2.22 Use of Information Technology Resources
5 February 2016
Executive Director, Gallaudet Technology Services
This policy applies to all faculty, teachers, staff, and students (University and Clerc Center) in all offices and divisions of Gallaudet University and to all outside organizations or individuals requesting use of information technology (IT) resources.
The use of Gallaudet University computer resources, including access to databases and e-mail accounts, the data and voice networks and network connections, computer laboratory equipment, University owned or leased personal computers, laptops, tablets, pagers, mobile devices, servers, network control devices, printers, faxes, modems, and telephone equipment is limited to Gallaudet students, faculty, teachers, staff and the Board of Trustees. Others may be permitted the use of IT resources, if resources are available and if recommended to the Executive Director, Technology Services by the appropriate administrative officer; however, an annual fee is charged to the user or sponsor. Annual fees are determined by the CIO. For the purpose of this policy, students are considered those currently matriculating at the University in degree granting or certificate programs or enrolled at the Clerc Center. Student status is verified at the beginning and end of each enrollment period. Faculty, teachers, and staff include all those who are classified as regular and extended temporary status, and those who are considered part-time, short-term, or consultants with the approval of the unit administrator. All IT resources provided to employees with a temporary appointment are terminated upon expiration of the appointment and may be renewed if the employee is rehired. The accounts of others terminate when the individual separates from or is no longer affiliated with the University.
All connections to the University network must be authorized by Gallaudet Technology Services. Furthermore, all IT accounts and network addresses must be authorized by the department requesting connections. Individuals applying for IT resources must accept and abide by this policy and by other policies that Gallaudet Technology Services may apply to protect the University's ability to use IT resources to serve its core functions. Additional departmental policies developed by Gallaudet Technology Services may be enacted in emergency situations, provided they do not negate or contradict the intent of this policy. Any device that physically or logically connects to the University's data or telephone networks, or that utilizes a University computer or server or technology service owned or managed by the University, is subject to this policy, whether the particular piece of equipment is owned by the University, another entity, or an individual.
Gallaudet University - Gallaudet Technology Services (GTS) is committed to providing members of the University with reliable technology in stable operating condition. When establishing accounts, standard security principles of "least required access" to perform a function must always be used, where administratively feasible. An administrative privileged account must not be used when a non-privileged account will would suffice. However, if requested, GTS may grant temporary or extended local administrative privileges for individual machines depending on job function, need-to-know, and employment status.
There are two levels of access for university owned computers:
User - Default "least required access" level for all users; suitable to perform normal daily functions and assure the highest level of computer stability.
Administrator - Allows for unrestricted access on individual workstations including the ability to install hardware and software, edit the registry, manage default access accounts, and change file level permissions. Administrator access increases the potential for loss of data, violation of copyright laws, and other security compromises. This level of access is a privilege that is tightly controlled by GTS and carries certain inherent responsibilities, increased accountability, and risk of liability.
Requesting Administrative Privileges
Administrator access to an individual's workstation will only be granted in unique circumstances, for a limited period not to exceed one year, and if there are no other options available to address the specific request. Authorization is granted on a case-by-case basis at the discretion of the GTS executive director and information security officer; additionally, all approved administrative rights access requests will be reviewed for continued use by the executive director and information security officer on an annual basis, at a minimum. To request administrative privileges, create a Help Desk ticket requesting Administrative Privilege which includes a description and justification. GTS will review the request and forward the appropriate form for completion.
The following actions are prohibited on all University IT resources:
- Accessing, creating, transmitting, printing, or downloading material that is defamatory, offensive, obscene, fraudulent, harassing (including uninvited amorous, sexual messages), threatening, embarrassing, humiliating, incites violence, or contains slurs, epithets, or anything that may be reasonably construed as harassment or disparagement based on race, color, national origin, sex, sexual orientation, hearing status, age, disability, or religion or accessing, sending, receiving or soliciting sexually oriented messages or images or any other communication prohibited by law or other University policy. These restrictions are waived for legitimate academic research.
- Illegal or fraudulent activities, such as those that infringe on a copyright, including the unauthorized copying of software, pictures, videos, illustrations, music, or other protected products.
- Impersonating or using accounts (or ID badges) other than your own or falsely representing yourself as another individual, group, or organization, or facilitating such misrepresentation.
- Any activity that may expose the University to legal action or that may endanger the University's tax exempt status.
- Use of IT resources for personal gain, political movements or campaigns, non-Gallaudet related fund raising activities, or actions that conflict with more general University policies, statutes, and bylaws.
- Activities that threaten the functioning of the University's network, computer servers, database systems, telecommunications systems, or security measures. Examples include: mass mailings; unauthorized high bandwidth applications; denial-of-service attacks; attempts to disguise ports or University network connected devices; attempts to circumvent University firewalls; interference with network monitoring processes; and any activity that disables, or attempts to disable, either the University's networks or network services.
Computing, telecommunications, and associated network facilities must be used ethically and legally, in accord with applicable licenses and contracts, and according to their intended use in support of the University's mission. Any use that would impede teaching or research, hinder the functioning of the University, violate an applicable license or contract, or damage community relations or relations with institutions with whom we share responsibility is a violation of this policy.
In the event that Gallaudet Technology Services, or another appropriate unit of the University, believes that IT resources are being used inappropriately, illegally, or in conflict with this policy, Gallaudet University reserves the right to review individual IT records to the extent necessary to assess the problem and determine responsibility and, if necessary, to disable or delete files, programs, network connections, and/or user accounts. The review may include email messages, other content stored in local or web-based systems, documents and files, and network logs as well as an examination of the logs of personal computers or servers that are attached to the University network, whether or not they are owned by the University. The University also reserves the right to respond to legally-mandated requests for IT records. Abuse of IT privileges can result in appropriate disciplinary action including, but not limited to, referral to the appropriate judicial jurisdiction.
Gallaudet University Board of Trustees