Information Technology >
Policies
Information Technology
Policies
Burman University – Computer Use Policies
Users and Accounts
Policy: Computer users may log in only to their own computer accounts. Accounts and passwords may not, under any circumstances, be shared with, or used by, persons other than those to whom they have been assigned by the University. You should change your password regularly.
Rationale: System managers are more able to make systems run smoothly when they know who is using the system. Users are less likely to interfere with each other if they each have their own account. Unauthorized users can then be identified more readily. Private information and controlled access is available to the legitimate owner of an account, and sharing that account may jeopardize that information.
Examples: Students have authorization to use the student labs, and the printers in these labs. Microsoft Office is available on any University owned computer for use by students and faculty/staff. Other applications (SPSS, Sniffy The Rat etc.) may only be available to a limited number of class members. All students and faculty/staff will be assigned a personal e-mail account that they have exclusive access to.
Exceptions: Some systems (such as the library) have generic accounts that almost anyone is authorized to use.
Policy: Computer users may use only those computing resources that they are authorized to use and use them only in the manner and to the extent authorized. Ability to access computing resources does not, by itself, imply authorization to do so. If resources in addition to those initially assigned are required, application must be made through IT.
Rationale: Computer users have a reasonable expectation of privacy for their data stored on campus computer systems. Most systems have security protections in place to make it difficult for users to look where they have no permission to look. Any attempt to by-pass this protection is considered a security violation. Users who encounter or observe a gap in system security should report it to IT staff. Users can assist in ensuring system security by not leaving their systems unattended while they are logged in.
Examples: Examples of security violations:
-Attempting to discover other users’ or system passwords.
-Attempting to read or modify other users’ files without their permission.
-Attempting to circumvent data protection schemes or uncover security loopholes.
-Attempting to read or modify another’s E-mail.
-Attempting to modify system software or configuration files.
Policy: Upon leaving the employment of the university, faculty/staff network accounts will be deleted and their name removed from any distribution lists. E-mail accounts will remain active for a period of two months after leaving employment unless otherwise directed by the Human Relations office, with the exception of emeritus accounts.
Burman students will be provided with a @BurmanU.ca GMail account with a storage quota of 50GB (covering all Google services). Non-returning and conferred students will have their accounts transitioned to Alumni accounts with a 15GB quota set. After 3 years of Alumni status, the accounts will be deleted unless an opt-in form for continued service has been received (available here) After this period, accounts will be subject to deletion if they have been inactive for a period of 2 years or longer.
Rationale: A balance between convenience and efficient use of computing resources is trying to be provided. If more time is needed to close out your accounts, please communicate this to the Human Resources office or Student Services.
Privacy
Policy: Personal user files—whether stored on disk or backup tape—are considered private and will not be scanned or read by IT staff except as specifically authorized below. If System Managers discover private information as an incidental result of performing their duties, they are obligated to keep this information confidential. However such information, if evidence of policy violations, will be made available to administration and may be used in disciplinary proceedings.
Policy: System Managers are authorized to examine user files or processes only as far as necessary to ensure reliable and secure system operation. If reliable system operation is in jeopardy, system operators are also authorized to kill or suspend user processes, move user files to alternate storage media or delete files that can be easily recovered (for instance, from backup or through the Internet). The users affected will be promptly notified of the actions taken and the reasons why. System Managers will make every reasonable attempt to assist users in recovering work files that were destroyed in the process of attempting to keep the system running properly.
Policy : Burman University reserves the right to review accounts in their entirety, which includes but is not limited to email, stored data, and data in transit, and if an infraction is suspected, the traffic and files will be investigated with or without the knowledge of the account holder.
Rationale: Programs and files stored in users’ private directories are considered private unless their owners have explicitly made them available. However, in the case of system problems or clear policy violations, system managers (as authorized below) may examine user files and system logs in order to gather sufficient information to diagnose and correct system problems and investigate policy violations.
These policies are intended to create a balance between users’ rights to privacy and the institutions’ responsibilities for the data on systems it owns, and its’ attempt to operate a smoothly functioning computer system free of disruption. Note that not all data created by users is considered personal. In particular, logs of user activity created automatically by system programs (such as login and Internet access) are not considered personal or private.
Some systems run programs that periodically scan disk volumes looking for problem files such as viruses and checking for excess disk usage. These systems will report these potential problems to the System Manager. Private disk volumes not mounted on the network are never scanned.
Electronic Mail
Policy: Electronic mail, once received, belongs to the recipient. A user’s mailbox is treated in the same manner as any other file belonging to that user, and is subject to the same privacy protections as regular files. The University will not attempt to regulate the content of electronic mail except for cases involving violations of other University policies. The University accepts no liability for the content of users’ electronic mail. The University has policies against racism, sexism, and sexual harassment; if necessary, individuals may direct their concerns to the appropriate administrator.
Use of network resources
Policy: Computer users must ensure that their work does not interfere with others or waste computer resources. The University reserves the right to monitor and block unnecessary traffic as deemed appropriate.
Rationale: Students, faculty, and staff depend on reliable and efficient computer systems to do work and schoolwork. Disrupting computer systems causes lost productivity and frustration. Wasting computer resources that could be used by others hurts everyone. Good computer citizens will not use more than their fair share of the computer resources
Examples: Examples of wasting resources: generating unnecessary printer output; using unwarranted or excessive amounts of disk storage; creating unnecessary processes on multi-user systems; propagating electronic chain letters; sending frivolous E-mail to large groups, or creating or posting inappropriate messages to news or list groups; creating unnecessary network traffic; listening to internet radio stations or viewing video feeds not related to your work or study; attaching incompatible equipment to the campus network; releasing a computer virus.
Exceptions: Nearly everyone, from time to time, unknowingly does something on the computer that has an adverse effect on the network, the hard drive space, or some other shared resource. This is usually quite innocent and unintentional. Users are responsible for educating themselves regarding their computer work, so as to have a minimum of impact on other users. The IT Staff will help with that educational process by making users aware of resource-consuming activities when they are discovered.
Policy: The campus network and computers will only be used to view or propagate information that supports the Vision, Mission, and Values of the University.
Rationale: Members of the University Community have agreed to respect the Vision, Mission, and Values of Burman University. Even though a user may think that what he/she does in the privacy of their office or room is no one else’s concern, the University still has legal liabilities and moral responsibilities if its resources are used in an inappropriate manner.
Examples: Examples of activities that would not support the Vision, Mission, and Values of the University are:
-Engaging in any activity that is prohibited by provincial or federal law (slander, hate literature, child pornography, illicit drug literature, obscene material, harassment, copyright infringements).
-Participating in gambling activities.
-Viewing, reading or transmitting any material that is sexually explicit or graphic in nature.
-Viewing, reading or transmitting any material that tends to deprive any person of their rights, or exposes any person to hatred or to affront their human dignity.
-Participating in role-playing games that have occult themes..
Exceptions: It is possible that “junk” and unsolicited e-mail and other transmissions containing objectionable information may be sent to you. Some provisions are available for limiting this. Please work with IT if this is a concern for you
Policy: Computer equipment owned by the University is intended for institutionally related work only, and will not be available for student loan.
Rationale: There is a cost involved with the maintenance of computer equipment. General wear and tear or configuration problems/conflicts caused by installing non work related software often means extra work for Compute Services staff. There are insurance concerns where loaning of equipment to students is involved.
Policy: Computer users will not introduce worm or virus programs into the University computer systems.
Rationale: These can be particularly disruptive. Because of this, the existence of such software as well as other software intended to break security is Government regulated.
The University makes every reasonable effort to ensure the integrity of its various systems. All computer systems available to users offer some form of data protection which can be modified by an authorized user as needed. However, due to a number of technical, legal, and economic reasons, no system will offer absolute security. Thus, users should never place highly sensitive or confidential information on any computer, especially a networked one, without understanding the risks involved. Steps can be taken by users to improve the security of their data through publicly available cryptographic technologies. Users are encouraged to use these techniques when appropriate.
Policy: Computer users must not use the University's computer facilities to gain unauthorized access to remote networks or systems or violate the use policies of any remote system. Use of external networks connected to the University's networks must comply with the policies of acceptable use promulgated by the organizations responsible for those networks.
Rationale: System managers on the Internet depend on each other’s cooperation to enforce policies and keep general order. If a University computer user were to use our facilities to disrupt the operation of remote systems, the only recourse for the remote system manager might be to terminate all access from University computers. This could cause the disruption of many Internet facilities upon which our users depend. In addition, if government systems were involved, the user might be in violation of federal or provincial laws.
Wireless Network Equipment
Policy: All 802.11 and related wireless networking devices in use on campus will be deployed and managed by IT. No other departments or individuals may deploy 802.11 or related wireless standards equipment. All computers wishing to participate in the campus wireless network must be registered with IT, and users must not change the assigned DHCP settings while participating in the campus network. A fine of $250 will be levied for any infraction of this policy. Repeat offenders may have their accounts suspended if infraction continues after a fine had been levied.
Rationale: There are many variables to consider in deploying a wireless network. Careful selection of channels and overlap of signals must be considered to ensure the best possible coverage. It is therefore not feasible to allow individuals to install their own access points without centralized coordination, due to the resulting signal interference and greatly degraded performance to the common wireless network
Examples: Even if a wireless network card built into a computer is operated in an ad-hoc mode, it could interfere with the campus wireless network signal. Therefore, to ensure that the University can provide the best possible wireless network, no ad-hoc (or infrastructure) wireless networks independent from the campus network can be tolerated on campus.
If an individual changes their DHCP settings, or sets their IP address manually, it may conflict with another machine causing disruption to that user’s service.
In the past when individuals have deployed their own wireless access points on campus, they have introduced an additional DHCP server to the campus network that other computer connect to causing many disruptions.
Exceptions: There are many devices which share the same radio spectrum as 802.11 devices, such as 2.4GHz cordless phones, wireless cameras or speakers and to some degree even microwave ovens. While the use of these devices is generally not restricted, if IT determines that they are interfering with the campus wireless network, the restriction of their use may be considered
Software Installation
Policy: Users are not allowed to install, change or remove any operating system related software on their computers without authorization from IT. Users must have proper authorization to install any outside software programs on their computers.
Rationale: If users are not sure what they are doing they may accidentally disable their computer, and could lose all of their local data. If a user feels that their computer is not operating as well as it should be, consult with IT on this matter. The University must comply with all copyright laws and the IT Committee will give authorization for installation of software.
Copyright Issues
Policy: All software installed on University owned computers must be appropriately licensed. Users must not use the University’s computer resources for any unlawful purpose, such as the installation or distribution of fraudulently or illegally obtained software.
Rationale: Unauthorized copying of software is illegal. Unauthorized copying of software by individuals can harm the entire academic community. If unauthorized copying proliferates on campus, the institution may incur a legal liability. Also, the institution may find it more difficult to negotiate agreements that would make software more widely and less expensively available to members of the academic community. Respect for the intellectual work and property of others has traditionally been essential to the mission of universities. As members of the academic community, we value the free exchange of ideas. Just as we do not tolerate plagiarism, we do not condone the unauthorized copying of software, including programs, applications, databases, and code.
Many copyrighted programs are made available on campus systems under license agreements with the publishers. These license agreements generally do not allow campus computer users to make copies of these programs. Unless otherwise specified, users are not allowed to make personal copies of software stored on central systems.
Non-Commercial Use Policy
Policy: University computer accounts are to be used for the university-related activities for which they are assigned. University computing resources are not to be used for commercial activities without written authorization from the university administration. In these cases, the University will require payment of appropriate fees. All access to centralized computer systems shall be approved through the IT Committee.
Purchasing
Policy: All purchases of computer software must be purchased through the IT office. Prior to purchasing software or entering into site-license agreements, IT will research the product for effectiveness, compatibility and price. Departmental budgets may need to be used for department specific software needs. Once purchased, IT will do everything reasonable to ensure that the product is adequately safeguarded and used strictly as intended.
Rationale: Sometimes software is available at reduced rates to non-profit and educational institutions. Volume pricing discounts may also be taken advantage of. Having a central purchasing policy will help to ensure that software is obtained in the most economical manner.
Exception: Some textbooks are distributed with software included. While these do not need to be purchased through the IT office, faculty will need to work with IT to have programs cleared for use on campus computers.
Policy: All purchases of computer related hardware must be processed through the IT Office. All systems purchased will meet minimum standards as set up by IT. Any exceptions to this policy must be cleared through the IT Committee.
Rationale: Equipment that is connected to the campus network becomes part of the campus network infrastructure and therefore must be compatible with existing standards and policies. The IT staff can offer assistance in finding the right materials for your needs while ensuring that it will fit within campus requirements. Also, IT keeps an inventory of all hardware and software for legal/reporting purposes.
Personal purchase and repair requests
Policy: IT will not be able to accommodate personal purchases of equipment and supplies or repairs to non institution owned computers.
Rationale: Most “Educational Discounts” that the University may have access to do not extend to personal computer purchases. Also, the transfer of warranties to private individuals could be problematic, and IT does not have the personnel to devote time to such a service.
Penalties
Available Penalties: Depending on the nature and severity of the policy violation, IT may take one or more of the following disciplinary actions:
-Send a verbal, written, or electronic mail warning
-Allow only restricted computer privileges
-Temporarily suspend the computer account (typically 1 to 10 weeks)
-Revoke all computer privileges
Warnings and temporary suspension of accounts may be issued by the appropriate System Manager. Serious policy violations may be forwarded to University Administration who may take other disciplinary measures.
Appeals
Procedures for Appeals: Users who are for any reason dissatisfied by the application of this policy by IT have a right to appeal to the chair of the IT Committee. The chair of the IT Committee in consultation with the IT Director will decide what temporary computer access is appropriate during any disciplinary proceedings