Information Technology Acceptable Usage Agreement

As part of its educational mission, Waubonsee Community College (college or Waubonsee) acquires, develops, and maintains computers, computer systems and networks. These computing resources are intended for college-related purposes, including direct and indirect support of the college's instruction, research and service missions; college administrative functions; student and campus life activities; and the free exchange of ideas both within the college community and between the college community and the wider local, national and world communities.

This agreement applies to all users of college computing resources, whether affiliated with the college or not, and to all uses of those resources, whether on campus or from remote locations. Additional policies and procedures may govern specific computers, computer systems or networks provided or operated by specific departments of the college. Consult the managers of the specific computer, computer system or network that you are interested in for further information. This agreement may be modified as deemed appropriate by the college. Users are encouraged to periodically review the agreement as posted on the college's website.

The rights of academic freedom and freedom of expression apply to the use of college computing resources. So too, however, do the responsibilities and limitations associated with those rights. The college supports a campus and computing environment open to the free expression of ideas, including unpopular points of view. However, the use of college computing resources, like the use of other college-provided resources and activities, is subject to the requirements of legal and ethical behavior. Thus, legitimate use of a computer, computer system or network does not extend to whatever is technically possible.

Users of college computing resources must comply with federal and state laws, college rules and policies, and the terms of applicable contracts, including software licenses, while using college computing resources. Examples of applicable laws, rules and policies include the laws of libel, privacy, copyright, trademark, obscenity and child pornography; the Illinois Computer Crime Prevention Law, the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act, which prohibit "hacking," "cracking" and similar activities; the college's Student Code of Conduct; and the college's Discrimination and Harassment Policy.

Users who engage in electronic communications with persons in other states or countries or on other systems or networks may also be subject to the laws of those jurisdictions and the rules and policies of those other systems and networks. Users with questions as to how the various laws, rules and resolutions may apply to a particular use of college computing resources should contact the Office of the Chief Information Officer for more information.

Users are responsible for ascertaining what authorizations are necessary and for obtaining them before using college computing resources. Users are responsible for any activity originating from their accounts which they can reasonably be expected to control. Accounts and passwords may not, under any circumstances, be used by persons other than those to whom they have been assigned by the account administrator. In cases when unauthorized use of accounts or resources is detected or suspected, the account owner should change the password and report the incident to the Technical Assistance Center (TAC) at tac@waubonsee.edu or (630) 466-HELP (4357).

Users may not copy, store, or transmit unencrypted confidential and sensitive data on smartphones, CD/DVDs, PDAs, USB flash drives, non-college-owned/-leased computing devices, or other portable storage or computing devices.

Although there is no set bandwidth, disk space, CPU time, or other limit applicable to all uses of college computing resources, the college may require users of those resources to limit or refrain from specific uses if, in the opinion of the system administrator, such use interferes with the efficient operations of the system.

Users may not state or imply that they speak on behalf of the college or use college trademarks and logos without authorization to do so. Authorization to use college trademarks and logos on college computing resources may be granted only by the Office of the Executive Director of Marketing and Communications. The use of appropriate disclaimers is encouraged. For further guidelines on the use of the college's marks, name and image, please refer to Waubonsee's Graphic Standards Approval form.

Users who violate this agreement may be denied access to college computing resources and may be subject to other penalties and disciplinary action, including possible expulsion or dismissal. Alleged violations will be handled through the college's disciplinary procedures applicable to the user. The college may suspend, block or restrict access to an account, independent of such procedures, when it reasonably appears necessary to do so in order to protect the integrity, security, or functionality of college or other computing resources or to protect the college from liability. The college may also refer suspected violations of applicable law to appropriate law enforcement agencies.

The college employs various measures to protect the security of its computing resources and its users' accounts. Users should be aware, however, that the college cannot guarantee security and confidentiality. Users should, therefore, engage in "safe computing" practices by establishing appropriate access restrictions for their accounts, guarding their passwords and changing them regularly.

Users should also be aware that their uses of college computing resources are not completely private. While the college does not routinely monitor individual usage of its computing resources, the normal operation and maintenance of the college's computing resources require the backup and caching of data and communications, the logging of activity, the monitoring of general usage patterns, and other such activities that are necessary for the provision of service. The college may also specifically monitor the activity and accounts of individual users of college computing resources, including individual login sessions and the content of individual communications, without notice, when:

• The user has voluntarily made them accessible to the public, as by posting to Usenet or a Web page;
• It reasonably appears necessary to do so to protect the integrity, security, or functionality of college or other computing resources or to protect the college from liability;
• There is reasonable cause to believe that the user has violated or is violating this policy;
• An account appears to be engaged in unusual or unusually excessive activity, or it is otherwise required or permitted by law.

Any such monitoring of communications, other than what is made accessible by the user, required by law or necessary to respond to perceived emergency situations, must be authorized in advance by the Executive Director of Human Resources or Chief Information Officer. The college, in its discretion, may disclose the results of any such general or individual monitoring, including the contents and records of individual communications, to appropriate college personnel or law enforcement agencies and may use those results in appropriate college disciplinary proceedings and/ or criminal charges. Communications made by means of college computing resources are also generally subject to the Illinois Freedom of Information Act to the same extent as they would be if made on paper.

Visitors to Waubonsee websites who are not currently Waubonsee students, faculty or staff should refer to the college's Internet Privacy Policy for privacy information.

Users who utilize laptop computers or other electronic data mobile devices (e.g. Laptop, Flash Drive, Smartphone, Hand Held PC, etc.) must use reasonable care, as outlined in the college's Information Security Policy and this agreement, to protect college confidential data as defined in the Data Classification Standard.

Protection of confidential data against physical theft or loss, electronic invasion, or unintentional exposure is provided through a variety of means, which include user care and a combination of technical protections such as authentication, encryption, and remote sanitization capability that work together to secure mobile devices against unauthorized access. Prior to use or display of confidential data via laptop computer or other electronic data mobile device, the following security measures must be in place:

• A laptop or other electronic data mobile device must authenticate the user before access to services on or by the device shall be permitted. Mobile devices must be configured to timeout after 15 minutes of inactivity and require re-authentication before access to services on or by the device will be permitted. The authentication mechanism(s) must not be disabled.
• The information technology approved encryption option must be enabled on laptop computers that transmit or store college confidential information. Laptops shall be protected with antivirus software and updated daily if supported by the device. NOTE: Waubonsee email is protected with centralized anti-virus and anti-spam software. This protection may not apply to email systems outside of Waubonsee.
• The use of unprotected mobile devices to access or store confidential data is prohibited regardless of whether the equipment is owned or managed by the college. The Information Technology Department can be contacted to determine if appropriate protections are already in place or assist with enabling the security measures for laptops or other electronic data mobile devices.

College employees who possess college-owned laptop computers and other portable electronic devices are expected to secure them whenever they are left unattended. Accordingly, the college will not reimburse for the loss of a laptop computer or other portable electronic device unless it is burglarized (i.e. taken from a locked desk, cabinet, closet or office, the item was secured by using a locking cable, and there are signs of forced entry thereto).

In the event a college-owned or controlled laptop computer or other device is lost or stolen, the theft or loss must be reported immediately to Waubonsee Campus Police. In the event college confidential data is contained on any personally-owned computer or device that is lost or stolen, Technical Assistance Center (TAC) must be contacted immediately. If the lost mobile device is equipped with a remote wipe feature enabled, the device will be remotely wiped of all data and reported as stolen.

For purposes of this document, email includes point-to-point messages, postings to newsgroups and listserves, and any electronic messaging involving computers and computer networks. Organizational email accounts, including those used by student organizations, are held to the same standards as those for individual use by members of the Waubonsee community. Email is also generally subject to the Illinois Freedom of Information Act to the same extent as it would be on paper.

mymail, powered by Google, is the official email account for students.

Examples of Inappropriate Uses of Email: While not an exhaustive list, the following uses of email by individuals or departments are considered inappropriate and unacceptable at the college. In general, email shall not be used for the initiation or re-transmission of:

• Chain mail that misuses or disrupts resources - Email sent repeatedly from user to user, with requests to send to others;
• Harassing or hate-mail - Any threatening or abusive email sent to individuals or organizations that violates college rules and regulations or the Code of Student Conduct;
• Virus hoaxes;
• Spamming or email bombing attacks - Intentional email transmissions that disrupt normal email service;
• Junk mail - Unsolicited email that is not related to college business and is sent without a reasonable expectation that the recipient would welcome receiving it; and
• False identification - Any actions that defraud another or misrepresent or fail to accurately identify the sender.

Computing resources are not to be used for personal commercial purposes or for personal financial or other gain. Occasional personal use of college computing resources for other purposes is permitted when it does not consume a significant amount of those resources, does not interfere with the performance of the user's job or other college responsibilities, and is otherwise in compliance with this agreement. Further limits may be imposed upon personal use in accordance with normal supervisory procedures concerning the use of college equipment.

Web Pages
Official college pages represent the college and are intended for the official business functions of the college. Each official page, including faculty Web pages, must be built using the college's content management system and registered with the college's Marketing and Communications Department.

Personal Web space for employee pages represents the individual in his or her primary role as a Waubonsee employee. Incidental personal information on employee pages is deemed acceptable so long as it does not interfere with the function or desired presentation of the department, cause disruption of normal service, incur significant cost to the college or result in excessive use of resources. Faculty and staff who wish to publish substantial personal information not related to their college functions should use an Internet service provider rather than using college Web resources.

Commercial Pages
Using Waubonsee Web pages for personal gain is forbidden. Any private commercial use of Waubonsee Web pages must be pre-approved pursuant to existing college policies and procedures regarding outside employment activities. All Waubonsee departments that accept payments electronically via the Internet are required to process all sales transactions through the Finance Office approved Web payment gateway.

Waubonsee accepts no responsibility for the content of pages or graphics that are linked from Waubonsee pages. However, Web page authors should consider that such links, even when clearly labeled, can be misinterpreted as being associated with the college. Links to pages where you have a personal monetary interest are likely to violate policies regarding advertising and commercial use and must be avoided.

Excessive or disruptive use of college resources in the viewing or publishing of Web pages is not permitted. Departments owning or administering the resources involved will determine whether specific usage is considered normal, excessive or disruptive.

Retention periods must be followed for all official college Web pages as required by the Illinois State Records Act. Official college Web pages are treated like email and subject to the same guidelines set forth in the Waubonsee Email as Public Records Procedure.

Users must not attempt to implement their own network infrastructure. This includes, but is not limited to: basic network devices such as hubs, switches, routers, network firewalls and wireless access points. Users must not offer alternate methods of access to Waubonsee IT resources such as modems, hotspots, and virtual private networks (VPNs). Users must not offer network infrastructure services such as DHCP and DNS. Exceptions to this requirement must be coordinated with the Office of the Chief Information Officer.

For the purposes of this document, we refer only to wireless transmission using radio frequency (RF). Wireless is shared media and easily intercepted by a third party. Wireless users are encouraged to use some type of encryption such as WPA2, EAP-TLS, etc.

Improperly configured wireless access points (WAPs) might cause denial of service to legitimate wireless users. WAPs can also be used to subvert security. WAPs must be authorized by the Office of the Chief Information Officer.

A VPN provides secure encrypted access between a client and the VPN server. They are most commonly used for secure access to a trusted network from remote, untrusted networks.

VPN servers must be authorized by the Office of the Chief Information Officer.

Waubonsee personnel and students carrying college-issued laptops or other electronic data mobile devices while traveling abroad, whether on business or for pleasure, must comply with U.S. trade control laws. U.S. export control laws may prohibit or restrict such activities absent special U.S. government licenses. Before traveling abroad with a laptop or other electronic data mobile device, Waubonsee faculty, staff and students must understand the restrictions described here. The Office of Chief Information Officer can provide further guidance and information on these limitations.

Last Updated: July 23, 2014