1.0 Revision History
2.0
Purpose
Access to Northern
Arizona University computing and network resources is a privilege which imposes
certain responsibilities and obligations and which is granted subject to
university policies and codes, and local, state and federal laws. All users of
these shared resources must act responsibly and comply with specific policies
and guidelines governing their use. The
purpose of this policy is to promote the efficient, ethical and lawful use of
Northern Arizona University's computer and network resources.
3.0
Definitions
3.1
Computing and network resources include both wired and wireless
connectivity.
3.2
Network access includes connecting to the Northern Arizona University
network on campus, through a university modem pool, remote computer lab, or
another Internet Service Provider.
3.3
Student workers and temporary employees are considered staff for the
purposes of this policy and must adhere to its provisions.
3.4
Strong passwords are those that use at least eight characters, includes
a combination of letters, numbers, and symbols and is easy for you to remember,
but difficult for others to guess.
4.0
Applicability
This policy
applies to all staff, faculty, and affiliate users of Northern Arizona
University computing and network resources, whether use is initiated from a
computer and/or network device located on or off campus.
5.0
Policy
Faculty, staff and affiliates using computer resources
belonging to Northern Arizona University must act in a responsible manner, in
compliance with law and University policies, including the Acceptable Use Guidelines
set forth in this Policy, and with respect for the rights of others using a
shared resource. The right of free expression and academic inquiry must be
balanced by the rights of others to privacy, freedom from intimidation or
harassment, protection of intellectual property, ownership of data, and
security of information.
6.0
Acceptable Use Guidelines
The specific
usage guidelines that follow are not intended to be comprehensive, but rather
to establish and clarify the intent of this Policy. Situations not enumerated
here will inevitably arise, and they should be interpreted according to the
spirit of this policy.
Each person using
Northern Arizona University's computer and network resources must:
6.1
Take no actions that violate the ABOR Policy
Manual, Northern Arizona University Personnel Policy Manual, or other
applicable law or policy, including this Policy.
This is not a
comprehensive list of applicable Federal, State and University policies. In the
event of a conflict between policies, the more restrictive use policy shall
govern.
See the Northern
Arizona University Personnel Policy Manual for more information.
(Note: The manual is a large PDF file; downloading it over a dialup connection
is not recommended.)
6.2
Use security measures to protect the integrity of
information, data, and systems.
Users must protect their computer systems and
accounts by using strong passwords, installing anti-virus software consistent
with management directives and by keeping such software, as well as the
operating system and application security patches, up to date. Users are
responsible for safeguarding their identification codes and passwords, and for
using them only as authorized. Examples of misuse include: unauthorized use of
a account; obtaining a password that you are not authorized to use; giving out
your password to an unauthorized person; or using the campus network to gain
unauthorized access to any computer system, and using a "sniffer" or other
methods in an attempt to "crack" passwords.
6.3
Not forge or misrepresent
your identity.
Concealing or masking the identity of the sender of electronic
communications by altering the source of an email message to make it appear as
if the message was sent by someone else is a violation of this policy.
6.4 Use computer and network
resources efficiently.
Computing resources are the property of Northern Arizona University, not of the individual user, are costly, are finite and must be shared.
Employees may use the University's computer and network resources for
incidental personal purposes, provided that such use does not (A) unreasonably
interfere with the use of computing and network resources by other users, or
with the University's operation of computing and network resources; (B)
interfere with the user's employment or other obligations to the University;
(C) violate this policy or other applicable policy or law; or (D) violate
University licensed software contractual limitations and restrictions. The University
retains the right to set priorities on use of the system, and to limit
recreational or personal use when such use could reasonably be expected to
cause, directly or indirectly, strain on any computing facilities, or to
interfere with research, instructional or administrative computing
requirements, or to violate applicable policies or laws.
6.5 Not harass or intimidate others.
The University, in
general, cannot and does not wish to be the arbiter of content maintained,
distributed or displayed by users of the University's computing and network
resources. For example, the University, in general, cannot protect users from
receiving e-mail they may find offensive. Unlawful or unauthorized use of
University computer and network resources can expose the individual user and
the University to damages claims and potential criminal liability. Unlawful or
unauthorized uses may include, but are not limited to: harassment and
intimidation of individuals on the basis of race, color, national origin, sex,
religion, sexual orientation or disability; accessing, creation, display or
transmission of obscenity, child pornography or material harmful to minors as
defined by law; threats; theft; attempting unauthorized access to data;
attempting to breach security measures on any electronic communications
software or system; attempting to intercept electronic communication
transmissions without proper authority; and violation of intellectual property
or defamation laws. Do not use computer systems to send, post, or display libelous
or defamatory messages, text, graphics, or images. Computer communication,
including individual websites on university servers, should be respectful of
others and should be consistent with Northern Arizona University values of
civility, integrity and diversity, as well as the provisions of this policy.
6.6 Use University computer
resources and networks for legitimate academic or administrative purposes.
Incidental personal use is permissible
to the extent that it does not violate other provisions of this policy,
interfere with the performance of employee's duties, or interfere with the
education of students at the University. Use of your computer account or the
network for commercial activities that are not approved by appropriate
supervisory University personnel consistent with applicable policy, or for
personal financial gain (except as permitted under applicable academic
policies) is prohibited. Examples of prohibited uses include using your
computer account for engaging in unauthorized consulting services, illegally
downloading copyrighted music, videos, or other material, software development,
advertising products/services, and/or other private commercial activity.
Compliance with specific regulations required of all state employees and
agencies regarding lobbying and political activity must be followed by all
university employees and affiliates and are detailed in the Northern Arizona
University Personnel Policy Manual, Policy 5.10, Subject: Lobbying/Political
Activity.
6.7 Respect
copyright and intellectual-property rights.
Users must adhere to the U.S. Copyright Law and the terms and
conditions of any and all software and database licensing agreements. Any form
of original expression fixed in a tangible medium is subject to copyright, even
if there is no copyright notice. The law also makes it unlawful to circumvent
technological measures used by copyright owners to protect their works.
Copyright infringement exposes the user, and possibly the University, to heavy
fines and potential civil and criminal liability. Examples of materials
potentially covered by copyright protection include music, movies, graphics,
text, photographs, artwork and software distributed in any media -- including
online. The use of a copyrighted work (such as copying, downloading, file
sharing, distribution, public performance, etc.) requires either (A) the
copyright owner's permission, or (B) an exemption or a fair use defense under
the Copyright Law.
6.8 Make
only appropriate use of data to which you have access.
Authorized University personnel (e.g. system, network
and database administrators, among others) may have access to data beyond what
is generally available. Privileged access to data may only be used in a way
consistent with applicable laws, University policies, and accepted standards of
professional conduct. Those who have access to databases that include personal
information shall respect individual privacy and confidentiality, consistent
withapplicable laws and
University policies regarding the collection, use and disclosure of personal
information. Examples of sensitive data
that must be safeguarded are data protected by federal and state laws,
including without limitation the Family Educational Rights and Privacy Act
(FERPA) and the Health Insurance Portability and Accountability Act (HIPAA), as
well as any retained personal financial data.
6.9 Understand Limitations on Privacy Expectations.
Users should be aware that state laws and University
policies, guidelines and regulations may limit the protection of certain aspects
of individual privacy. Both the nature of electronic communications and the
public character of the University's business make certain uses less private
than users may anticipate. For example, in certain circumstances, the
University may permit the inspection, monitoring or disclosure of e-mail,
consistent with applicable laws, by University personnel or law enforcement
officers. The University also may be
required to disclose e-mail and other electronic data and documents pursuant to
the Arizona public records laws.
6.10 Respect and adhere to other
departmental/college/Internet Service Provider's acceptable use policies.
When
using a University computer system and/or network to connect to a
non-University system or network, adhere to the prevailing policies governing
that system or network. This does not in any way release your obligation to
abide by the established policies governing the use of the University’scomputer
software, systems and networks.
7.0 Roles and Responsibilities
The
roles and responsibilities
of University employees subject to this Policy are set forth above.
8.0 Compliance
Violations of this Policy
are subject to sanctions prescribed in, but not limited to, the following
policies: Arizona Board of Regents (ABOR) Policy Manual, and the Northern
Arizona University Personnel Policy Manual. Some potential sanctions are listed
in Section 5 of the university personnel policy manual.
Employees who misuse Northern Arizona University’s
computing and network resources or who fail to comply with the University's
written usage policies, regulations and
guidelines are subject to one or more of the following consequences:- Temporary loss of computer/network
access during incident investigations
- Disciplinary actions taken by the
employee's supervisor up to and including termination of employment
- Legal prosecution under applicable
Federal and State laws
9.0 References
9.1
Northern Arizona
University Personnel Policy Manual (http://www.hr.nau.edu/m/images/stories/docs/policy_manual.pdf)
9.2
ABOR Policy Manual(http://www.abor.asu.edu)
9.3
U.S. Copyright Law (http://www.copyright.gov/title17/)