1. K-State home
  2. »Policies
  3. »PPM
  4. »3400
  5. »Information Technology Usage Policy

Policies

Internal Audit Office

Kansas State University
5 Anderson Hall
Manhattan, KS 66506-0118

 

785-532-7308
785-532-0186
internalaudit@k-state.edu

Information Technology Usage Policy

Chapter 3420
Revised September 2, 2010

Table of Contents

.010 Preface
.020 Background and Purpose
.030 Appropriate Use
.040 Confidentiality and Privacy
.050 Examples of Prohibited Use
.060 Reporting Violations
.070 Sanctions
.080 Questions

.010 Preface

"Respect for intellectual labor and creativity is vital to academic discourse and enterprise. This principle applies to works of all authors and publishers in all media. It encompasses respect for the right to acknowledgment, the right to privacy, and the right to determine the form, manner, and terms of publication and distribution. Because electronic information is volatile and easily reproduced, respect for the work and personal expression of others is especially critical in computer environments. Violations of authorial integrity, including plagiarism, invasion of privacy, unauthorized access, and trade secret and copyright violations, may be grounds for sanctions against members of the academic community." The EDUCOM Code.

.020 Background and Purpose

This document constitutes a university-wide policy for the appropriate use of all KSU computing and network resources. It is intended to provide effective protection of individual users, equitable access, and proper management of those resources. These guidelines are intended to supplement, not replace, all existing laws, regulations, agreements, and contracts which currently apply to those resources.

Access to KSU networks and computer systems is granted subject to University policies and local, state, and federal laws. Appropriate use should always be legal and ethical, reflect academic honesty and community standards, and show restraint in the consumption of shared resources. It should demonstrate respect for intellectual property; ownership of data; system security mechanisms; and individuals' rights to privacy, freedom of speech, and freedom from intimidation, harassment, and unwarranted annoyance.

The University is not responsible for unacceptable or unethical use of the information technology environment including computer and computer networks or electronic communication system.

.030 Appropriate Use

Appropriate use of information technology resources includes instruction; independent study; authorized research; independent research; and official work of the offices, units, recognized student and campus organizations, and agencies of the University.

Authorized use of KSU-owned or operated computing and network resources is consistent with the education, research, and service mission of the University, and consistent with this policy.

Authorized users are: (1) faculty, staff, and students of the University; (2) anyone connecting from a public information service; (3) others whose access furthers the mission of the University and whose usage does not interfere with other users' access to resources. In addition, a user must be specifically authorized to use a particular computing or network resource by the campus unit responsible for operating the resource.

Acceptable conduct in and use of this environment must conform with: existing University policies, guidelines, and codes of conduct; KSU's Web, E-Mail, Intellectual Property and Information Resource Policies; Kansas Board of Regents policies and guidelines; the usage guidelines of other networks linked to KSU's networks or computer systems, and existing local, state and federal laws.

Therefore, any misuse or violation of KSU's information-technology environment will be judged in accordance with those published policies and rules of conduct, including, but not limited to, the KSU Student Handbook, the Student Governing Association Conduct Code, the University's Policy Prohibiting Racial and/or Ethnic Harassment, the University's Policy Prohibiting Sexual Harassment, the Faculty Handbook and the University Policy and Procedures Manual.

It is your responsibility to be aware of the potential for and possible effects of manipulating information, especially in electronic form, to understand the changeable nature of electronically stored information, and to continuously verify the integrity and completeness of information that you compile or use. You are responsible for the security and integrity of University information stored on your individual computing desktop system.

.040 Confidentiality and Privacy

Authorized access to data or information entails both privilege and responsibility, not only for the user, but also for the system administrator. In general, the university will treat information stored on computers as confidential. However, there is no expectation of privacy or confidentiality for documents and messages stored on University-owned equipment. Additionally, e-mail and data stored on KSU's network of computers may be accessed by the university for the following purposes:

  1. troubleshooting hardware and software problems,
  2. preventing unauthorized access and system misuse,
  3. retrieving business related information,*
  4. investigating reports of violation of this policy or local, state or federal law,*
  5. complying with legal requests for information,*
  6. rerouting or disposing of undeliverable mail.

* The system administrator will need specific approval from the Vice Provost for Academic Services and Technology or the appropriate designee to access these items. The extent of the access will be limited to what is essentially necessary to acquire the information.

To the greatest extent possible in a public setting individuals' privacy should be preserved. However, privacy or confidentiality of documents and messages stored on University-owned equipment cannot be guaranteed. Users of electronic mail systems should be aware that, in addition to being subject to authorized access, electronic mail in its present form cannot be secured and is, therefore, vulnerable to unauthorized access and modification by third parties.

.050 Examples of Prohibited Use

Use of KSU network and computer systems is conditioned upon compliance with this and other university policies and all applicable laws. Though not exhaustive, the following list is provided to emphasize that these activities are NOT allowed on KSU networks or computer systems:

  1. using facilities, accounts, access codes, privileges or information for which you are not authorized;
  2. sharing your eID password with others;
  3. viewing, copying, altering, or destroying anyone's files without explicit permission from that individual;
  4. representing yourself electronically as another user;
  5. unlawfully harassing others;
  6. creating and/or forwarding chain letters;
  7. posting or mailing obscene materials;
  8. game playing that interferes with academic or administrative use by others;
  9. making, distributing, or using unauthorized copies of licensed software;
  10. unauthorized copying, reproducing, or redistributing others' text, photos, sound, video graphics, designs or other information formats;
  11. obstructing others' work by consuming large amounts of system resources, such as disk space, CPU time and etc.;
  12. unauthorized testing of systems and/or resources, such as using program loops, introducing destructive software e.g., "virus" software or attempting system crashes;
  13. running or otherwise configuring software or hardware to intentionally allow access by unauthorized users;
  14. attempting to circumvent or subvert any system's security measures;
  15. advertising for commercial gain;
  16. distributing unsolicited advertising;
  17. disrupting services, damaging files or intentionally damaging or destroying equipment, software or data belonging to KSU or other users;
  18. using computing resources for unauthorized monitoring of electronic communications;
  19. destroying public records in violation of KSU's Retention of Records Policy (PPM Chapter 3090);
  20. violating any KSU or Kansas Board of Regents policy or any local, state or federal law.

In cases of doubt, users bear the burden of responsibility to inquire concerning the permissibility of external network uses, prior to execution. Such questions should be directed to the Vice Provost for Academic Services and Technology.

.060 Reporting Violations

All users and units should report any discovered unauthorized access attempts or other improper usage of KSU computers, networks, or other information processing equipment. If you observe, or have reported to you, a security or abuse problem, with any University computer or network facilities, including violations of this policy, you should notify the Vice Provost for Academic Services and Technology, the Director of Computing & Network Services or other appropriate administrator.

.070 Sanctions

Persons in violation of this policy are subject to the full range of sanctions, including the loss of computer or network access privileges without notification , disciplinary action, dismissal from the University, and legal action. Some violations may constitute criminal offenses, as outlined in Kansas statutes and other local, state, and federal laws; the University will carry out its responsibility to report such violations to the appropriate authorities.

Unit heads have the authority to deny access, for unauthorized use, to KSU's computers and network systems under their control.

.080 Questions

Questions regarding this policy should be sent to the Chief Information Officer at its@k-state.edu.