January 17-18, 2002

ITEM 114-104-R0102   Board of Regents Policies and Procedures Manual: Information Technology; User Responsibilities (2) (New)


No. 2

SCOPE

This policy applies to all MUS employees using MUS-owned or managed computing and information resources. It also applies to all MUS students using MUS-owned or managed computing and information resources, except when using personally owned computers in conjunction with MUS-provided network services. (A separate contract, agreement or policy may cover activities involving personally owned computers.) Finally, it also applies to "visitors," "adjuncts," or any other persons or entities that have either temporary or permanent access to MUS-owned or managed computing and information resources. For convenience, all the above groups are often combined under the label of "users" of the MUS computing and information resources.

 

REQUIREMENTS

Each user of the Montana University System's computing and information resources should realize the fundamental importance of information resources and recognize his/her responsibility for the safekeeping of those resources. Users and system administrators must guard against abuses that disrupt or threaten the viability of all systems, including those connected to the MUS network and the State network, and other networks to which MUS systems are connected.

Each user is responsible for having knowledge of MUS policies concerning security, privacy and acceptable computing practices. Each user of MUS computing and information resources must act responsibly. Each user is responsible for the integrity of these resources. Each user of MUS-owned or managed computing systems must be knowledgeable of and adhere to MUS policies, respect the rights of other users by minimizing unnecessary network traffic that might interfere with the ability of others to make effective use of this shared network resource, respect the integrity of the physical facilities and controls, and obey all federal, state, county, and local laws and ordinances. Each user must abide by these policies, relevant laws and contractual obligations, and appropriate ethical standards.

MUS information technology resources are to be used by an employee for the job-related activities to which the employee is assigned, and by a student for appropriate academic activities. MUS information technology resources are not to be used for the following:

1.       for employees' and students' private, commercial purposes, except those covered under formal agreements with the MUS,

2.       for employees' non-job-related activities (including games or software that is not required for an employee's job responsibilities), and

3.       for students' non-academic-related activities (including games, software, or file sharing activities that are not required for a student's academic activities).


CONSENT FORM

All users of MUS computing and information resources will complete a MUS consent form indicating that they have knowledge of and accept MUS policies and procedures concerning the use of these resources. Exceptions to the consent form requirement may be granted for temporary users whose use is confined to a very short period (e.g., a short conference or training session), provided the resources to which they have access are set up and monitored to guarantee that abuses are unlikely to occur.

 

MISUSE OF MUS INFORMATION TECHNOLOGY RESOURCES

The following items represent, but do not fully define, misuse of information technology resources:

  • Using resources for derogatory, racially offensive, sexually offensive, harassing, threatening, or discriminatory purposes.
  • Down-loading, installing, or running security programs or utilities which reveal weaknesses in the security of MUS computer resources except by a MUS employee as specifically required by that employee's assigned job responsibilities.
  • Unauthorized use of computers and UserIDs, or use of UserIDs for purpose(s) other than those for which they have been issued.
  • Modifying, installing, or removing computer equipment, software, or peripherals, or attempting to do so, without proper authorization.
  • Accessing computers, computer software, computer data or information, or networks without proper authorization, regardless of whether the computer, software, data, information, or network in question is owned by the MUS. That is, using the networks to which the MUS has access to improperly access resources at other sites will be considered an abuse of a user's MUS computing privileges.
  • Circumventing or attempting to circumvent normal resource limits, logon procedures, or security regulations.
  • Sending fraudulent e-mail, breaking into another user's e-mail account, or reading someone else's e-mail without his or her permission, unless specifically authorized to do so.
  • Sending any fraudulent electronic transmission, including but not limited to fraudulent requests for confidential information, fraudulent submission of electronic purchase requisitions or journal vouchers, or fraudulent electronic authorization of purchase requisitions or journal vouchers.
  • Violating any legal software license agreement or copyright, including copying or redistributing copyrighted computer software, data, or reports without proper, recorded authorization.
  • Violating the property rights of copyright holders who are in possession of computer-generated data, reports, or software.
  • Taking advantage of another user's naivet' or negligence to gain access to any User ID, data, software, or file which would not otherwise be accessible.
  • Physically interfering with other users' access to MUS computing facilities.
  • Encroaching on or disrupting others' use of MUS network resources by creating unnecessary network traffic (for example, playing games or sending excessive messages); wasting computer processing time, connect time, disk space, or other resources; modifying system facilities, operating systems, or disk partitions without authorization; attempting to crash or deny service to a MUS computer; damaging or vandalizing MUS computing facilities, equipment, software, or computer files).
  • Disclosing or removing proprietary information, software, printed output, or magnetic media without the explicit permission of the owner.
  • Reading other users' data, information, files, or programs on a display screen, as printed output, or via electronic means, without the owner's explicit permission.
  • Knowingly transferring or allowing to be transferred to, from, or within the MUS, textual or graphical material commonly considered to be child pornography or obscene as defined in 45-8-201(2), MCA.
  • Any other activity involving use of MUS computing and information resources that violates established MUS policies, state laws, or federal laws, whether or not those policies or laws relate specifically to the use of computing or information resources.

 

REPORTING AND DISCIPLINARY ACTION

Users will cooperate with requests from system administrators for information about computing activities; follow MUS procedures and guidelines in handling diskettes and external files in order to maintain a secure, virus-free computing environment; follow MUS procedures and guidelines for backing up data and making sure that critical data are saved to an appropriate location; and honor the Acceptable Use Policies of any non-MUS networks they access through MUS facilities.

Users will report acceptable use violations and other security violations to their immediate supervisor, to local personnel responsible for local network policy enforcement, or to personnel responsible for the security and enforcement of network policies where the violation originated.

Misuse of MUS computing or information resources may result in disciplinary action appropriate to the misuse, up to and including termination of an employee or expulsion of a student.