小黄猫传媒

College Policies

BP 8200 Use of IT Resources

Statement of purpose

小黄猫传媒 provides many technology products and services to support the academic and administrative needs of the College. Individuals who use the College鈥檚 IT resources are expected to follow certain defined behaviors in order to minimize information security risk and protect the College and its constituents.

Protecting students, faculty, and staff from the risk of identity theft or unauthorized disclosure of personal information is the primary goal of adopting the best practices described in this policy.

In addition, this policy seeks to ensure that, in using College IT, resources individuals:

  1. Respect the rights of all 小黄猫传媒 students, faculty, and staff.
  2. Ensure that 小黄猫传媒 technology services are available when needed.
  3. Protect 小黄猫传媒 from harm that may result in misuse.

As a public institution, the College has a legal obligation to comply with federal and state regulations that dictate the acceptable use of our IT resources, as well as to demonstrate appropriate due diligence to our accrediting body.

Accordingly, this policy supports the following goals:

  1. Ensure the integrity, reliability, availability, and optimal performance of IT resources.
  2. Minimize the risk of data breach and cybercrime.
  3. Ensure that use of IT resources is consistent with the principles and values that govern the use of other College facilities and services.
  4. Prevent unauthorized disclosure of controlled sensitive data.
  5. Prevent disruption of the learning experience.
  6. Ensure the College is protected from financial, legal, regulatory, and reputational harm.
  7. Ensure that IT resources are used for their intended purpose.

Scope statement

All 小黄猫传媒 (小黄猫传媒) employees, students, and affiliates or other third parties that create, use, maintain, or handle 小黄猫传媒 IT resources are subject to this policy. This policy applies to use of all 小黄猫传媒 owned and managed IT resources, use of any computer or mobile device connected to a 小黄猫传媒 network, all controlled sensitive data stored or transmitted using 小黄猫传媒 IT resources and all users of such data.

Policy summary

小黄猫传媒 technology resources shall be used to support the academic and administrative needs of the College in accordance with information security industry and 小黄猫传媒 Information Security Department best practices.

Policy

  1. Users shall only access IT resources that they are authorized to use.
  2. Users shall only use IT resources for their intended purpose.
  3. Users shall not physically remove IT resources from 小黄猫传媒 premises for personal use.
  4. Users shall be individually responsible for the appropriate use of their computer, account, and any IT resource assigned to them.
  5. Users shall promptly report the theft, loss, or unauthorized disclosure of 小黄猫传媒 proprietary information and/or IT resources.
  6. Users will not use IT resources for uses that are inconsistent, incompatible, or in conflict with State or Federal law or other 小黄猫传媒 policies.
  7. Users are responsible for exercising good judgment regarding the reasonableness of incidental personal use (see Exemptions).
  8. Users shall comply with contractual and license agreements between 小黄猫传媒 and third parties when using IT resources.
  9. Users shall not intentionally disrupt the computing environment or obstruct the work of other users.
  10. Users consent to programmatic evaluation of any computer or mobile device attached to the 小黄猫传媒 network, including privately owned devices (see Exemptions).
  11. Faculty and staff shall not perform 小黄猫传媒 business on non-authorized (BYOD) personal devices.
  12. Upon termination, employees shall return all IT resources in their possession to their supervisor.
  13. In the event of a security violation, the Information Security Department may request that a computer or mobile device be impounded for forensic examination. Such forensic evaluations follow a rigorous, documented process involving Human Resource and/or Public Safety.

Exemptions

  1. Faculty and staff are permitted incidental personal use of IT resources as defined in the 小黄猫传媒 Ethics Guidelines, provided that such use does not violate other policies.
  2. Students may use IT resources for unrestricted personal use, provided such use does not violate other policies.
  3. Programmatic evaluation of connected devices is for security purposes only in order to protect against potential threats such devices may introduce into the 小黄猫传媒 network.

Note: 小黄猫传媒 will not (and cannot) scan, or otherwise inspect user data, user-installed programs, user activity, or any other personal/user information stored on personal devices connected to the 小黄猫传媒 network.

  • Example 1: A faculty member connects to the 小黄猫传媒 wireless network and sends an email using their personal email account. This is not discoverable by 小黄猫传媒 IT.
  • Example 2: A student connects their smart phone to the 小黄猫传媒 wireless network and performs a banking transaction. This is not discoverable by 小黄猫传媒 IT.
  • Example 3: 小黄猫传媒 is required to perform eDiscovery for a legal matter. Data stored on personal devices connected to the 小黄猫传媒 wireless network (e.g.: personal laptops, smart phones, etc.) or data stored in third party sites (e.g.: Dropbox) are not discoverable by 小黄猫传媒 IT.

Exceptions

Exceptions to this policy must be pre-approved in writing by the Chief Information Officer (CIO).

Policy violation

  1. Violation of this policy may result in disciplinary action in accordance with 小黄猫传媒 Human Resources and/or Student Conduct guidelines.
  2. 小黄猫传媒 reserves the right to report security violations or compromises to the appropriate authorities. This may include reporting violations of Federal, State, and local laws and regulations governing computer and network use, or required accreditation reporting.
  3. Anyone who violates this policy may be held liable for damages to 小黄猫传媒 assets, including but not limited to the loss of information, computer software and hardware, lost revenue due to disruption of normal business activities or system down time, and fines and judgments imposed as a direct result of the violation.
  4. 小黄猫传媒 reserves the right to deactivate any User鈥檚 access rights (whether or not the User is suspected of any violation of this policy) when necessary to preserve the integrity of IT Resources.

Complaint procedures

Report non-security-related violations (such as receipt of inappropriate content, other Human Resource policy violations, general college policy violations, or regulatory compliance violations) to a supervisor, HR, or EthicPoint.

Report information security and general technical policy violations to the IT Service Desk at 971-722-4400 or servicedesk@pcc.edu, or contact the CIO or CISO.

Governing standards, policies, and guidelines

None.

Definitions

  • Affiliate
    Any person or entity that has been sponsored by a 小黄猫传媒 manager to receive controlled temporary access to 小黄猫传媒 services.

    • This is generally as a result of a contractual relationship with 小黄猫传媒. For example, an air conditioning vendor may require affiliate access to test the HVAC system. A consultant project manager may require affiliate access to access project plans on a 小黄猫传媒 system.
  • Bring Your Own Device (BYOD)
    Personal mobile computing devices that are used at 小黄猫传媒.

    • BYOD devices include:
      • Smart Phones
      • Personal laptops
      • PDAs
      • Personal tablets
    • See BP 8211 Personal Mobile Computing for more information on BYOD policies.
  • Chief Information Officer (CIO)
    Senior manager of the Information Technology (IT) Department and a member of Cabinet.

    • At 小黄猫传媒, the CIO is responsible for all technology, with the exception of:
      • Online Learning (Academic Affairs)
      • Some specialized technology that supports CTE or other engineering programs (e.g. software that supports machine labs, specialized dental technology, etc.)
      • Some technology that supports auxiliary services (e.g. Point of Sale systems in the cafeterias and bookstores)
  • Controlled Sensitive Data (CSD)
    A general categorization that is used in 小黄猫传媒鈥檚 Information Technology (IT) policies (primarily the Information Security Policy and the Acceptable Use Policy) to represent all confidential and private information governed by those policies.

    • CSD includes: PII, PHI, HIPAA, FERPA, regulated, private, personal, or sensitive information for which 小黄猫传媒 is liable if publicly disclosed.
  • Cybercrime
    Criminal activity or a crime that involves the Internet, a computer system, or computer technology.
  • Data Breach
    Generally, an incident in which sensitive, protected, or confidential data has potentially been viewed, stolen, or used by an individual unauthorized to do so.

    • Note: Although 鈥渂reach鈥 is a commonly used term in the information security community, legally, the term 鈥渂reach鈥 tends to only be used when a security event reaches the threshold of regulatory reporting. 小黄猫传媒 legal council recommends using the terms 鈥渋ncident鈥 or 鈥渃ompromise鈥 until it can be determined whether an event satisfies the legal definition of a breach.
  • Electronic Communication Service
    Any service used to transmit digital communications such as email or chat systems.

    • At 小黄猫传媒 such systems include Google Gmail, Chat, Meet, Zoom, Slack, and others.
  • Hardware
    The collection of physical components that constitute a computer system (a desktop computer, a server in a datacenter, a network switch, a printer, etc.)
  • IT Resource
    (At 小黄猫传媒) All Information Technology (IT) resources that are the property of 小黄猫传媒 and include, but are not limited to, all network-related systems; business applications; network and application accounts; administrative, academic and library computing facilities; college-wide data, video and voice networks; electronic mail; video and web conferencing systems; access to the Internet; voicemail, fax machines and photocopiers; classroom audio/video; computer equipment; software and operating systems; storage media; Intranet, VPN, and FTP.

    • IT Resources include resources administered by IT, as well as those administered by individual departments, college laboratories, and other college-based entities.
  • Network
    (In IT) The technology that carries messages between one computer and another.

    • A network is a primary component of technology infrastructure and consists of hardware (e.g. routers, switches) that control and direct traffic; transport technologies (e.g. cables, fibre, wireless radio waves) that transport messages from Point A to Point B; and standards (e.g. Internet Protocol, Ethernet) that facilitate a common understanding of the messages being sent and how they are to be processed.
    • End points (or nodes) on a network are the senders and receivers of the messages and are usually computers (e.g. servers, desktops, laptops) 鈥 but can also be technology such as machine controllers, audio/visual devices, etc.
    • The Internet of Things (IoT) largely replaces people interacting across a network with machines and other technology devices interacting across a network, often using artificial intelligence (AI).
  • Software
    A set of instructions that tells a computer what to do.

    • Computer software is generally constructed as programs (applications) written in a specific language designed to run on computer hardware. Most common softwares are applications for business and personal use. More specialized computer software runs the operating systems of computers, operates machinery, creates artificial intelligence in robots, controls scientific instruments, etc.
  • Third Party
    (In Information Technology [IT]) A vendor. Can be applied to any vendor (鈥渢hird party provider鈥), but mostly used regarding 鈥渧endor software鈥 to distinguish it from software developed 鈥渋n house.鈥
  • User
    Any person who makes any use of any 小黄猫传媒 IT resource from any location (whether authorized or not).

Responsible executive

Chief Information Officer

Responsible officer

Chief Information Officer (CIO)

Responsible office

Information Technology Department

Last revision date

11-01-2019