Information Security Standard Practices
— Electronic Mail Security Disclosures
|The purpose of this document is to establish a position on privacy,
confidentiality, and security in electronic mail; ensure that
College electronic mail resources are used for purposes
appropriate to the College mission; inform the College community about
the applicability of laws and College policies to electronic
mail; ensure that electronic mail resources are used
in compliance with those laws and College policies; and prevent
disruptions to and misuse of College electronic mail resources,
services, and activities.
2.0 College Property
|As a productivity enhancement tool, Mt. San Antonio College encourages
the use of electronic mail to further the mission of the College.
All messages generated on or handled by Mt. SAC electronic mail systems
are considered to be the property of Mt. San Antonio College.
3.0 Authorized Usage
|Mt. San Antonio College electronic mail generally should be used only for
College activities. Incidental personal use is permissible so long as:
(a) it does not consume more than a trivial amount of system resources,
(b) it does not interfere with productivity, and
(c) it does not preempt any College activity.
This means that Mt. San Antonio College electronic mail systems
must not be used for political advocacy efforts, private business
activities, or non-College related charitable fundraising campaigns.
Employees are reminded that the use of College information system
resources should never create either the appearance or the reality of
inappropriate use. When an individual ceases to be employeed at
Mt. San Antonio College, all their accounts and privileges on Mt. San
Antonio College electronic mail systems will also terminate.
Electronic mail will not be forwarded to the employees personnal account
nor will it be forwarded to another employee of the college.
4.0 Use Only Mt. San Antonio College Electronic Mail Systems
|All college related email communications must be conducted using an email
address assigned by the College. This restriction is necessary because
email originating at the college may contain proprietary information
regarding students, staff, or internal College business. The College is
responsible for the security of this information, and cannot assume that
other email providers will provide adequate levels of data backup,
security, and virus protection.
Therefore, forwarding of email from a Mt. San Antonio College email
address to a non Mt. San Antonio College email address is not authorized
Additionally, users may not configure any email program or service to
use an automated process for forwarding Mt. San Antonio College email
to any other email address.
Employees must not use their personal electronic mail accounts with an
Internet Service Provider (ISP) or any other third party provider while
using Mt. San Antonio College computers. To do so would circumvent
logging, anti-virus scanning controls, and backup controls that Mt. San
Antonio College has established.
5.0 User Accountability
|Regardless of the circumstances, individual passwords must never be
shared or revealed. The authorized user of the account is responsible
for all transactions conducted within that account. When a password is
provided to and/or used by another person, the authorized user will be
held accountable for any activity that takes place while the account
is in use.
IET staff is able to research account information and investigate
reported problems without knowing the user's password, and therefore
will not request password information from a user.
If users need to share computer resident data, they should utilize
message forwarding facilities, public directories on local area network
servers, groupware databases, and other authorized information-sharing
mechanisms. To prevent unauthorized parties from obtaining access to
electronic mail, users must choose passwords that are
difficult-to-guess (for example, not a dictionary word, not a personal
detail, not a name, and not a reflection of work activities).
6.0 User Identity
|Misrepresenting, obscuring, suppressing, or replacing another user's
identity on an electronic mail system is forbidden. The user
name, electronic mail address, organizational affiliation, and related
information included with electronic messages or postings must reflect
the actual originator of the messages or postings.
Electronic mail "signatures" indicating job title, company
affiliation, address, and other particulars are strongly recommended for
all electronic mail messages being sent to non-College entities.
7.0 Use Of Encryption Programs
|Employees are reminded that Mt. San Antonio College electronic mail is
not encrypted by default. If sensitive information must be sent by
electronic mail, encryption or similar technologies to protect the
information must be employed. The IET Help Desk is available to assist
with the installation and configuration of software to
protect data transmission.
8.0 Respecting Intellectual Property Rights
|Although the Internet is an informal communications environment, the laws
for copyrights, patents, trademarks, and the like still apply.
To this end, employees using Mt. San Antonio College electronic mail
systems must: (a) repost or reproduce material only after
obtaining permission from the source, (b) quote material from other
sources only if these other sources are properly identified, and (c)
reveal internal Mt. San Antonio College information on the Internet only
if the information has been officially approved for public release.
As an aside, all information taken off the Internet should be considered
suspect until confirmed by another source.
There is no quality control process on the Internet, and a considerable
amount of Internet information is outdated, inaccurate, and/or
9.0 No Guaranteed Message Privacy
|Mt. San Antonio College cannot guarantee that electronic mail
will be private. Employees should be aware that electronic
mail can, depending on the technology, be forwarded,
intercepted, printed, and stored by others. Employees should be careful
about the topics covered in Mt. San Antonio College electronic
mail, and should not send a message discussing anything that
they would not be comfortable reading about on the front page of
their local newspaper. Except as otherwise specifically approved by
management, employees may not participate in intercepting or disclosing
electronic mail. Mt. San Antonio College is committed to
respecting the rights of its employees, including their reasonable
expectation of privacy. Mt. San Antonio College also is responsible for
operating, maintaining, and protecting its electronic mail
networks. To accomplish these objectives, it is occasionally necessary
to intercept or disclose, or assist in intercepting or disclosing,
To meet these objectives Mt. San Antonio College may employ content
monitoring systems (which scan for certain key words) as well as other
electronic system management tools.
10.0 Anti Virus Software
|Unexpected attachments should be viewed with suspicion.
Even if the sendor is known and trusted, viruses may
still cause an infected attachment to be sent without the knowledge of
the trusted sendor.
Employees must comply with Mt. SAC anti-virus policies as
stated in the Acceptable Use Rules, Procedures and
11.0 Message Forwarding
|Recognizing that some information is intended for specific individuals
and may not be appropriate for general distribution, electronic
mail users should exercise caution when forwarding messages.
Sensitive information must not be forwarded to any party or parties
outside Mt. San Antonio College without the prior approval of a
Messages sent by outside parties should also not be forwarded to
other third parties unless the sender clearly intended this and unless
such forwarding is necessary to accomplish an ordinary business objective.
12.0 User Back-Up
|If an electronic mail message contains information relevant to the
completion of a business transaction, contains potentially important
reference information, or has value as evidence of a Mt. San Antonio
College management decision, it should be retained for future reference.
Most electronic mail messages will not fall into these categories, and
accordingly can be erased after viewing.
Users must regularly move important information from electronic mail
message files to hard-copy, word processing documents, databases, and
Electronic mail systems are not intended for the archival storage of
Important but old electronic mail messages can be periodically expunged
by systems administrators, mistakenly erased by users, and otherwise lost
when system problems occur. The IET Help Desk is
available to assist with the installation and configuration of archival
13.0 Purging Electronic Messages
|Messages no longer needed for business purposes must be periodically
purged by users from their personal electronic message storage areas.
Electronic mail messages stored on Mt. San Antonio College mail servers
may be automatically deleted by systems administration staff.
Mail quotas may be used to limit storage space.
14.0 Handling Alerts About Security
|Users must report all information security alerts, warnings, and reported
vulnerabilities to firstname.lastname@example.org as soon as possible.
Information & Educational Technology is the only organizational unit
authorized to determine appropriate action in response to such notices.
Users are discouraged from forwarding these
notices to other users as many of these notices are hoaxes.
|If employees are bothered by an excessive amount of spam from a
particular organization or electronic mail address, they must not respond
directly to the sender. Instead, they must forward samples of the
messages to email@example.com and the Systems Administrator will then take the matter up with the
sender's Internet Service Provider (ISP).
Employees should not create or forward spam including chain letters,
|Recipients of electronic mail messages of a threating nature, including
coercion, threats, hate mail, etc. should reply directly to the
originator with a specific statement directing the sender to discontinue.
If the originator does not promptly stop,
employees must report the communications to firstname.lastname@example.org.
Mt. San Antonio College retains the right to remove from its information
systems any material it views as offensive or potentially illegal.