|Document Title||Computer and Network Usage Policy|
Revised March, 2010 (President's Cabinet)
Table of Contents
Access to information technology is essential to the State University of New York’s mission of providing the students, faculty and staff of the State University of New York at Fredonia with educational services of the highest quality. The pursuit and achievement of the SUNY mission of education, research, and public service require that the privilege of using computing systems and software, internal and external data and networks, as well as access to the World Wide Web, be made available to the SUNY community. The preservation of that privilege for the full community requires that each faculty and staff member, student, and other authorized user comply with institutional and external standards for appropriate use.
To assist and ensure such compliance, Fredonia establishes the following policy which supplements all applicable SUNY policies, including sexual harassment, patent and copyright, and student and employee disciplinary policies, as well as applicable federal and state laws.
III. Authorization and Use
A. Authorized Activities
Fredonia computer facilities are a resource for members of the campus community (faculty, staff, students, and other affiliated individuals or organizations authorized by Fredonia) to be utilized for work consistent with the instructional, research, and administrative goals of the university as defined in the Fredonia “Missions and Goals” statement.
Use by nonaffiliated institutions and organizations shall be in accordance with SUNY Administrative Procedures Manual Policy 007-1: Use of Computer Equipment or Services by Non-affiliated Institutions and Organizations. All who use Fredonia computer facilities have the responsibility to do so in an effective, efficient, ethical, and legal manner, as outlined below.
B. User Accounts
The university grants access to particular computer systems with the assignment of specific user accounts based on educational and business need for access. Every computer user account issued by Fredonia is the responsibility of the person in whose name it is issued. University-recognized clubs and student organizations may be issued a user account. Faculty advisors shall designate a particular person or persons authorized to act on behalf of the club or organization. This person(s) is responsible for all activity on the account and will be subject to university disciplinary procedures for misuse. The following include, but are not limited to, examples of theft of services, and subject to penalties described in Section IV.
C. Password Security
It is mandatory that user accounts be kept secure by using strong passwords, keeping passwords secret, and changing the passwords often. Users must set a password which will protect their account from unauthorized use, and which will not be guessed easily. Avoid selecting easily guessable passwords, for example, nicknames, birthdates, and telephone numbers. Users must report to Information Technology Services any use of a user account without the explicit permissions of the owner and Information Technology Services.
D. User Privacy
Fredonia does not generally monitor or restrict material residing on state-owned or non-state owned electronic devices, whether or not such devices are connected to the campus networks. However, devices that are utilized in violation of Fredonia's policies are subject to investigation and disconnection without notice.
No user should view, copy, alter or destroy another's personal or state-owned electronic files without permission (unless authorized or required to do so by law or regulation). Fredonia computing and network resources are designed to protect user privacy; users shall not attempt to circumvent these protections.
Fredonia reserves the right to access all aspects of its computing and network resources, including individual usage to determine if a user is violating this policy or state or federal laws.
E. System Integrity and Denial of Service
Users shall respect the system integrity of campus computing facilities. For example, users shall not intentionally develop or use programs that infiltrate a computing system, or damage or alter the software components of a computing or network system.
F. Resource Accounting
Users shall not develop or use procedures to alter or avoid the accounting and monitoring of the use of computing facilities. For example, users may not utilize facilities anonymously or by means of an alias, and may not send messages, e-mail, or print files that do not show the correct username of the user performing the operation.
G. Resource Usage
Office computer equipment is provided by the institution for academic and business use. All equipment is tagged with Fredonia asset tags and inventoried on a yearly basis. Any information stored, processed, or transmitted by this computer may be monitored, used, or disclosed by authorized personnel, including law enforcement.
Office and lab computing facilities must be used in a responsible and efficient manner. Users shall not develop or use procedures that obstruct authorized use by others. Users shall not interfere with computer setups which are intended to keep computer software current and legal, and shall not install personal software. Users shall not use applications that utilize an unusually high portion of the network bandwidth. Users shall avoid wasting computing resources by excessive game playing or other trivial applications; by sending chain letters or other frivolous or excessive messages locally or over the network; or by printing excessive copies of documents, files, images, or data. Campus printing must pertain to academic work, personal intellectual growth or administrative business.
H. Copyrights and Licenses
Users shall not violate the legal protection provided by copyrights and licenses held by Fredonia. Users shall not make copies of any licensed or copyrighted computer program found on any Fredonia computer or storage device without the written authorization of Information Technology Services. U.S. federal copyright law grants authors certain exclusive rights of reproduction, adaptation, distribution, performance, display, attribution, and integrity to their creations. Works of literature, photographs, music, software, film, and video works can all be copyrighted. Examples of probable violations of copyright laws include, but are not limited to: making unauthorized copies of any copyrighted material (such as commercial software, text, graphic images, audio, and video recordings); distributing copyrighted materials over computer networks or through other means; resale of data or programs, or the use of them for non-education purposes or for financial gain; or public disclosure of information about programs (e.g., source code) without the owner’s authorization.
I. Restricted Access Systems
Access to selected administrative computers and programs is restricted on a ”need-to-know” basis conforming to SUNY policy guidelines. Unauthorized access or attempted access to these machines or data will constitute theft of services and will be subject to the penalties described in Section IV. Authorization for use of these systems is granted solely by Information Technology Services, on behalf of the institution, and reviewed by the campus Security Administrator.
J. Recreational Use
Recreational use of computing facilities, including computer games and social network communication, is allowed only when no other instructional, research, or administrative function requires the use of resources. Persons using a computer for recreational purposes are required to relinquish the computer immediately to someone needing it for academic or administrative purposes.
K. Termination of Access to Fredonia Computing Facilities
Intentional violation of policies contained in this document will result in immediate termination of access. Access will also be terminated for:
IV. Limitations on Users' Rights
The issuance of a password or other means of access is to assure appropriate confidentiality of Fredonia files and information and does not guarantee privacy for personal or improper use of university equipment or facilities.
Fredonia provides reasonable security against intrusion and damage to files stored on central facilities. Fredonia also provides some facilities for archiving and retrieving files specified by users and for recovering files after accidental loss of data. However, the university is not responsible for unauthorized access by other users or for loss due to power failure, fire, floods, etc. Fredonia makes no warranties with respect to Internet services, and it specifically assumes no responsibilities for the content of any advice or information received by a user through the use of Fredonia's computer network.
Users should be aware that Fredonia computer systems and networks may be subject to unauthorized access or tampering. In addition, computer records, including e-mail, are considered "records" which may be accessible to the public under the provisions of the New York State Freedom of Information Law.
A. Academic/Administrative and Residential (ResNet) Network
1. Anti-virus Protection
Every computer connected to the campus network will be required to run current anti-virus protection software. Campus-provided “managed” anti-virus protection will be placed on the majority of campus-owned personal computers. The campus provides anti-virus protection software for students to utilize. ResNet students may utilize a “managed” or “unmanaged” mode, as owners prefer and as operating systems allow. Non-ResNet student anti-virus protection is un-managed.
It will be the responsibility of “un-managed” clients wishing to use campus network connectivity to keep anti-virus protection up-to-date. This “un-managed” client group would include:
In addition, outbound ResNet e-mail will be filtered through a server that will scan and detect viruses.
Information Technology Services and ResNet have the authority to disconnect computers from the network that have been detected as infected. The computer will remain disconnected until the user demonstrates the following: that the machine has been cleaned of viruses/worms; that an appropriate anti-virus product has been licensed for the machine through at least the end of the current academic year; and that the product has been installed and set up to automatically check for and install virus detection updates.
Second and subsequent infractions which result from a lack of an installed, licensed anti-virus product may result in additional penalties.
2. Desktop Upgrades
Every state-owned computer connected to the campus network will have Windows or Macintosh operating systems upgraded or patched by a managed service as applicable.
It will be the responsibility of “un-managed” clients wishing to use the campus network connectivity to keep all operating systems up-to-date.
3. Network Use
Users shall not utilize the campus network to provide Internet access to any outside source, be it commercial or private.
All Resnet (residential) network users must sign off that they have read this Fredonia Computer and Network Usage Policy before they are permitted access to the network.
Actions detrimental or inappropriate when accessing the university and Internet resources include but are not limited to the following:
The university networks are monitored and violators of Fredonia policy will be denied service and referred to the proper authority, as noted in Section V of this policy.
4. Wireless Network
The wireless network is not meant as a replacement for the wired network and is not to be used as a primary network connection. The wireless network is meant to extend the wired network for simple uses in areas where wired network access is unavailable. Users are expected to avoid using applications that will use large amounts of network bandwidth. These include servers and file-sharing applications. Users should be aware that Fredonia does not utilize 802.11b/g/n encryption standards on the campus wireless network (i.e. WEP, WPA, WPA2).
There are other electronic devices that use the same 2.4GHz frequency as the Fredonia wireless network. Devices include 2.4GHz cordless phones, microwave ovens, X10 wireless cameras, Bluetooth devices, and other wireless LAN equipment. Devices using this technology can cause intermittent failure and loss of service.
The following policies are in addition to the Fredonia campus network usage policies. Actions detrimental or inappropriate when accessing the university and Internet resources include but are not limited to those listed below.
B. Electronic Mail
1. University Use of Electronic Mail
Electronic mail (e-mail) is a mechanism for official communication for Fredonia. The university expects that such communications will be received and read in a timely fashion.
2. Official University E-mail Accounts
An official university e-mail account is one in which the address ends with “fredonia.edu.” All students, faculty, staff, and departments are assigned an e-mail address and account. The e-mail address is directory information. As with other directory information, in compliance with federal Family Education Rights and Privacy Act (FERPA) regulations, any student may request that his or her official e-mail address be restricted in its access. Departmental account forwarding to individuals or groups is the responsibiliity of each department.
3. Expectations For Use of E-mail
Students, faculty, and staff have the responsibility to use this e-mail in an efficient, effective, respectful, ethical and lawful manner. Students, faculty, and staff are expected to check their e-mail on a frequent and consistent basis in order to stay current with university-related communications. Unit heads that have exempted employees from the requirement of having an official e-mail account must make arrangements for alternative methods of access to official communications. Students have the responsibility to recognize that certain communications may be time-critical. “I didn’t check my e-mail”, error in forwarding mail, or e-mail returned to the university with “Mailbox Full” or “User Unknown,” are not acceptable excuses for missing official university communications via e-mail.
4. Redirecting of E-mail
If a student, faculty, or staff member wishes to redirect e-mail from their official @fredonia.edu address to another e-mail address (e.g., @aol.com, @hotmail.com), they may do so, but at their own initiative and risk. The university will not be responsible for the handling of e-mail by non-Fredonia providers. Redirecting e-mail does not absolve students, faculty, or staff from the responsibilities associated with official communication sent to their @fredonia.edu account.
5. Authentication for Confidential Information
It is a violation of university policies, including the Student Code of Conduct, for any user of official e-mail addresses to impersonate a university office, faculty/staff member, or student. To minimize this risk, some confidential information may be made available only through Your Connection which is password protected. In these cases, students will receive e-mail correspondence directing them to Your Connection, where they can access the confidential information by supplying their FredoniaID and PIN. The confidential information will not be available in the e-mail message.
Users should exercise extreme caution in using e-mail to communicate confidential or sensitive matters, and should not assume that e-mail is private and confidential. It is especially important that users are careful to send messages only to the intended recipient(s). Particular care should be taken when using the “reply” command during e-mail correspondence.
7. Educational and Administrative Uses of E-mail
Faculty will determine how electronic forms of communication (e.g., e-mail, discussion boards, etc.) will be used in their classes, and will specify their requirements in the course syllabus. The official e-mail policy ensures that all students will be able to comply with e-mail-based course requirements specified by faculty. Faculty can therefore make the assumption that students’ official @fredonia.edu accounts are being accessed and faculty can use e-mail for their classes accordingly.
Administrative offices will determine how e-mail communications will be used for administrative purposes.
8. University Announcements
Approval and transmission of e-mail containing essential university announcements to students, faculty and staff must be obtained from the appropriate authority. Only the offices of vice presidents or the university president can authorize the sending of broadcast messages to a wide audience of students, faculty, and staff. Mass mailing communications to external Fredonia.edu audiences must be accomplished utilizing an appropriately identified third-party service to mitigate the placement of fredonia.edu e-mail servers on spam blacklists.
Fredonia owns all e-mail accounts run on its domain. Under certain circumstances it may be necessary for the Information Technology Services staff or other appropriate university officials to access e-mail files to maintain the system, and to investigate security or abuse incidents or violations of other institutional policies. Such access will be on an as-needed basis and any e-mail accessed will be disclosed only to those individuals with a need to know or as required by law. While incidental non-business personal use of e-mail is acceptable, conducting business for profit using university resources is forbidden. Quota, maximum message size, message retention settings, time-out settings, maintenance times, and other e-mail guidelines will be set as appropriate for the anticipated volume and platform scaling. The need to revise settings will be monitored with recommended changes as appropriate. (See e-mail guidelines at http://www.fredonia.edu/its/servicecenter/email.)
E-mail accounts are provided to students and continued when they reach alumni status. Email accounts are provided to faculty and staff as a component of electronic services while employed. See Section III K. of this policy. In certain cases, employee e-mail accounts may be continued for a longer period or forwarded for appropriate business conclusions.
Violation or abuse of the policy may result in restriction of access to Fredonia’s e-mail system and/or other appropriate disciplinary action.
1. Establishing a LISTSERV List
2. List Sponsorship/Ownership
3. List Content and Copyright
4. List Expiration and Renewal
5. List Removal and Deletion
6. Information Technology Services’ Rights
D. The University Website
1. The University Website and Use of the Web Servers
All university-based groups (including student groups) who select external web developers will be responsible for overseeing and maintaining quality control procedures and meeting the standards of technology and content set by the university webmaster or any overriding authority such as SUNY or New York State. External developers, with no current, formal or direct affiliation with the university, will not be authorized to possess individual accounts on the university’s web servers.
All departments or student groups who choose to have an external developer work on their web pages must contact the ITS Service Center prior to commencing work.
All web pages, images or files that are located on the university web servers must be maintained and updated to reflect current and accurate content. In no instances should the web servers be utilized for storage or archiving purposes. Files that are no longer active or current must be removed from the university web servers periodically, upon the request of the university webmaster, or risk removal as deemed appropriate by the webmaster. The webmaster will periodically remind the campus community to purge its web server directories of all inappropriate or out-of-date files.
Web publishers are responsible for the content of the pages they publish on the university web server and are expected to abide by the highest standards of quality and responsibility. Content must be relevant to the university. Web authors and publishers are required to comply with all Fredonia university policies, as well as all local, state, and federal laws concerning appropriate use of computers and the Internet. Departmental web pages must conform to the design standards set forth by the university. See Guidelines for Developing and Publishing New Web Pages located at: http://www.fredonia.edu/pr/web/guidelines.asp
The purpose of the web page is to provide information to students and colleagues and must contain the following as a minimum:
TITLE FORMAT: Page Title – Departmental Name, The State University of New York at Fredonia
Example: <TITLE>Electronic Journals, Daniel A. Reed Library, The State University of New York at
In no instances should file names include spaces. Hyphens (-), underscores (_), alpha and numbers 0-9 are permissible.
Correct Examples: FileName.html Incorrect Example: File Name.html
All web pages must meet the minimum web accessibility requirements as set forth under Section 508 of the Rehabilitation Act, and mandated by the New York State Office for Technology Policy 99-3. This policy requires that all New York State agencies' websites provide universal accessibility to persons with disabilities.
All pages must include the following Meta tags for searching and identification purposes. If assistance is required, the following code example should be used (copy and paste the code below) and all underlined information replaced with keywords and a description that are specific to the web page being created.
<META CONTENT="Include important keywords from your web page here (i.e., public, higher education, Fredonia, America's Best Colleges, Blue Devils, music, liberal arts, Chautauqua County)"><META CONTENT="Include a brief description of your web page here (i.e., Fredonia is a four-year comprehensive, public, liberal arts university in the Northern U.S., known for bachelor's degree programs in music and education, and named one of America's Best Colleges)">
The university will host websites for non-university, non-profit organizations as long as their function is relevant to the overall university mission, and as long as there is an active member of the Fredonia campus community (faculty or staff holding a current appointment) who will serve as the sponsor for that website. Sponsors will be issued a special group account that may be used by the web developer, and sponsors will be responsible for maintaining and monitoring the organization's web pages. All new websites or web pages must be submitted by the sponsor for review and approval to the university webmaster prior to uploading to the university servers. Sponsors must also notify the university webmaster any time the content on any of the pages has been modified. These non-campus-hosted websites must comply with all the policies that are required of official university web pages. The university webmaster reserves the right to edit content and revoke server permissions to any authorized user who does not abide by the policies set forth by Fredonia.
2. Personal Web Pages
Users may create their own homepages. Faculty and students will have FTP (File Transfer Protocol) access to a personal directory on the university server where they can maintain their own homepage files. Under no circumstances should personal space and/or files be shared with other users. In designing a personal homepage, persons should keep in mind that homepages may not be used for personal profit, nor to violate copyright, pornography or any other state or federal laws. The university reserves the right to monitor all work on the server and remove any personal homepage or files it determines have violated any of the policies. In addition, failure to comply with computing policies could, in some cases, lead to disciplinary action or criminal prosecution.
3. Blog and Forum Standards on Fredonia's website
Fredonia Website Services provides server space and forum and web log or blog services in support of scholarly, academic, extra-curricular and professional communications conducted by members of the university community who have network accounts. Standards for posting behavior:
4. Additional Web Design Standards for Official Fredonia websites
In addition to accessibility requirements and all other web policies from Sections V.D.1, V.D.2, and V.D.3 of this document, all official Fredonia web sites, i.e., colleges, schools, academic and administrative departments, are also subject to the following layout standards intended to maintain site-wide navigation and design consistency:
a. All official Fredonia web sites must use an approved web design template.
The source code for approved web templates is available at: http://www.fredonia.edu/templates/global_files.zip (900KB) A sample template site is available at: http://www.fredonia.edu/templates/global_files/sample_site/
b. The global top navigation bar must appear at the top of all official Fredonia web pages. The source code for the global top nav bar is available at: http://www.fredonia.edu/templates/global_files/topnavbar/topnavbar_inc.asp
The global top nav bar also requires an accompanying CSS file:
http://www.fredonia.edu/templates/global_files/topnavbar/topnavbar.css As a best practice, the topnavbar.css CSS and topnavbar_inc.asp files should be linked dynamically to every web page. Using an ASP virtual #include function, the topnavbar_inc.asp file is linked within the <BODY> block of every web page, prior to other elements: <!-- #include virtual="/templates/global_files/topnavbar/topnavbar_inc.asp" --> The CSS file is linked within the <HEAD> block of every web page: <link href="http://www.fredonia.edu/templates/global_files/topnavbar/topnavbar.css" rel="stylesheet"> When the top navigation bar is included this way then any changes made to the top navigation bar's code will be reflected immediately on every page of the web site.
Requests for Exemptions:
Academic or administrative departments requesting exemptions to the above design and navigation standards for official Fredonia web sites are asked to mail or email their request to: Chair, Web Steering Committee c/o Webmaster, Foundation House, 272 Central Ave., Fredonia, NY 14063, ph.716-673-3323 firstname.lastname@example.org The Web Steering Committee will review the request and forward its recommendations to ITAB for review and consideration. At minimum, the global top navigation bar (see Section V.D.4.b of this document) is required for all official university pages, unless technical issues prevent its inclusion.
E. ANGEL Learning Management System
F. Virtual Private Network (VPN)
Fredonia Information Technology Services provides a Virtual Private Network (VPN) primarily for Information Technology Services staff to remotely and securely monitor and administer systems as necessary. The following standards are designed to minimize the potential exposure to Fredonia from damages, which may result from unauthorized use of Fredonia resources. Damages include the loss of sensitive or university confidential data, intellectual property, damage to public image, damage to critical Fredonia internal systems, etc.
Limited VPN use is provided for employee administrative access to confidential databases when remote work-related business is absolutely necessary, and when the employee has Cabinet- level approval for such access. Employees with VPN privileges understand and agree to the following:
VI. Unauthorized Use
Violation of these regulations is unethical and may constitute a criminal offense.
Offenses will be dealt with according to any or all of the following: applicable federal laws, Chapters 156 and 165.15 of the New York State Penal Law; the Fredonia "Student Rights and Responsibilities;" other laws, regulations, and policies of the campus, the State University of New York, the State of New York and the United States of America. Offenses may result in the suspension or permanent closing of usernames, campus disciplinary action, legal action and/or other action.
When Information Technology Services or the Residential Network (ResNet) Office becomes aware of a possible violation, the university will initiate an investigation in conjunction with the campus Security Administrator and/or relevant campus offices including the Office of Student Affairs, Human Resources Office, and University Police. Users are expected to cooperate fully in such investigations when requested.
In order to prevent further unauthorized activity during the course of such an investigation, Information Technology Services may suspend authorization for use of all computing facilities for the user(s) involved in the violation. ResNet reserves the right to temporarily suspend a user’s Internet connection pending the outcome of any required Administrative Sanction Hearing.
The following include, but are not limited to, examples of unauthorized use.
A. Academic Dishonesty
Practicing any form of dishonesty through use of computing facilities (for example, cheating, plagiarism, or fraud) is prohibited.
Using computers or networks to harass, abuse or intimidate another person is prohibited. Users shall not develop or use programs that harass other users. Users shall be sensitive to the public nature of shared facilities, and take care not to display on screens in such locations images, sounds or messages that could create an atmosphere of discomfort or harassment for others.
Obscene language in electronic mail, messages, process names, file names, file data, and other publicly visible forms is prohibited.
D. Child Pornography
Federal Child Pornography Law makes it illegal to create, possess, or distribute graphic depiction of minors engaged in sexual activity, including computer graphics. Computers storing such information can be seized as evidence.
Pornography in electronic mail, file data, web sites, and other publicly visible forms, is prohibited.