Use of Computers and Information Technology Resources

Purpose:

Establish guidelines for the use of computers and information technology resources owned or administered by the college in order to: (1) promote the mission of the college with regard to teaching, learning, research, and administration; (2) inform faculty, staff, and students with regard to their responsibilities associated with the use of the college’s computers and information technology resources; and (3) prohibit unauthorized or unacceptable use of the college’s computers and information technology resources.

Definitions:

Computer: any computer and associated peripherals and software owned, licensed, or administered by J. Sargeant Reynolds Community College (Reynolds).

Consumables: products that are used on a recurring basis, and are items which "get used up" or discarded, such as paper, toner, ink cartridges, and computer media.

Gross negligence: is a conscious and voluntary disregard of the need to use reasonable care. Gross negligence does not include accidents or mishaps connected with normal use of the equipment in accordance with Reynolds Policy No: 4-32, when users have exercised reasonable care. It also does not include loss or theft occurring when the prudent precautions that a reasonable person would take have been exercised. An example of reasonable care would include being mindful of physical security, such as locking a vehicle when the equipment is not in the user's immediate possession.

Incidental personal use: using a computer or technology device for personal use such that the nature of the use is secondary in time and importance to its primary use for college-related business, such as visiting non-work-related websites, sending personal emails using a Reynolds email account, or using word processing software to compose a document for a reason that is not directly work related.

Information technology resources: all information technology services, facilities, and data— whether stand-alone, shared, or networked—that are owned, leased, operated, contracted, or accessed by the college. The conduct of users connecting to the college’s network using a personal device are under this policy.

Useful life of equipment: the Chancellor’s Technology Expectations provide guidelines for all colleges in the VCCS pertaining to the recommended length of time that technology will remain in service before it is replaced. For example, the replacement cycle guideline for desktop and laptop computers is five years.

User: any authorized full- or part-time student currently enrolled at the college, any authorized full- or part-time faculty or staff member currently employed by the college, or any other authorized individual or group of individuals granted use of the college’s computers or information technology resources.

Policy:

1. The use of Reynolds computers or information technology resources is restricted to authorized users only. This authorization must be in compliance with related policies and procedures established by appropriate administrative units for various sites at the college that provide access to college computers or information technology resources. Such sites include, but are not limited to, classrooms and laboratories, libraries, workforce training centers, offices, and other support areas.

2. College computers and information technology resources are to be used only for purposes directly related to teaching, learning, research, administration, and collegesanctioned activities pursuant to the mission of the college. The use of college computers or information technology resources for political or commercial purposes is strictly prohibited.

3. The college permits incidental personal use of college-owned technology resources consistent with this policy. Incidental personal use of technology resources must not interfere with an employee’s work responsibilities, negatively impact system operations or other users, conflict with the mission of the college, or violate the public trust. Appropriate incidental personal use of technology resources does not result in any measurable cost to the college. Employees are responsible for exercising good judgment about personal use in accordance with this policy.

4. The use of college-owned consumable supplies for personal use by any user (faculty, staff, or students), such as paper and printer toner, is prohibited. Users may utilize college-owned consumable supplies at a minimal charge offered by the college’s libraries and academic computing centers.

5. The college shall honor all copyrights and license agreements associated with collegeowned software and other online resources. Users shall not violate copyright regulations or fail to honor the college’s license agreements.

6. The information security standard serving as a benchmark for computers and information technology at Reynolds is the VCCS information security standard based on ISO/IEC 27002:2013.

7. Users and violations

   1. Students who are found to be in violation of this policy may be restricted from or denied access to computer resources and may be subject to further disciplinary action as indicated in Reynolds Policy No. 1-35, Student Conduct.

   2. Faculty and staff who are found to be in violation of this policy may be restricted from or denied access to computer resources and may be subject to further disciplinary action, as indicated in Virginia Community College System (VCCS) Policy 3.12, Faculty Sanctions, or in the Department of Human Resource Management (DHRM) Policy 1.60, Standards of Conduct.

   3. Inappropriate online conduct or use of college computer resources (wired or wireless network, desktop or laptop computers, tablets, smartphones, and similar computing devices) includes, but is not limited to the following:

      1. unauthorized use of these resources

      2. using these resources for political, commercial, or wrongful personal purposes

      3. using these resources to gain illegitimate access to other computer systems

      4. breaching computer security measures

      5. breaching confidentiality of computer files and other information

      6. the access by students of computers assigned to faculty or staff, except for when there is direct faculty or staff supervision, such as a student delivering a classroom presentation

      7. communicating sensitive or confidential data through email to recipients outside the Reynolds.edu email domain without placing the information in a secure, encrypted document

      8. giving computer access or information to individuals not authorized to receive it

      9. storing any sensitive or confidential data such as student records on unprotected media (not permitted for even short periods of time)

      10. violating copyright laws or license agreements

      11. modifying equipment or software without prior approval from the Department of Technology

      12. removing technology equipment without gaining approval, initiated with JSRCC Form No. 65-0006, Removal of College Property

      13. using disruptive or destructive programs (viruses, etc.)

      14. disseminating unlawful, fraudulent, obscene, harassing, or threatening messages

      15. accessing, downloading, printing, or storing any sexually explicit content, except to the extent required in conjunction with a bona fide, agencyapproved research project or other agency-approved undertaking

      16. violating any other provision of current college, Department of Human Resource Management (DHRM), and/or Virginia Community College System (VCCS) information security standards.

Procedures:

Human Resources

On or before the first day of work, the new employee will be required to complete JSRCC Form No. 35-0089, New Hire/College Equipment Authorization Form, authorizing the college to execute procedures to recoup funds from the last earned paycheck or to initiate collection procedures in the event the employee must reimburse the college for equipment, or pre-payments or other financial agreements.

College supervisors

These procedures are used by college supervisors to request computer access for their respective employees to the college network and/or the Virginia Community College System network.

1. On or before the first day of work, each new faculty or staff user (including work-study students) must complete JSRCC Form No. 40-0009, Information Technology Employee Acceptable Use Agreement. By completing this agreement the employee agrees to abide by all applicable federal, state, VCCS, and college policies, procedures, and standards relating to the VCCS Information Security Policy, the VCCS Computer Ethics Guideline, and the Code of Virginia, Title 2.2, Chapter 28 § 2.2-2827, which addresses restrictions on state employee access to information infrastructure.

2. The supervisor must ensure that the completed and signed Information Technology Employee Acceptable Use Agreement is submitted to the college’s data management technician senior in the Department of Technology (DOT). The form may be submitted by scan/email or fax (804-371-3398). Additionally, the original signed copy of the form must be provided to the Office of Human Resources with all other new hire documents for the official personnel file.

3. After completion of step B above, the supervisor must also complete JSRCC Form No. 40-0006, Computer Access Request Form, in order to obtain computer access for all college and VCCS applications. This online form is automatically sent to the Department of Technology for immediate establishment of the employee’s computer access(es) and college email account.

4. Upon the establishment of all accesses and college email account, the Department of Technology will promptly notify the supervisor and the employee via email of the status of the request and other pertinent information.

5. Employees assigned a mobile device such as a laptop computer must complete JSRCC Form No. 40-0012, Mobile Computing User Agreement. Users assume responsibility to exercise reasonable care when equipment is in their custody. Equipment loss or damage will be promptly reported to DOT. Should mobile equipment be lost or damaged through gross negligence on the part of the assigned user, the individual will assume financial responsibility for making payment to the college, based on the prorated value of the equipment according to its remaining useful life, as defined by VCCS replacement guidelines.

6. New employees who have access to computer resources are required to complete security awareness training within the 30 days of the employment start date and to renew this training annually, thereafter. Under the VCCS information security standard, the consequence of failing to complete the required security awareness training by the prescribed deadline involves the user’s accounts being disabled.

7. Requests to delete, change, or add new computer access must also be requested using JSRCC Form No. 40-0006, Request for Computer Access.

8. Requests for access to VCCS applications, Department of Accounts, Department of Human Resource Management, etc., will be coordinated and/or sent to the VCCS by the college’s Department of Technology.

Other Information:

Department of Human Resource Management (DHRM) Policy 1.60, Standards of Conduct

Virginia Community College System (VCCS) Policy 3.12, Faculty Sanctions

Code of Virginia, Title 2.2, Chapter 28 § 2.2-2827, Restrictions on state employee access to information infrastructure

Reynolds Policy No. 1-35, Student Conduct

JSRCC Form No. 35-0089, New Hire/College Equipment Authorization Form

JSRCC Form No. 40-0006, Computer Access Request Form

JSRCC Form No. 40-0009, Information Technology Employee Acceptable Use Agreement

JSRCC Form No. 40-0012, Mobile Computing User Agreement

JSRCC Form No. 65-0006, Removal of College Property