Policies for the Access and Utilization of College Computing Facilities

• Expectation of Privacy
• Account Policy
• Password Policy
• E-mail Policy
• Software Policy
• Hardware Policy
• Network Usage Policy
• Network File Resources Policy
• Pornography Policy

“Users”, as listed in the policies below, is defined as any guest, student, faculty, or staff of Alfred State College.

Expectation of Privacy

Revised March 29, 2005

The Technology Services department is responsible for the maintenance of the College's networks, computers, and storage systems. Technology Services staff routinely monitors usage such as network connection times, CPU and disk utilization, security audit trails, and network loading. Faculty, staff, and students using the Alfred State College Network information systems and/or the Internet should realize that their communications are not necessarily protected from viewing by third parties. Unless encryption is used, students, faculty, and staff should not send information over the Internet if they consider it to be private.

If a violation of local law, New York State law, federal law, or campus computing policies is suspected, Alfred State College reserves the right to examine e-mail, personal file directories, and any other information stored on student, faculty, or staff computers, or other devices connected to the Alfred State College network. This examination assures compliance with internal policies, supports the performance of internal or external investigations, and assists with the management of the College's information systems.

back to top

Account Policy

Revised Aug. 8, 2006

User accounts provide access to a variety of valuable campus resources; therefore, a high priority is given to account security.

The College agrees to provide a network user account to faculty, staff, and students. A user account is a privilege granted to an individual by the College, not a right. All who use Alfred State College computer facilities have the responsibility to do so in a productive, efficient, ethical, and legal manner. This privilege may be revoked or suspended at any time.

Violation or circumvention of these policies will be considered a violation of the Faculty/Staff Policies and Procedures or the Student Code of Conduct and may result in disciplinary action or legal prosecution.

1. User accounts are assigned to single individuals. Use of an account by an individual other than the one originally assigned the account is prohibited. This includes friends and family members.
2. Students no longer enrolled due to leave of absence, graduation, withdrawal, or other reasons will have their accounts terminated approximately four months after departure from the college. An account may be terminated before this four month period at the discretion of the President of the College or the Chief Information Officer. Deletion of accounts is permanent and includes all data associated with that account. Students are strongly encouraged to review and personally archive any data they are allowed to retain before leaving campus.
3. Faculty/staff accounts of employees who are no longer employed by the campus will be disabled immediately after their last date of service. Approximately six months after the last date of service the account and all resources associated with it will be permanently deleted. Faculty/staff leaving service are strongly encouraged to review and personally archive any personal data they are allowed to retain prior to their last day of state service.
4. Student e-mail accounts are created for accepted students shortly after the Admissions deposit has been paid. Student access to other network resources are generally permitted within the first two weeks of the beginning of each semester. Before the additional student network access is given, the student must pay the current semester’s bill in full and be registered for at least one course. Students who require accounts outside of this time period should contact the Help Desk for assistance.
5. Faculty/staff accounts are generally created within 48 hours given the following criteria is met:
6. A completed online request is submitted.
   1. Complete and correct information for an account is provided.
   2. Authorization is received from Human Resources to create the account.
7. Violation of any campus policies may result in temporary or permanent suspension of an account at the discretion of Technology Services or the Campus Leadership Team.
8. Use of an account to gain unauthorized access to any resource on campus is prohibited.
9. Acquiring an account by using another person’s name and/or information is considered fraud and is prohibited.
10. Use of a username other than one authorized by the College is prohibited.
11. Under special circumstances, the President of the College or a member of the Campus Leadership Team has the option to retain any account and assign any special permission not normally assigned.
12. Disputes on the creation, permissions, or capabilities assigned to a particular user or account will be decided by the Chief Information Officer (or designee).

back to top

Password Policy

Revised Aug. 8, 2006

“Password” and “PIN” are defined as a string of characters used to gain access to any campus infrastructure including but not limited to the campus network, electronic mail system, Banner, BannerWeb for Faculty and Students, Blackboard, SUNY Web services, and Course Compass.

It is the responsibility of all users of Alfred State College technology services to observe good security practices. User irresponsibility causes security breaches and allows College systems to become vulnerable to unauthorized access. It is important that usernames are secured by keeping passwords secret and changing passwords often.

Secure passwords and password policies play an important role in protecting the integrity and investment of campus resources. Without adequate passwords, unauthorized access to the Alfred State College infrastructure becomes highly probable; compromised systems can result in denial of services, corruption of information, and even destruction of resources.

Violation or circumvention of these policies is considered a violation of the Faculty/Staff Policies and Procedures or the Student Code of Conduct and may result in disciplinary action or legal prosecution.

1. Passwords will be changed at least once every 122 days or three times per year.
2. New students and employees of Alfred State College will be assigned a temporary password which should be changed upon initial logon.
3. When changing passwords, users will not be permitted to use any of their last six passwords.
4. Passwords can only be changed once within a seven day period.
5. Accounts will be locked out (disabled) after five failed attempts to log on within a 24-hour period. Users should contact the Help Desk to request their accounts be re-enabled.
6. Passwords are required to be a minimum of eight characters in length, and should be a mix of alpha-numeric characters (i.e., letters of the alphabet and numbers). It is highly recommended a password also contain at least one special character. (For example: !~@#$%^&*() )
7. Users must never share their password with others, including friends and family members.
8. Passwords should be changed by the user when the user suspects unauthorized access.
9. Users should never leave a workstation unattended which they have currently logged on to the Alfred State College system.

back to top

E-mail Policy

Revised March 29, 2005

E-mail has become widely used for business and academic communication. Since so much information flows through e-mail systems, the following policies are put in place to define how e-mail is to be used on campus.

Alfred State College cannot guarantee that electronic communications will be private. Employees should be aware that electronic communications could, depending on the technology, be forwarded, intercepted, printed, and stored by others.

An e-mail account is a privilege granted to an individual, not a right. This privilege may be revoked or suspended at any time.

Any violation or circumvention of these policies will be considered a violation of the Faculty/Staff Policies and Procedures or the Student Code of Conduct and may result in disciplinary action or legal prosecution.

1. When using the campus e-mail system, the following will be considered the acceptable standard:
   1. E-mail messages should be legal and ethical.
   2. E-mail used for personal gain is prohibited.
   3. Faculty, staff, and students will use e-mail with an acknowledgement that their affiliation with the College is implied through their e-mail address (user@alfredstate.edu).
   4. Faculty, staff, and students will demonstrate moderation in the consumption of shared network resources.
2. E-mail accounts are granted and follow the basic guidelines as listed under Account Policy.
3. Use of an e-mail account to gain unauthorized access to any resource on campus is prohibited.
4. Spamming or utilizing the campus e-mail system for advertising purposes is prohibited. An announce system is provided for intra-campus general announcements.
5. Unauthorized redirection or spoofing of e-mail accounts is prohibited.
6. Abusive messages sent to an individual through e-mail are considered harassment and are prohibited.
7. All computers used to access the campus e-mail are required to have updated anti-virus software installed and running while accessing e-mail.
8. Disseminating viruses, trojans, or other possible malicious code through campus e-mail systems is prohibited. Violators of this policy may be subjected to temporary or permanent suspension of their accounts, campus discipline, and/or legal prosecution.
9. Deleted e-mail items are retained for thirty days. After thirty days, deleted items are permanently removed (restoration will not be possible).
10. Sent e-mail items are retained for thirty days. After thirty days sent items are permanently deleted.
11. Inbox items are retained for one year. After one year, items in the Inbox folder are permanently deleted. E-mail users are strongly encouraged to manage and maintain older inbox items by personally archiving them.
12. Sending messages over 10 MB in size are prohibited. E-mail systems are not meant to be file transfer systems. Please contact the Help Desk if you require assistance in sending someone large messages or files.
13. Mailbox sizes are 60 MB for students and 250 MB for faculty and staff. Upon reaching the maximum mailbox size, students, faculty, and staff will not be able to send or receive mail until their mailbox size is reduced.

back to top

Software Policy

Revised March 29, 2005

Software is a critical and valuable resource to the college. The college provides licenses and access to software to fulfill student, faculty, and staff requirements.

Any violation or circumvention of these policies will be considered a violation of the Faculty/Staff Policies and Procedures and/or the Student Code of Conduct and may result in disciplinary action or legal prosecution.

“Software” as listed in the policies below, is defined as any code and/or accompanying data that may be found on a hardware device. Examples of hardware devices are: desktop computers, personal digital assistants, laptop computers, routers, switches, wireless access points, and printers. See the Hardware Policy for more information.

1. Users will not violate legal protection provided by copyrights and licenses.
2. Users will not make copies of any licensed or copyrighted computer programs found on ASC college computers or networks without authorization.
3. Users will not load any software on ASC college computers or networks without authorization.
4. Users will not use ASC college networks to download illegal software.
5. Users will not use ASC college networks to share illegal software.
6. Any unauthorized configuring of software on ASC college computers or networks is prohibited.
7. Any unauthorized removal of software from ASC college computers or networks is prohibited.

back to top

Hardware Policy

Revised March 29, 2005

Computer and network hardware are an integral part of the computing environment at Alfred State College. As such, the campus relies heavily on having computer labs and the local area network available to faculty, staff, and students. These policies help ensure the best possible academic computing environment while protecting these vital campus resources.

Hardware will be defined but not limited to the following: Alfred State College and/or New York State owned CPUs, monitors, mice and other input devices, keyboards, memory, hard drives, hubs, switches, routers, network cabinets, cables, power cords, printers, wireless access points, PDAs, plotters, and wall jacks.

Any violation or circumvention of these policies will be considered a violation of Faculty/Staff Policies and Procedures or Student Code of Conduct and may result in disciplinary action or legal prosecution.

Any unauthorized displacement of hardware is prohibited.

1. Any unauthorized entry into hardware is prohibited.
2. Any unauthorized tampering, configuring or alteration of hardware is prohibited.
3. Any unauthorized entry into a computer lab is prohibited.

back to top

Network Usage Policy

Revised March 29, 2005

The campus relies heavily on the local area network and the Internet to succeed in fulfilling its academic mission. These policies help ensure the best possible academic networking environment while protecting this vital campus resource.

Any violation or circumvention of these policies will be considered a violation of the Faculty/Staff Policies and Procedures or the Student Code of Conduct and may result in disciplinary action or legal prosecution. Network access (meaning both LAN access and Internet access) is considered a privilege, not a right. This privilege may be revoked or suspended at any time.

Network resources should be used for academic use and to fulfill the campus mission.

1. Use of Alfred State College technology resources for personal purposes is permissible so long as the incremental cost of the usage is negligible, and so long as no campus-related activity is preempted by the personal use.
2. Use of the campus network for personal gain is prohibited. This includes:
   1. selling of products and/or services
   2. correspondence and/or communications involved in the selling of products and/or services
   3. unauthorized selling of products and/or services
3. Peer to peer networking is prohibited. Peer to peer networking includes any and all internet file sharing applications including, but not limited to Kazaa, Ares, Morpheus, Audio Galaxy, Direct Connect, Edonkey, and Gnutella. Use of peer to peer technologies may result in a user being placed in the “Penalty Box” as outlined in the Penalty Box Policy.
4. Unauthorized high bandwidth usage is prohibited. Bandwidth abuse erodes the effectiveness of the network, resulting in less efficient services or denial of services. Violation of this policy may result in a user being placed in the “Penalty Box” as outlined in the Penalty Box Policy.
5. Technology Services or the College Administration can limit or deny network access at any time it is determined that there has been a violation of any campus policy or applicable laws. This includes but is not limited to copyright violation, harassment violation, student conduct violation, and business use violation.
6. Unauthorized port scanning of any campus equipment connected to the campus network is prohibited.
7. Any unauthorized process or device which may deny other network devices partial or full services to the campus network is prohibited. Such devices or processes may be suspended, disabled, or impounded without notice by Technology Services or as directed by Campus Administration.
8. Users shall not develop or use procedures to alter or avoid the accounting and monitoring of the use of technology services. For example, users may not utilize facilities anonymously or by means of an alias, and may not send messages, mail or print files, which do not show the correct username of the user performing the operation.
9. Practicing any form of dishonesty through use of computing facilities - for example, cheating, plagiarism, or fraud - is prohibited. Using computers or the network to harass, abuse or intimidate another person is prohibited. Users shall not develop or use programs that harass or break into another person’s computer including but not limited to port scanners, password crackers and viruses.

Obscene language or pictures/videos/audio included in electronic mail messages, process names, file names, file data, and any other accessible form are prohibited on equipment connected to the college network.

back to top

Network File Resources Policy

Revised March 29, 2005

Most students, faculty, and staff have access to network file resources. Network file resources include but are not limited to what is commonly referred to as “N: drive space” and “Web space.” Also, some faculty, staff, and students have other network file resources, depending upon their academic needs. Since these are finite resources accessed over a finite amount of bandwidth, policies concerning network file resources ensure reliable and consistent access for all users of these resources.

Any violation or circumvention of these policies will be considered a violation of the Faculty/Staff Policies and Procedures or the Student Code of Conduct and may result in disciplinary action or legal prosecution. Network file resource access is considered a privilege, not a right. This privilege may be revoked or suspended at any time.

1. Student quotas on their general use network file resources are 350 MB. This restriction guarantees equitable space to all students that require it.
2. Network file resources are to be used for academic purposes. Personal use of this space for media files (such as MP3s, AVIs, MPEGs, and other media files) is prohibited. If a student requires network resources to store media files for academic use, please contact the Help Desk and explain your need.
3. Use of network file resources for personal gain is prohibited.
4. Unauthorized access to another individual’s network file resources is prohibited.
5. Inappropriate content as outlined in this policy or in other campus policies may result in deletion of inappropriate material without notice.
6. Network file resources are monitored to ensure compliance with campus policies.
7. Access to network file resources may be denied, suspended, and the content impounded upon violation of campus policy or applicable laws at the discretion of Technology Services or the College Administration.
8. Access may be suspended on any World Wide Web accessible network file resources if the content of the Web space is deemed against campus policy or applicable laws. Users may ask for a review of a Web site by the College Administration to determine its appropriateness. The College Administration may accept or deny this request.
9. The unauthorized storage of computer viruses, trojans, malicious self-replicating applications, or other malicious code on network file resources is prohibited.
10. Unauthorized “mirroring” of files or Web sites for internet or intranet access is prohibited.

back to top

Pornography Policy

Any violation or circumvention of these policies will be considered a violation of the Alfred State College Faculty/Staff Policies and Procedures and/or the Student Code of Conduct and may result in disciplinary action or legal prosecution where applicable.

Downloading, uploading, distribution, storage, reproduction, creation or viewing of pornographic material is prohibited on Alfred State College owned equipment. Examples of Alfred State College owned equipment include but are not limited to faculty and staff desktop and laptops, computer lab desktops, network printers, cellular phones, PDAs, servers, storage devices, visual projection systems, televisions, monitors, copy machines and networking equipment.

Alfred State College employees are obligated to report possible pornography policy violations to the Technology Services department. Determination of pornographic material will be at the discretion of the Director of Technology Services, Alfred State College Vice Presidents, or designee(s).

back to top