• Home
• Vision, Mission and Values
• I&IT News
• Departments
• Organization
• Policies
• Learning Centeredness
• Forms
• Staff Information
• Our Team
  • Division directory
  • From the VP

 

This document is obsolete. It is replaced by Appropriate Use Policy for Information Technology.

Preface

It is imperative that all users of the University's computing, communications, and information resources realize how much these resources require responsible behavior from all users. Simply put, we are all responsible for the well-being of the computing, network, and information resources we use.

Universities do try to promote the open exchange of ideas; however, an open, cooperative computing network can be vulnerable to abuse or misuse. As more and more schools, colleges, universities, businesses, government agencies, and other enterprises become attached to the world-wide computing and information networks, it is more important than ever that this University educate its students, faculty, and staff about proper ethical behavior, acceptable computing practices, and copyright and licensing issues. A modern university must also educate its students, faculty, and staff about how computer abuse can interfere with the exchange of ideas that is integral to a modern education.

The first item in the body of this document is the Interim Policy for Appropriate Use of Information Technology at Cal Poly Pomona. Until the permanent policy has been drafted and approved, this Interim Policy is in force as the official policy of the University. The remainder of this document consists of guidelines for implementing this policy.

If you have any questions about the policy or the guidelines, please consult with your system administrator; the Help Desk or other staff in Instructional and Information Technology; with members of the University Technology Committee; or with your dean, project director, supervisor, chair, or advisor.

Cal Poly Pomona Appropriate Use Policy

In support of its mission of teaching, research, disseminating and extending knowledge, fostering free and open exchange of ideas and dialogue, and public service, California State Polytechnic University, Pomona provides broad access to computing, communications, and worldwide information resources for all members of the university community within institutional priorities and financial capabilities.

The Cal Poly Pomona Appropriate Use Policy contains the governing philosophy for effective and efficient use of the University's computing, communications, and information resources by all members of the university community in fulfilling the university mission. It spells out the general principles regarding acceptable use of data, equipment, software, and networks Acceptable use of information technology should always be legal and ethical, and reflect academic freedom and honesty. It should demonstrate respect for intellectual property, ownership of data, system security mechanisms, and individual rights to privacy, freedom of speech, and freedom from intimidation, and unwarranted annoyance.

By adopting this policy, California State Polytechnic University Pomona recognizes that all members of the University are also bound by local, state, and federal laws and other statutes relating to copyrights, security, electronic media and intellectual property.

Policy

All users of the University's computing, communications, and information resources must act responsibly. Every user is responsible for the integrity of these resources. All users of University-owned or University-leased computing and communications systems, whether managed directly or indirectly by the campus, must respect the rights of other computing and communications users, respect the integrity of the physical facilities and controls, and respect all pertinent license and contractual agreements. It is the policy of Cal Poly Pomona that all members of its community act in accordance with these responsibilities, relevant laws and contractual obligations, and the relevant faculty, staff and student standard of ethics and conduct. Additionally, all users must comply with the California State University CalRENCenic Appropriate Use Policy, which can be found at http://www.cenic.org/calren/aup.html.

The University reserves the right to limit, restrict, or extend computing privileges and access to its information resources. Access privileges to the University information resources shall not be denied to the members of the university community without cause. The University may temporarily deny access to information resources when it appears necessary to protect the integrity, security, or continued operation of the computers and networks, to protect user or system data, to protect university from liability, or to satisfy a lawful court order. Access to University information resources may only be granted by the data owners based on the data owner's judgment, which would include the following factors: relevant laws and contractual obligations, the requestor's need to know, the information's sensitivity, and the risk of damage to or loss by the University.

Data owners — whether departments, units, faculty, students, or staff — may allow individuals other than University faculty, staff, and students access to information for which the data owners are responsible through methods approved by the office of the Vice President for Instructional and Information Technology and so long as such access does not violate any license or contractual agreement; University policy; or any federal, state, county, or local law or ordinance; or degrace to the detriment of the University community.

The California State Polytechnic University Pomona cherishes the diversity of values, beliefs, sensitivities, and is therefore respectful of freedom of expression. The University does not condone censorship nor does it allow systematic inspection of electronic files or monitoring of network activities related to individual activities without proper cause and prior authorization from the Vice President of Instructional and Information Technology and the VP of the appropriate division (for example the Vice President of Academic Affairs for monitoring the activities of a faculty member). It is the policy of the University to respect privacy of electronic files and information contained in the users accounts to the fullest extent permitted by the local, state and federal laws. The University characterizes invasion of the privacy of individuals or entities that are creators, authors, users, or subjects of the information resources, without prior authorization from the Vice President for Instructional and Information Technology, as unethical and unacceptable, and just cause for disciplinary action. This policy is applicable to any member of the University community, whether at the University or elsewhere, and refers to all information resources whether individually controlled, or shared, standalone or networked.

University computing and communications facilities and accounts are to be used for the University-related activities for which they are assigned. All computing and network resources are provided to support the mission of the University. "Incidental personal use" is an accepted and appropriate benefit of being associated with the university information resources. However this type of personal use must adhere to all university acceptable use policies, and must have no adverse impact on the uses of technology and information resources in support of university mission or the abilities of the members of the university community to perform their job functions. University computing and communications resources are not to be used .for commercial purposes. This policy applies equally to all University-owned or University- leased computers and network resources. Abuse of computing and/or communications privileges is subject to disciplinary action and may result in loss of computing and communications privileges and/or the assessment of fines to recover any costs for investigations and the value of resources used. Abuse of the University's computing and communications resources may also result in loss of university privileges, dismissal, or civil/criminal action. Nothing in these guidelines precludes enforcement under the laws and regulations of the State of California, any municipality or county therein, and/or the United States of America. For example, if a user is found guilty of committing a computer crime as outlined in the California Penal Code 502, Computer Crimes, and 502.1, Computer crime penalty, forfeiture of property, he or she could be subject to the penalties for a felony.

The use of electronic communications in violation of University policies on nondiscrimination is subject to disciplinary action under those policies and also violates this Appropriate Use Policy. University policy statements on nondiscrimination (including harassment) are available in the Office of Diversity and Compliance. Disciplinary actions pursuant to violations of the Appropriate Use Policy are defined herein.

Implementation

Any procedure developed by a department, college, school, or division must conform to the policy in this document. Copies of this document shall be available online.

Enforcement

Users and system administrators must all guard against abuses that disrupt or threaten the viability of all systems, including those at the University and those on networks to which the University's systems are connected. Access to information resources without proper authorization from the data owner, unauthorized use of University computing or communications facilities, or intentional corruption or misuse of information resources is forbidden, and may subject the violator to sanctions available under this and/or other University policies and/or civil and/or criminal liability under the California Penal Code 502 Computer Crimes and 502.01 Computer crime penalty, forfeiture of property.

During an investigation (formal or informal), a system administrator may be authorized by the VP for Instructional and Information Technology to inspect a user's computer files. Note that users of the University's information technology resources have no inherent right to privacy for the content of information they store on University-owned or leased computing resources or transmittal over University-owned or leased networks, and system administrators may have to examine that content as part of an investigation.

User Rights and Responsibilities

If you use the University's computing resources or facilities, you have the following responsibilities:

• Use the University's computing facilities and information resources, including hardware, software, networks, and computer accounts, in accordance with these guidelines, respecting the rights of other computing users and respecting all contractual and license agreements. University facilities are not available for commercial use unless specific contractual agreements have been made.
• To respect the privacy of other users; for example, users shall not seek information on, obtain copies of, or modify files, or passwords belonging to other users or the University, shall not represent others, unless authorized to do so explicitly by those users, nor shall you divulge sensitive personal data to which you have access concerning faculty, staff, or students without explicit authorization to do so.
• To respect the rights of other users; for example, all use of information technology must comply with University policies regarding sexual, racial, and other forms of harassment.
• To respect the legal protection provided by copyright and licensing of programs and data.
• Use only those computers and computer accounts for which you have authorization.
• Use campus accounts in conformity with this policy.
• Protect your password(s).
• Report unauthorized use of your accounts to your project director, instructor, supervisor, system administrator, or other appropriate University authority immediately upon discovery.
• Each user is ultimately responsible for his or her own computing and his or her own work using a computer. Take this responsibility seriously. For example, users should remember to make backup copies of their data, files, programs, diskettes, and tapes, particularly those created on microcomputers and those used on individually or departmentally operated systems. Furthermore, users with desktop computers or other computers that they operate themselves must remember that they may be acting as the system administrators for those computers and need to take that responsibility very seriously.
• It is the users responsibility to review, understand and comply with this policy. The University is responsible to assure that all users are made aware of the policy and have access to the most recent version of it. Questions regarding the provisions and interpretations of this policy shall be directed to the VP for Instructional and Information Technology or his/her designee.

System Administrator Rights and Responsibilities

A system administrator's use of the University's computing resources is governed by the same guidelines as any other user's computing activity. However, a system administrator has additional responsibilities to the users of the network, site, system, or systems he or she administers:

• A system administrator manages systems, networks, and servers to provide available software and hardware to users for their University computing. A "system" includes user desktop, portable, and other computers for which the system administrator has been assigned support responsibility.
• A system administrator is responsible for the security of a system, network, or server.
• A system administrator shall take reasonable and appropriate steps to see that all the terms of the hardware and software license agreements are faithfully fulfilled on all systems, networks, and servers for which he or she has responsibility.
• A system administrator shall take reasonable precautions to guard against corruption of data or software or damage to hardware or facilities.
• A system administrator's access to user's information shall be governed by relevant state and federal privacy law.

If a system administrator:

• is an eyewitness to a computing abuse
• notices an unusual degradation of service or other aberrant behavior on the system, network, or server for which he or she is responsible,
• receives a complaint or report of suspected computing abuse or degradation of service, or
• is alerted by system-monitoring or management software that indicates a potential security intrusion,
• has reason to believe that the user is in violation of the copyright, intellectual right or licensing and contractual agreements

then he or she should immediately report such violation to his/her unit administrator.

A technician, system administrator, or administrator officer of the University may access, permit access to the information resource, or temporarily disable a system or users account if he or she:

• Has written (verifiable email or paper) permission from the individual to whom the information resource has been assigned or attributed; or
• In an emergency situation, has a reasonable belief that an active process in the account or on the information resource will cause significant system or network degradation, or could cause loss/damage to system or other user's data; or
• Receives a written (verifiable email or paper) authorization from the VP for Instructional and Information Technology; or
• Receives a written (verifiable email or paper) authorization from the University Counsel.

Misuse of Computing and Information Resource Privilege

The University characterizes misuse of computing and information resources and privileges as improper and as just cause for taking disciplinary action and/or revoking computer privileges. Misuse of computing and information resources and privileges includes, but is not restricted to, the following:

• Attempting to modify or remove shared computer equipment, software, or peripherals without proper authorization.
• Accessing computers, computer software, computer data or information, or networks without proper authorization, regardless of whether the computer, software, data, information, or network in question is owned by the University (i.e., if you abuse the networks to which the University belongs or the computers at other sites connected to those networks, the University will treat this matter as an abuse of your Cal Poly Pomona computing privileges).
• Circumventing or attempting to circumvent normal resource limits, logon procedures, and security regulations.
• Using computing facilities, computer accounts, or computer data for purposes other than those for which they were intended or authorized.
• Sending fraudulent computer mail, breaking into another user's electronic mailbox, or reading someone else's electronic mail without his or her permission or without proper and verifiable authorization.
• Sending any fraudulent electronic transmission, including but not limited to fraudulent requests for confidential information, fraudulent submission of electronic purchase requisitions or journal vouchers, and fraudulent electronic authorization of purchase requisitions or journal vouchers.
• Violating any software license agreement or copyright, including copying or redistributing copyrighted computer software, data, or reports without proper, recorded authorization.
• Violating the property rights of copyright holders who are in possession of computer-generated data, reports, or software.
• Using the University's computing resources in violation of the University policies on non-discrimination, racial, sexual harassment, and academic freedom. This includes sending repeated, unwanted e-mail to another user.
• Taking advantage of another user's naïveté or oversights to gain access to any computer account, data, software, or file that is not your own and for which you have not received explicit authorization to access.
• Physically interfering with other users' access to the University's computing facilities.
• Encroaching on others' use of the University's computers (e.g., disrupting others' computer use by excessive game playing; by sending excessive messages, either locally or off-campus, including but not limited to electronic chain letters; printing excessive copies of documents, files, data, or programs).
• Modifying system facilities, operating systems, or disk partitions on shared hardware; attempting to crash or tie up a University computer; damaging or vandalizing University computing facilities, equipment, software, or computer files.
• Disclosing or removing proprietary information, software, printed output or magnetic media without the explicit permission of the owner except when so authorized as a system administrator or performing the duties of supervisor.
• Reading other users' data, information, files, or programs on a display screen, as printed output, or via electronic means, without the owner's explicit permission except when so authorized as a system administrator or performing the duties of supervisor.
• Using university facilities for commercial use unless specific contractual agreements have been made.
• Using information resources for unauthorized monitoring of electronic communications.
• Knowingly or carelessly running or installing on any computer system or network, or giving to another user a program intended to damage or place excessive load on a computer system or network. This includes, but is not limited to programs known as computer viruses, Trojan Horses, and worms.

Administrative Process for Cases of Misuse of Computing, Communications, or Information Resource Privileges

Minor infractions of this policy, when accidental such as excessive incidental personal use, consuming excessive resources or overloading computer systems are generally resolved informally by the unit administering the account or network. This may be done though electronic mail or in-person discussion and education.

Repeated minor infractions or misconduct resulting in more serious violation of the policy must be processed through the appropriate University administrative process as all other personnel-related disciplinary actions. The Vice President for Instructional and Information Technology may , in consultation with the appropriate divisional Vice President, authorize suspension of the user's access privileges during the investigation of an alleged misconduct.

In an emergency situation when the staff in Instructional and Information Technology, the Department of Public Safety, or system administrators have information that intentional or malicious misuse of computing resources has occurred, or is about to occur, that could cause loss/damage to the information resources, or when there is a serious threat to public safety, and if that evidence points to the computing activities or the computer files of an individual or group of individuals, they have the obligation to immediately notify their unit administrators who may authorize them to pursue any or all of the following steps to protect the user community:

• Take action to protect the system(s), user jobs, and user files from damage.
• Take action to monitor electronic communication, inspect alleged abuser's files, diskettes and/or tapes and make copies or back-up computer files to preserve evidence.
• Notify the alleged abuser's project director, instructor, academic advisor, dean, or administrative officer of the actions taken.
• Refer the matter for processing through the appropriate University administrative process. If necessary, staff members from Instructional and Information Technology as well as faculty members with computing expertise may be called upon to advise the University judicial officers on the implications of the evidence presented and, in the event of a finding of guilt, of the seriousness of the offense.

Academic Integrity

Students are reminded that computer-assisted plagiarism is still plagiarism. Unless specifically authorized by a class instructor, all of the following uses of a computer, including, but not limited to the following, are violations of the University's guidelines for academic honesty and are punishable as acts of plagiarism:

• copying a computer file that contains another student's assignment and submitting it as your own work.
• copying a computer file that contains another student's assignment and using it as a model for your own assignment.
• working together on an assignment, sharing the computer files or programs involved, and then submitting individual copies of the assignment as your own individual work.
• knowingly allowing another student to copy or use one of your computer files and to submit that file, or a modification thereof, as his or her individual work.

For further information on this topic, students are urged to consult the Cal Poly Pomona University Catalog; section "Academic Integrity," and to consult with their individual instructors. Information about the University's "Academic Integrity" policy is also available online at: www.csupomona.edu/~faculty_computing/
ws/integrity/links/campus_resources.html.

Disclaimer

The software made available by the University has been licensed by the University for your use. As a result, its use may be subject to certain limitations.

The University is not responsible for loss of information from computing misuse, malfunction of computing hardware, malfunction of computing software, or external contamination of data or programs. The staff in Instructional and Information Technology and all other system administrators must make every effort to ensure the integrity of the University's computer systems and the information stored thereon. However, users must be aware that no security or back-up system is 100% reliable.

Acknowledgment

This document borrows extensively and replicates portions of the appropriate use policy at Humboldt State, Delaware, Davis, Michigan State, Minnesota State, Wisconsin, Indiana, Georgia State, and Kansas State universities.

Definition of Terms

Administrative Officer:

employee of the University with supervisory responsibility over a unit of the University.

Computer Account:

the combination of a user number, username, or userid and a password that allows an individual access a shared computer, application, database, or network.

Data Owner:

the individual or department that can authorize access to information, data, or software and that is responsible for the integrity and accuracy of that information, data, or software. The data owner can be the author of the information, data, or software or can be the individual or department that has negotiated a license for the University's use of the information, data, or software.

Desktop Computers, Microcomputers, Advanced Workstations:

different classes of smaller computers, some shared, some single-user systems. If owned or leased by the University or if owned by an individual and connected to a University-owned, leased, or operated network, use of these computers is covered by the Appropriate Use Policy.

Information Resources:

in the context of these Guidelines, this phrase refers to data or information and the software and hardware that makes that data or information available to users.

Network:

a group of computers and peripherals that share information electronically, typically connected to each other by either cable or satellite link.

Normal Resource Limits:

the amount of disk space, memory, printing, etc., allocated to your computer account by that computer's system administrator.

Peripherals:

special-purpose devices attached to a computer or computer network-for example, printers, scanners, plotters, etc.

Project Director:

person charged with administering a group of computer accounts and the computing resources used by the people using those computer accounts.

Server:

a computer that contains information shared by other computers on a network.

Software:

programs, data, or information stored on magnetic media (tapes, disks, diskettes, cassettes, etc.). Usually used to refer to computer programs.

System Administrator:

staff employed by a central computing agency such as Instructional and Information Technology whose responsibilities include system, site, or network administration and staff employed by other University departments whose duties include system, site, or network administration. System administrators perform functions including, but not limited to, installing hardware and software, managing a computer or network, and keeping a computer operational. If you have a computer on your desk, you may be acting, in whole or in part, as that computer's system administrator.

User:

someone who does not have system administrator responsibilities for a computer system or network but who makes use of that computer system or network. A user is still responsible for his or her use of the computer and for learning proper data management strategies.

Note: In the case of a conflict between this policy and the approved policy on academic freedom, the policy on academic freedom takes precedence. Moreover, all collective bargaining agreements take precedence over the policy in this document.