Acceptable Use Policy for Computer Usage
The computing and electronic communications resources at Fairleigh Dickinson University support the instructional, research, and administrative activities of the University. Users of these facilities may have access to University resources, sensitive data, and external networks. Consequently, it is imperative for all users to behave in a responsible, ethical, and legal manner. This document presents specific guidelines to appropriate behavior and use of FDU computing equipment.
SCOPE
These guidelines apply to all users of computing and electronic communications resources, and computing equipment owned, leased or rented by Fairleigh Dickinson University (for brevity purposes all such equipment as resources shall be referred to as computing resources). This includes all students, faculty, visiting faculty, staff, guests of the administration, and external individuals or organizations. Computing resources includes, but is not limited to, desktop and laptop computers, file servers, University-assigned email accounts and networking equipment used to link these components together and to the Internet.
University property, including computer resources, are provided to you in order to conduct University business. Although security protocols have been put in place restrict access to computer resources to protect them against external parties or entities obtaining unauthorized access, employees should understand that these systems are intended for business use, and all computer resources are to be considered as University records.
Fairleigh Dickinson University is not responsible for the content of any material the user prepares, receives or transmits. Thus, as a condition of using the University's computer system, the user represents that he/she is in compliance with all federal, state and international copyright and other intellectual property laws and agreements and other federal and state laws, nor in his/her use of the system will the user violate any federal or state civil or criminal laws. Furthermore, the user will indemnify, exonerate and save the University, and its representatives, harmless from any claim, damage or cost related to the user's use, including any legal fees the University decides it is necessary to incur to defend itself
ACCEPTABLE USE
Those who make use of the FDU computing resources are required to behave in a manner consistent with FDU's codes of conduct. As a user of this network, you agree to the following usage guidelines:
- You are responsible for any computer account you have been given. You shall set a password on the account that is not easily guessed and shall not share this password with other people. If you discover that someone has made unauthorized use of your account, you should change your password immediately and immediately report the event to one of the individuals listed in appendix 1. You also shall not use an account not belonging to you.
- You agree not to intentionally seek out information about, copy, or modify password files, other users' files, or disks and tapes belonging to other people, whether at FDU or other facilities.
- You should not attempt to decrypt material to which you are not entitled or attempt to gain rights you have not been specifically granted by the owner. If you observe or discover a gap in system or network security, you agree to inform the Computer Center and not to exploit the gap.
- You agree to refrain from any activity that interferes with a computer's operating system or its logging and security systems, or that may cause such effects.
- You must be sensitive to the public nature of computer systems and agree not to transmit, post or otherwise display material that is threatening, obscene, harassing or defamatory.
- You agree not to make copies of or distribute software the University owns or uses under license, unless the owner of the software or the owner of the license has specifically granted permission to copy. If in doubt as to whether you have permission to copy software, assume you don't.
- Messages, statements, and declarations sent as electronic mail or public postings should be treated as if they were tangible documents. From electronic identifiers used in the transmission of messages, addressees can see the University is the source of the message or its system is being used to transmit it, similar to how letterhead or return addresses on a tangible document would identify the University. To make sure that no addressee can infer that your personal opinions are necessarily shared or authorized by the University, it is your obligation to clearly identify them as your opinions and not those of the University.
- You agree not to create, alter, or delete any electronic information contained in any system associated with the Computer Centers that is not your own work.
- You agree not to create & send, or forward electronic chain mail letters. You agree not to attempt to alter or forge the "From" line or any other attribution of origin contained in electronic mail or postings. You agree not to use any of the university systems for sending what is commonly referred to as "SPAM" mail (unsolicited bulk email).
- You shall not use FDU computing equipment as a means of obtaining unauthorized access to any other computing systems.
- FDU's computing disk storage is a University resource with costs attached and should be used with care and discretion. It is not meant to be used for archiving programs and data not currently being used or for storage of files publicly available elsewhere. It is meant for current class work, research and development projects, business files and temporary storage of other files. Users shall attempt to keep their disk usage minimized and will refrain from maintaining duplicate copies of software already installed, or other files stored, on the system.
- Network addresses such as TCP/IP addresses and machine addresses are assigned by University Systems and Security staff and may not be altered or otherwise assigned without the explicit permission of the University Director of Information Systems and Technology. In addition, no equipment may be attached to the network without the explicit permission of the University Director of Information Systems and Technology.
- FDU's Network is not to be used for the transmission of commercial or personal advertisements, solicitations, and promotions or for extended reproduction of political, ideological or commercial material originated by a person or organization. This includes but is not limited to the execution of revenue-generating advertising programs which pay users when the programs are run. The University Director of Information Systems and Technology may suspend this rule when it is in FDU's best interest to permit such activity.
- In the quantity and frequency of their personal use, users should not create unreasonable demands on the system. Users may contract with other internet services, provided such service does not require permanent modifications to FDU facilities (e.g., drilling, mounting brackets, running wires in or through walls.)
- Without the explicit permission of the University Director of Information Systems and Technology you agree not to run any of the following protocols or services:
A. Port scanners, network monitors or other types of utilities that probe any other computer, be they inside or outside FDU's network.
B. Routing or network serving protocols such as RIP,IGRP, BOOTP or DHCP on the network.
C. Daemons, processes or programs that accept incoming connections, as a server would.
D. Streaming media servers or any other server that broadcasts continuous data streams.
- FDU's computing equipment, network, services, and wiring may not be modified or extended beyond the areas of their intended use.
- Network connections may not be used to provide network access to anyone outside the University community or for any purposes other than those that are in direct support of the academic mission of the University.
- Department Heads and other administrators may enact additional restrictions to these policies to further limit usage by employees. These restrictions may include but are not limited to: limiting time spent reading or writing personal email or visiting web pages, and limitations on acceptable content due to the possible exposure of screens to other individuals.
- All computers connected to FDU's network must run an operating system that is supported by its vendor with regard to security patches, as well as antivirus software with current virus definitions. It is the user's responsibility to keep their virus definitions up to date and to apply all critical operating system updates. More information is available at http://isweb.fdu.edu
SECURITY
Users should use any available methods to safeguard their data, including regular changes of passwords, making duplicates of files, and encrypting sensitive data. In the event that files have been corrupted as a result of intrusion, you should notify a system administrator immediately. Please note that the computer systems are not completely secure. It is possible that others will be able to access files by exploiting shortcomings in system security. For this and other reasons, FDU cannot assure confidentiality of files and other transmissions.
Information Systems and Technology and each of its departments attempt to provide reasonable security against damage to files stored on FDU's computing equipment by filtering all outgoing and incoming electronic mail for viruses and junk mail and making regular backups of systems. On October 1st, 2012 the University adopted a policy of retaining a copy of each fdu.edu email for ten (10) years; this means, regardless of individual user action, the University will maintain a copy of all email traffic for a period of 10 years.
In the event of lost or damaged files, a reasonable attempt will be made to recover the information; however, the University and the Computer Center staff cannot guarantee recovery of the data or loss of data due to media failure, floods, fires, etc.
Information Systems and Technology and each of its departments will make reasonable attempts to provide error-free hardware and software on our systems, however, it is not possible to guarantee this, and information provided by staff members is not guaranteed to be correct.
PRIVACY
Users should exercise caution when storing any confidential information in electronic format, because the privacy of such information cannot be guaranteed.
Even though the electronic datagrams transmitted by or stored on University equipment are the property of the University, the IST staff will not normally log into another user account or access user's files unless specifically granted permission by the user, or as otherwise permitted under this Policy. Student staff should avoid situations where helping another student or a faculty member would give them access to data relevant to a course that the student staff person is currently taking.
Exceptions to this practice are made under certain circumstances. These include: system backups, which access all files in a user's account; software upgrades which may require editing startup files in a user's account; diagnostic and trouble-shooting activities, which may, for example, require viewing the address headers of e-mail messages to determine the cause of problems; and keystroke monitoring of sessions to determine inappropriate use of the computing facilities. Another exception is a suspected violation of the tenets in this policy, the Student, Faculty, or Employee Handbooks, University employment policies, rules or practices or local, state or federal law, or as required by court order. In such situation(s), a user's files may be duplicated and stored for later review by appropriate personnel without the user's permission or knowledge. Users of the University's computer resources are hereby informed that they have no justified expectation of privacy in material processed, sent, or stored on or through the systems, and that the consent of the user to give access to his or her electronic documents is a condition precedent to the user's use of the University's computer resources.
Because the University reserves the right to access electronic mail messages left on or transmitted through University's computer resources, employees should not assume that such messages are private and confidential or that the University or its designated representatives will not have a need to access and review this information. Individuals using the University's computer resources should also have no expectation that any information stored on the University's computer resources, whether the information is contained on a computer hard drive, computer disks or in any other manner, will be private.
In the event that user files need to be copied or viewed for reasons other than security, diagnostic, system backup or in compliance with law enforcement, or internal investigations authorized by Human Resources and the office of General Counsel, Information Systems and Security staff will attempt to inform the user of this access.
The Family Education Rights and Privacy Act (FERPA) binds all users who have access to student data. Its application relevant to this Acceptable Use Policy centers on a student's right to consent to disclosure of personally identifiable information. FERPA does permit certain information to be released without consent and this information is referred to as "Directory information". To find out specifically what information you may or may not give out and to whom, you may contact the Dean of Students office. There is also information on FERPA in the Student Handbook. When you are in doubt as to whether or not you are permitted to release some information, do not release the information until you know for sure.
POLICY VIOLATIONS
Policy violations should be reported immediately to any one of the individuals listed in Appendix 1.
Depending on the nature of the events, violations of this policy may be dealt with as described in the Student, Faculty and/or Employee Handbooks, any relevant contracts, and possibly State and/or Federal law or regulations. In addition, a user's system privileges can be suspended for a specified time period or revoked as decided by the President, appropriate Provost or Division Vice President and a monetary fine on those in violation may be levied to reimburse the University for the staff time and other costs of investigating and rectifying the violation. The person on whom a sanction or fine is imposed can appeal to the Chief Operating Officer in writing within 10 days.
University Systems and Security reserves the right to suspend network and/or system privileges while investigating a complaint or troubleshooting a system or network problem.
Appendix 1
Contacts
Brian Domenick
University Director for Information Systems and Technology
Mailstop T-BH1-01
201-692-2414
brian@fdu.edu
Saul Kleinman
University Director of Management Information Systems
Mailstop T-BH2-03
201-692-2065
saul@fdu.edu
Ralph Knapp
Director, Computing Services for College at Florham
Mailstop M-DB2-01
973-443-8689
knapp@fdu.edu
This policy is published by the Office of Information Systems and Technology (IST) and is subject to revision. Comments and suggestions are welcome and should be sent to Brian Domenick, University Director of Information Systems and Technology, mailstop T-BH1-01, or brian@fdu.edu.
This document will be reviewed semi-annually and is available both electronically and in printed form at each of the Campus Computing Centers.
It is the user's responsibility to remain informed about the contents of this document.
Revised as of: February 17, 2013