Information Technology Policy

Purpose

Owens Community College provides information technology resources to support the academic, administrative, instructional, research and business operations of the College. The purpose of this rule is to maintain and protect the confidentiality, integrity and availability of the College’s information technology resources.

Application

This rule and the accompanying standards and procedures apply to all information technology devices owned by the College, to any device that obtains connectivity to the College network and to all relevant data on such devices.

Responsibility

  1. All users of information technology resources are responsible for reading, agreeing to and abiding by this rule.
  2. All users of information technology resources are responsible for practicing safe computing and must use and protect data in a manner consistent with all relevant standards, procedures and policies of information technology services, as well as the rules of the College.
  3. A user of information technology resources must notify College officials upon discovery if an assigned information technology resource has been accessed, attempted to be accessed or is vulnerable to access by an unauthorized user.
  4. All users of information technology resources are responsible for any activity resulting from their assigned resources.
  5. All users of information technology resources must be aware of and comply with all applicable federal, state or other laws, contracts, regulations and licenses, including but not limited to:
    1. United States Code, including but not limited to:
      1. Digital Millennium Copyright Act, Pub. L., No. 105-304, 112 Stat. 2860 (1998), 17 U.S.C. 101
      2. Electronic Communications Privacy Act of 1986, Pub. L., No. 99-508, 100 Stat. 1848, 18 U.S.C. 2510
      3. Computer Fraud and Abuse Act of 1986, Pub. L., 99-474, 100 Stat. 1213, 18 U.S.C. 1001
      4. Family Educational Rights and Privacy Act of 1974, Pub. L., 93-380, 88 Stat. 571, 20 U.S.C. 1232g
      5. Health Insurance Portability and Accountability Act of 1986, Pub. L., 104-191, 110 Stat. 1936, 42 U.S.C. 201
      6. Gramm-Leach-Bliley Act, Pub. L., 106-102, 113 Stat. 1338 (1999), 12 U.S.C. 1811
    2. Ohio Revised Code, including but not limited to: Section 1349.19 of the Revised Code.
  6. The College must employ reasonable measures to mitigate security threats and will enforce standards and rules to protect College-owned or controlled information technology resources.
  7. The College may permit the use of information technology resources for experimental use or limited social purposes if it is determined in advance that such use will not interfere with institutional operations or violate the standards and procedures of information technology services and the rules of the College.
  8. The College may restrict or block any subsidiary application or protocol that poses a risk to the security of the information technology infrastructure, as deemed appropriate or necessary, without prior notice.
  9. The College prohibits the following actions, including but not limited to:
    1. An attempt at, or the circumvention of, an information technology security system, such as a firewall, antivirus software, encryption, or passwords, by a physical method.
    2. The disruption of College operations, such as a configuration of devices that disrupts network service, a denial-of-service attack, or the disruption of public access to resources.
    3. The use of information technology to conduct reconnaissance, vulnerability assessments, or similar activity by unauthorized personnel.
    4. Anonymous use, impersonation, or use of pseudonyms on an information technology resource to avoid accountability; examples include, but are not limited to, forging email or using any internet service not affiliated with the College that can prevent accountability for its use.
    5. The use of devices that broadcast any wifi signal is prohibited on any College-owned or occupied property, unless it is part of the wireless service being deployed by the College.

Security and Privacy Statement

Owens Community College respects the privacy of all information technology data users. The College does not routinely monitor the content of material but does reserve the right to access and review all aspects of its information technology infrastructure to investigate performance or system problems, search for harmful programs, or, upon reasonable cause, to determine if a user is in violation of any College rule, standard or procedures, state or federal laws, contract or license. The College may monitor, keep and audit detailed records of information technology usage; traces may be recorded routinely for troubleshooting, performance monitoring, security purposes, auditing, recovery from system failure, etc. or in response to a complaint, in order to protect the College’s and others’ equipment, software and data from unauthorized use or tampering. Extraordinary record keeping, traces and special techniques may be used in response to technical problems or complaints, or for violation of law, rules, standards or regulations, but only on approval by the College administration specifically authorized to give such approval. In addition to respecting an individual’s privacy under normal circumstances, the privacy of those involved in a complaint will be respected, and the College will limit special record-keeping, where feasible, to do so. Information will be released in accordance with the law. Users should be aware that while the College implements various security controls to protect information technology resources, data cannot be guaranteed to be protected from unauthorized individuals.

Non-Compliance

Non-compliance with this rule and corresponding procedures may be subject to the Owens Community College rule 3358:11-5-52 of the Administrative Code (standards of conduct and disciplinary process policy and corresponding procedures) or the College’s student code of conduct. Access privilege may be suspended without prior notice if it is determined that a violation poses a current or imminent threat to the confidentiality, integrity, or availability of information technology resources. Furthermore, failure to abide by or comply with applicable federal, state or other laws, regulations, contracts or licenses may result in civil or criminal sanctions under the law.

Implementation

The treasurer/chief financial officer or the chief information officer has the authority to promulgate procedures, guidelines and forms consistent with this rule.

Effect On Prior Policy

This rule repeals and supersedes all portions of the Owens Community College rule of 3358:11-4-10 of the Administrative Code (responsible computing policy).

All users of the information technology resources may refer to definitions (PDF) and standards for the College’s information technology services.

Effective date: 12/14/2019

Promulgated under: 111.15
Statutory authority: 3358.08
Rule amplifies: 3358.08
Prior effective dates: 3/07/2002
Replaces: 3358:11-4-10 (responsible computing policy)