February 27, 2002


ITEM 114-104-R0102 ���� Board of Regents Policies and Procedures Manual: Information Technology; User Responsibilities (2)            (New)



No. 2-B




This policy applies to all MUS students using MUS-owned or managed computing and information resources for student purposes. In this policy "user" refers to student user, as distinct from any role the individual may also have as an employee (Policy 2-A) or patron (Policy 2-C).




Each user of the Montana University System�s computing and information resources should realize the fundamental importance of information resources and recognize his/her responsibility for the safekeeping of those resources. Users and system administrators must guard against abuses that disrupt or threaten the viability of all systems, including those connected to the MUS telecommunication network, the State telecommunication network, and other telecommunication networks to which MUS systems are connected.


Each user is responsible for having knowledge of MUS policies concerning security, privacy, and acceptable computing practices.  Each user of MUS computing and information resources must act responsibly. Each user is responsible for the integrity of these resources. Each user of MUS-owned or managed computing systems must be knowledgeable of and adhere to MUS policies, respect the rights of other users by minimizing unnecessary network traffic that might interfere with the ability of others to make effective use of shared resources, respect the integrity of the physical facilities and controls, and obey all pertinent federal, state, county, and local laws and ordinances. Each user must abide by these policies, laws, and contractual obligations, and adhere to appropriate ethical standards.


MUS information technology resources should never be used for students� private, commercial purposes.� Students should never, without explicit permission, modify or install software on MUS computers; attach unauthorized hardware or otherwise modify the MUS network in any manner; modify, delete, or in any way access data on another MUS user�s account without explicit permission; or engage in any activity prohibited by local campus policies.


In that regard, each campus must clearly identify what MUS information technology resources are available for use by its students, and clearly identify those activities that are and are not appropriate for each resource. This includes but is not limited to use of resources such as e-mail systems, internal and external network facilities, student-accessible computer labs, and accounts on MUS-owned or operated computer systems.� If a campus provides special services to residents of its university-provided housing, it must clearly identify what special services are provided and what activities are and are not appropriate in the use of those services by residents.




It is the responsibility of the Student Affairs Office on each campus to ensure that all students are aware of MUS policies and procedures concerning the use of MUS computing and information technology resources, understand them, and comply with them. In the case of special services provided to residents of university-provided housing, it is the responsibility of the campus housing operation unit to ensure that residents are aware of and comply with separate policies that govern the use of special services available only to housing residents.




Users of MUS information technology resources must cooperate with requests from system administrators for information about computing activities; follow MUS procedures and guidelines in handling diskettes and external files in order to maintain a secure, virus-free computing environment; follow MUS procedures and guidelines for backing up data and making sure that critical data are saved to an appropriate location; and honor the Acceptable Use Policies of any MUS or non-MUS networks they access through MUS facilities.


Users must report acceptable use violations and other security violations to their immediate supervisors, to local personnel responsible for local network policy enforcement, or to personnel responsible for the enforcement of the policies pertinent to the violation.


Misuse of MUS computing or information resources will result in disciplinary action appropriate to and consistent with BOR policies and the campus Student Conduct Code.




Examples of Misuse of Information Technology Resources


The following items represent, but do not fully define, misuse of information technology resources. Note that many of these examples may be considered appropriate uses of technology resources in specific academic contexts; determination of academic appropriateness is the initial responsibility of the user�s academic supervisor (e.g., instructor, department chair, dean, or provost).


         Using resources for derogatory, racially offensive, sexually offensive, harassing, threatening, or discriminatory purposes.

�������� Downloading, installing, or running security programs or utilities that reveal weaknesses in the security of MUS computer resources, except by a MUS employee as specifically required by that employee�s assigned job responsibilities.

�������� Unauthorized use of computers and User IDs, or use of User IDs for purpose(s) other than those for which they have been issued.

�������� Modifying, installing, or removing computer equipment, software, or peripherals, or attempting to do so, without proper authorization.

�������� Accessing computers, computer software, computer data or information, or networks without proper authorization, regardless of whether the computer, software, data, information, or network in question is owned by the MUS. For example, using the networks to which the MUS has access to improperly access resources at other sites will be considered an abuse of a user�s MUS computing privileges.

�������� Circumventing or attempting to circumvent normal resource limits, logon procedures, or security regulations.

�������� Sending fraudulent e-mail, breaking into another user's e-mail account, or reading someone else's e-mail without his or her permission, unless specifically authorized to do so.

�������� Sending any fraudulent electronic transmission, including but not limited to fraudulent requests for confidential information, fraudulent submission of electronic purchase requisitions or journal vouchers, or fraudulent electronic authorization of purchase requisitions or journal vouchers.

�������� Violating any legal software license agreement or copyright, including copying or redistributing copyrighted computer software or data without proper, recorded authorization.

�������� Violating the property rights of those who hold copyright to computer-generated data, reports, or software.

 ������� Taking advantage of another user's naivet� or negligence to gain access to any system account, data, software, or file which would not otherwise be accessible.

�������� Physically interfering with other users' access to MUS computing facilities, unless authorized to do so by the appropriate authority.

�������� Encroaching on or disrupting others' use of MUS network resources by creating unnecessary network traffic (for example, by playing games or sending excessive amounts of e-mail); wasting computer processing time, connect time, disk space, or other resources; modifying system facilities, operating systems, or disk partitions without authorization; attempting to crash or deny service to a MUS computer; damaging or vandalizing MUS computing facilities, equipment, software, or computer files.

�������� Disclosing proprietary information, software, printed output, or magnetic media without the explicit permission of the owner.

�������� Reading other users' data, information, files, or programs on a display screen, as printed output, or via electronic means, without the owner's explicit permission, except in the case of MUS employees authorized to do so in the performance of their jobs.

�������� Knowingly transferring or allowing to be transferred to, from, or within the MUS, textual or graphical material commonly considered to be child pornography or obscene as defined in 45-8-201(2), MCA.

�������� Any other activity involving use of MUS computing and information resources that violates established MUS policies, state laws, or federal laws, whether or not those policies or laws relate specifically to the use of computing or information resources.