Information Security Standard Practices

Acceptable Use Agreement — Employee

With regard to the computing, communications and information resources of Mt. San Antonio College, it is understood and agreed that:

• Mt. San Antonio College's computing, communication and information resources are provided for the support of its educational and service goals and the use of such resources for other purposes is prohibited. However, incidental personal use is permissible so long as: (a) it does not consume more than a trivial amount of system resources, (b) it does not interfere with productivity of other campus employees, and (c) it does not preempt any College activity. The college and its employees are to abide by this policy along with any local, state, and federal law that may apply. All users are subject to both the provisions of this policy, as well as any policies specific to the individual systems they use.
• The confidentiality of student and staff information is protected under federal and state law and/or regulations. Any information regarding students or staff that an employee might access in the course of a work assignment through a computer, student file, or other documentation, is to be used strictly to perform job duties and may only be shared with those who are authorized to have such information. Employees may not change, alter, copy, or divulge any such information unless it is required to carry out a Mt. SAC job assignment.
• To protect the integrity of computing resources, passwords, access codes, or account names must not be shared with others. Additionally, passwords may be subject to complexity requirements and employees may be required to change their passwords periodically.
• Students are not allowed to install any software on any campus computer.
• Most educational materials (both commercial and employee created, including software) are protected under copyright. Any violation of the rights of a person or entity protected by copyright law, is prohibited. The unauthorized duplication, installation, or distribution of computer software utilizing the College's computing, communications and information resources is specifically prohibited. Unauthorized software installed on College owned computers will not be supported and may be removed if deemed necessary. Employees may not connect any system or install software which could allow any user to gain access to the college's system and information without written approval from the Chief Technology Officer or his/her designee.
• Employees may not use Mt. San Antonio College resources for conducting a private business or for personal financial gain.
• Intentionally sending or accessing pornography or patently obscene material other than for authorized research or instructional purposes is prohibited. The definition of "pornography" and "obscene" shal be as determined by law.
• Employees found in violation of the college's computer use policies, are subject to proper disciplinary action, including the reporting of such activity to the appropriate authorities as required by law.
• Employees must consider the open nature of information transferred electronically, and should not assume an absolute degree of privacy or restricted access to such information. The college provides the highest degree of security possible when transferring data, but disclaims responsibility if these security measures are circumvented and the information is compromised.
• Mt. San Antonio College is not responsibe for loss of data, time delay, system performance, software performance, or any other damages arising from the use of College computing resources. Therefore, employees are encouraged to secure backup copies of their own files.
• Authorized college personnel may, while performing routine or investigative operations, have access to data, including electronic mail, web browser information, and any other personal data stored on College computers. However, the College shall not routinely or arbitrarily monitor incidental personal use of college resources. Neither the College nor any employee shall disclose the contents of observed personal data to any other person or entity except as required by law or Board Policy.
• Activities that place excessive strain on network resources, (i.e. net radio, other similar streaming media, or online gaming) are not allowed without written approval from the Chief Technology Officer or his/her designee. Employees are encouraged to review all Mt. San Antonio College's computer policies at our web site http://infosecurity.mtsac.edu
• To ensure the integrity and reliability of computer and communications resources, employees are encouraged to report improper use and violations of this policy.

Selected Examples of Unacceptable Use:

• Revealing passwords to others, allowing someone else to use your account.
• Utilizing network or system id numbers/names that are not assigned for one's specific use on the designated system.
• Attempting to authorize, delete, or alter files or systems not created by oneself without proper authorization from the Chief Technology Officer or his/her designee.
• Watching Internet videos or listening to Internet radio on your computer without authorization from the Chief Technology Officer.
• Not complying with requests from designated personnel to discontinue activities that threaten the integrity of computing resources.
• Attempting to defeat data protection schemes or to uncover security vulnerabilities.
• Connecting unauthorized equipment to the campus network. (Devices such as PDAs, printers, and USB drives that connect to a computer and not directly to the network are acceptable.)
• Registering a Mt. San Antonio College IP address with any other domain name.
• Unauthorized network scanning or attempts to intercept network traffic.
• Malicious disruptions such as intentionally introducing a computer virus to the campus network.
• Harassing or threatening other users of the campus network.