OZARKA COLLEGE

The effective administration of information technology resources will ensure sustained access to information and technology for students, faculty, and staff in the long term. The ensuing regulations delineate acceptable uses of these resources and ensure their alignment with the fundamental operations of the College, encompassing teaching, learning, administration, and public service. These regulations are applicable to any entity or individual utilizing the Ozarka College information technology infrastructure and its associated resources.

The College bears the responsibility of managing its resources in the most efficient and effective manner, adhering to all pertinent laws, regulations, and prudent business practices, while concurrently safeguarding and upholding the principle of academic freedom

The following categories of use are inappropriate and prohibited:

1. Use in violation of law. The unauthorized use of Technology Resources in contravention of the law, encompassing civil or criminal statutes at the federal, state, or local levels, is strictly prohibited. Examples of prohibited activities include but are not limited to: promoting pyramid schemes, accessing or disseminating illegal materials, infringing upon copyright laws, and making terroristic threats.
2. Regarding copyright infringements, it's essential for Users to understand that copyright law regulates various activities, including copying, displaying, and utilizing software and other digital works such as text, sound, images, and multimedia. While the law allows for the use of copyrighted material without explicit authorization from the copyright holder for certain educational purposes, such as protecting specific classroom practices and under the doctrine of "fair use," it's important to note that an educational purpose alone does not automatically justify unauthorized use.
3. Users are prohibited from engaging in any activity that obstructs, disrupts, undermines, or otherwise harms the activities of others. This includes but is not limited to: denying or attempting to deny service to other users, resource hogging, misuse of mailing lists, dissemination of chain letters or virus hoaxes, spamming (i.e., indiscriminate sending of emails or postings without legitimate purpose), or inundating an individual, group, or system with excessive or large email messages. Additionally, any behavior that may lead to excessive network traffic or computing load is strictly prohibited.
4. The use of Technology Resources must align with the College's status as a nonprofit, public service organization, adhering to applicable federal, state, and local laws governing income sources, political engagement, property use, and similar matters. Consequently, commercial use of IT Resources for purposes unrelated to the College's mission is generally prohibited, unless explicitly authorized under College conflict-of-interest, outside employment, or related policies. Prohibited commercial use does not encompass communications and data exchange aimed at furthering the College's educational, administrative, and other functions, irrespective of any incidental benefit to external organizations. Commercial advertising is strictly prohibited unless authorized through a contract with the commercial vendor.
5. The use of Technology Resources to imply endorsement by the College of any political candidate or ballot initiative is strictly prohibited. Users are not permitted to utilize Technology Resources for lobbying activities that may suggest College involvement.
6. Technology Resources may only be utilized to communicate personal political opinions to an elected official if such expression falls within the scope of the employee's regular job duties or is specifically requested by an elected official or public entity.
7. Harassing or threatening use. This category encompasses harassing or threatening behavior, such as repeatedly contacting someone without their consent.
8. Use damaging the integrity of College or other IT Resources. This category includes, but is not limited to:
   • Users are strictly prohibited from attempting to bypass or compromise the security measures of any IT system. This includes actions such as "cracking" passwords, decoding information, or using someone else's identification or password. However, this provision does not restrict the IT Organization or Systems Administrators from employing security-related programs within the scope of their authority over the systems.
   • Unauthorized access or use. The College emphasizes the importance of upholding the integrity of data stored within IT Resources. Users are required to adhere to this principle by refraining from seeking unauthorized access to IT Resources and from aiding or permitting others to do so. For instance, individuals or organizations not affiliated with the College may not utilize non-public IT Resources without explicit authorization. While privately owned computers can be used to provide public information resources, they may not host sites or services for external entities across the College network without specific authorization. Moreover, Users are prohibited from accessing IT Resources that they do not have authorization to access. Additionally, deliberate and unauthorized alterations to data on an IT System are strictly forbidden. Users must not intercept or attempt to intercept data communications not intended for them, which includes actions such as "promiscuous" network monitoring, running network sniffers, or tapping phone or network lines.
   • Disguised use. Users must not conceal their identity when using IT Resources, except when the option of anonymous access is explicitly authorized. Users are also prohibited from masquerading as or impersonating others or otherwise using a false identity.
   • Distributing computer viruses. Users must not knowingly distribute or launch computer viruses, worms, or other rogue programs.
   • Modification or removal of data or equipment. Without specific authorization, Users may not remove or modify any College-owned or administered equipment or data from College property or IT Resources.
   • Use of unauthorized devices. Users must not physically or electronically attach any additional device to the IT infrastructure or related resources that impedes, interferes, or otherwise causes harm to the IT infrastructure or related resources.
9. Use in violation of external data network policies. Users must observe all applicable policies of external data networks when using such networks.

College Access
In accordance with state and federal law, the College may access all aspects of IT Resources, without the consent of the User. Such access will be made in circumstances including but not limited to the following:

1. When necessary to identify or diagnose systems or security vulnerabilities and problems, or otherwise preserve the integrity of the IT Resources; or
2. When authorized by federal, state, or local law or administrative rules; or
3. When there are reasonable grounds to believe that a violation of law or a breach of College policy may have taken place and access and inspection or monitoring may produce evidence related to the misconduct; or
4. When such access to IT Resources is required to carry out essential business functions of the College; or
5. When required to preserve public health and safety and/or system or data integrity or user privacy. College access without the consent of the User will occur only with the approval of the appropriate vice president, or their respective delegates, except when an emergency entry is necessary to preserve the integrity of facilities or to preserve public health and safety.
   • The College, through the Systems Administrators, will log all instances of access without consent. Systems Administrators will also log any emergency entry within their control for subsequent review by appropriate College authority. In addition to accessing the IT Resources, the College, through the appropriate Systems Administrator, may deactivate a User’s IT privileges, whether or not the User is suspected of any violation of this policy, when necessary to preserve the integrity of facilities, user services, or data. The Systems Administrator will attempt to notify the User of any such action.
   • By attaching privately owned personal computers or other devices to the College network, Users consent to College use of scanning programs for security purposes of those resources while attached to the network.
   • Most Systems Administrators routinely log user actions in order to facilitate recover from system malfunctions and for other management purposes. All Systems Administrators are required to establish and post procedures concerning logging of User actions including the extent of individually identifiable data collection, data security, and data retention.
   • Encrypted files, documents, and messages may be accessed by the College under the above guidelines

Enforcement Procedures

1. Complaint of Alleged Violations. An individual who believes that he or she has been harmed by an alleged violation of this policy may file a complaint in accordance with established College grievance procedures (including, where relevant, those procedures for filing complaints of sexual harassment or of racial or ethnic harassment) for students, faculty, and staff. The individual is also encouraged to report the alleged violation to the Systems Authority overseeing the facility most directly involved, or to the IT Organization which must investigate the allegation and (if appropriate) refer the matter to College disciplinary and/or law enforcement authorities.
2. Reporting Observed Violations. If an individual has observed or otherwise is aware of a violation of this policy, but has not been harmed by the alleged violation, he or she may report any evidence to the Information Systems department, which must investigate the allegation and (if appropriate) refer the matter to College disciplinary and/or law enforcement authorities.
3. Disciplinary Procedures. Alleged violations of this policy will be pursued in accordance with the appropriate disciplinary procedures for faculty, staff, and students, as outlined in the applicable Handbook.
4. Systems Administrators and the IT Organization may participate in the disciplinary proceedings as deemed appropriate by the relevant disciplinary authority. Moreover, at the direction of the appropriate disciplinary authority, Systems Administrators, and the Information Systems unit are authorized to investigate alleged violations.
5. Legal Liability for Unlawful Use. In addition to College discipline, Users may be subject to criminal prosecution, civil liability, or both for unlawful use of any IT Resources.
6. Appeals. Users found in violation of this policy may appeal or request reconsideration of any imposed disciplinary action in accordance with the appeals provisions of the relevant disciplinary procedures.