Acceptable Use Policy for Computer & Network Practices
I. General Principles
a. This code governs the use of computers, network equipment, servers, accounts, printers, and any other device attached to the Ozarks network and not just those owned by the University of the Ozarks, hereafter referred to as “Information Technology (I.T.) resources. The University owned I.T. resources are provided to University students, faculty, and staff in support of our mission.
b. While the University is committed to intellectual and academic freedom, individuals who use the University’s I. T. resources do so with the understanding that this use is a privilege and with it come certain responsibilities. Use of I.T. resources must always be legal and ethical, reflect academic honesty, and show restraint in the consumption of shared resources. It should demonstrate respect for intellectual property, ownership of data, system security mechanisms, the right to personal privacy and the right of individuals to freedom from intimidation and harassment. Any use of I. T. resources in violation of the regulations set forth in this code will be treated as “misconduct” pursuant to University policies and procedures.
c. The use of University I.T. resources is subject to all existing federal and state laws, including but not limited to laws and regulations specific to computers and networks, and to those that apply generally to individual conduct.
II. Administration of I. T. resources
a. The University of the Ozarks reserves the right to authorize, limit, deny and control access to its I.T. resources and has assigned the responsibility and the authority for administering those resources to the Department of Computer Services Systems Administrators.
b. A system administrator is any person designated to maintain, manage, monitor and provide security for I.T. resources.
c. Persons not authorized to act in System Administrator capacity in the University are prohibited from collecting information or making configuration changes to any I.T. resource.
III. Education Records, Medical Records and Personnel Records
a. Records containing information directly related to a student, containing medical information about students and employees, or containing personnel information of students and employees are confidential and protected from public disclosure.
b. No person shall access any such records maintained in an electronic format or disclose or distribute their contents in a manner inconsistent with federal and state law or University regulations.
IV. Privacy of Electronic Files and Communications
a. While reasonable consideration will be given to privacy, all information and data, including but not limited to e-mail messages, placed on any I.T. resource is University property.
b. No expectations of privacy exist under the following conditions:
1. University officials are presented by law enforcement officials with
what appears to be a valid search warrant or court order.
2. There exists an emergency situation in which the physical safety and/or
well being of person(s) may be affected or University property may be
damaged or destroyed or authorized data may be lost or destroyed.
3. There exist reasonable grounds to believe that a violation of law or
University policy is occurring or has occurred.
4. Access is necessary for maintenance of University-owned I.T. resources;
to maintain the integrity of the University’s I.T. resources; or
to protect the rights or property of the University or other users.
c. Responsibility for authorizing access hereunder rests with the System Administrator, the University President or the Director of Computer Services.
V. Acceptable Use of I. T. resources
a. This section establishes rules for the benefit of all users and encourages responsible use of I.T. resources. The rules of conduct include, but are not limited to those listed below:
1. No one shall (a) connect with or otherwise use any University I.T. resource without proper authorization; (b) engage in, assist in, encourage, or fail to disclose or conceal any unauthorized use, or attempted unauthorized use, of any University I.T. resource; or (c) misrepresent his or her identity or relationship to the University to obtain access to or while using I. T. resources. Users are responsible for the use of their computer accounts and shall not allow others access to their accounts, through sharing passwords or otherwise. Users shall promptly report any unauthorized use of their account or password to the University System Administrator.
2. University I. T. resources shall not be used for personal gain or for the benefit of organizations not related to the University, without the prior written approval of the Director of Computer Services.
3. No one shall (a) knowingly endanger or compromise the security of any University I.T. resource or attempt to discover or break any security codes applicable to any University I.T. resource; (b) willfully interfere with another’s computer usage; (c) attempt to circumvent data protection schemes, uncover security loopholes, or decrypt secure data; (d) modify, reconfigure or attempt to modify or reconfigure any software or hardware of any University I.T. resource or network facility in any way, unless specific authorization has been obtained from the Director of Computer Services; (e) use University I.T. resources to attempt unauthorized access to or use of any computer or network facility, no matter where located, or (f) intentionally waste, overload or misuse I.T. resources.
4. No one shall knowingly or with recklessness create, run, install, or distribute a computer virus, worm, Trojan Horse, destructive or disruptive program, e-mail, or any other data via any University I.T. resource or knowingly permit anyone else to do so.
5. No one shall copy, install, use, store or distribute through University I.T. resources any information in violation of U.S. copyright, trademark, or patent laws or applicable licensing agreements. It is the user’s responsibility to become familiar with the terms and requirements of any such laws or agreements. Illegal reproduction of software and other intellectual property may result in civil and criminal sanctions as well as disciplinary action by University officials.
6. No one shall use the University’s I.T. resources to (a) annoy, harass, threaten, intimidate, terrify, or offend another person; (b) repeatedly contact another person which annoys or harasses, whether or not any actual message is communicated, if the recipient has expressed a desire for the contact to cease; (c) repeatedly contact another person regarding a matter for which one does not have legal right to communicate (such as debt collection), once the recipient has provided reasonable notice that he or she desires such contact to cease; (d) disrupt or damage the academic, research, administrative, or related pursuits of another person; or (e) invade the privacy, academic or otherwise, of another person or threaten such an invasion. Users assume full responsibility for messages that they transmit through University I.T. resources, including, but not limited to, those they forward.
7. Users shall adhere to all University policies regarding use of e-mail and other electronic communications.
8. All personal computers and other devices which access University I. T. resources must be registered with Computer Services prior to using the University’s I.T. resources.
9. Unauthorized computer workgroups are prohibited.
10. Allowing access to the University I.T. resources to unauthorized people by any means is strictly prohibited.
11. All personal computers (and other devices, if applicable) must have up-to-date University approved virus software installed and operational prior to using I.T. resources. Users must keep virus software currently updated at all times. The University may withdraw approval of virus software, in the University’s sole discretion. If approval is withdrawn, users shall immediately, and in no event later than within five (5) calendar days, replace such software with approved software at user’s expense. If a user becomes aware or is alerted to the possibility of the existence of a virus, worm, Trojan Horse or other destructive or disruptive programs or data which is infecting or attempting to infect any University I.T. resource, the user shall immediately notify a Systems Administrator and the Director of Computer Services and shall take such steps as the user may be directed to prevent or minimize the impact of such virus, worm, Trojan Horse or other destructive or disruptive program or data to University I.T. resources.
12. University I.T. resources shall not be used to store, manipulate, calculate or analyze personal data or data for organizations not related to the University. The University and its agents, servants, and employees are not responsible for loss or corruption of data placed in the University I.T. system in violation of this policy.
13. It is a violation of University policy to forward data that violates this code using University I.T. resources, as well as to originate such data.
14. Unauthorized wireless network devices are not permitted. Users desiring to use wireless devices must have written approval from the Director of Computer Services prior to implementation.
15. Users must, without exception, modification or deviation, always use University designated security procedures and approved software while using University I.T. resources.
VI. Enforcement and Sanctions
a. Individuals designated as University Systems Administrators are responsible for protecting the system and its users from abuses of this code. Therefore, System Administrators may take any or all of the following actions:
1. Discuss the matter with the offending party.
2. Temporarily revoke or modify user account or network privileges.
3. Where other disciplinary measures have failed, when there are repeated offenses of this policy, or when the seriousness of the offense warrants, the Systems Administrator may permanently revoke user or network access, and/or refer the matter to the Director of Computer Services.
b. Because the systems administrator is tasked with maintaining the quality and integrity of the University network, he/she retains the right to disconnect any computer that is determined to be causing a detrimental effect on network operation. This includes, but is not limited to, computers found to be flooding the network with traffic, whether it be due to faulty hardware, software, etc., computers using more than their “fair-share” of bandwidth; computers using more than their “fair share” of access time for extended periods of time; computers containing materials determined to be in violation of federal or state laws; computers operating without proper virus software in violation of University security procedures; and computers operating with software not compatible with University software. Every effort will be made to notify the owner of the computer prior to action being taken, but the Systems Administrator has the right to take whatever means necessary to eliminate the threat to network integrity, up to and including entering the computer owner’s room and physically unhooking the network cables without notice. In the event that such drastic measures become necessary, the Systems Administrator will make every effort to protect the privacy of all parties involved. The Systems Administrator will refer offenses to the Director of Computer Services.
c. In addition to the provision of Article VI(a) and (b), any violation of this code is misconduct for purpose of the student code of conduct and University personnel policies and offenders may be punished accordingly. Any offense that violates local, state, or federal laws may result in the immediate loss of all University computing and network privileges and will be referred to the appropriate University official and/or law enforcement agencies for disciplinary action.
d. Appeals for Sanctions
1. Students against whom action is taken for non-compliance with this code have the right to appeal to the Student Government Association, which will act as an impartial mediator. The decision of the SGA, when approved by the University President, will be considered final.
2. Faculty against whom action is taken for non-compliance with this code shall follow the grievance procedure outlined in the Faculty Handbook. Administrative, professional and support staff members against whom action is taken for non-compliance with policy code shall follow the grievance procedure set forth in the appropriate handbook.
VII. Amendments
a. The University reserves the right to amend this code at any time. Any such amendment shall be effective upon the posting of such amendment on the University’s website. Any person using University I.T. resources is deemed to have accepted all provisions contained in this code and any policies that the University may adopt to supplement or explain this code.
VIII. Effective Date
a. This code becomes effective August 18, 2003. (Revised June 2005)
