Clemson University Policy on Information Resources for Students

Employees and Contractors should view the Clemson University Policy on Information Resources for Employees and Contractors

Executive Summary

Computing is an integral part of the academic, business, and personal experience of University life of college students as we know them today. The on-campus resident student will almost certainly use the campus computing infrastructure while in class and in their residential campus home. The commuting student will also use the facilities while attending class or conducting class related activities. While enjoying the many benefits of the advanced nature of the campus computing facilities and network infrastructure, there comes some basic expectations of use.

This document outlines the basic expectations of Clemson University on how the student will interact with the campus computing systems. Each student is expected to conduct his/her computing needs in a manner that in no way jeopardizes the availability of the campus system or any connected system whether owned by the university or some other entity. The computing resources at Clemson University are the property of Clemson University. Clemson University reserves the right to take all necessary measures either proactively or in reaction to an event or the possibility of an event to protect those computing resources.

Additionally Clemson University strictly prohibits the use of its computing facilities to engage in, participate in, or be party to any illegal activity. The university will monitor its systems in order to protect against such.

Any violation of this policy will result in corresponding disciplinary action by the university. Students suspected to be in violation of this policy will be reported to the appropriate investigative and/or disciplinary unit, including but not limited to, the Office of Student Conduct or the University Police Department. 

All student users of the computing facilities of Clemson University are expected to be familiar with this policy and agree to adhere to it prior to using any computing related facilities.  Acceptance will be required before registering any personal computer on the campus network.

Purpose

Clemson University is dedicated to providing a safe, reliable and robust information technology infrastructure for faculty, staff and students. In doing so, there are some general expectations of acceptable use of the computing systems located or connected to Clemson University to ensure that the computing systems maintain their highest level of efficiency and reliability. Many university functions rely heavily on the accessibility of computing systems and the university must take every reasonable action to protect them.

Policy

Use of university computing resources, including network facilities, account numbers, data storage media, printers, plotters, microcomputer systems, and software for computing activities other than those authorized by the university is strictly prohibited. Unauthorized use of such resources is regarded as a criminal act in the nature of theft and violators are subject to suspension, expulsion, and civil and criminal prosecution.

The following are examples of misuse of computing resources:

  1. Unauthorized duplication, distribution or alteration of any licensed software. This includes software licensed by the university and licensed software accessed using the computing networks.
  2. Attempting to gain unauthorized access to any computing resource or data, or attempting to disrupt the normal operation of any computing resource or network -- at Clemson or anywhere on the Internet,
  3. Attempting to use another student's or employee's computer account or data, without their permission.
  4. Using the university electronic mail system to attack other computer systems, falsify the identity of the source of electronic mail messages. Sending harassing, obscene or other threatening electronic mail. Attempting to read, delete, copy or modify the electronic mail of others without their authorization. Sending, without official university authorization, "for-profit" messages, chain letters or other unsolicited "junk" mail.
  5. Knowingly infecting any computing resource with a software virus.
  6. Tampering with the university computer network or building wiring or installing any type of electronic equipment or software that could be used to capture or change information intended for someone else.
  7. Participating in a "denial of service" attack on any other computer, whether on or off campus.
  8. Using university computing or network resources for personal gain or illegal activities such as theft, fraud, copyright infringement, piracy (e.g., sound or video recording), or distribution of child pornography or obscenities.

Communications

General Guidelines

Clemson University computing resources are the property of Clemson University, to be used for university-related business. Students have no expectation of privacy when utilizing university computing resources, even if the use is for personal purposes. The university reserves the right to inspect, without notice, the contents of computer files regardless of medium, the contents of electronic mailboxes and computer conferencing systems, systems output such as printouts, and to monitor network communication when:

  1. It is considered reasonably necessary to maintain or protect the integrity, security or functionality of university or other computer resources or to protect the university from liability;
  2. There is reasonable cause to believe that the users have violated this policy or otherwise misused computing resources;
  3. An account appears to be engaged in unusual or unusually excessive activity;
  4. It is otherwise required or permitted by law.

Any suspected violations of this policy or any other misuse of computer resources by students normally should be referred to the Office of Student Conduct. That office will investigate the allegations and take appropriate disciplinary action. Violations of law related to misuse of computing resources may be referred to the appropriate law enforcement agency.

Notwithstanding the above, Clemson Computing and Information Technology may temporarily suspend, block or restrict access to an account, independent of university disciplinary procedures, when it appears reasonably necessary to do so in order to protect the integrity, security or functionality of university or other computer resources, to protect the university from liability, or where the emotional or physical well-being of any person is immediately threatened. When CCIT unilaterally takes such action, it will immediately notify the account holder of its actions and the reason for them in writing. The account holder may appeal the action taken by CCIT in writing to the Chief Information Officer.

Access will be restored to the account holder whenever the appropriate investigatory unit of the university determines that the protection of the integrity, security or functionality of university or other computing resources has been restored and the safety and well being of all individuals can reasonably be assured, unless access is to remain suspended as a result of formal disciplinary action imposed through the Office of Student Conduct or as a result of legal action.

Definitions

References and Related Documents

           Userid and Password Policy

http://ccit.clemson.edu/about/policy/cu-it-policies/usernames-and-passwords/           

Revisions

            January 2009

Approvals

            IT Council


Clemson University Policy on Information Resources for Employees and Contractors

Students should view the Clemson University Policy on Information Resources for Students

Executive Summary

Computing is an integral part of the academic and business functions of the university. Many university functions that an employee or contractor encounters in carrying out their job functions and duties will require that employee or contractor to interact with the computing infrastructure and available resources. The computing resources at Clemson University are the property of Clemson University. Clemson University reserves the right to take all necessary measures either proactively or in reaction to an event or the possibility of an event to protect those computing resources.

This document outlines the basic expectations of Clemson University on how each employee and contractor will interact with the campus computing systems. Each employee and contractor is expected to conduct their computing needs in a manner that in no way jeopardizes the availability of the campus system or any connected system whether owned by the university or some other entity.  Additionally, Clemson University strictly prohibits the use of its computing facilities to engage in, participate in, or be party to any illegal activity. The university will monitor its systems in order to protect against such activity. Additionally, university employees and contractors are exposed to and have access to sensitive data resources and information, it is expected that the employee or contractor will take every known action to protect the privacy and sensitivity of those resources and information.

Any violation of this policy will result in corresponding disciplinary action by the university.  Employees and/or contracors suspected to be in violation of this policy will be reported to the appropriate investigative unit, including but not limited to the Office of Information Security and Privacy, Office of Human Resources, or the University Police Department. 

All employees and contractors working for Clemson University are expected to be familiar this policy and agree to adhere to it prior to using any computing related facilities.  Acceptance will be considered as a condition of working for Clemson University either as an employee or contractor.

Purpose

The purpose of this policy is to protect the Information Technology resources and the data that is contained in, or manipulated by those IT resources as used in the daily employment duties of the university employee or contractor.  The shift of computing resources from a centralized data center to the desktop has resulted in a corresponding shift of some of the responsibility for maintaining and safeguarding those resources to the individual employee and contractor. The equipment, software and data used by each employee and contracor are expensive and vital assets of Clemson University that it is the duty of every employee and contractor to protect. In addition, Federal and State statutes protect the privacy of much of the information available on University computer systems.

Policy

It is the policy of Clemson University that: Clemson University computing resources are the property of Clemson University to be used for university-related business. Employees and contractors have no expectation of privacy when utilizing university computing resources, even if the use is for personal purposes. The university reserves the right to inspect, without notice, the contents of computer files, regardless of medium, the contents of electronic mailboxes and computer conferencing systems, systems output, such as printouts, and to monitor network communication when:

  1. It is considered reasonably necessary to maintain or protect the integrity, security or functionality of university or other computer resources or to protect the university from liability:
  2. There is reasonable cause to believe that the users have violated this policy or otherwise misused computing resources;
  3. An account appears to be engaged in unusual or unusually excessive activity; and
  4. It is otherwise required or permitted by law. Additionally, the userid and computing services of the individuals involved may be suspended during any investigation of misuse of computing resources.

Communications

General Guidelines

All data pertaining to student records, University administration, research projects, any Federal or State information, and any other information not explicitly deemed public shall be considered confidential and will be safeguarded by each employee and contracor having access to that data. All employees and contracors will adhere to Federal and State laws concerning privacy. Official releases of data under Freedom of Information requests are to be routed through the appropriate vice-presidential area and/or the Office of General Counsel.

All University data, public or private, will be stored in such a manner as to reasonably protect it from loss due to equipment failure, fire, theft, sabotage or human error. The University Records Manager establishes data retention periods. Data backup procedures will include remote storage of backup data, written backup and recovery procedures and periodic verification of storage media.

Any computer tape, disk (hard drive, CD or floppy) or other storage medium used to store sensitive university data must be totally erased or rendered unreadable before it is discarded or disposed of through property transfer or surplus. Employees and contractors should contact departmental Technical Support Providers (TSPs), College Consultants or CCIT personnel for assistance if necessary.

All employees and contractors will safeguard their computer userids and passwords. No employee or contractor will allow unauthorized persons access to University data or computing or network resources by sharing their userid and password. Employees and contractors should reference CCIT documentation on selecting strong passwords. Departmental servers will use CCIT provided security for access to sensitive data or applications. No server will store userids and passwords on the server.

No employee or contractor will knowingly create access into the computing network in such a way as to bypass University security systems. Employees and contractors will make reasonable efforts to insure that no software or hardware under their control allows unauthorized access to University data. Administrators of departmental servers will regularly apply operating system security patches and service packs. All unnecessary server services will be turned off.

No employee or contractor will attempt to use the University network to gain unauthorized access to other computing resources or data, nor will they knowingly attempt to disrupt the operation of any computer system or network.

No employee or contractor will knowingly violate software licenses or copyrights during the course of their job duties or at any time while using University equipment or software. Employees and contractors are responsible for producing proof of license for any software installed on their University-supplied computer. Licenses for personally-owned software installed on a university computer should be kept with that computer.

No employee or contractor will use University data, computing resources or the network for illegal activities or for personal gain.

All employees and contractors will safeguard the software and data resources on their workstation or personal computer by installing University-licensed virus protection software or an equivalent package and running this software at regular intervals. Departmental servers and other shared computing resources will also run virus protection software if it is available. Departmental TSPs or College Consultants can assist in installing and running the virus protection software.

All employees and contractors will do their best to ensure all software or data is virus-free before it is installed or loaded on a University computer system. Any detection of a software virus will be reported immediately to the departmental TSP or, if no TSP is available or assigned, the College Consultant, or to the Client Support group in CCIT.

No employee or contractor will use the University electronic mail system to falsify the identity of the source of electronic mail messages; send harassing, obscene or other threatening electronic mail; attempt to read, delete, copy, or modify the electronic mail of others without their authorization; or send, without official University authorization, "for-profit" messages, chain letters, or other unsolicited "junk" mail.

Disciplinary Sanctions

The university will impose disciplinary sanctions on employees and contractors who violate the above policies. The severity of the imposed sanctions will be appropriate to the violation and/or any prior discipline issued to that employee or contractor.

Definitions 

References and Related Documents

            Userid and Password Policy

https://ccit.clemson.edu/about/policy/cu-it-policies/usernames-and-passwords/  

Revisions

            January 2009

Approvals

            IT Council