Acceptable Use of Technology Resources at CSB and SJU

In accordance with their mission to provide a liberal arts education, to foster the free exchange of ideas, and to provide effective support for its teaching, learning and research, it is the policy of the College of Saint Benedict and Saint John’s University (CSB and SJU) to permit broad access to information technology resources for students, faculty, and staff to use in fulfilling the institutional mission, and for appropriate college/university-related activities. Included in this policy is the intention to share information technology resources with other members of the broader community that have been granted access to the CSB and SJU network.

Technology resources are widely available for all members of the community.  Access to information technology resources, however, carries with it the responsibility for ensuring that its use is primarily for institutional purposes and related activities. Moreover, the use of information technology resources must be consistent with institutional policies and local, state, and federal laws.  

Scope

This policy applies to all persons who access or use institutional resources, which includes employees, students, faculty, emeriti faculty, visitors, volunteers, third parties, alumni, contractors, consultants, clients, temporaries, and others (collectively known as “users“), who have access to, support, administer, manage, or maintain CSB and SJU information and technology assets.

This policy applies to all technology resources of the institution, including without limitation:

• All computers, systems, equipment, software, networks, and computer facilities owned, managed, or maintained by CSB and SJU for the handling of data, voice, telephone, or related signals or information.
• Any access or use of the electronic resources from a computer or other system not controlled or maintained by CSB and SJU; and,
• The creation, processing, communication, distribution, storage, and disposal of information under CSB and SJU’s control.

General Standards for Acceptable Use

• User IDs and passwords are the primary methods used to authenticate users of the technology resources. They help prevent unauthorized access to technology resources or any restricted information found within them. Users may be held responsible for all activity conducted using their IDs. Users must select strong passwords. No person, including any member of the IT staff, is authorized to request any user’s password. Each user is responsible for the proper use of her or his account, protecting sensitive information, and any activity performed via their user account. Therefore, users should choose strong passwords and safeguard them by memorizing and not sharing or printing passwords.
• Users must use multi-factor authentication (Duo) to connect to campus resources. All must comply with the Duo Security standard terms and conditions located at https://duo.com/legal/terms.
• Each user should limit their access to resources that they are explicitly authorized to access.
• Technology resources should be used responsibly, ethically, and professionally while maintaining consistency with the mission of CSB and SJU.
• Technology resources should be used in compliance with all CSB and SJU policies, procedures, applicable local, state, federal and international laws, and regulations.
• The owner of any device connected to the network is responsible for the security of and activity generated by that device. This includes any traffic, regardless of origin, that travels through such a device.  Users should ensure that the latest patches, software, and antivirus updates are installed on their systems.  A device exhibiting the behavior of a malicious machine (e.g., having fallen victim to a virus, worm, or break-in) may be blocked from the network until it has been made secure.  
• Technology resources are provided for authorized use by the members of the CSB and SJU community and certain others primarily for the business of the college. Limited and occasional personal use of institutional IT resources is permitted to the extent that it does not interfere with institutional use.
• Copying, storing, displaying, or distributing copyrighted material using technology resources should only be done with the explicit permission of the copyright owner, except as otherwise allowed under copyright law.
• Use only legal versions of copyrighted software in compliance with vendor license requirements.
• Any resource intensive activity on a shared system should be coordinated with IT Services department to help minimize impact to the system and other users. 
• Users are required to report any sensitive data or resources, including personal devices, that may have been compromised by unauthorized access, loss, theft, or other means to CSB and SJU IT Services.
• Technology resources should not be used for personal soliciting, proselytizing, or political activity.

Prohibited Uses
Anyone who has been granted a username will have their access privileges denied, restricted, or revoked for any of the following activities:

• Provide any other person access to their technology resources (including using another person’s username and password).
• Send e-mail mass mailings for purposes other than authorized business. Alter, remove, or forge email headers, addresses, or messages, or otherwise impersonate or attempt to pass oneself off as another. Using internal or external e-mail or messaging services to harass or intimidate. 
• Obtain technology resources beyond those allocated to the user, seek or gain access to data or user accounts for which the user is not authorized, or eavesdrop or intercept transmissions not intended for the user.
• Extend the network by introducing a hub, switch, router, wireless access point, or any other service or device to the campus network.
• Use the institutional Internet or other network access in a malicious manner or to alter or destroy any technology materials which the user is not authorized to alter or destroy.
• Tamper with, modify, damage, alter, or attempt to defeat restrictions or protection placed on accounts or any technology resources.
• Engaging in any activity that might be purposefully harmful to networked systems or to any information stored thereon including, but not limited to, creating or propagating viruses, disrupting services, damaging files, or making unauthorized modifications to institutional data. 
• Misusing copyrighted material, including software, graphics, text, photographs, sound, video, and musical recordings and storing such copies on institutional systems, or transmitting them over institutional networks. 
• Using the campus network or campus computers in a manner that violates the principals of academic honesty or appropriate behavior.
• Engaging in any other activity that does not comply with institutional policies and local, state, and federal laws.

Prohibited Uses – Examples

• Malicious misuse. Using IDs or passwords assigned to others, disrupting the network, destroying information, removing software from public computers, spreading viruses, sending email that threatens or harasses other people, invading the privacy of others, and subscribing others to mailing lists or providing the email addresses of others to bulk mailers without their approval.
• Unacceptable use of software and hardware. Knowingly or carelessly running or installing unlicensed software on any computer system or network; giving another user a program intended to damage the system; running or installing any program that places an excessive load on a computer system or network, or compromises the security of the systems or network; violating terms of applicable software licensing agreements, including copying or reproducing any licensed software; or violating copyright laws and their fair use provisions through inappropriate reproduction or dissemination of copyrighted text, images, or other materials; using imaging equipment to duplicate, alter and subsequently reproduce official documents.
• Inappropriate access. Unauthorized use of a computer account; providing misleading information in order to obtain access to computing facilities; using the campus network to gain unauthorized access to any computer system; connecting unauthorized equipment to the campus network including wireless access points; unauthorized attempts to circumvent data protection schemes to uncover security loopholes (including creating and/or running programs that are designed to identify security loopholes and/or decrypt intentionally secure data); knowingly or carelessly performing an act that disables other IT resources or consumes resources so that others are denied access and/or interferes with the normal operation of computers, terminals, peripherals, or networks; deliberately wasting or overloading computing resources, such as printing too many copies of a document; or other activities.
• Inappropriate use of electronic mail and Internet access. Initiating or propagating electronic chain letters; inappropriate mass mailing including multiple mailings to newsgroups, mailing lists, or individuals, forging the identity of a user or machine in an electronic communication or sending anonymous email; using another person’s email account or identity to send email messages; attempting to monitor or tamper with another user’s electronic communications; reading, copying, changing, or deleting another user’s files or software without the explicit agreement of the owner.
• Excessive use of institutional resources. Mining any cryptocurrency, including but not limited to BitCoin or any similar currency.

The above examples are only meant to provide general guidance and are by no means exhaustive.

Violation Resolution Procedures:
Failure to comply with any of the above policies may result in suspension or termination of network services, appropriate disciplinary action.

Members of the CSB and SJU community that use any information technology resources in the furtherance of activities prohibited by state, local or Federal law, or CSB and SJU policy, will be subject to disciplinary and/or legal action.  Appropriate discipline for any violation will be determined by the head of the relevant constituency group, in consultation with the Chief Information Officer (e.g., the Provost for faculty and student violations and the Chief Operating Officer for staff violations).

Noncompliance and Sanctions

Users who violate this policy may be denied access to the institution’s resources and may be subject to penalties and disciplinary action, both within and outside of the institution, subject to the appropriate enforcement process. The institution may temporarily suspend or block access to an account, prior to the initiation or completion of such procedures, when it reasonably appears necessary to do so to protect the integrity, security, or functionality of the institution or other computing resources or to protect the institution from liability.

Violations of this Acceptable Use Policy will be handled through standard disciplinary processes as outlined in the Student Handbook and applicable faculty and staff handbooks. Information Technology Services reserves the right to take immediate action to protect information security, system integrity, and operational continuity. Reviews of actions taken by Information Technology Services and subsequent disciplinary decisions are made by the appropriate disciplinary authority in consultation with the Chief Information Officer (e.g., the Provost for faculty and student violations and the Chief Operating Officer for staff violations).

Privacy
CSB and SJU strives to protect the privacy of this information, although it cannot guarantee confidentiality.  Under certain circumstances, it may be necessary to access, review or disclose information stored in CSB and SJU’s information technology resources in response to court orders or other legal action, in connection with investigations of possible violations of institutional policy or legal obligations, or if an individual’s conduct raises concern about appropriate conduct in the workplace or educational environment.  CSB and SJU retains the right to use its discretion in accessing, reviewing, and disclosing records in order to address these types of situations.

Individual users of information systems and resources should be sensitive to the inherent limitations of shared network resources. No computer security system can absolutely prevent unauthorized persons from accessing stored information and CSB and SJU cannot, and does not, guarantee the privacy or confidentiality of stored information or electronic communications.

Legal Compliance

The institution will, when required by subpoena, warrant, or retention order, retain, or release available institutional data to appropriate authorities. Based on the requirement of the subpoena, warrant, or order, users may or may not be made aware of these actions.

Policy Details

By using the information technology resource provided by CSB and SJU, you are indicating your acceptance of this policy and your promise to abide by it.

CSB and SJU reserves the right to change, modify, or otherwise alter this policy at its sole discretion and at any time as it deems circumstances warrant.

This policy will be reviewed annually. It was last revised on 6/4/2024.