Appropriate Use of Information Technology Resources
Date of Current Revision: April 2012
Responsible Office: Assistant Vice President Information Technology
The purpose of this policy is to provide direction to members of the university community regarding safe and responsible use of technology resources and the responsibilities they have for protecting and efficiently using such resources at JMU.
The Board of Visitors has been authorized by the Commonwealth of Virginia to govern James Madison University. See Code of Virginia section 23-164.6; 23-9.2:3. The Board has delegated the authority to manage the university to the president.
STATE OR FEDERAL STATUTE AND/OR REGULATION
Consistent with the University’s Memorandum of Understanding granting Level II delegation from the Commonwealth under the Virginia Restructured Higher Education Financial and Administrative Operations Act of 2005 and in keeping with the other university technology policies, JMU exercises independent authority for issuing policy and establishing requirements related to technology management for the institution.
Anything developed by anyone covered by the university's intellectual property policy that fits one or more of the following categories:
System Security Mechanism:
A procedure, program, or device used with a computer to implement or enforce access controls, auditing, authentication, confidentiality, authorization, policy settings or other security measures.
The name you use to identify oneself when logging onto a computer system or online service. Both a username (user ID) and a password are required. In an Internet e-mail address, the username is the left part before the @ sign. The primary username assigned to members of the JMU community is also called an eID.
A human readable name used to describe a computer or network (e.g. www.jmu.edu) whose registration is coordinated by the Internet Corporation for Assigned Names and Numbers (ICANN). Each name corresponds to an IP address (e.g. 134.126.XX.XX) used for Internet addressing and routing.
This policy is applicable to all individuals, including but not limited, to faculty, students, administrators, staff and affiliates, who have been given or obtained access to computer equipment, systems, networks, or other information technology owned or operated by James Madison University. The policy further includes any and all methods or means of access, whether initiated from on or off-campus. The policy applies to all university information technology resources and all privately owned resources that are connected to university systems or networks.
Access to data, computer equipment, systems, and networks owned or operated by James Madison University is a privilege granted by the university and governed by certain regulations and restrictions. These include university policies, procedures and standards, as well as all applicable local, state, and federal laws.
The university provides authorized users the widest and most reliable system and network access possible. In return, the user agrees to abide by the regulations set forth in this and other university policies. This means that the user agrees to behave ethically, appropriately, and responsibly while using university systems and network resources. In particular, the university expects all users to:
At university management's discretion, files, data, or communications may be reviewed as necessary with cause; therefore, individuals are not entitled to any expectation of privacy with regard to their files, data, or communication.
Any person who has a question about this policy, or is concerned about a potential violation of their own or by another person, must contact the university's Information Security Officer or report the incident immediately to email@example.com.
By using the university's information technology resources, each user accepts responsibility for his/her behavior, the operation of their computer, and all activities performed using their userID. S/he also agrees to conduct him/herself appropriately, especially as follows:
6.1 Respect Intellectual Property
6.2 Respect the ownership and confidentiality of computer-based data, services, and system security mechanisms
6.3 Respect individuals' rights to privacy and to freedom from intimidation and harassment
6.4 Use and operate computing resources in a manner that minimizes the risk to privacy, data, services and network operations
Due to the openness of JMU's network, virtually all systems connected to the network can access, be accessed, and provide information services remotely. Improper operation of any such system can result in the compromise or operational disruption of the JMU network and attached services and data. Thus, there are special requirements related specifically to network-connected computers. These requirements apply to all computers connected to or accessing the JMU network.
Though proper operation varies with environment and the technology being used, individuals shall ensure:
More specific requirements are communicated through the university’s STARTSAFE and RUNSAFE programs, security awareness training and in information technology-related Policies and Standards.
6.5 Responsibly use shared resources in a way that does not adversely affect their availability to others
Many JMU computing and network resources are shared. In order that these resources are available to the entire community, individuals must show cooperation and respect in their use. Individuals shall:
6.6 Upon notification of activity or behavior that violates this policy, to discontinue such activity immediately and to report any inappropriate use of which they become aware.
6.7 Use resources and systems for their intended purposes
Because of their leadership positions and control over resources, AVP’s, deans, academic/administrative unit heads and principal investigators (PIs) can play a critical role in the protection of JMU information resources. Specifically, their influence should be used to:
By using the university's information technology resources, each and every user accepts responsibility for his/her behavior, the operation of their computer, and all activities performed using their userID.
8.1 Regarding employees, sanctions will be commensurate with the severity and/or frequency of the offense and may include termination of employment.
8.2 Regarding students, sanctions will be commensurate with the severity and/or frequency of the offense and may include suspension or expulsion.
8.3 In addition, responses for violation of this policy may include, but are not necessarily limited to, the following:
Finally the violator may be subject to criminal or civil penalties as they apply.
8.4 The university considers any violation to be a serious offense in its efforts to preserve the privacy, data, and services of individuals and the university. In the case an investigation is begun related to policy and/or legal violations, the university's officials reserve the right to access, examine, intercept, monitor, and copy the files, network transmissions, and/or on-line sessions of any user. The university may choose to suspend a user's access to its resources in connection with investigation of (but not limited to) any of the following:
8.5 In connection with such investigations, users whose files, network transmissions, or computer sessions are affected are deemed to have acknowledged that:
Authority to interpret this policy rests with the President, and is generally delegated to the Assistant Vice President for Information Technology.
Previous Version: September 2010
Approved by the President: April 2002
Abuse of technology
Use of technology