South Plains College

Information Services (SPC-IS)

 

Acceptable Use Policy: I-B

 

PURPOSE:

The information technology resources at South Plains College (SPC) support the college's educational, instructional, research, and administrative activities. Members of the SPC community are privileged to use these resources. Users of these services and facilities might have access to valuable College resources, sensitive data, and internal and external networks. Consequently, it is important to behave responsibly, ethically, and legally.

 

In general, acceptable use means respecting other computer users' rights, the integrity of physical facilities, and all pertinent license and contractual agreements. If an individual is found to violate the Acceptable Use Policy, the College will take disciplinary action, up to and including suspension or termination of employment. Individuals are also subject to federal, state, and local laws governing interactions on SPC information technology resources.

 

This document establishes specific requirements for using all computing and network resources at South Plains College. (See Texas Administrative Code, Title 1, Part 10, Chapter 202, Subchapter C (TAC§202), Texas Higher Education Coordinating Board, and NIST 800-53 standards)

 

SCOPE:

The SPC Acceptable Use policy applies equally to all individuals utilizing SPC information technology resources (e.g., full-time and part-time employees, students, retirees, agents, consultants, contractors, volunteers, vendors, temps, guests, etc.).

 

Information technology resources include all college-owned, licensed, or managed hardware and software and the use of the college network via a physical or wireless connection, regardless of the ownership of the computer or device connected to the network.

 

RIGHTS AND RESPONSIBILITIES:

As college community members, users are provided with scholarly or work-related tools, including access to the library, specific computer systems, servers, software, databases, campus telephone and voice mail systems, electronic mail resources, and the Internet. There is a reasonable expectation of unobstructed use of these tools, certain degrees of privacy (which may vary depending on whether the user is a College employee or a registered student), and protection from abuse and intrusion by others sharing these resources.

 

In turn, users are responsible for knowing the college's regulations and policies regarding the appropriate use of its technologies and resources and exercising good judgment in using its technological and information resources. Just because an action is technically possible does not mean it is appropriate to perform it.

 

Users are representatives of the SPC community and are expected to respect the College's good name in electronic dealings with those outside the College.

 

PRIVACY:

All users of College networks and systems should remember that all usage of information technology resources can be recorded and is the property of SPC. Such information is subject to the Texas Public Information Act and the laws applicable to college records retention. Employees have no right to privacy concerning the use of college-owned resources. SPC management has the ability and right to view employees’ usage patterns and take action to ensure that College resources are devoted to authorized activities.

 

Electronic files created, sent, received, or stored on SPC information technology resources that are owned, leased, administered, or otherwise under the custody and control of SPC are not private. They may be accessed by authorized personnel following the provisions and safeguards provided in the Texas Administrative Code 1 TAC§202 (Information Security Standards).

 

ACCEPTABLE USE:

The SPC network supports research, education, and administrative activities by providing access to computing resources and collaborative work opportunities.

Primary use of the SPC network must be consistent with this purpose.

 

Access to the SPC network from any device must adhere to all the same policies that apply to use from within SPC facilities.

 

  1. Users may use only SPC information technology resources for which they are authorized.
  2. Users are individually responsible for the appropriate use of all resources assigned to them, including the computer, the network address or port, software, and hardware, and are accountable to the College for all such use.
  3. Authorized users of South Plains College resources may not enable unauthorized users to access the network. The College is bound by its contractual and license agreements respecting specific third-party resources; users must comply with all such agreements when using SPC information technology resources.
  4. Users should secure resources against unauthorized use or access, including SPC accounts, passwords, Personal Identification Numbers (PIN), Security Tokens (e.g., Smartcard), or similar information or devices used for identification and authorization purposes.
  5. Users must report shareware or freeware installed on SPC-owned equipment unless it is on the approved software list on MySPC. When installed, software must be reported to the SPC-IS Service Desk via email.
  6. Users must not attempt to access SPC information technology resources without appropriate authorization from the system owner or administrator.

 

 

 

 

RESTRICTIONS:

All individuals are accountable for their actions relating to SPC information technology resources.  Direct violations include the following:

 

  1. Interfering or altering the integrity of SPC information technology resources by:
    1. Impersonating other individuals in communication.
    2. Attempting to capture or crack passwords or encryption.
    3. Unauthorized access, destruction, or alteration of data or programs belonging to other users.
    4. Excessive use for personal purposes, meaning use that exceeds incidental use as determined by supervisor; or,
    5. Use for illegal purposes, including but not necessarily limited to violation of federal or state criminal laws.
  2. Allowing family members or other unauthorized persons to access SPC information technology resources.
  3. Activities that would jeopardize the College's tax-exempt status.
  4. Using SPC information technology resources for political gain.
  5. Using SPC information technology resources to threaten or harass others in violation of College policies.
  6. Intentionally accessing, creating, storing, or transmitting material that SPC may deem to be offensive, indecent, or obscene (other than in the course of academic research or authorized administrative duties where this aspect of the study or work has the explicit approval of the SPC official processes for dealing with academic ethical issues).
  7. Not reporting any weaknesses in SPC information technology resources security or any incidents of possible misuse or violation of this agreement by contacting the Information Security Officer.
  8. Attempting to access any data or programs on SPC information technology resources for which authorization has not been given.
  9. Making unauthorized copies of copyrighted material.
  10. Degrading the performance of SPC information technology services; depriving an authorized SPC user access to an SPC information technology resource; obtaining extra information technology resources beyond those allocated; or circumventing SPC security measures.
  11. Downloading, installing, or running security programs or utilities that reveal or exploit system security weaknesses. For example, SPC users must not run password-cracking programs, packet sniffers, port scanners, or other non-approved programs on SPC information technology services.
  12. Engaging in acts against the aims and purposes of SPC as specified in its governing documents or in rules, regulations, and procedures as adopted by SPC.

 

 

Occasional and Incidental Personal Use

Occasional, incidental, and necessary personal use of IT resources is permitted, provided such use is otherwise consistent with this policy, is limited in amount and duration, and does not impede the ability of the individual or other users to fulfill the SPC’s responsibilities and duties, including but not limited to extensive bandwidth, resource, or storage utilization. Exercising good judgment regarding occasional and incidental personal use is essential.  SPC may revoke or restrict this privilege at any time.

 

Individual Accountability

Individual accountability is required when accessing all IT resources and SPC information.  All faculty, staff, and students are responsible for protecting against unauthorized activities performed under their user ID.  This includes locking your computer screen when you walk away and safeguarding your credentials (e.g., passwords, tokens, or similar technology) from unauthorized disclosure.  Credentials must be treated as confidential and not disclosed or shared.

 

Restrictions on Off-Site Transmission and Storage of Information

Users must not transmit restricted SPC, non-public, personal, private, sensitive, or confidential information to or from personal email accounts (e.g., Gmail, Hotmail, Yahoo) or use a personal email account to conduct the SPC business unless explicitly authorized. Users must not store restricted SPC, non-public, personal, private, sensitive, or confidential information on a non-SPC-issued device or with a third-party file storage service that the SPC-IS has not approved for such storage. 

Devices containing SPC information must always be attended to or physically secured and must not be checked in transportation carrier luggage systems.

 

User Responsibility for IT Equipment

Users are routinely assigned or given access to IT equipment in connection with their official duties.  This equipment belongs to SPC and must be immediately returned upon request or when an employee is separated from the organization.  Users may be financially responsible for the value of equipment assigned to their care if it is not returned to the organization.  Should IT equipment be lost, stolen, or destroyed, users must provide a written report of the incident's circumstances.  Users may be subject to disciplinary action, which may include repayment of the replacement value of the equipment. SPC cannot issue or re-issue IT devices and equipment to users who repeatedly lose or damage IT equipment.

 

Use of Social Media

The use of public social media sites to promote organizational activities requires written pre-approval from the Public Information Office (PIO). Approval is at the PIO's discretion and may be granted upon demonstration of a business need and review and approval of service agreement terms by SPC’s Counsel’s Office. Final approval by the PIO should define the scope of the approved activity, including, but not limited to, identifying approved users.

Unless expressly authorized, using SPC email addresses on public social media sites is prohibited. In instances where users access social media sites on their own time utilizing personal resources, they must remain sensitive to expectations that they will conduct themselves responsibly, professionally, and securely regarding references to SPC and staff. These expectations are outlined below.

  1. Use of Social Media within the Scope of Official Duties

The PIO, or designee, must review and approve the content of any posting of public information, such as blog comments, tweets, video files, or streams, to social media sites on behalf of the organization. However, PIO approval is not required for postings to public forums for technical support if participation in such forums is within the scope of the user’s official duties, has been previously approved by his or her supervisor, and does not include the posting of any sensitive information, including specifics of the IT infrastructure. In addition, PIO approval is not required for postings to private, SPC-approved social media collaboration sites (e.g., Yammer).  Blanket approvals may be granted as appropriate.

Accounts used to manage the SPC social media presence are privileged and must be treated as such. They are for official use only and must not be used for personal use. Passwords for privileged accounts must follow information security standards, be unique on each site, and not be the same as passwords used to access other IT resources.

  1. Guidelines for Personal Use of Social Media

Staff should be sensitive to the fact that information posted on social media sites clearly reflects on the individual and may also reflect on the individual’s professional life. Consequently, faculty and staff should use discretion when posting information on these sites and be conscious of the potential perceptions of and responses to the information. It is important to remember that once information is posted on a social media site, it can be captured and used in ways not originally intended. It is nearly impossible to retract, as it often lives on in copies, archives, backups, and memory cache.

Users should respect the privacy of the SPC staff, faculty, and students and not post any identifying information without permission (including, but not limited to, names, addresses, photos, videos, email addresses, and phone numbers). Users may be held liable for comments posted on social media sites. The Federal Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) applies to student information disclosure, including on social media.

A disclaimer is strongly recommended if a personal email, posting, or other electronic message could be construed as an official communication. A disclaimer might be: “The views and opinions expressed are those of the author and do not necessarily reflect those of South Plains College.”

Users should not use their personal social media accounts for official business unless authorized explicitly by the SPC PIO. Users are strongly discouraged from using the same passwords for social media sites as those used on SPC devices and IT resources to prevent unauthorized access to resources if the password is compromised.

 

 

 

 

 

Compliance

This policy shall take effect upon publication. Compliance with all enterprise policies and standards is expected, and policies and standards may be amended at any time.

If compliance with this standard is not feasible or technically possible, or if a deviation from this policy is necessary to support a business function, entities shall request an exception through the Information Security Officer’s exception process.

 

Related Documents:

1 TAC § 202.75

 

Internal Revenue Service Publication 1075: Tax Information Security Guidelines for Federal, State and Local Agencies

An index of approved SPC-IS policies can be found on the SPC Policies website at http://www.southplainscollege.edu/human_resources/policy_procedure/?%20.  The SPC Information Security Program and SPC Information Security User Guide are also available on the Information Technology Services Policies website.

 

Texas Security Controls Standards Catalog Control Group: PL4, PM3, PM10, PS6

 

NIST Function Groups: ID.AM-1, ID.AM-2. ID.

Section A: District Legal Status, History and Purpose

AA. College District Legal Status and History (BP)
AB. College Name (BP)
AC. System of Governance (BP)
AD. College District Geographic Boundaries and Service Area (BP)
AE. Educational Role and Mission, Purpose and Responsibility (BP)
AF. Vision Statement and Organizational Values

Section B: Governance, Executive Functions and Organization

BA.   Purpose, Powers and Responsibilities of the Board
BAB. Specific Duties of the Board (BL)
BAC. Rights and Responsibilities of the Board (BL)
BB.   Eligibility and Qualifications for Serving on the Board of Regents (BL)
BBA. Election of Board Members (BL)
BBB. Orientation and Professional Development of Board Members (BL)
BBC. Election of Board Officers (BL)
BBD. Duties of the Chairman of the Board (BL)
BBE. Duties of the Vice Chairman (BL)
BBF. Duties of the Secretary (BL)
BC.   Regular Board Meetings (BL)
BCA. Special Meetings (BL)
BCB. Official Business at Regular and Special Meetings (BL)
BCC. Quorum Necessary for Transaction of Business (BL)
BCD. Order of Business (BL)
BCE. Rules of Order (BL)
BCF. Public Participation (BL)
BCG. Board Self Evaluation
BD.   Board Committees (BL)
BE.   Conventions, Conferences and Workshops (BP)
BF.   Policy and By-Law Development (BP)
BFA. Amendments to the By-Laws (BL)
BG.  Board Member Statement of Ethics
BGA. Standards of Conduct and Conflict of Interest
BGAA. Conflict of Interest Disclosure
BGB. Code of Ethics (BP)
BH.  Board Vacancies
BHA. Removal from Office
BI.   Employment of the College President (BL)
BIA. Qualifications of the President (BP)
BIB. The College President as the Executive Officer (BP)
BIC. Evaluation of the President (BP)
BID. Administrative Organization Plan (BP)
BIDA. College Organizational Chart (PDF file opens with Acrobat Reader, 380kb)
BIE. Administrative Rules and Regulations (BP)
BIF. Planning and Institutional Effectiveness (BP)
BJA. Employment of Independent Auditor (BP)
BJB. Employment of College Attorney (BP)
BJC. Selection of Chief Tax Officials (BP)
BK. Relationship between South Plains College and the South Plains College Foundation, Inc. (BP)
BKA. Foundation Administration and Investment of Funds (BP)
BKB. Use of Employees or Property of the College by the Foundation (BP)
BKC. Officer/Director of the College (BP)
BKD. Acceptance of Gifts by the College (BP)
BL. Accreditation (BP)
BLA. Substantive Change

Executive Officers of the College
BMA. Vice President for Academic Affairs
BMB. Vice President for Student Affairs
BMC. Vice President for Business Affairs
BMD. Vice President for Institutional Advancement
Instructional Deans of the College
BME. Dean of Arts and Sciences
BMF. Dean of Health Sciences
BMG. Dean of Technical Education
BMH. Dean of Dual Credit & Early College Programs
Student Services Deans of the College
BMI. Dean of Enrollment Services
BMJ. Dean of Students
BMK. Associate Dean of Students
BN.   Executive Council
BO.  Administrative Council
BP.  Advisory Board By-Laws
BQ. Technical Advisory Committee By-Laws

Section C: Business Services

CA. The College Budget (BP)
CB. Purchase of Supplies and Equipment for the College (BP)
CBA. Purchasing Operating Policy
CBB-E. Price Quote/Bid Certificate
CBC. Food Purchase Policy
CBE. Procurement Card Policy
CBF. Computer and Electronic Device Aquisition Policy
CC. Service and Repair of College Equipment
CD. Use of College Facilities
See Policy GD Use of College Facilities, Including Athletic and Recreational Facilities (BP)
CE. Monthly Salary Payments
See Policy DR Compensation Schedule and Options (BP)
CF. Removal of College Property from Campus
See Policy GDB Loan or Rental of College-Owned Equipment and Tools (BP)
CG. Travel Policies and Procedures
CGC-E. Travel Report-Technical Division
CGD. Vehicle and Bus Driver Policy
CGE. Travel Card Guide
CH. Joint Property Rights
CI. Telephone/Voice Mail Use
CIA. Guidelines for Setting up Voice Mail
CI.28 Privacy Policy
CI.28.1 Web Site Privacy
CI.28.2 Merchant Card Policy
CJ. Technology Acceptable Use Policy
CJ-E. E-mail Application
CJA. Electronic Messaging (all@SPC) Policy
CK. College Depository
CL. Disposal of Property
CM. Records Management Program
CMA. Records Management Schedule
CMB. Records Management of Deceased Person
CN. Internal Audits
CO. Collection of College Funds
CP. Inventory of College Equipment
CQ. Investment Management (BP)
CR. Architectural Styling, Naming of Buildings and Plaques
CRA. Naming of Buildings and College Property
CS. Financial Management of Grant Funds

Section D: Personnel

DA. Affirmative Action Plan (BP)
DAA. Americans with Disabilities Act
DB. Non-Discrimination Policy (BP)
DBA. Protection of Rights and Development
DBC. Conflict of Interest Policy
DBC-E. Disclosure Form
DBD. Intellectual Property Policy
DBDA. Student Intellectual Property Rights
DBE.  Copyright/Patent Fair Use Policy
DC. Grievance Procedure
DD. Replaced by DDA
DDA. Sexual Harassment Policy
DDB. Racial Harassment Policy
DDC. Due Process (Dismissal/Non-Renewal)
DDD. Corrective Action
DDE. Employee Conduct and Work Rules
DDEA. Smoking in the Workplace (See Policy GF)
DDF. Personal Appearance
DDG. Workplace Violence/Firearms (See Policy HHA)
DE. Substance Abuse Policy
DEA. Substance Abuse Program Implementation
DF. Employment Procedures
DFA-E. Personnel Requisition
DFB-E. Personnel Action Form
DFD-E. Affirmative Action Letter
DFE-E. Employment Application
DFEA-E. Supplement to Professional Application
DFF-E. Approval Notice and Status Change Notice
DFG-E. Application for Classified Positions
DFH-E. Part-Time Teaching Applicants
DFJ. Nepotism (BP)
DFK-E. Oath of Office Form
DFL. Definitions of Employment Status
DGA. Personnel Records and Privacy
DH. Employee Benefits Plan (BP)
DHA. Employee Benefits Program
DHAA. Sick Leave
DHB. Worker Compensation and Sick Leave
DHBA. Maintaining a Safe Work Environment
DHBB. Accident/Injury Reports
DHC. Disability Policy (BP)
DHDA. Family and Medical Leave of Absence
DHDA-E. FLMA Checklist
DHE. Personal Leave
DHF. Bereavement Leave
DHG. Professional Development Travel (BP)
DHGA. Professional Leave Approval
DHH. Professional Development Leave, Faculty (See Section 5.4 of Faculty Handbook)
DHI. Leave of Absence (BP)
DHJ. Military Leave (BP)
DHK. Vacations
DHL. Jury Duty
DHM. Group Insurance
DHN. Tax Sheltered Annuity
DHNA. South Plains College Pension Trust Fund
DHOA. Payroll Deduction
DHP. Definitions of Payroll/Personnel Actions
DI. Retirement Policies
DIA. Texas Teacher Retirement System
DIB. Optional Retirement Program (BP)
DIC. Medical Benefits Following Retirement
DID. Retirement Recognition
DIDA-E. Retirement Award
DIE. Retiree use of College Facilities
DL. Outside Employment of Faculty and Staff (BP)
DM. University Interscholastic League (UIL) Assignments and Responsibilities
DN. Parking Regulations
DO. Facility Access
DOA-E. South Plains College Key Request Form
DP. Building Security
DQ. Personnel Classifications
DQA. Employee Handbook, General
DQG. Handbook Supplement, Classified Part-Time (Class A)
DQH. Handbook Supplement, Classified Part-Time (Class B)
DQI. Handbook Supplement, Classified Full-Time (Class C)
DQJ. Handbook Supplement,  Maintenance and Custodial Personnel
DQK. Handbook Supplement, Police Officers
DQL. Handbook Supplement, Dorm Supervisor
DR. Compensation Schedule and Options (BP)
DRA. Salary Increases and Supplements (BP)
DRB. Holidays
DRC. Supplemental Pay Procedure for Exempt Employees
DRC-E. Exempt Employee Supplemental Pay Form
DTA. Evaluations- Administrators and Supervisors
DTA-E. Administrators and Supervisors Process Form
DTB. Faculty (See Section 3.4 Evaluation, Faculty Handbook)
DTC. Administrative Assistants and Clerks
DTC-E1. Personnel Assessment Process Form
DTC-E2. Physical Plant Personnel Performance Evaluation
DUA. Employee Service Awards
DXA. Exit Interviews
DXA-E. Employee Exit Interview Form
DY. Food and Drinks in Classrooms and Laboratories
DZ. Solicitation and Distribution

Section E: Faculty and Instruction

EA. Academic Freedom and Tenure (BP)
EB. Curriculum and Courses of Study (BP)
EC. Bible Instruction (BP)
ED. Honorary Degrees (BP)
EE. Faculty Handbook (BP)
EEA. Online Faculty Handbook

Section F: Student Information

FA. Admission to the College (BP)
FAA. Admission of International Students (BP)
FAB. Degree Limitation Statement
FAC. Academic Appeals Procedure
FAD. Student Records
FADA. Student Identification Number
FADB. Student Identity Verification
FB. Student Clubs and Organizations (BP)
FBA. Student Activities
FBAA. Calendar of Student Events
FBAB. Posting of Announcements and Signs
FBC. Student Newspaper (BP)
FBCA. Editorial and Advertising, Student Publications
FBD. On-Campus Speakers (BP)
FC. Intercollegiate Athletics (BP)
FCA. College Mascot (BP)
FCB. College Colors (BP)
FD. In-District Tuition (BP)
FDA. Waiver of Nonresident Tuition (BP)
FE. Travel by Student Groups
FF. Student Conduct and Discipline
FG. Student Substance Abuse Policy
FH. Sexual Harassment Policy
FI. Campus Assessment, Response and Evaluation (CARE) Team
FJ. Freedom of Expression Policy
FM. Student Grievance Procedure
FN. Compulsory Insurance for Students (BP)
FNA. Health Services
FO. Student Housing Policy (BP)
FOA. Student Housing Policy
FOB. Temporary Housing Assistance for Certain Students
FOC. Residential Housing Missing Student Notification Policy and 
         Procedures
FP. Services for Students with Disabilities
FQ. Annual Public Notice
FR. Student Financial Aid
FS. Student Counseling Center
FT. Learning Resources
FW. Texas Success Initiative (TSI)
FX. Student Correspondence Policy (Student E-Mail)
FY. Absences for Military on Active Duty
FZ. Student Death 
FZA. Student Death Protocol

Section G: Community and Government Relations

GA. Media Relations
GC. Publications and Printing Policy
GD. Use of College Facilities, Including Athletic and Recreational Facilities (BP)
GDA. Use of Facilities in Time of Disaster (BP)
GBD. Loan or Rental of College-Owned Equipment and Tools
GDC. Facility Rental Policies
GE. Use of College Food Service (BP)
GF. Smoke Free Environment
GG. Communicable Disease Policy
GH. Senior Citizens Benefits
GI. Public Complaints and Hearings (BP)
GN. Camp Programs for Minors

Section H: Support Services

HA. Library
HB. Marketing and Communications
HBA. Planning Guide for Printing, Publications, and Web Pages
HBB. College Business Cards
HC. Continuing Education
HD. Administrative Computer Center
HE. Bookstore
HF. College Post Office
HG. Maintenance/Custodial Services
HH. Campus Security
HHA. Workplace Violence and Unauthorized Weapons
HHB. Annual Disclosure of Crime Statistics
HHC. Concealed Carry of Handguns on Campus
HHD. Campus Security Camera Acceptable Use
HHE.  Campus Security Authorities (CSA)
HHF. Violent Intrusion/Action Defense Preparations
HHG. Mass Communication
HHH. Safety Program Emergency Plans and Alerts
HI. Health/Wellness Services-Levelland Campus
HJ. Food Service-Levelland Campus
HK. Severe Weather Procedures
HL. Copy Center and Reproduction Procedures
HM. College Vehicles
HN. College Web Site Policy
HO. College Stationery Policy
HP. College Logos
HQ. Photography Service
HR. Office of Human Resources
HS. Office of Development
HSA. Fundraising, Solicitation and Grant Writing
HSA-E. Fundraising Activity Approval Form
HSAA. Acceptance of Non-Cash Gifts
HSAA-E. Non-Cash Gift Acceptance Form
HT. New Student Relations
HU. Financial Aid Lender Relations Institutional Code of Conduct

Section I: Information Services

IA. Policy Compliance
IB. User Accounts Management Policy
IB-A. Data Security Risk Management
IB-B.Data-Classification-Standard
IB-C. Encryption-Standard
IC. Acceptable Use Policy
ID. Access Control Policy
ID-A. Account Management Access Control
ID-B. MFA Policy
ID-C. Auditing and Accountability 
ID-D. Security Logging Standard
ID-E. Remote Access Standard
ID-F. Wireless Network Security
IE. Secure-System-Development
IE-A. Configuration Management
IE-B. Patch Management Policy
IE-C. Secure Configuration Standard
IE-D. Vulnerability Scanning
IE-E. Sanitization Secure Disposal
IE-F. Secure Coding Standard
IF. Incidnet Response Policy
IF-A. Cyber Incident Response
IG. Security Awareness and Training
IH. Physical and Environmental Protection