Nov 22, 2024  
Graduate Catalog 2020-2021 
    
Graduate Catalog 2020-2021 [ARCHIVED CATALOG]

Lenoir-Rhyne Campus Computing Policies



Purpose

Lenoir-Rhyne University strives to maintain access for its students, faculty, and staff to local, national, and international sources of information and to provide an atmosphere that encourages the sharing of knowledge, the creative process and collaborative efforts within the University’s educational, research and public service programs.

Policy

Access to electronic information systems at Lenoir-Rhyne University is a privilege, not a right, and must be treated as such by all users of these systems. With this privilege come the following responsibilities:

  • All users must act honestly and responsibly.
  • Every user is responsible for the integrity of these information resources.
  • Users are responsible for protecting their accounts from access by others and shall keep private their passwords and ID’s.
  • All users must respect the rights of other computer users.
  • All users must respect the integrity of the physical facilities and controls.
  • All users must respect the pertinent license and contractual agreements related to University information systems.
  • Users who incur access or user charges for services provided by off-campus services (such as commercial databases, processing time, etc.) are responsible for full payment of such charges.
  • All users must act in accordance with relevant local, state, and federal laws and regulations.
  • All users must abide by all federal copyright laws and the Digital Millennium Copyright Act (DMCA).

Lenoir-Rhyne University is a provider of a means to access the vast and growing amount of information available through electronic information resources. Lenoir-Rhyne University is not a regulator of the content of that information and takes no responsibility for the content of information, except for that information the University itself, and those authorized to act on its behalf, create. Any person accessing information through Lenoir-Rhyne University information systems must determine for him/herself whether any source is appropriate for viewing and use.

Scope of Policy

Any person accepting an account and/or using Lenoir-Rhyne University’s information systems shall constitute an agreement on behalf of the user to abide and be bound by the provisions of this policy. This includes any person using a privately owned machine on the University’s network. This policy shall not impinge upon academic freedom with regards to research.

Definitions

  • “University” shall mean Lenoir-Rhyne University.
  • “Electronic communications” shall mean and include the use of information systems in the communicating or posting of information or material by way of electronic mail, bulletin boards, World Wide Web (Internet), or other such electronic tools.
  • “Information Systems” shall mean and include computers, networks, servers and other similar devices that are administered by the University and for which the University is responsible.
  • “Networks” shall mean and include video, voice and data networks, routers and storage devices.
  • “Obscene” with respect to obscene material shall mean (1) an average person applying contemporary community standards would find that the material taken as a whole predominantly appeals to the prurient interest, (2) the material taken as a whole lacks serious literary, artistic, political, or scientific value.
  • “Phishing” is attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

Restriction of Use

The University may restrict or prohibit the use of its information systems in response to complaints presenting evidence of violations of University policies and/or local, state or federal laws. Such complaints shall be addressed through established investigative and disciplinary procedures. Should it be determined that a violation has occurred, the University may restrict or prohibit access to its information systems, as well as any other disciplinary sanction deemed appropriate.

Permitted Use by Employees

University information systems are to be used predominantly for University-related business. Limited personal use by employees is permitted as long as:

  • It conforms to this policy.
  • It does not interfere with University operations or performance of one’s duties as an employee.
  • It does not result in additional costs to the University.
  • It does not require an inordinate amount of information systems resources.

Obscene Material

University information systems may not be used to access, download, print, store, forward, transmit or distribute obscene material.

Unauthorized Access

Unauthorized access to information systems is prohibited. This includes, but is not limited to:

  • Use of another’s password or ID.
  • Trying to guess another’s password or ID.
  • Any attempt to circumvent system security.
  • When any user terminates his/her relationship with the University, his/her password and ID shall be denied further access to University computing resources.

Misuse of Information Systems

Misuse of University information systems are prohibited and shall include, but not be limited to:

  • Attempting to modify or remove computer equipment, software, or peripherals without proper authorization.
  • Accessing without proper authorization computers, software, information or networks to which the University belongs, regardless of whether the resource accessed is owned by the University or the abuse takes place from a non-University site.
  • Taking actions, without authorization, which interfere with the access of others to information systems.
  • Circumventing, or attempting to circumvent, logon or other security measures.
  • Using information systems for any illegal or unauthorized purpose.
  • Personal use of information systems or electronic communications for non-University consulting, business or employment. Any exception must be approved by the appropriate division/department head and notification sent to the Chief Information Officer.
  • Sending any fraudulent, harassing, threatening, or obscene electronic communication.
  • Violating any software license or copyright, including copying or redistributing copyrighted software, without the written authorization of the copyright owner.
  • Using electronic communications to violate the property rights of authors and copyright owners. Users should be especially aware of potential copyright infringement through the use of email.
  • Using electronic communications to disclose proprietary information without the explicit permission of the owner.
  • Using electronic communications to send chain letters or to initiate or perpetuate Phishing.
  • Reading or accessing other users’ information or files without permission.
  • Academic dishonesty, including but not limited to plagiarism (see Student Handbook).
  • Forging, fraudulently altering or falsifying, or otherwise misusing University or non-University records (including computerized records, permits, identification cards, or other documents or property).
  • Using electronic communications to hoard, damage, or otherwise interfere with academic resources available electronically.
  • Launching a computer worm, computer virus, or other rogue program.
  • Downloading or posting illegal, obscene, proprietary or damaging material to a University computer or network.
  • Transporting illegal, obscene, proprietary or damaging material across a University network.
  • Use of any University information system to access, download, print, store, forward, transmit, or distribute obscene material.
  • Violating any local, state or federal law or regulation in connection with use of any information system.
  • Installing software not approved for use by the University on any University computer, network, or server.

Use of Private Machines

Use of privately owned equipment is the responsibility of the owner of the equipment. The University will provide support for such equipment based on the standard support policies. Use of the University network is subject to all of the University policies herein. The University is not responsible for any access to or damage of privately owned equipment, its software, or its files connected to the University’s network. The owner is also responsible for any damage or compromise to the University’s systems and/or equipment.

Support Policies

There are multitudes of hardware and software choices on the market, and people naturally prefer to use those that suit their individual preferences. Many computer users rely on the Office of Information Technology (OIT) staff for support and it is impossible for the available staff to become experts on all hardware and software products. Therefore, hardware and software campus standards are necessary to make support activities as efficient as possible. Standards allow staff expertise and effort to concentrate on a limited set of essential applications and hardware systems that are widely used on campus. Concentration on standards allows support staff to build expertise in a manageable number of areas. It also focuses support services such as the Help Desk to benefit the greatest number of clients.

Standards also help clients make decisions about hardware and software that are consistent with OIT staff expertise and support programs. Standards, however, are not available for all possible applications that individuals or departments may need to use. In addition, some clients have needs for which the standard hardware or software is not ideal. In cases where non-standard hardware or software for desktop applications are selected, OIT must limit the resources available to solve problems in order to meet our obligations for support of standards. Therefore, clients using non-standard products must assume a greater burden for self-reliance and independence. The following policy explains the support that OIT will provide for various combinations of hardware and software.

Whenever standards have been set for hardware or software products, University policy requires purchase of the standard hardware and software be directed to the Chief Information Officer.

Definitions:

Campus Standard Hardware - Brands and models of hardware that have been tested and found to be reliable and compatible with existing standards. All other hardware is non-standard. Examples of hardware include CPUs, external drives, input devices, network cards, modems, printers, etc. Please see the University OIT website for the list of current hardware standards for more information. Network connectivity is assured for systems where both hardware and software meet University standards.

Campus Standard Software - The University direction for particular types of software in wide campus use that have been tested and found to be reliable and compatible with existing standards. Examples of software include operating systems, networking software, word processors.

The University may announce the direction the campus will take for a particular application prior to the application becoming a standard. Support for the software will begin when the software is designated as a Campus Standard.

OIT provides all standard computer hardware and software. Additional hardware and software for the standard office computer may be purchased by the department with approval from the Chief Information Officer. Any non-standard computer hardware or software purchased with university funds must abide by this policy and will be classified as a Support Level 3. (See below).

Support Levels:

Level 1 - Full Support (Provided for all University owned equipment using Campus Standard hardware and software)

  • OIT provides support (including Help Desk, troubleshooting, and when appropriate, training and documentation) for standard software and guarantees to the extent possible that the various standards will operate correctly together. OIT will make every effort to get standard hardware or software working and bring in expertise as needed until the problem is solved or is found to be unsolvable. In such a case, OIT will work to provide an alternate solution. However, if a software or hardware problem appears to be related to a conflict with non-standard or unapproved component(s), support will drop to Level 3 (see below). Please see the list of Campus Standard hardware and software that receives Level 1 support.
  • Some combinations of standard hardware and software will not be supported because these combinations do not operate well together.

Level 2 - Partial Support for University Owned Equipment

  • OIT support for Approved Software may include making it work with standard hardware and software and/or making it available in our facilities. For example, academic departments may wish to have software available in Lab facilities for their students. In such cases, the professors are responsible for supporting the actual use of the program (“how do I use the quiz feature of the program?”), in conjunction with the manufacturer. OIT support is limited to attempting to make the program run and print on the network.
  • OIT will devote up to one hour attempting to connect non-standard hardware to the network. If the problem cannot be resolved during that time, OIT will not research or refer the problem. If campus standard network software and configuration settings or variations compatible with the network do not work, the hardware will not be connected to the network

Level 3 - No Support (applies to software and hardware that is not standard or has not been approved for use on the campus network or is not University owned)

  • When time permits, a best-guess effort will be made to troubleshoot and correct problems that involve non-standard hardware or non-standard software. “Best guess” means that the OIT Help Desk will suggest solutions or steps toward resolution of problems based on their expertise and experience. In such a case, there will be no research on the problem, office visits or referral of the problem beyond the Help Desk for work by other OIT staff. Clients who purchase non-standard hardware and unsupported software assume an obligation for self-support. They should learn what support and assistance the vendor or manufacturer provides before making a decision to purchase.

Use of Computer Labs/Facilities

Users of computer labs are obligated to all policies herein and to any supplemental policies posted in that lab. Further regulations include but are not limited to:

  • Food, drink, or tobacco use is not permitted in computer labs.
  • Priority of use and hours of use is as posted in the specific lab.
  • Users must exercise proper care of the equipment in the lab.
  • Users shall not attempt to remove, repair, reconfigure, move, modify or attach any external device to the computer(s) or system other than usb drives.
  • Users shall not attempt to add, delete, or modify data, files, or programs.
  • Users shall not attempt to circumvent security measures of the University or other users.
  • Primary use of all labs is for academic and educational purposes. Users must be respectful of this in behavior.
  • Users shall report any malfunction, or concern to the Help Desk as posted in the lab.
  • Users shall report any violation of policy to the Chief Information Officer.

Privacy

When University information systems are functioning properly, a user can expect the files and data he/she generates to be private information, unless the creator of the file or data takes action to reveal it to others. However, users should be aware that no information system is 100% secure. Persons within and outside of the University may find ways to access files. ACCORDINGLY, THE UNIVERSITY CANNOT AND DOES NOT GUARANTEE USER PRIVACY, and users should be continuously aware of this fact.

Users should be aware that on occasion duly authorized Information Technology personnel have authority to access individual user files or data in the process of performing repair or maintenance of computing equipment and systems. This may include the testing of systems in order to ensure adequate storage capacity and performance for University needs. Information Technology personnel performing repair or maintenance of computing equipment are prohibited by law from exceeding their authority of access for repair and maintenance purposes or from making any use of individual user files or data for any purpose other than repair or maintenance services performed by them.

Email

All policies stated herein are applicable to email. Users should never assume that no one other than the addressee would read the message(s). Users should also be cautious about attachments and broad publication of messages. Copyright laws and license agreements also apply to email.

Web Pages

All University web pages shall be designed in accordance with established regulations and guidelines as maintained by the Marketing Department. Creators of all web pages using University information systems shall comply with University policies and are responsible for complying with all local, state and federal laws and regulations, including but not limited to, copyright, obscenity, libel, slander and defamation laws.

Creators of a web page are responsible for the content of the page, including but not limited to accuracy of the information. Content should be reviewed on a timely basis to assure continued accuracy. Web pages should include a contact (phone number, address, or email) of the person to whom questions/comments may be addressed, as well as the most recent revision date. For further details, please contact the Marketing Department.

Institutional Data

Institutional data is information that supports the mission of Lenoir-Rhyne University. Institutional data is considered a vital asset and is owned by the University. Due to the essential nature of institutional data, its quality and security must be ensured to comply with legal, regulatory, and administrative requirements. Authorization to access institutional data varies according to its sensitivity. This policy sets forth the university’s standards with regard to the handling and storing institutional data.

Definitions:

  • Archival/Storage: The act of physically or electronically moving inactive or other records to a storage location until the record retention requirements are met or until the records are needed again.
  • Institutional Data: Information that supports the mission of Lenoir Rhyne University.
  • Personally Identifiable Information (PII) or Sensitive Data: Data requiring the highest level of protection including, but not limited to, data protected by law, data protected by legal contracts, or security related data. It also includes data that is not open to public examination because it contains information which, if disclosed, could cause severe reputation, monetary or legal damage to individuals or the college or compromise public activities. Examples include: passwords, intellectual property, on-going legal investigations, medical or grades information protected by FERPA or HIPAA, social security numbers, people code ID’s, birth dates, professional research, graduate student work, bank or credit card account numbers, income and credit history.
  • Restricted Data: Data whose access is restricted by federal or state statute (i.e. HIPPA, FERPA). For purposes of this policy, restricted data is a subset of PII data.

Archival/Storage Procedures

  • Enterprise Resource Programs (ERP): The system(s) that maintain enterprise-wide institutional data that is considered PII and requires the greatest security. At all times, personnel should use internal identifiers in lieu of social security numbers. These systems include but are not limited to: PowerCAMPUS, PowerFAIDS, and Dynamics. The ERP is backed up nightly to a back-up server that is also backed up nightly. The data is being backed up but not the entire database structure. OIT will be able to restore the data after the replacement and build of a new database server.
  • Electronic Mail (E-Mail): The E-mail system is a delivery system for electronic communication and is treated as Institutional Information. E-Mail is backed up nightly and moved to a Storage Area Network that is backed up weekly to a server in a secondary data center. The mailbox stores are being backed up but not the entire Exchange environment. OIT will be able to restore the data after the replacement and building of a new Exchange server.
  • File Servers: The servers used to store all non-ERP related information that is vital to the mission of the University. The File Server is backed up nightly to a server in a secondary data center.

Access Controls

  • Only authorized users may access, or attempt to access, sensitive information.
  • Authorization for access to sensitive data comes from the appropriate Vice President or department head, and is made in conjunction with an authorization form which is found on the login screen to PowerCAMPUS.
  • Where access to sensitive data has been authorized, use of such data shall be limited to the purpose required to perform university business.
  • Users will respect the confidentiality and privacy of individuals whose records they access, observe ethical restrictions that apply to the information they access, and abide by applicable laws and policies with respect to accessing, using, or disclosing information.
  • Notification of a user’s termination or removal of authorized access to electronic sensitive information must be conveyed immediately to the Office of Information Technology (OIT). The Office of Public Safety must be notified to remove physical access to offices containing sensitive information.

Data Transfer of Personally Identifiable information (PII)

  • PII should not be transmitted through electronic messaging even to other authorized users unless security methods, such as encryption, are employed.
  • PII must not be transferred by any method to persons who are not authorized to access that information. Users must ensure that adequate security measures are in place at each destination when sensitive data is transferred from one location to another.
  • PII must not be taken off campus unless the user is authorized to do so, and only if encryption or other approved security precautions have been applied to protect that information.
  • Physical protection from theft, loss, or damage must be utilized for mobile devices that can be easily moved such as a PDA, flash drive, thumb drive or laptop.

Data Storage of PII

  • Physical protection must be employed for all devices storing PII. This shall include physical controls that limit physical access and viewing, if open to public view. When not directly in use, office, lab, and suite doors must be locked and any easily transportable devices should be secured in locked cabinets or drawers.
  • Users of laptop and other mobile computing devices need to be particularly vigilant and take appropriate steps to ensure the physical security of mobile devices at all times, but particularly when traveling or working away from the University.
  • It is strongly recommended that institutional data not be stored on PCs or other systems in offices or laboratories. Institutional data (including word documents, spreadsheets and Access databases) that is created on a PC or similar system should be stored on a networked server managed by OIT.
  • Individual desktop machines are not being backed up by OIT.

Data Retention and Disposal

This will be the responsibility of each Vice President, Department Head or designee to determine for each department, school or college at Lenoir-Rhyne University.

Modification and Notification

This policy may be modified at any time in accordance with existing University practice and policy. Notification of this policy and any modification shall be through established University channels of policy information. Logging on to the University’s network constitutes acceptance of the policies, procedures, and sanctions herein.

Application and Enforcement

This policy applies to all administrative and educational areas of the University. This policy applies to all employees and students of the University. This policy applies to anyone including guests of the university who access the University’s network (both wired and wireless) as well as any university owned computer.

Judicial Process for Cases of Alleged Misuse of Computing Resources

If there is a preponderance of evidence that intentional or malicious misuse of computing resources has occurred, and if that evidence points to the computing activities or the computer files of an individual, OIT has the obligation to pursue any or all of the following steps to protect the user community:

  • Take action to protect the systems and data from damage.
  • Refer the matter for processing through the appropriate University judicial system.
  • Suspend or restrict the alleged abuser’s computing privileges during the investigation and judicial processing. A user may appeal.
  • Inspect the alleged abuser’s files.
  • Disciplinary sanctions may include suspension, expulsion, or termination.