| Policy Title | Acceptable Use Policy |
| Type or category of Policy: | COLLEGE policy |
| Approval Authority: | Cabinet |
| Responsible Executive: | Chief Information Officer |
| Responsible Office: | Information Technology Services |
| Owner Contact: | Information Security Administrator Informationsecurity@siena.edu |
| Reviewed By: | Cabinet |
| Reviewed Date: | November 8, 2021 |
| Last Revised and Effective Date of Revision: | November 8, 2021 |
Reason for Policy
This policy supersedes the Siena College Computing Use Policy dated 11/28/2011.
This policy establishes the appropriate use of Siena College’s information technology resources in a responsible manner, in accordance with all applicable laws, policies, and regulations. For this policy, information technology resources refers to technology supporting the academic, research, administrative, creative, and service mission of the institution. This policy aims to protect the confidentiality, integrity, security, availability and performance of the College’s resources.
Scope of the Policy: Entities or Individuals affected by this policy
This policy applies to anyone, including but not limited to, students, faculty, staff, administrators, volunteers, contractors, and visitors using or accessing Siena College’s information technology resources. All users of the College’s information technology resources agree to abide by the principles and practices presented in this policy.
The Official Policy
Users of Siena College’s information technology resources have a responsibility to behave in a manner consistent with federal, state, local, or international laws and regulations as well as all College policies. Under no circumstances should a user of Siena College information technology resources engage in any activity that is illegal under federal, state, local, or international law while utilizing or accessing college-owned resources. Prohibited activities include, but are not limited to:
● Divulging or compromising confidential, private, or proprietary information.
● Copyright infringement, including publishing copyrighted material such as papers, software, music, musical scores, movies, and artistic works. It is irrelevant whether or not any profit is made from such distribution; the mere fact of providing uncontrolled access to such material is illegal.
● Publishing material on Siena systems that violates any licensing or contractual agreement, copyright law, privacy law, College regulation or policy (FERPA, Campus Crime Security Act, etc.).
● Use that is contrary to the College’s non-profit status. Information technology resources shall not be used for partisan political activities or lobbying that suggests College endorsement of political candidates, platforms, or positions.
● Use of the resources for personal profit or non-sponsored commercial use. Information technology resources are provided for the academic, research, and administrative functions of the College. The only exception to this restriction is for the writing and publication of scholarly works that may incidentally provide revenues to the author(s). Even such writing and publication of scholarly works will cease if it is found to have a negative impact on the effectiveness of the College’s system resources for other users.
Siena College values the privacy of its students, faculty, and staff, especially with respect to scholarly, creative, and personal information. The college-owned network, services, computers, and storage are the property of Siena College. The data stored on these resources are the property of Siena College but may be subject to further ownership of intellectual property or copyright. (For more information regarding intellectual property and copyright, please refer to the College's Patent Ownership and Management Policy). The College also has the right to access the data stored and transmitted through its college owned network. The College will endeavor to respect the privacy of the individual computer user. However, the College has the absolute right to examine the content stored in any medium through the College’s information technology resources for any reason deemed necessary to enforce its policies, comply with law and regulation, or otherwise further the legitimate and best interests of the College.
Users are responsible for the use of their individual Siena account(s) and must take all reasonable precautions to protect their account(s) and prevent others from being able to access or use their account(s). Users are prohibited from sharing accounts or network access privileges to gain access to resources to which they would otherwise be denied.
Authorized Siena personnel may access others’ files in the course of their duties or for the maintenance and security of network, computer, and storage systems. Personnel (both within and external to Information Technology Services) with elevated system access are required to uphold the same confidentiality, ethics, and information integrity as all other users. Passwords are the primary way in which users are authenticated and authorized to use Siena Information Technology resources. Passwords should be unique to the Siena account(s) and not be reused at external sites. Users must not share or disclose their password(s) to any individual, including a faculty or staff member, under any conditions. Similarly, they must not disclose any other identifying information (e.g., PIN [personal identification numbers]) used to access specific system information. Shared accounts are not permitted without unique authentication with a personal Siena account. In situations where biometric authentication may be used, users will be required to follow all requirements as stipulated in the Password Management Policy.
Institutional Data is data that is owned or generated by the College’s functional areas as part of the performance of official job duties. All employees and service providers are responsible for protection of the College’s Institutional Data and must use approved devices or services to access said data.
Users are expected to comply with Siena College information security standards and practices by using reasonable measures to protect their accounts, devices, and Institutional Data. Reasonable measures include, but are not limited to, maintaining current operating systems, utilizing up-to-date anti-virus programs, awareness of how and where Siena account credentials are used, and thoughtful/vigilant processing of email.
Malicious activity including misrepresentation of one’s identity or impersonation of another individual to gain access to internal or external systems, software, or other services to which one does not have authorized access is prohibited. This includes any technical and nontechnical activities.
The use of the College’s information technology resources to cause harm to any individual or any resources, whether internal or external to the College, is prohibited. Examples of harmful activities, in addition to any noted elsewhere in this policy, include but are not limited to:
● Degrading performance or otherwise disabling information technology resources.
● Destroying, altering, copying, or compromising information integrity (e.g., student records, personnel information, etc.)
● Email spamming
● Threatening or intimidating email, postings, or other harmful forms of communication
Personal use of the College’s computing resources for other purposes is permitted when it does not consume a significant amount of those resources, does not interfere with the performance of the user’s job or other College responsibilities, and is otherwise in compliance with this policy. Personal use of the College’s computing resources is subject to the normal requirements of legal and ethical behavior within the Siena College community.
Use of resources that obstruct College operations by negatively impacting network bandwidth, storage, or other IT resources is prohibited.
Siena College recognizes academic freedom and freedom of expression. Use of information technology resources to support these rights should be done while honoring the rights of others to privacy and freedom from harassment and allow for the free and responsible expression of ideas and opinions, without fear of retribution, including peaceful dissent, that will not disrupt or interfere with the orderly operation of the College. As a Franciscan community, constituents of the College work together in friendship and respect, committed to building a world that is more just, peaceable, and humane.
Enforcement of Policy
Violations will normally be handled through the College disciplinary procedures applicable to the relevant user. Violation of this policy or any of its components therein carry sanctions which may include, but are not limited to, temporary or permanent suspension of account access up to termination of employment or suspension of enrollment. However, the College may temporarily suspend or block access to an account prior to the initiation or completion of such procedures, when it reasonably appears necessary to do so in order to protect the integrity, security, or functionality of the College or other computing resources or to protect the College from liability.
Exceptions
Exceptions may be granted by the Chief Information Officer (CIO) in limited circumstances based upon the needs of the College and upon the requestor’s written justification. If required, the CIO may request review and approval by the College’s Legal Counsel and/or Risk Officer.
Resources
Copyright Usage and Compliance Policy
Information Regarding the Use, Distribution, and Sharing of Copyrighted Works Policy
Patent Ownership and Management Policy
Adopted: November 8, 2021
Reviewed: November 8, 2021
Revised: November 8, 2021