so. In particular, users shall not negligently or intentionally damage or destroy data that belongs to another user unless authorized to do so.
FVCC computer systems shall not be used to move, copy, remove, modify, or transfer software when such action violates the terms of the applicable software license agreements or copyrights. For purposes of this procedure, the term “copying” includes any write operation, including, but not limited to, copying software to local storage, either hard drive, floppy disks, or related media, or memory. Backup or archival copies of software may be made, provided such copies are not used as “working” software and so long as the making of backup or archival copies does not violate the applicable license agreement or copyright.
FVCC computer systems shall not be used for plagiarism or other violations of information copyrights.
H. Unauthorized access:
FVCC computer systems shall not be used to access privileged or protected information, including, but not limited to, information restricted under the Family Education Right to Privacy Act, information that is copyrighted or otherwise protected by state or federal law, and private communications (e.g., e-mail), except when such access is authorized by the proper authority.
Users of FVCC computer systems shall exercise due diligence when working with applications that, used incorrectly, can damage equipment or data, particularly when said applications require special skills or knowledge to use correctly. In particular, employees shall exercise appropriate care when dealing with student records and other data. Supervisors are responsible for verifying that their subordinates are both sufficiently skilled to perform assigned tasks and sufficiently careful in the performance of those tasks. Failure to exercise due diligence may result in restriction, suspension, or revocation of access authority.
J. Illegal use:
FVCC computer systems shall not be used for any purpose that violates federal, state, or local laws.
4: Privacy, Monitoring, and Logging
The following shall also apply:
FVCC computer systems automatically log e-mail and other traffic. Logged information generally includes user addresses and other header information, logon and logoff times, workstation IDs, etc. This information is required by system administrators to verify consistent and proper system operation. E-mail message bodies are not logged normally, but may be monitored as specified under “Lawful searches” (see Item B of Section #4 below).
In the case of http/web traffic, FVCC web servers automatically log the following information whenever a file is requested:
- the Internet Protocol (IP) address from which the request came;
- the date and time of the request;
- the file requested;
- the referring page (if available);
- the type of browser used (if available);
Other personal information may be requested on specific pages for specific purposes.
B. Lawful searches:
Manual searching by system administrators of user e-mail or other user files for the purpose of investigating violations of this AUP or other matters that may lead to disciplinary action or criminal charges requires written authorization from one of 3 people:
- The Director of Management Information Services
- The Vice President/Dean of Instruction and Student Services
- The President of Flathead Valley Community College
This authorization should be obtained prior to beginning such a search and must be obtained within 1 business day of the beginning of such a search.
C. Session and keystroke monitoring:
If it is necessary for a system administrator to monitor a user’s keystrokes or other form of input for the purpose of determining problems with the computer systems, the user shall be notified that such monitoring is occurring. However, if such monitoring is part of an investigation as detailed under “Lawful searches” (see Item B of Section #4 above), such session monitoring may occur without notifying the user.
D. Scanning for viruses and other malware:
Virus and file scanners may be used to locate programs or files that pose a threat to FVCC computer systems or the users thereof. System administrators may move or lock programs or files that they believe pose a threat to FVCC computer systems or the users thereof.
E. Business documents:
A supervisor of an unavailable FVCC employee may request, in writing, with specificity, that a system administrator access the unavailable employee’s computer files and obtain a copy of the requested document.
F. Former employees:
A former employee’s computer system files will be transferred to the appropriate supervisor and/or the person who replaces the former employee.
G. Offensive material:
FVCC is not responsible for protecting users of the FVCC computer systems from objectionable material and will not block access to commonly available computer resources on the basis of content, unless such access would violate the computer system’s security or FVCC privacy policies.
H. Electronic publishing:
FVCC disclaims responsibility for information published electronically via FVCC computer systems or other computer systems except as specified under “Electronic Publishing” (see Section #8 below). Complaints received regarding information transmitted or stored on Flathead Valley Community College computer systems shall be addressed as specified under “Enforcement” (see Section #6 below).
5: Internet Access
Access to the Internet via an FVCC computer system is limited to enrolled students and employees of FVCC. Access may be extended to other individuals at the discretion of FVCC system administrators.
Anyone accessing FVCC systems (including but not limited to web servers) via the Internet or other telecommunications channels is subject to this Acceptable Use Policy. Further, FVCC reserves the right to block access to the extent necessary to preserve system integrity and security.
Violations of the policy and procedures specified in this document may result in corrective action, which may include any or all of the following:
- a warning to correct the inappropriate activity;
- the use of increased monitoring to gather evidence;
- suspension or removal of account(s) and/or access privileges;
- presentation of gathered evidence to the appropriate authorities.
Corrective action shall first be taken by the system administrator(s) for the affected computer system(s). Suspensions and revocations of a user’s account and/or access privileges may be appealed through the office of the president of FVCC.
Computer usage may result in physical problems including, but not limited to, eye strain, carpal tunnel syndrome, and other repetitive stress injuries. Users are encouraged to inform systems administrators, supervisors, or the Human Resources office of environmental conditions related to computer usage that may adversely affect them, in an effort to assist FVCC in providing a safe work environment.
8: Electronic Publishing
Information published via the primary World Wide Web server at Flathead Valley Community College will be approved by the director/head of the department for which that information pertains and by the FVCC Office of Public Information. This procedure pertains to documents published on the web server at www.fvcc.cc.mt.us.
Information published via secondary World Wide Web servers at Flathead Valley Community College will be approved by the director/advisor of the department/group for which that information pertains and by the FVCC President’s Staff level administrator within whose responsibility said department/group lies. This procedure pertains to documents published on FVCC web servers at www2.fvcc.cc.mt.us thru www999.fvcc.cc.mt.us and all other systems used for electronic publishing that are physically connected to the FVCC network and/or are owned by FVCC.
Information published electronically by students, faculty, and staff at FVCC, as personal web pages, is the responsibility of the author. FVCC assumes no liability for the accuracy or content of the information found on personal web pages stored on FVCC computer systems. All web authors, publishing via a Flathead Valley Community College computer system, are expected to publish in a manner befitting an academic environment, and with a respect for the feelings and well-being of others. FVCC web publishing systems will not be used for non-college, for-profit business endeavors. This procedure pertains to personal documents published on all computer systems at Flathead Valley Community College.
Information published electronically by students, faculty, and staff at FVCC, as personal web pages, is the responsibility of the author. FVCC assumes no liability for the accuracy or content of the information found on personal web pages stored on non-FVCC computer systems. This procedure pertains to personal documents published on all computer systems other than those at Flathead Valley Community College.
Personal web page publishing via the mail server at FVCC is an experimental, no-fee service available to registered students, faculty, and staff. FVCC reserves the right to terminate this service without notice. This procedure pertains to the server at mail.fvcc.cc.mt.us.