IAIA - Institute of American Indian Arts

Network, Computer, and Communication Device Acceptable Use Policy

General

IAIA provides communication and computing services to IAIA faculty, staff, and students (hereinafter: User and Users). Additionally, authorized third parties may be granted temporary access to IAIA communication and computing resources and when using those resources will be considered Users.

IAIA communication and computing resources are used to support the educational, research, and public service missions of the Institute. Activities involving these resources must be in accord with the Institute’s honor codes, Policies and Procedures Manual, student handbooks, and relevant local, state, federal, and international laws and regulations.

The use of IAIA computing services is a privilege. Users who have been granted this privilege must use the services in an appropriate, ethical, and lawful manner. Unauthorized access is prohibited and may be monitored and reported to the proper authorities.

Scope

For the purposes of this policy, the term “communication and computing services” includes all IAIA information and systems using hardware, software, and network services including computer resources entrusted to IAIA by other organizations. Computing services explicitly includes the use of network services by personally owned computer systems (hereinafter: personal systems) which have been granted access to IAIA-provided network services for authorized Users.

Definitions

As used herein:
A. “Access” means the ability to read, change or enter data using a computer or an information system.

B “Information technology resources (IT resources)” means all computer hardware, software, databases, electronic messaging systems, communication equipment, computer networks, telecommunications circuits, and any information that is used by IAIA to support programs or operations that is generated by, transmitted within, or stored on any electronic media.

C. “Mobile data storage media;” includes all forms of computer data storage and transport, including, but not limited to, computer floppy disks, writable CDs and DVDs, solid state storage cards, mobile computer storage and playback devices: including, but not limited to MP3 players, USB and Firewire drives, mobile phones or smart phones and personal digital assistants (PDAs).

D. “Restricted personal data” means data containing confidential personal information including addresses, medical information, and financial data as defined by federal or state statute or board policy.

E.  “Security mechanism” means a firewall, proxy, internet address-screening or filtering program, or other system installed to prevent the disruption or denial of services or the unauthorized use, damage, destruction, or modification of data and software.

“User” and “Users” means all persons who are granted access to IAIA’s information technology resources.

Rights and Responsibilities

Under this policy, all Users are required to act ethically and legally, to protect the integrity and security of the resources, and to comply with all applicable laws, contractual obligations and regulations. Users must also abide by all the prevailing policies, rules, guidelines and standards applicable to the use IAIA Information Technology (IT) facilities and services, as announced by the IT department or as promulgated on the IAIA website from time to time.

Disclaimer

IAIA does not provide a warranty, either expressly or implied, for the computing services provided. IAIA reserves the right to limit a computer User’s session if there are insufficient resources, and to cancel, restart, or hold a job, process, or program to protect or improve system performance if necessary.

User Responsibilities

Users are responsible for all their activities using computing services and shall respect the intended use of such services. IAIA has specific rules and regulations that govern the use of equipment at each site and Users shall comply with the rules and regulations governing the use of such computing facilities and equipment. Users must understand and keep up-to-date with this policy and other applicable IAIA policies and procedures.

Users shall respect all copyrights including software copyrights. Users shall not reproduce copyrighted work without the owner’s permission. In accordance with copyright laws, including the Digital Millennium Copyright Act, the IAIA Information Technology Department, upon receipt of official notice from a copyright owner, may authorize blocking access to information alleged to be in violation of another’s copyright. If after an investigation information is determined by IAIA to be in violation of another’s copyright, such information will be deleted from IAIA computing systems.
Acceptable use of resources REQUIRES that Users:

  • Use resources only for authorized purposes;
  • Protect their user id and systems from unauthorized use. Each User is responsible for all activities on their user id or that originate from their systems;
  • Access only information that is their own, that is publicly available, or to which the User has been given authorized access;
  • Use only legal versions of copyrighted software in compliance with vendor license requirements;
  • Protect all IAIA-owned information assets, i.e., all the IAIA-related data you use in all of your IAIA-related work, by adhering to the IAIA Information Backup Policy which requires the periodic backup of

IAIA-owned information to a central location;

  • Be considerate in your use of shared resources. Users must refrain from monopolizing systems, overloading networks with excessive data, degrading services, or wasting computer time, connect time, disk space, printer paper, manuals, or other resources;
  • Immediately report the loss (or any other potential compromise) of any IAIA resource, to the IAIA Information Technology Department; [Loss or compromise includes actual loss, damage that requires repair, compromise of data, and any other circumstance which might expose IAIA information assets to any unauthorized person.]

It is NOT ACCEPTABLE to:

  • Use another User’s system, files, or data without permission;
  • Use computer programs to decode passwords or access control information;
  • Attempt to circumvent or subvert system management or security mechanism;
  • Engage in any activity that might be purposefully harmful to systems or to any information stored thereon, such as creating or propagating viruses, disrupting services, or damaging files or making unauthorized modifications to IAIA data;
  • Use IAIA systems for commercial or partisan political purposes, such as using electronic mail to circulate advertising for products or for political candidates;
  • Make or use illegal copies of copyrighted materials or software, store such copies on IAIA systems, or transmit them over IAIA networks;
  • Violate the IAIA Acceptable E-mail Use Policy by using mail or messaging services to harass or intimidate another person, for example, by broadcasting unsolicited messages, by repeatedly sending unwanted mail, or by using another User’s name or user id;
  • Use IAIA’s systems or networks for personal gain; for example, selling access to your user id or to IAIA systems or networks, or performing work for profit with IAIA resources in a manner not authorized by the Institute;
  • Use programs that degrade the available bandwidth, including but not limited to music/radio programs, videos, peer-to-peer sharing services, and game playing from Internet sites, unless these programs are incorporated into instruction;
  • Transfer any restricted personal data and / or student record data under the purview of the Family Educational Rights and Privacy Act (FERPA) to any non-IAIA personal mobile data storage media or any non-IAIA owned computers;
  • Install or use any encryption software on any of IAIA’s computers or mobile data storage media without first obtaining written permission from their supervisor.   Even with such permission, encryption keys and passwords must be made available to the supervisor;
  • Undertake any form of activity deemed to be malicious by the IT Dept. concerning IAIA computing or network resources.

Misuse of Computing Services

IAIA reserves the right to sanction a User pursuant to Section 4. herein if it is determined, after an investigation by the appropriate office, that the User violated federal or state law or IAIA policy by misusing IAIA computing services. In addition to other standards listed in this policy, examples of misuse include, but are not limited to:

  • Attempting to defeat or circumvent any security measures, controls, accounts, or record-keeping systems;
  • Using systems for unauthorized access;
  • Intentionally altering, misappropriating, dismantling, disfiguring, disabling, or destroying any computing information and/or services;
  • Using computing services for workplace violence of any kind as defined in the IAIA Policy and Procedures Manual, sections 2.4, 2.7, and 2.8;
  • Using computing services for unlawful purposes including fraudulent, threatening, defamatory, harassing, or obscene communications;
  • Invading the privacy rights of anyone;
  • Disclosing or using non-public information for unauthorized purposes,
  • Disclosing student records in violation of the Family Educational Rights and Privacy Act of 1974 (FERPA); or
  • Violating copyright laws.

Incidental Personal Use

IAIA allows incidental personal use of computing services. Such use must not interfere with a User fulfilling his or her job or student responsibilities, interfere with other Users’ access to resources, or be excessive as determined by the IT Department.

Monitoring and Privacy

Users, including managers, supervisors, and systems administrators shall respect the privacy of other Users. Users must be aware, however, that computing systems can never be totally secure and the IAIA cannot guarantee privacy.

Users expressly waive any right of privacy in anything they create, store, send, or receive on the computer or through the Internet or any other computer network.  Users consent to allowing authorized persons to access and review all materials Users create, store, send, or receive on the computer or through the Internet or any other computer network.

Activity Retention

While IAIA does not routinely monitor individual usage of its computing resources, the normal operation and maintenance of IAIA’s computing resources require the backup and storage of data and communications, the logging of activity, the monitoring of general usage patterns, and other such activities that are necessary for the rendering of services.

Activity and Data Retrieval

IAIA may also specifically access and examine the account of an individual User if necessary to comply with federal or state law or if there is reasonable suspicion that a law or IAIA policy has been violated and examination of the account is needed to investigate the apparent violation. Requests for access based on reasonable suspicion must be approved in writing, in advance, by the appropriate Director or Administrator.

Each request must specify the purpose of access and such access will be limited to information related to the purpose for which access was granted. If such access is being requested by a senior executive, access must be approved by the President. If such access is being requested by the President, access must be approved by the two other senior executives.

Accessing a faculty member’s computer files for work-related, non-investigatory purposes–e.g., to retrieve a file or document needed while the faculty member who maintains the file or document is away from the office–is permitted and does not require authorization by a Director or Administrator as long as access is limited to the work-related need. When a faculty member separates from IAIA, work-related files remain the property of IAIA.

Communications and other documents made by means of IAIA computing resources are generally subject to disclosure to the same extent as they would be if made on paper. Information stored electronically may also be made available in administrative or judicial proceedings; therefore, all faculty members are urged to use the same discretion and good judgment in creating electronic documents as they would use in creating written paper documents. IAIA will disclose illegal or unauthorized activities to appropriate IAIA personnel and/or law enforcement agencies.

Failure to Comply

Violations of this policy will be treated like other allegations of wrongdoing at IAIA. Allegations of misconduct will be adjudicated according to established procedures.

Sanctions

Use of IAIA computing services in violation of applicable laws or IAIA policy may result in sanctions, which may include, but are not limited to, one or more of the following:

  1. Temporary or permanent withdrawal of use privilege;
  1. Disciplinary action according to applicable IAIA policies, up to and including, expulsion from IAIA or discharge from a position; and/or
  1. Legal prosecution under applicable federal and/or state law.