6.20 Use of Central Piedmont Community College's Information Technologies Policy - Updated 10/3/2016See version history
This policy addresses the acceptable use of technology resources provided by Central Piedmont Community College (CPCC). The College expects employees and students to use computers, networks, network access, telephones, and other information technologies in a responsible, considerate, ethical, and lawful manner. Compliance with policies that ensure the security and integrity of all College information systems is mandatory and critical to ensure continuing provision of technological resources to the entire CPCC community. This policy applies to all students, faculty, and staff of the College and to all users of technology resources provided by the College.
Central Piedmont Community College understands that information technology has become vital in its mission of teaching and training. Thus, the College owns a variety of technological resources which are provided primarily to support the academic and administrative functions of the College. These technological resources enable users to locate and disseminate information, to communicate and collaborate with others in a global setting, and to build the necessary strategic technologies for the current and future needs of the College community.
Use of CPCC technology resources shall be consistent with local, state, and federal law and in accordance with all College policies and procedures. All CPCC users are responsible for using technological resources in an efficient, responsible, considerate, ethical, and lawful manner.
Disregard for the rights of authorship, including plagiarism, copyright violations, invasion of privacy, abuse of authorized access, and unauthorized access may be grounds for sanctions against members of the College community. Access to technology resources is a privilege, not a right, and as such, can be withdrawn from those who use it irresponsibly. Users of CPCC technology resources who are determined by the College to have purposely violated any of the information technologies policies will be subject to disciplinary action up to and including suspension of access to technology resources, dismissal, suspension, expulsion, and/or legal action.
Any information distributed by a user of College technologies must accurately identify the creator, distributor, and recipient of that information. If employees or students choose to engage in social media or other Internet communications, they must adhere to the College’s Internet Communications Guidelines.
All agreements, contracts, and licenses with external entities that involve any services related to information technologies including hosted solutions or the use of College data shall be subject to review and approval by both Information Technology Services and Procurement Services.
III. Acceptable Uses
Acceptable uses include, but are not limited to, the following:
Official work of the College
Service on behalf of the College
Occasional non-commercial personal use
IV. Unacceptable Uses
CPCC technology resources shall only be used for legal purposes and shall not be used for any purpose which is illegal, immoral, unethical, dishonest, damaging to the reputation of CPCC, inconsistent with the mission of the College, or any purpose that may subject the College to liability. Unacceptable uses include, but are not limited to, the following:
Unauthorized use of your own or another’s computer accounts, access codes, passwords, or network identities, including email addresses
Use of your CPCC password outside the CPCC network account
Unauthorized access to CPCC’s information systems, the Internet, or other networked or non-networked computers
Libel, slander, or cyberbullying
Fraud or misrepresentation
Misrepresentation of the College via the Internet through the use of websites, social network applications, or other Internet-based tools
Destruction of or damage to equipment, software, or data belonging to the College or to others
Disruption or unauthorized monitoring of electronic communications and electronically stored information
Infringement of copyright or trademark laws or rights of others
Use of CPCC's logo without prior approval of the assistant to the president for Community Relations
Violation of computer system security
Connection of unauthorized devices to the College network
Use of wireless access points, ad-hoc wireless devices, or any wired networking devices to redistribute the College’s network access
Use of computer communications facilities in ways that unnecessarily impede the computing activities of others (such as randomly initiating interactive electronic communications or email exchanges, abuse of interactive network utilities, and so forth)
Use of computing facilities for commercial business purposes unrelated to the College
Violation of software and hosted license agreements
Violation of network usage policies and regulations
Violation of privacy or the release of any confidential or proprietary information about the College, its current or former students, or its employees
Use of CPCC technology resources to send or redistribute unsolicited bulk email
Posting, sending, or intentionally accessing pornographic, sexually explicit, offensive material, or material that is contrary to the mission of the College
Intentional distribution of computer viruses, Trojan horses, time bombs, worms, or other rogue programming
Storing sensitive and protected data unsecured on non-approved solutions including third-party hosted solutions and local mediums such as USB flash drives and portable hard drives
A. Central Piedmont Community College personnel or designees generally will not access content of user files subject to the following types of exceptions: the user gives prior consent, the College needs to ensure the security or operating performance of its systems or networks, the College has a reasonable concern that a violation of College policy or applicable law has occurred, or the College is complying with a valid subpoena or search warrant issued by a court of competent jurisdiction. While general content review will not typically be undertaken, monitoring of electronic information may occur for these reasons and others as necessary. For these reasons, the College cannot guarantee the privacy of electronic communications. All network, computing, and communication activities may be logged for e-discovery and forensic purposes.
B. Each employee’s access to information resources will be reviewed annually to ensure that all access is in alignment with the employee’s responsibilities. Student workers will not have access without explicit written approval by their supervisor to any personal and/or confidential information.
C. Communications, transmission, or storage containing confidential material such as protected personally identifiable information or data identified by FERPA, HIPAA, and other compliance mandates shall not be transferred over insecure channels via personal or non-CPCC owned computers, desktops, laptops, portable devices, copiers, fax machines, multi-function printers (MFPs), scanners, Internet sites, or software.
1. Email, both personal and College-provided, is an insecure channel, so email should not be used to transmit confidential, personally identifiable information, or other protected data. For example, including a student's social security number via email is prohibited.
2. Copiers, faxes, and MFPs store a copy locally; therefore, non-CPCC owned devices should never be used including for the purposes of scanning and copying. For example, making copies of student applications containing personally identifiable information on a copy machine at a retail store is prohibited.
3. Ellucian Colleague, myCollege (WebAdvisor), CPCC Cloud, and Cornerstone provide a secure connection and therefore, can be utilized. For example, entering student grades using myCollege is acceptable.
Changes approved by the Board of Trustees on August 29, 2012
Changes approved by Cabinet on June 9, 2014; October 3, 2016
Policy approved by Cabinet on December 12, 1994