Acceptable Use of Information Technology

Acceptable Use

Any use of Information Assets and IT Resources must be limited to the College’s related purposes described above.

Incidental and non-recurring personal use of IT Resources is tolerated as part of the daily learning and work of all members of the College community, provided that such use does not violate any other applicable law, college policy, procedure, or regulation.

The College accepts no responsibility to maintain or secure information related to personal use that a community member chooses to store on the College's IT Resources.

The user accepts all risks associated with personal use, as outlined below under No Warranties or Assurances.

As a condition to being granted use of or access to Information Assets and IT Resources, each user:

1. Consents to the provisions of this policy and
2. Agrees to comply with all of the terms and conditions detailed within this policy.

Unacceptable Use

The following uses of IT Resources are prohibited:

1. Circumvention of any security measure of Hawkeye Community College or another entity.

2. Using information technology resources for unauthorized remote activities.

3. Deliberately causing system failure, disruption, or compromising system security.

4. Intentionally obscuring, changing, or forging of the date, time, physical source, logical source, or other label or header information on data or electronic communications.

5. Users may not monitor another user's data communications.

6. Unauthorized interception of electronically transmitted information without prior written authorization from the Chief Information Officer or designee.

7. Performing an act that will adversely impact the operation of computers, terminals, peripherals, or networks. This includes, but is not limited to, tampering with components of a local area network (LAN) or the high-speed backbone network, otherwise blocking communication lines, or interfering with the operational readiness of a computer.

8. Intentional use, distribution or creation of viruses, worms, malicious software, or keylogging techniques.

9. Distributed denial of service practices or any other device, program, or practice of malicious intent.

10. Unauthorized use, copying, or distribution of licensed software or copyrighted material.

11. Accessing Information Assets or other Data that is not publicly available, does not belong to the user and for which the user does not have explicit permission to access.

12. Accessing Information Assets or IT Resources in a manner designed to circumvent access limitations on Restricted or Sensitive Data (e.g., replicating a database by automated queries) without permission.

13. Use of IT Resources for organized political activity that is inconsistent with the College’s tax-exempt status.

14. Use of IT Resources that disables other IT Resources or consumes disproportionate IT Resources so that other users are denied reasonable access to those resources or materially increases the costs of IT Resources.

15. Use of IT Resources that violate any local, state, or federal law or regulation or any Hawkeye Community College policy, procedure, or regulation.

16. Failure to protect the privacy of others by intentionally or unintentionally permitting access to systems or data is unacceptable. Violations of this requirement include, but are not limited to:

    1. Leaving confidential or protected information on a screen where unauthorized individuals could view it.
    2. Giving a personal password to someone else.
    3. Leaving a personal password where it can easily be found.
    4. Allowing someone to use a system signed on under a personal password.
    5. Knowingly failing to report a personal password that has been used by another person, with or without permission.
    6. Leaving a system signed on and accessible while unattended.

17. Use of Information Assets or IT Resources for any purpose that could lead directly or indirectly to Financial Conflicts of Interest, unless such use has been approved in advance per college policies. Any approval of the use of IT Resources under such policies is at the sole discretion of the College and must:

    1. Comply with all Hawkeye software licenses and other intellectual property agreements.
    2. Comply with all Hawkeye policies, standards, and procedures.
    3. Comply with federal and state laws and regulations.
    4. Not generate additional costs to the College.
    5. Not interfere with college work or use of IT Resources.

Exclusions

While the College reserves the right to (1) maintain and implement controls on a user’s ability to access Information Assets and IT Resources via a personal Device and (2) regulate the transmission of these types of Data between a personal Device and college IT Resources, this policy does not grant the College access to an individual’s personal Device.

User privacy is not to be violated. However, user privacy is subject to all Hawkeye policies. As such, authorized individuals may access and disseminate private information in the performance of their official job duties. Unauthorized personal use of a user’s private information is prohibited.

This policy does not apply to cyber-security required academic study activities that, by their very nature, explore limits on the ability to protect the privacy of data, when the academic activity:

1. Is carried out in a manner that employs sufficient and appropriate safeguards to contain the activities to pre-defined and intended college IT Resources;
2. Is safeguarded from conception to termination of the required academic studies; and
3. It does not interfere with or compromises the operation or security of other college IT Resources.

Faculty, staff, and students conducting cyber-security required academic studies must consult with the CIO or Communication and Information Services (CIS) staff to ensure that appropriate safeguards are in place for that activity.