INTRODUCTION

Accessibility to the Internet provides new and exciting ways to improve our access to information and changes the way we communicate with our colleagues and the world. With these new opportunities, there are certain rights and responsibilities to which each user is expected to adhere. These rights and responsibilities are designed to do the following:

• Ensure compliance with the rules and responsibilities on the networks we connect to.
• Educate users as to what is acceptable and unacceptable use.
• Inform users about certain security aspects of using the Internet.

All users of Harris-Stowe State University computer networks are expected to be familiar with and will be held accountable for compliance with this policy. This policy is not meant to limit use of the Internet, but to ensure its appropriate use. Remember, each time you use the university's connection to the Internet, you are a representative of the university.

This policy is subject to change and should be reviewed periodically for questions of compliance. Due to the volatile nature of the Internet and the continuing expansion of services available to the university community, this document will be updated and expanded over time as needed.

PRIMARY PURPOSE

The primary purpose of the university's computers, network and connection to the Internet is to provide faculty, staff and students with access to local and networked resources and information services which support education, research and administrative functions consistent with the mission of the university.

GENERAL POLICIES

Computer use has become an integral part of many institutional activities. While much computing is now done on individual computer workstations, most information and communications systems either reside on central computers or use networks. Procedures for gaining access to and making optimum use of these resources (including the steps to be taken in lodging complaints) are available to users.

USE OF FACULTY AND STAFF E-MAIL

The e-mail system provided by the institution is to be used in a manner consistent with carrying out work-related duties of the individual user, department or institution as a whole. Use of the system for personal mail, private commercial activities or other non-work related communication is not permitted (see exception below). Additionally, the following types of e-mail are not permitted:

• Sending e-mail to everyone on the system unless the message is work-related and applies specifically to every employee. This is referred to as spamming*.
• Sending unsolicited external group mailings. This is referred to as spamming*.
• Sending or forwarding any e-mail of the chain-letter type. Although there is currently no federal law against this as there are laws against traditional mail, chain letters are considered a form of harassment by many users and the sender may be liable under those laws.
• Sending any e-mail to personally constructed groups to whom the mail does not apply. One example would be e-mailing some unsolicited "humorous" item to a group you have created. This is considered a form of harassment by many users and the sender may be liable under those laws. (This also violates the restriction of using the system for work-related messages only.)

Exception:

• Use of the system for moderate amounts of necessary personal communication to individuals inside or outside the system is permitted. This should usually be done on personal time.

* Spam (or Spamming) - An inappropriate attempt to use a mailing list, or USENET or other networked communications facility as if it was a broadcast medium (which it is not) by sending the same message to large numbers of people who did not ask for it.

USE OF STUDENT E-MAIL

The e-mail system provided by the institution is to be used in a manner consistent with carrying out the academic and professional student activities of individual student users. Students may not use e-mail in ways which directly or indirectly cause Harris-Stowe State University and its service-provider partners fiscal damages and or harm to the reputation of the institution, its administration, faculty, staff, students, alumni or other affiliated groups.

The university does not normally monitor individual or institutional e-mail, except in the event that a complaint has been issued or when bound by federal, state and local laws and or official entities. Examples of misuse include (but are not limited) to the following:

• Sending unsolicited external or internal group mailings. This is referred to as spamming.
• Using e-mail as a personally owned business contact or for other commercial activities without prior consent from Harris-Stowe State University.
• Using e-mail to illegally collect and or disseminate information from internal and external users, which includes engaging in phishing schemes, information harvesting, identity theft and or posing as another HSSU e-mail user (spoofing), the transfer of copyrighted materials, acceptance or transfer of illicit materials which violate federal, state and local laws and local community standards, harassment or intimidation, and the unauthorized interception of information bound for other e-mail accounts.
• Using e-mail to illegally attempt to compromise internal and external networks, computing systems, or security measures employed by HSSU, its affiliate partners and any other outside entities.
• Using e-mail to misrepresent a user's role at Harris-Stowe State University, including posing as administration, faculty or staff.

Harris-Stowe State University reserves the right to disable or otherwise remove access to an individual student's e-mail when the university deems it necessary to investigate complaints or violations of the HSSU Acceptable Use Policy and the HSSU Security Policy. 

Harris-Stowe State University reserves the right to use student e-mail as a form of contact to distribute university information, typically including (but not limited to) the following:

• As a form of communication between instructors and students for academic purposes
• For emergency-response notifications
• Sharing news of interest to HSSU community
• Issuing e-invites to HSSU sponsored events
• To engage in campus-wide academic activities, including surveys

Harris-Stowe State University will not share student e-mail information with outside entities unless deemed critical by the HSSU administration in performing essential functions related to university business.

USE OF STUDENT INFORMATION SYSTEMS (MYHSSU/e-Racer)

Student information systems provided by the institution are to be used in a manner consistent with carrying out the academic and professional activities of current and former student users. Students may not use student information systems in ways which directly or indirectly cause harm to Harris-Stowe State University, its service-provider partners, its administration, faculty, staff, students, alumni or other affiliated groups.

The University routinely monitors activity on its student information systems for unauthorized access and or misuse by account holders.  Examples of misuse include, but are not limited to, the following:

• Allowing individuals or organizations access to personal account information (e.g. usernames and passwords) without having a signed FERPA waiver on file in the Office of the Registrar.
• Using student information systems to compromise internal and external networks, computing systems, or security measures employed by HSSU, its affiliate partners, and any other outside entities.
• Attempting to access and or modify information within the student information system other than what is permitted as part of a student’s normal academic activities.

Harris-Stowe State University reserves the right to disable or otherwise remove access to student information system accounts when the University deems it necessary to investigate complaints or violations of the HSSU Acceptable Use Policy and the HSSU Security Policy.

USE OF EXTERNAL NETWORKS

Members of the community who use networks or facilities not owned or controlled by the institution will adhere to the policies and procedures established by the administrators of these networks and facilities. (These can usually be obtained from the network information center or Acceptable Use Policy of the network in question.) Use of institutional computing resources must follow the guidelines of all of the networks traversed.

USE OF INTERNAL NETWORKS

The HSSU network has been designed with two separate hardware and software security areas — one called Instruction for student computers and accounts and one called Administration (formerly Academic) for faculty and staff. These areas have different functions and provide access to different parts of the network.

The Instruction or student network consists of the labs, classrooms, library open area and other specially set up open areas. This network allows access to media, streaming video, the student Web and other areas and resources appropriate for instruction.

The Administration network consists of faculty and staff departments and offices and other limited use areas. This network allows access to the student information system and the financial system of the institution and other administrative resources. Because of the availability of sensitive data on this network, students are not given login privileges by the network administration staff, nor should they be allowed to use existing faculty and staff accounts. Use of Administrative computers by students could potentially violate federal or state laws.

CONFIDENTIALITY

In general, the institution will treat information stored on computers as confidential (whether or not that information is protected by the computer operating system). Requests for disclosure of information will be honored only under one of the following conditions:

• When approved by the appropriate administrator or security officer
• When authorized by the owners of the information
• When required by local, state or federal law

Except when inappropriate, computer users will receive prior notice of such disclosures. (Viewing of information in the course of normal system maintenance does not constitute disclosure.)

Warning: Users of electronic mail systems should be aware that electronic mail in its present form cannot be secured and is, therefore, extremely vulnerable to unauthorized access and modification.

RESPONSIBILITIES OF USERS

The user is responsible for correct and sufficient use of the tools available for maintaining the security of information stored on each computer system. The following precautions are strongly recommended:

• Computer account privileges, passwords and any type of authorization that are assigned to individual users should not be shared with others.
• The user should assign an obscure account password and change it frequently.
• The user should understand the level of protection each computer system automatically applies to files and supplement it, if necessary, for sensitive information.
• The microcomputer user should be aware of computer viruses and other destructive computer programs and take steps to avoid being a victim or unwitting distributor of these processes.

Ultimate responsibility for the resolution of problems related to invasion of the user's privacy or loss of data rests with the user. Harris-Stowe State University assumes no liability for loss or damage to the user's data or for any damage or injury arising from invasion of the user's privacy.

Personally or non-institutionally owned Hardware / Software Policy

• We do not install or attach personal property (this includes hardware and software) to the school computers or network.
• If someone has installed personal property on or in a computer, we will not maintain or repair that computer while the personal property is installed or attached.
• The person who installed the personal property must remove or uninstall it before we will upgrade or repair either the hardware of software on that computer.
• We do not diagnose, repair or install software to personally owned computers or peripherals.
•  Anyone wishing to connect either a wired or wireless computer or other device not owned by this institution to the network must do the following:
  
  -- the item must be checked in with Campus Safety and an "Identification Form For Bringing Personal Property On Campus" form must be filled out.
  
  -- the item must be brought to either the MIS department or the library technical support staff, along with a copy of the filled out Campus Safety form, for approval prior to making a connection, wired or wireless
  
  -- computers must be running an up-to-date anti-virus program the entire time they are connected, wired or wireless
  
  -- all other university policies must be followed while on campus or connected to the network.

UNACCEPTABLE OR ILLEGAL USE

Computing resources may only be used for legal purposes by the public and staff. Examples of unacceptable purposes include, but are not limited to, the following:

• Harassment of other users
• Libeling or slandering other users
• Violation of another user's privacy
• Destruction of or damage to equipment, software or data belonging to the institution or other users
• Violation of software license agreements
• Disruption or unauthorized monitoring of electronic communications
• Unauthorized copying or use of copyright-protected material
• Unauthorized copying or use of materials that violates the intellectual property rights of others
• Disruption of normal network use and service. Such disruption includes, but is not limited to, the propagation of computer viruses, the violation of personal privacy, spamming or the unauthorized access to protected and private network resources.
• Use of HSSU computing resources for commercial or private money-making activities.
• Use of HSSU computing resources for purposes that violate any federal, state or local law.
• The installation or use of software and or hardware on publicly used equipment belonging to the institution without prior authorization from HSSU personnel designated to approve such requests.

COOPERATIVE USE

Computing-resource users can facilitate computing in many ways. The institution endorses the practice of cooperative computing. Facilitating good computing habits includes the following:

• Regular deletion of unneeded files from one's accounts on shared computing resources.
• Refraining from overuse of connect time, information storage space, printing facilities or processing capacity.
• Refraining from overuse of interactive network utilities.
• Refraining from use of sounds and visuals which might be disruptive to others.
• Refraining from use of any computing resource in an irresponsible manner.

DISPLAY/DISSEMINATION OF SEXUALLY EXPLICIT MATERIALS

Use of Internet access stations to display or disseminate sexually explicit or sexually suggestive (obscene/pornographic) material on campus is prohibited. Violators of this policy in public areas such as the library or labs  will be removed and will have their computer use privileges revoked. Violators in offices will be subject to sanctions defined elsewhere.

PAGE CONTENT

Pages submitted for placement on any of the HSSU Web pages must comply with the acceptable-use policy. No page posted on the HSSU Web site may contain copyrighted materials without written permission from the owner of the materials in question. Although there are no specific rules regarding non-copyrighted materials that can be on a page, the page author must consider the current acceptable use policy, good taste, community standards and the potential viewing audience. In open labs and public areas this includes passersby who may be able to view the computer screen and its contents. Finally, no page posted on any part of the HSSU Web site may contain illegal material of any sort. Although the university makes all reasonable attempts to monitor compliance with this policy, internal pages may have links to an external site whose content is beyond our control.

SECURITY AND PRIVACY ISSUES

Privacy

• The university does not collect and use information from users connecting to its sites either by cookies or any other means except when explicitly stated in survey or information request pages.
• Information submitted on survey or information request pages is only used for the purpose specified, and data from these forms is not distributed either internally or externally.
• Users of the Internet should be aware that no guarantees can be made concerning the privacy and security of information transmitted across the Internet. Although highly unlikely, it is possible that third parties (including system administrators and hackers) can read, intercept, modify or forge information traveling across the Internet.

Security

• Because much of the information available on the Internet is not produced or provided by the university, users are urged to verify the source and content of information for its usefulness prior to using it. The university is NOT responsible for information obtained from sources outside the university.
• Electronic mail passwords are your key to the security of your mail both in and out of the building. Anyone who has access to both your username and password has the potential to access your electronic mail. Users are cautioned not to share their passwords with ANYONE. Please choose your passwords carefully. The most secure passwords are at LEAST eight (8) characters in length and contain at least one symbol such as !@#$%^&*()-= ]. DO NOT USE PASSWORDS THAT ARE EASILY GUESSED, SUCH AS YOUR NAME, YOUR CHILDREN'S NAMES, ADDRESSES or anything associated with you. These are usually the first choices for someone trying to guess your password!
• A Security Incident Response Team has been established at the university to respond to reports of security violations. The security policies of the university are defined in the Security Policy and may be viewed there. Click HERE to view Security Policy.

SANCTIONS

Violators of computing-resources-use policies may lose library, lab or other use privileges. (Staff will be subject to normal disciplinary procedures as well.) Violations of the policies for legal and ethical use of computing resources (described above) will be dealt with in a serious and appropriate manner. Illegal acts involving computing resources may also be subject to prosecution by local, state or federal authorities.

The Security Incident Response Team is required to prepare an official security report for complaints brought by or against any Harris-Stowe State University computer user. In cases where a complaint has been filed against a member of the Harris-Stowe State University faculty or staff, completed security reports will be forwarded to divisional vice-presidents, assistant vice presidents, deans, and/or executive directors overseeing departments from which violations have originated. Additional security reports will be filed with the HSSU President’s Office, HSSU IT Services, and, when applicable, MORENET or other outside authorities.

DISCLAIMER

Because the Internet is a global electronic network, there is no state/county/local control of its users or content. The Internet and its available resources may contain material of a controversial nature. The institution cannot censor access to material nor protect users from offensive information. Parents of minor children must assume responsibility for their children's use of the Internet through the library or other public area connections.

The university cannot control the availability or accuracy of information links which often change rapidly and unpredictably. Not all sources on the Internet provide accurate, complete or current information. Users need to be well informed consumers, questioning the validity of all information.