Responsible Use of Information Technology Resources

Policy Purpose
Eastern Mennonite University (EMU) expects all members of its community to use university-owned technology resources in a responsible manner. The university may restrict the use of its computers and network systems in response to complaints presenting evidence of violations of other university policies or codes, or state or federal laws.

Policy Statement
EMU seeks to enforce its policies regarding use of its technology resources to: protect the university against damaging or legal consequences; prevent the distribution of proprietary software or electronic copies of creative works in violation of copyright restrictions or contractual obligations; safeguard the integrity of computers, networks and data, either at EMU or elsewhere; and ensure that the use of technology resources complies with other EMU policies.

User Responsibilities

Access to technology resources and network capacity is a privilege to which all university faculty, staff and students are entitled. (Access may be granted to other individuals affiliated with the university or university personnel, as situations warrant and with approval from Information Systems leadership.) Certain responsibilities correspond with that privilege. These include those responsibilities listed below. Since no list can cover all possible circumstances, the spirit of this policy must be upheld, that is, any action that hinders legitimate computer usage or invades the privacy of another person or institution is unacceptable.

Use of EMU-Owned Technology Resources

1. All EMU-owned technology resources are for the use of EMU students, faculty and staff. University guests may request temporary access to computers in the library and public computer labs.
2. Users must not abuse equipment and are asked to report any mistreatment or vandalism of technology or network resources to University Security (540-432-4911).
3. When using computers in labs or classroom technology, users should relinquish the computer they are using if they are doing non-essential work when others are waiting for a computer to perform course-related activities. Equipment should not be monopolized. Users should not use more than one computer at a time and should plan work so that the computer session is no longer than necessary.
4. When using computer labs, users may not disconnect any cables on computers or other equipment. When using any other EMU-owned computers users should contact IS Help Desk before installing software or making any changes to equipment connected to the computer.
5. Users are expected to respect other users and IS staff. Verbal or physical abuse of others, students or staff, will not be tolerated. A user must identify herself or himself fully (e.g., by showing an EMU ID card) upon request of any IS staff member, IS student employee or security personnel.
6. Users must respect all posted notices (such as those concerning hours of operation, printing, reservation schedules, etc.) in computer labs.

Legal Usage

1. EMU-owned technology resources may not be used for defamation, theft, terrorism, spam, illegal or harmful purposes, including:
   • Threats to others.
   • Harassment of others.
   • Intentional destruction or damage to equipment, software or data.
   • Intentional disruption or unauthorized monitoring of electronic communications.
   • Infringement of intellectual property rights
2. Unless otherwise indicated, users should assume that all software made available by the IS department is proprietary and may not be legally copied.
3. IS will not knowingly allow installation of or provide support for software that a user possesses in violation of its license agreement and will remove such software from EMU-owned computers or servers. IS staff may ask for proof of ownership before helping users with their software.
4. IS will not knowingly allow use of EMU-owned technology resources (computers, equipment, network, etc.) for the illegal copying of digital media or files. Note: U.S. Copyright Law protects copyright owners from the unauthorized reproduction, adaptation or distribution of digital material, including the unauthorized use of copyrighted sound recordings (e.g., music files), video files and interactive digital software (i.e., video games).
5. IS will only reproduce originally produced media or where authorization to reproduce can be documented.
6. Unless specifically provisioned by the software license, EMU-owned software may not be installed on non-EMU-owned equipment.

Ethical Usage

1. Users shall not use EMU-owned technology resources or personally-owned computers connected to the university network for non-university, unsanctioned commercial activity.
2. Users shall make no attempt to tamper with any EMU-owned network device in any manner.
3. Users shall make no attempt to alter software other than their own or to copy software intended only for execution.
4. Users shall not interfere with, interrupt or obstruct the ability of others to use the network or other EMU-owned technology resources.
5. Users shall not attempt to connect to a host via the network without explicit permission of the owner.
6. Users shall not provide, assist in or gain unauthorized access to university technology or network resources.
7. Users shall not attempt to circumvent or defeat computer or network security measures.

Account Usage

1. Usernames and passwords are assigned to accounts for all EMU-owned systems that require authenticated access.
2. Royal Username is a permanent identifier assigned by Information Systems and cannot be changed unless extraordinary circumstances are judged to exist by Information Systems leadership.
3. Account holders must use only their own username and password to access EMU-owned technology resources. Account holders may not allow others to use their usernames and passwords. The account holder is responsible for its use and all activity originating from that account at all times.
4. Account holders must protect their passwords and keep them confidential. IS requires periodic password changes. Any problem resulting from irresponsible use of a password (e.g., a password that can be easily guessed or dissemination of a password) may be treated as grounds for action against the account holder. Any attempt to determine the passwords of other users is strictly prohibited.
5. Account holders must not abuse any electronic communications system, either local or remote, by sending rude, obscene, or harassing messages or by using these systems for non-essential purposes during the times when the computers are in heavy demand.
6. Account holders must identify themselves clearly and accurately in all electronic communications.
7. Account holders must access only their own files, those that have been designated as public, or those that have been made available to them with the knowledge and consent of the owner.

Network Usage

The following are responsibilities that are particularly applicable to users of EMU’s campus-wide network, including residence hall users. While the following items are geared toward on-campus usage, the same principles apply to accessing EMU network resources from EMU’s remote sites or via the internet:

1. Only devices that have been authorized through the Network Access Control (NAC) system may be used on the campus network, unless specifically authorized by IS department systems administrators. Users must not attempt to circumvent the NAC system.
2. The person established via the NAC system as the owner of that authorized network device is responsible for that device’s use and all activity originating from it at all times.
3. Excessive or improper use of network resources that inhibits or interferes with use by others is prohibited and will be cause for action by IS, which may include restricting, limiting or disabling network access.
4. No device that acts as a server may be connected to the EMU network, unless specifically authorized by IS department systems administrators.
5. Internet Protocol (IP) and MAC addresses may not be forged or spoofed. To maintain smooth operation of the network, IP addresses used must be those assigned dynamically by IS, unless specific instructions are otherwise given by IS department systems administrators.
6. No device or service that provides remote access to the EMU network or its network-connected equipment may be connected to the network.
7. In no case shall the following types of servers be connected to the network: DNS, DHCP, BOOTP or any other server that manages network addresses.
8. Due to the serious negative impact on network availability created by improperly configured routers, all routers or devices which function as routers, are disallowed except those configured and used by IS department systems administrators
9. Users are not permitted to set up wireless access points on the campus network due to significant operational conflicts with existing EMU-provided wireless devices. EMU provides wireless capability at many locations throughout campus, including the residence halls, classrooms and common areas.
10. Any device that can act as a wireless access point, such as a printer or smartphone, must have such capability disabled on the EMU campus. Any person responsible for a device that causes interference with the wireless network may be asked to turn it off or disable the functionality that causes interference.
11. Users are not permitted to register their own domain names for systems on the EMU network.Information Systems must be informed prior to acquisition of any domain name or hosting service to be used by an entity in which EMU has an ownership interest. Unless extraordinary circumstances exist, Information Systems will register, administer and maintain all such domain names.

Personal Usage

EMU recognizes that its employees may occasionally make personal use of University owned computers and does not wish to prohibit such use altogether. The following procedures apply to personal data on EMU-owned computers.

1. Personal data on EMU-owned computers may be accessed by IS technicians during routine maintenance and support work.
2. Information Systems will not be responsible for the backup and restoration of non-work related data including: music, personal pictures, games and non-EMU-owned software.
3. Information Systems may ask that such data/software to be removed if it is hampering the function of the computer and/or the ability of the employee to perform his/her job function.
4. In the event the employee gets a new computer, hard drive replacement, or re-image Information Systems will not be responsible for the restoration of personally-owned data. It is recommended that employees store personally-owned data on personally managed external devices or cloud services.
5. User Services technicians performing the data transfer or computer configuration will have discretion in identifying personally-owned data. As a general guideline, music, photographs and videos will be considered personally-owned data which will not be transferred to a new hard drive by Information Systems.

Enforcement

Penalties for violations of this policy may include the following:

• Loss of access to all or some EMU technology resources, including the internet and/or EMU network.
• EMU Student Life staff review for student cases and Human Resources department review for employee cases.
• Prosecution under applicable civil or criminal laws

Responsibility and Review

Responsible Party
Responsibility for this policy lies with the provost. Policy implementation is the responsibility of Information Systems leadership.

Policy Review
This policy is to be reviewed by the Provost's Council.