IT-02000 Acceptable Use Policy

Responsible Official: 
Chief Information Officer
Responsible Office: 
Information Technology
Effective Date:
January 1, 2017
Last Revision Date:
 December 5, 2016

Associated Policies

Policy Statement

Portland Community College (PCC) Information Technology (IT) resources shall only be used to support the educational and administrative needs of the college.

Purpose

The purpose of PCC’s IT resources is to support the educational and administrative needs of the college. PCC has a responsibility to ensure that IT resources are used in a manner that respects the rights of our students, faculty and staff, and that protects the institution from harm that may result from misuse. Accordingly, the Acceptable Use Policy (AUP) supports the following goals:

  1. Ensure the integrity, reliability, availability and superior performance of IT resources.
  2. Ensure that users are protected from data breach and cybercrime.
  3. Ensure that use of IT resources is consistent with the principles and values that govern the use of other college facilities and services.
  4. Prevent unauthorized disclosure of critical information.
  5. Prevent disruption of the learning experience.
  6. Ensure the college is protected from financial, legal, regulatory and reputational harm.
  7. Ensure that IT systems are used for their intended purposes.
  8. Establish processes for addressing policy violations and sanctions for violators.

Scope

The AUP establishes specific requirements for the use of PCC IT resources by any user, including those used in connection with a privately owned computer or other device.

  1. All computing and mobile devices that connect to the PCC network are subject to the AUP.
  2. Users include, but are not limited to all PCC students, employees, contractors, guests, consultants, and other workers, including all personnel affiliated with third parties.

PCC reserves the right to amend or otherwise revise this document as necessary. Users are responsible for reviewing the AUP periodically to ensure continued compliance. By using IT resources, the user agrees to the terms and conditions of the AUP. Users consent to the college’s use of scanning programs for security purposes on privately owned computers or other devices while they are attached to the network.

General Use and Responsibilities

(See IT-02010 through IT-02110 for supporting policies)

  1. Users shall access only IT resources for which they have authorization.
  2. Users are individually responsible for appropriate use of their computer, account and the IT resources assigned to them.
  3. Users have a responsibility to promptly report the theft, loss or unauthorized disclosure of PCC proprietary information and/or IT resources.
  4. Users shall not use IT resources for uses that are inconsistent, incompatible or in conflict with state or federal law or other PCC policies.
  5. Users are responsible for exercising good judgment regarding the reasonableness of personal use. 
  6. The college is bound by its contractual and license agreements respecting certain third party resources – users are expected to comply with all such agreements when using IT resources.
  7. Users shall not intentionally disrupt the computing environment or obstruct the work of other users.

Policy Violation

  1. Violation of the AUP may result in disciplinary action, up to and including expulsion from student activities, and/or termination of employment.
  2. PCC reserves the right to report violations of federal, state and local laws and regulations governing computer and network use, as well as interactions that occur on the Internet, to authorities as deemed appropriate.
  3. Users who violate the AUP may be held liable for damages to PCC assets, including but not limited to the loss of information, computer software and hardware, lost revenue due to down time, fines and judgments imposed as a direct result of the violation.
  4. PCC reserves the right to deactivate a user’s access rights, whether or not the user is suspected of any violation of this policy, when necessary to preserve the integrity of IT Resources.

Complaint Procedure

Information Security and general AUP violations shall be reported to the Information Security Manager or Chief Information Officer.

Non-security related violations (such as receipt of inappropriate content, other Human Resources policy violations, general college policy violations or regulatory compliance violations) shall be reported to a supervisor, HR or EthicsPoint.

Definitions

AUP –
Acceptable Use Policy defines how PCC’s IT resources shall be used.
Cybercrime
Criminal activity or a crime that involves the Internet, a computer system, or computer technology.
Data breach
An incident in which sensitive, protected or confidential data has potentially been viewed, stolen or used by an individual unauthorized to do so. A data breach may involve personal health information (PHI), personally identifiable information (PII), trade secrets or intellectual property.
IT resource –  
Information Technology resources are the property of PCC and include, but are not limited to all network related systems; business applications; network and application accounts; administrative, academic and library computing facilities; college-wide data, video and voice networks; electronic mail; video & web conferencing systems; access to the Internet; voicemail, fax machines and photocopiers; classroom audio/video; computer equipment; software and operating systems; storage media; Intranet, VPN, and FTP. IT Resources include resources administered by IT, as well as those administered by individual departments, college laboratories, and other college-based entities.
User
Any person who makes any use of any PCC IT resource from any location (whether authorized or not).