REVISED DRAFT OF INTERIM POLICY

Langston University

Acceptable Use Policy

A. Introduction
Langston University (LU) attempts to create an environment where university information technologies meet the needs of university programs in research and instruction.

As an institution of higher learning, LU encourages, supports, and protects freedom of expression and an open environment to pursue scholarly inquiry and to share information. Access to networked computer information in general and to the Internet, in particular, supports the academic community by providing a link to electronic information in a variety of formats and covering all academic disciplines. Consistent with other University policies, this policy is intended to respect the rights and obligations of academic freedom, while protecting the rights of others. The computing and network facilities of the University are limited and should be used wisely and carefully with consideration for the needs of others. Usage of these facilities is a privilege rather than a right. As with any resource, it is possible to misuse computing resources and facilities and to abuse access to the Internet. The following statements address, in general terms, the University's philosophy about computing use.

B. Scope
This policy is applicable to all individuals using University owned or controlled computer and computer communication facilities or equipment. It is applicable to all University information resources whether individually controlled or shared, stand alone or networked. It applies to all computer and computer communication facilities owned, leased, operated, or contracted by the University. In addition, a user must be specifically authorized to use a particular computing or network resource by the campus unit responsible for operating the resource.

Individual units within the University may define "conditions of use" for information resources under their control. These statements must be consistent with this overall Policy but may provide additional detail, guidelines and/or restrictions. Such policies may not relax or subtract from, this policy. Where such "conditions of use" exist, enforcement mechanisms defined therein shall apply. These individual units are responsible for securing appropriate authorization (Per 2-0501 Administrative Information Systems policy) and to furnish Information Technology Services (ITS DEPARTMENT) with a copy of the approved document. Units must also publicize both the regulations they establish and their policies concerning the authorized and appropriate use of the equipment for which they are responsible. In such cases, the unit administrator shall provide the Chief Information Officer’s office with a copy of such supplementary policies prior to implementation thereof. Where use of external networks is involved, policies governing such use also are applicable and must be adhered to.

C. Authorized Users
An ITS DEPARTMENT computer systems account is created for all regularly enrolled LU students. Accounts are valid as long as a student is enrolled at LU. An authorized user is any person who has been granted the privilege by the University to access ITS Department computing and network systems and whose usage complies with university policy. Authority to use a particular University computing or network resource should come from the campus unit responsible for operating the resource.

D. Authorized Use
Use of University computers must comply with US Government Federal and State laws and University policies. Facilities and accounts are to be used for the activities for which they are assigned.

Users are held responsible for their own computer accounts and the usage thereof.

Computing facilities, services, and networks may not be used in connection with compensated outside work for the benefit of organizations unrelated to the University except in connection with scholarly pursuits (such as faculty publishing activities). State law generally prohibits the use of University computing and network facilities for personal gain or profit, and use of computing resources for unauthorized commercial purposes, unauthorized personal gain, or any illegal activities is prohibited.

E. Privacy
Following LU Policies and Procedures, Oklahoma laws and applicable federal laws, LU strives to protect personal privacy and confidentiality. Information will be handled with the strictest of security and confidentiality standards.

(Buckley Amendment – Family Rights and Privacy Act, Open Records Act, Federal Electronic Communication and Privacy Act of 1986, Federal Computer Intrusion Laws)

F. User Responsibilities
University policy, ethics and etiquette are required to successfully participate in the LU community and are extended to the computing environment. Individuals who share computing resources at LU and who also use those resources to access the worldwide network (Internet) are responsible for knowing and following the Appropriate Computer Use Policy. It is the responsibility of the user to access and use data in accordance with the university's policy and applicable state and federal laws.

Access to the information resource infrastructure both within and beyond the University campus, sharing of information, and security of the intellectual products of the community all require that each and every user accept responsibility to protect the rights of the community. Access to the networks and to the information technology resources at LU is a privilege granted to University students, faculty, staff, and affiliates who have been granted special permission to use such facilities. Access to University information resources must take into account the following factors: relevant laws and contractual obligations, the requestor's need to know, the information's sensitivity, and the risk of damage to or loss by the University.

Anyone who accesses, uses, destroys, alters, or damages University information resources, properties or facilities without authorization, may be guilty of violating state and/or federal law, infringing upon the privacy of others, injuring or misappropriating the work produced and records maintained by others, and/or threatening the integrity of information kept within these systems. Such conduct is unethical and unacceptable and will subject violators of this Policy to disciplinary action by the University, including possible termination from employment, expulsion as a student, and/or loss of computing systems privileges.

Individual users certify understanding and agreement to adhere to LU's policies by signing on to LU systems. Specifically, an employee acknowledges an understanding of and agreement to adhere to the following:

Users are personally responsible for all activities on their User ID or computer system and may be subjected to disciplinary action and/or loss of privileges for misuse of computers or computing systems under their control, even if not personally engaged in by the person controlling the computer or system.
Updates to the system and changes in system data are to be made in a manner that is consistent with the University’s policies and procedures which govern the particular action to be changed.
Computing resources are to be used only for legitimate University business.
It is against the University's policy to use the University's records including, but not limited to, confidential information for personal interest or advantage.
Proper password security is to be maintained by not revealing passwords to anyone.
Security is to be maintained by not providing anyone access to or use of the University's information systems.
Proper physical security is to be maintained by not leaving a workstation/terminal/laptop unattended while logged into the University's systems.
The privacy and confidentiality of all accessible data is to be maintained and it is understood that unauthorized disclosure of personal /confidential information is an invasion of privacy and may result in disciplinary, civil and/or criminal actions against an individual.
Suspected security violations will be reported to the ITS DEPARTMENT for investigation.
Under existing law, any person who maliciously accesses, alters, deletes, damages or destroys any computer system, network, computer program or data may be charged with a felony.
The University also requires that members of its community act in accordance with these responsibilities,
Act in accordance with the Family Educational and Privacy Rights Act (Buckley Amendment),

Respect copyrights and licenses,
Respect the integrity of computer-based information resources,
Refrain from seeking to gain unauthorized access,
Respect the privacy of other computer users, and to comply with this Policy, the University's Student or Faculty Handbook, as appropriate, LU Policies and Procedures, relevant laws and contractual obligations, and the highest standard of ethics. LU accommodates and does not interfere with standard technical measures used by copyright holders to identify and protect their rights (for further information see the U.S. Copyright Office at http://www.copyright.gov/).

The University reserves the right to limit, restrict, or extend computing privileges and access to its information resources. Usage is a privilege, not a right.

Users are held responsible for their own computer accounts and the usage thereof. Users will be subject to disciplinary action, including termination and/or loss of privileges for misuse of computers or computing systems under their control.

Business units and individuals may, with the permission of the ITS Department Director and where deemed necessary, approval from the Chief Information Officer (CIO) in consonance with applicable University policies and guidelines, configure computing systems to provide information retrieval services to the public at large. However, in so doing, particular attention must be paid to University policies regarding authorized use. Usage must be consistent with the mission of the University, including ownership of intellectual works, responsible use of resources, use of copyrighted information and materials, use of licensed software, and individual and unit responsibilities. Contact information for the system administrators of these systems must be reported to the ITS DEPARTMENT Department.

G. Special Notifications
The University cannot protect individuals against the existence or receipt of material that may be offensive to them. As such, those who make use of electronic communications are warned that they may come across or be the recipients of materials they find offensive. Those who use e-mail and/or make information about them available on the Internet should be forewarned that the University cannot protect them from invasions of privacy and other possible dangers that could result from the individual's distribution of personal information. Personal use of any University information system to access, download, print, store, forward, transmit or distribute obscene material is prohibited.

The University's computing and network systems are a university owned resource and business tool, only to be used by authorized individuals for business and academic purposes. Users should never distribute mailing lists owned by the University. The University owns everything stored in ITS Department systems unless it has agreed otherwise. The University has the right of access to the contents of stored computing information at any time for any purpose for which it has a legitimate "need to know." The University will make reasonable efforts to maintain the confidentiality of computing information, storage contents and to safeguard the contents from loss, but is not liable for the inadvertent or unavoidable loss or disclosure of said contents.

The LU Data Communications Network is a mission critical strategic University resource. In order to protect the Data Communications Network, devices that are considered end nodes, other than computers/printers/copier/scanners, and workstations must not be plugged into any network port, unless special arrangements are made with ITS DEPARTMENT and approved by the ITS DEPARTMENT Director or where deemed necessary with the approval of the Chief Information Officer (CIO). This includes but is not limited to hubs, switches, repeaters, routers, network modems, servers and wireless access points whose installation have not been coordinated and registered with ITS DEPARTMENT. These devices may be incorrectly configured or incompatible with the LU Network causing outages and reliability problems to all or part of the network. Devices not approved for use on LU's Data Communication Network will be disabled to ensure the stability and availability of the network.

Devices not approved for use on LU's Data Communication Network will be disabled to ensure the stability and availability of the network

ITS DEPARTMENT strives to provide high availability and stable network resources relevant to the LU community's needs. Colleges or Departments needing additional network resources should contact the ITS DEPARTMENT Help Desk.

H. Access
Unauthorized access to information systems is prohibited. No one should use the ID or password of another; nor should anyone provide his or her ID or password to another. A password should never be shared, not even with computer support personnel. Users are personally responsible for all activities on their User ID or computer system, including security of their own passwords and may be subjected to disciplinary action and/or loss of privileges for misuse of computers or computing systems under their control, even if not personally engaged in by the person controlling the computer or system.

I. Ownership and Rights of Access to Software and Data
LU has software and data that have been acquired through a variety of sources. Some software and data, though available for use by all users of LU's systems, remain the property of the supplier and the dissemination of the software or data (in any form) is strictly prohibited. This also applies to software made available by non-ITS DEPARTMENT University personnel. This software is not to be distributed, unless authorized by the person or department that initially secured the software or data. No software or data should be distributed, reproduced or used without ensuring that proper licensing and/or authorization has been obtained.

J. Conduct Expectations and Prohibited Actions
LU provides computing resources and worldwide network access to members of the LU community for legitimate academic and administrative pursuITS Department to communicate, access knowledge, and retrieve and disseminate information. All members of the LU community (faculty, staff, students, and authorized guests) sharing these resources also share the rights and responsibilities for their use.

Examples of misuse include, but are not limited to:

Knowingly running or installing on any computer system or network, or giving to another user, a program intended solely for the purpose of damaging or placing excessive load on a computer system or network. This includes, but is not limited to, computer viruses, Trojan horses, worms, bots, flash programs or password cracking programs.
Attempting to circumvent data protection schemes or uncover security loopholes without prior written consent of the system administrator. This includes creating and/or running programs that are designed to identify security loopholes and/or intentionally decrypt secure data.
Using computers or electronic mail to act abusively toward others or to create a hostile environment, violent reaction, such as stalking, threats of violence, or other hostile or intimidating "fighting words."
Posting on electronic bulletin boards or web pages materials that violate the University's codes of conduct (faculty, student). This includes posting information that is slanderous or defamatory in nature or displaying graphically disturbing or sexually harassing images or text in a public computer facility or location that are in view of other individuals.
Attempting to monitor or tamper with another user's electronic communications or reading, copying, changing, or deleting another user's files or software without the explicit agreement of the owner.
Using campus networks to gain, or attempt to gain, unauthorized access to any computer system.
Using a computer account or obtaining a password without appropriate authorization.
Masking the identity of an account or machine. This includes sending mail that appears to come from someone else.
Performing an act without authorization that will interfere with the normal operation of computers, terminals, peripherals, networks, or will interfere with others' ability to make use of the resources.
Using an account for any activity that is not approved through policy and procedure, such as, such as consulting services, typing services, developing software for sale, advertising products, and/or other commercial enterprises for personal financial gain.

K. Systems Security Officer
The person designated by the Chief Information Officer, shall be the primary contact to work in conjunction with appropriate university officials for the interpretation, enforcement and monitoring of this policy and the resolution of problems concerning it. Any issues concerning law shall be referred to Legal Counsel for advice and action as applicable.

In situations that are an immediate threat to the security or operation of a computer or network, the ITS Department may require immediate intervention of access privileges and affected user files or messages. In such an emergency, the ITS DEPARTMENT will notify, as soon as possible, the appropriate university administrators and users affected by the situation.

L. Consequences of Misuse
Misuse of computing, networking, or information is unacceptable, and users will be held accountable for their conduct. Serious infractions can result in temporary or permanent loss of computing and/or network privileges and/or Federal or State legal prosecution. Appropriate corrective action or discipline may be taken in conformance with applicable personnel policies and student policies. Some computer abuses are a crime, (such as illegal reproduction of software protected by U. S. copyright law) and penalties can include a fine and/or imprisonment.

Abuse of computing privileges is subject to disciplinary action, including termination of employment. If system administrators have strong evidence of misuse of computing resources, and if that evidence points to the computing activities or the computer files of an individual, they have the obligation to pursue any or all of the following steps to protect the user community:

Notify ITS DEPARTMENT.
Notify appropriate departmental administrators
Will notify the user's instructor, department or division chair, or supervisor of the investigation, when appropriate.
May suspend or restrict the user's computing privileges during the investigation.
May inspect the user's files, diskettes, tapes, and/or other computer-accessible storage media.
Will refer issues, when appropriate, to the appropriate University department for possible disciplinary action, i.e., this may include but not be limited to the Office of the Chief Information Officer, the Office of the Vice President for Student Affairs, the unit administrator for staff, and the Dean of the School for faculty.

Users, when requested, are expected to fully cooperate with system administrators and / or the ITS DEPARTMENT regarding any investigations of system abuse. Failure to cooperate may be grounds for cancellation of access privileges or disciplinary action, including dismissal.

When individual privileges to access University computing resources have been suspended, a user may request that the Information Technology Services Director, or his/her designee, review the suspension. The Information Technology Services Director, or designee, in his/her discretion, may reinstate privileges, alter any restrictions that have been imposed, or refuse to interfere with the administrative action taken at that time. Further appeals may be filed with the Office of Student Affairs, the University Personnel Office, or the Chair of the Faculty Council, as appropriate.

Failure to comply with these policies, rules and regulations may result in disciplinary action, up to and including dismissal. Any violation of local, state or federal laws may carry the additional consequence of prosecution under the law, where judicial action may result in specific fines or imprisonment, or both; plus the costs of litigation or the payment of damages or both; or all.

M. Notification
References to this policy will be in the LU Catalog, the Student Rights and Responsibilities policy, the ITS DEPARTMENT web site and the LU Policies and Procedures Letters.

N. Application and Enforcement
Each University campus shall be responsible for enforcing these Policies in a manner best suited to its own organization in compliance with those established by the University’s ITS Department. It is expected that enforcement will require cooperation between such departments as computer systems administration, personnel, affirmative action, academic affairs and student affairs.