Use of College Technology
Revised June 1, 2021
This policy sets forth College of the Ozarks’ (hereinafter referred to as the College) policies for the provision of Technology to employees and students for educational and College business purposes. While employees and students are encouraged to use Technology, they must do so following this Policy. When using Technology, employees and students are required to conduct themselves in the same professional, lawful, and ethical manner as they do elsewhere on campus.
For purposes of this policy, “Technology” is defined as College-owned or provided hardware, software, services, networks, systems, devices, electronic media, applications, accounts, privileges, access, internet, email, social media, websites, voicemail, phones, wearable technology, or other technological inventions employed by or on behalf of the College.
For purposes of this Policy, “Information” is defined as any data belonging to the College. The College may collect, store, and use various types of information and use controls based on laws, regulations, and contracts. College data may fall under guidelines and laws outlined within FERPA, GLBA, HIPAA, and PCI-DSS. Any hardware, software, services, networks, systems, devices, applications, accounts, websites, or other technological inventions employed by or on behalf of the College and interacting with these data types must be approved for use by the Chief Information Officer (CIO) and V.P. over the area impacted.
Employee and student use of Technology is subject to the following:
- Permitted Use. Employees and students are encouraged to use Technology to enhance their work and educational performance. Technology used throughout the College requires approval by the CIO and must conform to the policies and standards set by the College. Reasonable and limited personal use during non-working time within or outside business hours is permitted at the discretion of management. Additionally, enrolled students in good-standing may utilize the student network for personal use so long as that use adheres to these policies.
- Ownership. Content stored or utilized within the College’s Technology is limited to that which is owned or licensed by the College or is used by permission of the owner or copyright holder.
- Monitoring. Communications and content created, transmitted, received, viewed, or stored utilizing College Technology is subject to review and monitoring by the College at any time and without notice, in accordance with applicable state and federal laws, to ensure compliance with this or other College policies, business use, legal requests, or any other reason the College deems necessary. Content includes deleted information or information intended to be private or personal.
- Account Management. Employee accounts will be created, disabled, or deleted by the IT department at the request of the related VP. Student accounts are handled similarly but based on the student’s enrollment status within Jenzabar or as overridden by request of the VP over student accounts.
- Unauthorized Access. Do not access or intercept communications or content of others without permission or utilize another’s account or password to access Technology or information. Activity logged within a user’s account will be attributed to that user. Therefore, users should ensure their credentials are kept secure and notify the IT department of any breach.
- Security. Keep passwords, hardware tokens, or other security measures secure and do not share with others. Secure or confidential information should not be sent via unencrypted email or posted online without securing its access. Employees and students must use the security protections and controls provided by the College. Use of unauthorized encryption, VPNs, or other mechanisms to hide content from the College or mask user activity is prohibited.
- Software Adoption/Creation. All software (off the shelf, custom developed, web-based, or other solutions) using any information provided by the College or collected on behalf of the College must be approved by the CIO and V.P. over the area impacted. Custom software, websites, applications, or similar solutions must be coordinated with the I.T. department before any work is started. User’s outside the I.T. department can use I.T. authorized toolsets such as Microsoft 365 to develop internal SharePoint sites, forms, or similar data collecting tools as long as the information is not accessible publically.
- Software Installations. All software downloads, upgrades, and installations onto College Technology must be completed by IT personnel or by means provided by IT for such purposes. Employees and students are prohibited from introducing or using software designed to damage, destroy, monitor, or corrupt Technology with viruses, malware, or similar programs.
- Loss or Damage. Employees and students may be held responsible for the misuse by others of confidential information the employee or student discloses or allows to be disclosed to third parties. Promptly report to the IT department any damage to or loss of Technology or personal devices containing College content.
- Third-Party Services. The storage or use of College information on third-party platforms without prior approval of the CIO is prohibited. Specifically, the use of Google Apps, Google Drive, Dropbox, Box, peer-to-peer technology, or any similar services is prohibited. Use of College information on personal accounts of any service is also prohibited. College information should always reside on College approved systems and services.
PURCHASING & REFRESH CYCLES
- Purchasing. The CIO, in consultation with the VP for Vocational Programs, sets all College Technology standards. Purchasing of Technology across campus requires approval and processing by the IT department, even when funded outside the IT budget, whether for business or educational purposes. Except for student devices connecting to the student network, only items purchased or acquired through the IT department will be allowed within the College’s Technology and supported by the IT department.
- Mac and Apple Devices. The College’s Technology is optimized for an IBM/PC environment, standardized on the Microsoft Windows operating system. The expansion of Mac computers on campus is by exception and requires approval by the CIO and the VP over the area of request. As Mac’s age out on campus, they are replaced with IBM/PC compatible computers. Students purchasing personal Macs or Apple devices and connecting to the student network are allowed but may not be fully compatible with the College’s Technology.
- Personal Items. The use of personally owned hardware, software, applications, and devices (such as computers, tablets, phones, and wearable technology) for College business purposes is prohibited without prior approval of the CIO. All employees and students are allowed to use personally owned devices to access College systems and information via official College-provided mechanisms and portals such as https://apps.hardworku.cofo.edu, https://office.com, and https://campusweb.cofo.edu, or the student network for students.
- Replacement. College Technology such as computers and printers are refreshed approximately every five years, provided it still meets the needs of its intended use. The IT department at its discretion refreshes technology, depending upon available funding.
- Standards. E-mail should adhere to the same standards of conduct as any other form of communication. Avoid distasteful, inflammatory, harassing, or otherwise unacceptable comments. Individuals may not use e-mail to infringe the copyright or other intellectual property rights of third parties.
- Fraud. Creating an email or another form of electronic communication with the intent of hiding your identity or impersonating another individual or entity is prohibited.
- Offensive Content. The College screens its systems for offensive content but is unable to ensure its complete elimination before reaching users.
- Phishing Attacks. Do not open e-mail from unknown senders and be cautious when clicking links or attachments in an e-mail message.
- Unsolicited E-Mail. Distribution of unsolicited e-mail is prohibited. The use of College Technology for non-business-related communications to any distribution list, such as the “staff,” “faculty,” or “student” lists is prohibited.
- Insecure Communication. Emails are an insecure method of communication and should be carefully used when sending secure, confidential, or sensitive material. When possible, send files via secure links instead of attachments.
- Content Filtering. Use of the Internet is encouraged where such use is suitable for business or educational purposes. The College uses technology to filter out content inconsistent with the values, standards, and mission of the College.
- Downloading. File downloading from the Internet should be done with caution and should never include executables or other installation files without prior authorization of the IT department. Most viruses, spyware, ransomware and other hacker tools are spread via these types of files.
- Copyright Content. Personal music files, movies or similar multimedia content is prohibited on the College’s Technology and are subject to deletion without notification.
- Inappropriate Content. The display or downloading of sexually-explicit images, messages or cartoons or any document that contains ethnic slurs, racial epithets or anything that may be construed as harassment or disparagement of others based on their race, national origin, sex, sexual orientation, age, disability, religious or political beliefs is not permitted at any time.
- Monitoring. The College has the right and capability to monitor and track Internet browsing by a user on its system and may review such activity without prior notice.
- Quality of Service. Internet content is categorized and prioritized, ensuring mission-critical functions get the necessary bandwidth while reducing lower-priority traffic.
SOCIAL MEDIA - CORPORATE
This section applies to social media accounts managed by the College and administered by an authorized College representative.
- Registration. Any social media account designed to represent any area of the College or intended to be used by any group of College employees, or students must be pre-approved by and registered with the VP over the area in question.
- Administration. An authorized College employee must administer any social media account representing the College. This person is responsible for monitoring content and removing anything that would reflect poorly on the College, including but not limited to, items that may be considered obscene, vulgar, defamatory, threatening, discriminatory, harassing, abusive, hateful or embarrassing to another person or entity.
- Content. All content posted to a College social media account must be compatible with the College’s Vision and Mission Statements. It must also adhere to current College policies regarding use of College Technology; student or employee codes of conduct; copyright, logo, and trademark legal requirements (including those of the College); and protection of confidential information relating to the College, its employees, or students.
- Ownership. Any social media account and contacts, including "followers" or "friends," that are acquired through accounts (including, but not limited to email addresses, blogs, Twitter, Facebook, YouTube, or other social media networks) created on behalf of the College are the property of the College.
- Liability. Each person at the College is personally responsible and may be legally liable, for the content he or she publishes online.
- Media. All media inquiries about the College, including its activities, employees, students, partners, clients, and donors should be referred to the Public Relations Department.
SOCIAL MEDIA - PERSONAL
This section applies to social media accounts managed by entities other than the College, administered by College students or employees.
- Authorization. You are not authorized to speak on behalf of the College without written permission from the President or designee.
- Registration. College email addresses may not be used to register for social media, blogs, websites, applications, or other online tools intended for personal use.
- Confidentiality. You may not share information that is confidential and proprietary about the College. This includes, but is not limited to, strategy, students, enrollments, finances, employees, and any other information that has not been publicly released by the College.
- Logo. The College's logo and trademarks may not be used without explicit permission in writing from the VP for Cultural Affairs and Dean of Character Education.
- Identification and Disclaimers. When referencing the College directly or indirectly, include your proper name, and when appropriate, state your role or title within the College. Include clear disclaimers that any views expressed are the owner’s alone, and do not necessarily represent the views of the College.
- Content. Speak respectfully about the College and its current and potential employees, students, partners, clients, and donors. Write knowledgeably, accurately, and with appropriate professionalism. Refrain from publishing anything that could reflect negatively on the College's reputation or otherwise embarrass the organization, including posts about drug or alcohol abuse, profanity, off-color or sexual humor, and other inappropriate conduct. Do not use ethnic slurs, personal insults, obscenity, or engage in any conduct that would not otherwise be acceptable in the College's workplace. Please also show respect for topics that may be considered objectionable or inflammatory.
Content in violation of this policy can be detrimental to the reputation and goals of the College, which takes such violations seriously. Employees or students violating this policy may be subject to disciplinary action, up to and including dismissal.
This section applies to websites managed by the College and administered by an authorized College representative.
- Registration. Any website designed to represent any area of the College and is available to an external audience requires pre-approval by the CIO and a VP over the area represented by the website.
- Administration. The College Webmaster must administer any website representing the College. This person is responsible for ensuring content is compatible with the College’s Vision and Mission statements and adheres to College policies. The Webmaster is also responsible for incorporating appropriate design elements, launching content into production, and removing items that reflect poorly on the College.
- Content. All content submitted for a College website must be compatible with the College’s Vision and Mission Statements and approved by the VP over the area in question, or their designee, before submission. The content should adhere to College policies; copyright, logo, and trademark legal requirements (including those of the College); and exclude confidential information not intended for public consumption.
- Proofing. It is the responsibility of the content creator and approver to ensure content is grammatically correct and complete (no in-process content); numerical information and quotes are current and accurate; pictures include current or recent employees and students and reflects professionalism in demeanor and dress.
- Annual Review. All website content must be reviewed at least annually by the originator/content owner with needed changes processed under the same procedure as new content submissions.
- Exceptions. The following content bypasses the normal Webmaster review step and is posted straight to the website:
- Press releases posted by the Public Relations department
- Athletic headlines, sports schedules, and team rosters posted by the Sports Information Director
PROHIBITED USES OF COLLEGE TECHNOLOGY
- Uses that violate College policy or any state or federal law;
- Unauthorized or personal use that degrades the performance of Technology or subjects the College to increased cost or liability;
- Knowingly, intentionally, or maliciously bypassing or circumventing, or directly or indirectly causing the bypass or circumvention of, any software, system, or device intended to protect and secure College information;
- Uses that interfere with the proper functioning of the Technology;
- Uses that infringe intellectual property rights, including copyright violations;
- Use for personal profit;
- Recreational use such as computer games within labs or offices;
- Relocation or removal of computer equipment, software, or peripherals without authorization;
- Violation of College policy by creating, transmitting, printing, or storing any information containing defamatory, unlawful, offensive, harassing, threatening, discriminating, inappropriate, or obscene content.
This section applies to College students connecting personally-owned devices (computers, laptops, tablets, phones, gaming consoles, Smart TVs or similar technology) to the student network provided by the College. The student network consists of wired and wireless connectivity to connect to the Internet.
- Register your device on the College network following the online registration form presented upon connection to the student network or via CampusWeb under “Student Resources” using a link called “Device Registration”;
- Seek prior approval from the IT department before connecting devices other than computers, laptops, tablets, phones, gaming consoles, or Smart TVs;
- Do not use wireless access points, routers, or similar devices producing radio frequency designed to connect additional devices;
- Do not use peer to peer services or applications on the student network;
- Do not install cameras or other surveillance hardware anywhere on campus;
- Do not host websites, server applications, distributed computing, file servers, resource shares, revenue-generating applications, or other public-facing activities;
- Do not share employee or student email addresses with third-parties or any other information owned or protected by the College;
- Seek prior approval of the IT department before sending mass-emails to large groups of employees or students;
- Install College-provided anti-virus software on computers connecting to the student network. Send an email to firstname.lastname@example.org for instructions;
- Do not bypass security, monitoring, filtering, or other technologies implemented by the College, or use VPNs or other innovations intended to hide identities or activities in violation of these policies;
- Do not use network surveillance tools, penetration testing, fingerprinting, or other activities meant to disrupt or collect reconnaissance information about the student network, or any College Technology.
ENFORCEMENT OF USE POLICY
Violation of any of these principles and guidelines may result in a warning, denial of access to College Technology, disciplinary action, termination, and if appropriate, legal action.