Technology Services Policy

Policy Number
7.20
Signature
Board of Trustees
Date Approved
Effective Date
Responsible Division
Finance and Administrative Services

The College shall develop and implement procedures to govern the use of information technology and related equipment. Such procedures will adhere to the security standards specified in the IIPS Information Security Manual, Family Educational Rights and Privacy Act, Health Insurance Portability and Accountability Act, Payment Card Industry Data Security Standards, and adhere to federal, state, and local laws.

Procedure

Carteret Community College is responsible for the proper use of its computers, technology, and computer information systems. These systems are used by administrators, staff, students, and faculty to facilitate the performance of their duties. These duties include, but are not limited to: data entry and retrieval of student, administrative, and operational records; records maintenance; report preparation; and administrative planning. It is necessary to establish policies and procedures to insure that the systems are used in the most efficient, effective, and productive ways possible while providing protection for the integrity of the data, software and hardware.

The Vice President for Finance and Administrative Services and the Director of Information Technology are responsible for maintaining the technology system software and hardware and for monitoring the proper use of the computer information systems and technology resources. All college employees are also responsible for using the computing systems and technological resources of the College properly and for maintaining the security of these systems. 

The College’s technology systems include technology hardware, electronic mail and other forms of electronic communications, Internet access and use of computing devices. As the owner of property and services, the College has the right to monitor activities and to access information on the College’s technology systems stored, sent, created or received by faculty, staff and students.

Any individual using the College’s technology systems should not expect individual privacy in their use of the technology systems including, but not limited to, the use of the College’s electronic mail system.

When using the College’s technology systems, all users shall adhere to the College’s information technology policies and procedures.

Public and Confidential Records 

Unless otherwise confidential by law, records generated using the College’s technology systems are considered public records and must be maintained as public records pursuant to the College’s policies and procedures. Student education records and certain personnel information are protected by law and are confidential. 

Employee use of Technology Services 

Employees using Carteret Community College’s technology hardware, software, or systems should adhere to the following guidelines: 

  1. Employees shall adhere to the Technology Acceptable Use Policy. 
  2. All computing devices, including portable computing devices such as laptops or tablets, shall:
    1. Use encryption or other measures to protect confidential information, including personal information, from unauthorized disclosure;
    2. Be labeled identifying the device as the College’s property; and
    3. Be used in compliance with all applicable security requirements for the College’s computers.
  3. The College’s mobile technology equipment, such as laptops and tablets, may be assigned, loaned and/or used at home by College personnel provided: 
    1. Use of the equipment at home will not interfere with the College’s operational needs; 
    2. Supervisor approval; and
    3. Personnel return items to campus upon request for system maintenance, upgrades, inventory, and verification. 
  4. The College’s Information Technology Department (“IT”) maintains all of the College’s technology equipment. Under no circumstances shall anyone not so authorized attempt to repair any College-owned equipment or install or remove software on computers assigned for employee use. Faculty may make temporary adjustments to software on classroom computers as needed for instruction. IT does not support the use and setup of the College’s technology equipment on Internet, network and computing resources that are not owned and maintained by the College.
  5. The College recognizes that employees may occasionally receive personal email on College computers, use College equipment to complete an online course and for other personal reasons. Personal use of College computers and equipment is acceptable provided that employees adhere to the following:   
    1. Personal use may not interfere with the College’s operational needs. 
    2. Equipment may not be checked out solely for the purpose of personal use. 
    3. Users understand that data stored on College equipment or sent using College email or other communication methods is not private.
    4. Users will adhere to all state and federal laws and the College’s policies and procedures. 
    5. Equipment or information resources are not used for illegal, malicious or obscene purposes.
    6. Equipment or information resources are not used to seek or exchange electronic information or software unrelated to one's job duties and responsibilities. 
    7. The College's data and information are not shared with unauthorized individuals.
    8. All software copyright and licensing laws are followed. 
    9. Not use College passwords for non-college sites (e.g., social networking sites).
    10. Not share sensitive College information or student details on social networking sites. 
    11. Equipment is not used for any political purposes, including nonprofit activities of a political nature. 
    12. Equipment is not used for private or personal for-profit activities. This includes personal use for marketing or business transactions, advertising of products or services, or any other activity intended to foster personal gain. Employees may not use College equipment or information resources in pursuit of private businesses operated by the employee or in pursuit of work for other agencies, colleges or businesses.

Abuse, damage, and theft

Any employee or student who willfully abuses, damages, steals, or otherwise renders inoperable any Carteret Community College computer, multimedia or related equipment, network or software, or uses such items for illegal purposes, will be disciplined under the appropriate policies and procedure.

Software Installation

Only software owned and licensed by Carteret Community College or software which carries a public license, may be installed on College computers. Only IT staff may install such software. Demonstration software downloaded from the Internet will be allowed only on employee or classroom presentation computers and must be removed by IT staff after the demonstration is complete.

Bandwidth Capacity

Bandwidth capacity is the ability to transmit data from one computer to another within a network, to the Internet, or from the Internet. Users should understand that abuse of the network may compromise the system’s resources. Using the Internet for receiving radio broadcasts or streaming media, downloading files or sending large files may be detrimental to network performance; therefore, such activities should be limited to institutional purposes. IT staff can temporarily restrict Internet access of devices which appear to be abusing network bandwidth. Users should consult the IT Helpdesk for guidance in these areas and what constitutes an inordinate use of bandwidth.

Technology Selection and Purchasing

Carteret Community College IT Department will assist faculty and staff in selecting the appropriate computer hardware, software, or telecommunications equipment. The Director of Information Technology is responsible for final approval of the technical standards and compatibility of all new equipment, hardware, and software, and must approve all applicable purchase requisitions before approval by the respective Vice President or President.

Vendors and Contractors

The purpose of this subsection is to define procedures for allowing vendors and contractors (herein referred to as vendors) access to Carteret Community College Information Technology (IT) resources, network systems, or computer systems. As a general principle, such access will only be granted as required, will be extremely restrictive, and will be carefully monitored.

This section applies to all persons or companies with whom the College has contracted to provide a service involving IT resources including hardware, software, and operating system vendors. Such service includes all of the IT tools and protocols used for network and server management (e.g., computers, servers, routers, hubs, firewalls, switches, and interconnecting cables).

Vendors must comply with all applicable Carteret Community College policies and procedures including established safety procedures. The Director of Information Technology will be responsible for coordinating all work performed by vendors on any of the above referenced systems and for providing the vendor with a Carteret Community College IT staff member who will be primary point of contact for the vendor.

Vendors shall not divulge, copy, release, loan, sell, review, alter, or destroy any college owned data, equipment, or software except as properly authorized by the College. Vendors may be asked to sign a confidentiality statement prior to doing work for the College.

To accomplish a given task, the vendor will be given the lowest security privilege required. Generally, a vendor will not be given system administrator privileges or their equivalent and such access will be granted for a defined and short duration, usually the length of time required to address a specific support incident. If vendor is given access to an account that is shared among IT staff, the password for the account will be changed after the vendor completes the work. On completion of the task, access will be disabled.

Prior to granting vendor access for software installations or upgrades, the process will be reviewed by the appropriate IT system administrator. After a vendor has installed or upgraded a product or system, the responsible IT system administrator will review the system to ensure that it is functioning properly. To the extent possible, the activities of a vendor will be monitored by Carteret Community College IT personnel.

Violations of any provisions of this policy will be dealt with in the same manner as with other external vendors.