Acceptable Use Policy

13.1.0  Appropriate Use Policy of Information Technology

13.1.1 Authorized Access & Conditions of Use
13.1.2 Privacy – User Responsibilities
13.1.3 Copyright – User Responsibilities
13.1.4 Network Integrity – User Responsibilities
13.1.5 Harassment, Libel & Slander – User Responsibilities
13.1.6 Limitations on Users’ Rights & Expectations
13.1.7 Sanctions
13.1.8 Reporting Abuse or Complaint

13.2 Access to Computer and Network Systems

13.2.1 Availability of Systems & Networks
13.2.2 Requesting Accounts for Using Technology Resources
13.2.3 Termination of Access
13.2.4 Account Retention Policy
13.2.5 Faculty, Staff and Student Username and Passwords
-13.2.5.1 Password Requirements
-13.2.5.2 Password Selection
-13.2.5.3 Password Management
-13.2.5.4 Initial Password
-13.2.5.5 Enforcement of Password Requirements
-13.2.5.6 Notification of Expiring Password
-13.2.5.7 Password Reset Procedures
-13.2.5.8 Additional Recommendations
13.2.6 Use of Mary Baldwin Owned Computer Equipment & Software
-13.2.6.1 General Use of Mary Baldwin Issued Equipment
-13.2.6.2 Off-Premise Use of Mary Baldwin Owned Computer Equipment
-13.2.6.3 Home Use of Mary Baldwin Licensed Software
13.2.7 Laptop Use and Protection of Sensitive Data
-13.2.7.1 Introduction
-13.2.7.2 Eligibility
-13.2.7.3 Acceptable Use for Laptops
–13.2.7.3.a  Loss, Theft and Data Security
–13.2.7.3.b  Damage to Laptops
–13.2.7.3.c  Virus, Hacking, and Security Protection
-13.2.7.4 Software on Laptops
-13.2.7.5 Laptop Equipment Return
-13.2.7.6 Support
13.2.8 Connecting Personally Owned Computer Equipment to the Network
13.2.9 Off-Campus Access to Computing & Network Resources
13.2.10 Requesting Off Campus VPN Mary BaldwinNet Access

13.3 Privacy and Monitoring

13.3.1 Network Monitoring, Logging and Data Retention
13.3.2 Requesting Private Network User Activity Information

13.4 User Support – Computers & Telephony

13.4.1 Getting Help
13.4.2 Help Desk Hours
13.4.3 Help Desk Support Scope and Limitations
13.4.4 Problem Classification
13.4.5 Call Priority
13.4.6 Response Times
13.4.7 Faculty and Staff Hardware Problems
13.4.8 Obtaining or Procuring New Computer Equipment & Peripherals
13.4.9 Recommended Workstation Standards
13.4.10 Support NOT Provided by the Mary Baldwin Help Desk
13.4.11 Classroom Presentation Equipment
13.4.13 Software Training
13.4.15 Support of Faculty Taught Software
13.4.16 Student Owned Computer Problems

13.5 Campus Messaging & Telephony Systems

13.5.1 Email Guidelines
13.5.2 Email Security
13.5.3 Retention of Email
13.5.4 SMTP Policy (Running Your own Mail Server)
13.5.6 Office Telephone Policy
13.5.8 Cell Phone Policy
13.5.10 Voice Mail messaging System

13.6 Reproduction of Copyrighted Material

Information about copyright considerations is located on the Grafton Library Site.

13.7 Archival Policy

13.8 Accountability for Data Resources

13.9 Software Licensing Property

 

13.1.0  Appropriate Use Policy of Information Technology

13.1.1  Authorized Access & Conditions of Use

Access to modern information technology is essential to the Mary Baldwin mission of providing the students, faculty and staff of Mary Baldwin with educational services of the highest quality. The pursuit and achievement of the mission of education, research, and public service require that the privilege of the use of telephony communications systems, computing systems and software, internal and external data networks, as well as access to the World Wide Web, be made generally available to all those of the Mary Baldwin community. The preservation of that privilege by the full community requires that each faculty member, staff member, student, and other authorized user comply with institutional and external standards for appropriate use.

The privilege of using the telephony, computer and network resources provided by Mary Baldwin is not transferable or extendable by members of the community to people or groups outside Mary Baldwin without the explicit approval of the Director of Computing and Information Services. The telephony, computer and network resources of Mary Baldwin may not be used by members of the community for commercial purposes without the explicit approval of the Associate Vice President for Information Technology or the Vice-President of Business and Finance.

To assist and ensure such compliance, Mary Baldwin establishes the following policy which supplements all applicable policies, including sexual harassment, patent and copyright, and student and employee disciplinary policies, the Academic Honor Code, as well as applicable federal and state laws. By using any of the telephony, computer and network resources of  Mary Baldwin, the user agrees to abide by these policies.

13.1.2 Privacy – User Responsibilities

No user should view, copy, alter or destroy another’s personal electronic files without permission (unless authorized or required to do so by law or regulation). Telephony, computing and network resources are designed to protect user privacy; users shall not attempt to circumvent these protections.

Examples of violations are:

  • gaining or attempting to gain unauthorized access to other users’ accounts or restricted information
  • gaining or attempting to gain unauthorized access to restricted resources
  • using another’s computer account ID for fraudulent purposes
  • tampering with other user’s files or passwords
  • attempting to defeat the computer’s security system
  • any action that would intentionally jeopardize the availability or integrity of the system

Return to Top

13.1.3 Copyright – User Responsibilities

Written permission from the copyright holder is required to duplicate any copyrighted material. This includes, but is not limited to, duplication of music files, audio files, movie files, photographs, illustrations, computer software, data and all other information for educational use or any other purpose. Most software and databases that reside on Mary Baldwin computing and network resources are owned by Mary Baldwin or third parties, and are protected by copyright and other laws, together with licenses and other contractual agreements.

Users are required to respect and abide by the terms and conditions of software use and redistribution licenses.  Examples of violations are:

  • downloading unlicensed music or movie files
  • stealing, damaging, or tampering with Mary Baldwin owned or licensed software and/or hardware
  • willful installation of unapproved software on Mary Baldwin computers
  • obtaining, storing, or using pirated software
  • unauthorized copying or distribution of copyrighted or licensed software or data
  • altering or copying software licensed to Mary Baldwin without authorization.

13.1.4 Network Integrity – User Responsibilities

Certain activities may put the entire network and all users at risk. For this reason users should respect the shared nature of the computer resources. Examples of violations are:

  • attempting to extend the network by installing hubs, switches, routers, wireless access points, or other network devices to Mary Baldwin’s wired or wireless network.
  • running scanning or sniffing software, password crackers, or other software tools used to log or trap network information.
  • running software expressly designed to anonymize the user, hence hiding the user’s activities on the network.
  • intentionally developing or using programs that harass other users or infiltrate a computer system and/or damage or alter in any manner the software components of a computer system.
  • running Trojan horses, worms, or other programs that inhibit network activity
  • deliberately wasteful practices such as initiating large amounts of unnecessary printouts
  • unnecessarily holding shared workstations for long periods when others are waiting for these devices
  • denying service to other users by participating in activities that slow network response, such as using Peer-to-Peer applications.

13.1.5 Harassment, Libel and Slander – User Responsibilities

No user may use Mary Baldwin’s computing and network resources to libel, slander or harass any other person.
Examples of violations are:

  • forging or sending anonymous email
  • transmitting or displaying harassing, threatening, or abusive material
  • harassment of other users
  • online behavior that intimidates or offends others
  • engaging in behavior that disrupts the studious atmosphere required in all computing labs.

13.1.6 Limitations on Users’ Rights and Expectation

The issuance of a password or other means of access is to assure appropriate confidentiality of Mary Baldwin files and information and does not guarantee privacy for personal or improper use of Mary Baldwin telephony, computer or network equipment or facilities.

Mary Baldwin provides reasonable security against intrusion and damage to files stored on its central facilities. However, Mary Baldwin is not responsible for unauthorized access by other users or for loss due to power failure, fire, floods, etc. Mary Baldwin makes no  warranties with respect to Internet services, and it specifically assumes no responsibilities for the content of any advice, data or information received by a user through the use of Mary Baldwin telephony, computing and network resources.

Users should be aware that Mary Baldwin telephony, computing and network resources may be subject to unauthorized access or tampering. In addition, computer records, including e-mail, are considered “records” which may be accessible to the public under the provisions of the Virginia Freedom of Information Law.

Return to Top

13.1.7 Sanctions

Violators of this policy will be subject to the existing student or employee disciplinary procedures of Mary Baldwin. Sanctions may include the loss of computing privileges. Illegal acts involving Mary Baldwin telephony, computing and network resources may also subject users to investigation by campus, local state and federal legal authorities. Mary Baldwin reserves the right to investigate any suspicious activity.

13.1.8 Reporting Abuse or Complaint

To file a complaint or report a violation of this policy, Create a Help Request, or call the Help Desk of the Office of Information Technology at 540-887-7075.

When possible violations of these conditions of use are reported or discovered, facility administrators reserve the right to commence an investigation of possible abuse. In this connection, the facility administrator, with due regard for the rights of privacy and other rights of users, may be given the authority to examine files, passwords, accounting information, printouts, or other material that may aid the investigation. The Director of Computer and Information Services or a designate, in conjunction with the Director of Safety and Security, must authorize the examination of user files.

Users, when requested, are expected to cooperate in such investigations. Failure to do so may be grounds for cancellation of access privileges. While an investigation is in progress, in order to prevent further possible unauthorized activity, the facility administrator may suspend the authorization of computing services to the individual or account in question.

When possible unauthorized use of computing resources is encountered, the facility administrator shall notify the user. The user is expected to take remedial action or to indicate that such use should be permitted.

Should unauthorized use continue after notification of the user or should differences of opinion persist, these shall be brought to the attention of the Associate Vice President of OIT for recommendations on further action. Upon the recommendation of the Associate Vice President of OIT, the facility administrator may impose limitations on continued use of computing resources. In accordance with established Mary Baldwin practices, confirmation of unauthorized use of the computing facilities may also result in disciplinary review that could lead to expulsion from Mary Baldwin, termination of employment, and/or legal action for employees.

Students who violate these restrictions, disregard approved procedures, or permit unauthorized access are subject to disciplinary action, as stated in the Mary Baldwin Honor Code or Code of Conduct. The Honor Council or Judicial Board will decide the nature of the action and the seriousness of the violation and its consequences.

Return to Top

13.2.0  Access to Computer and Network Systems

13.2.1  Availability of Systems & Networks

There is an Ethernet network serving the entire campus. There are multiple servers attached to this network supplying services such as Email, web pages, file storage, and application serving. There is also an integrated software package used primarily for administrative information. Most offices are connected to this system. This software supports operations for the Business Office, Registration, Admissions, Institutional Advancement, Financial Aid, and Housing.

These systems are generally available 24 hours a day 7 days a week excepting times for scheduled and emergency maintenance and repair. Mary Baldwin supports computer usage by employees during normal working hours and working days, Monday through Friday, 8:30 am to 4:30 pm. Off-hours system availability requires clearance from OIT. Off-hours premises availability may require notice to Campus Safety.

13.2.2  Requesting Accounts for Using Technology Resources

Mary Baldwin owns all campus computer facilities and these facilities will be used for Mary Baldwin related activities only. Neighbors, relatives, friends, alumni, donors, and potential students do not have the right or privilege to use the computer resources except as offered by OIT. Requests for special permission to use Mary Baldwin computer resources must be made to Office of Information Technology.
All access to computer resources, including the issuing of account Usernames and Passwords, will be approved and processed by Office of Information Technology. All access to departmental computers will be approved by the department or authorized representative.

Hiring Supervisors must request in writing the appropriate accounts for their employees. That includes Mary Baldwin network accounts, Mary Baldwin Mail accounts, and Jenzabar J1 accounts.  No account will be set up until the employee has completed their processing by the Business Office.  Identification information records must be complete before any access to resources will be granted.

Users may access only computing resources for which they have authorization and only for the purposes specified when authorized. These resources may be accessed or used only for functions directly related to the operation of Mary Baldwin, as defined by your job and supervisor.

13.2.2.1  Contractor and Sub-Contractor access of Mary Baldwin IT systems.

Occasionally there is a requirement for someone who is not directly affiliated with Mary Baldwin, typically a contractor or subcontractor, to have access to Mary Baldwin technology systems. Access privileges will be granted by OIT on a case by case basis. Never allow others to sign on to systems using your credentials. When such a need arises, contact the Office of Information Technology as early as possible when work is scheduled. In all cases, an approved service agreement or scope of work statement will be required describing the functions this user will perform on Mary Baldwin systems. If credentials are granted the user must agree to and sign the Mary Baldwin Appropriate Use Agreement before beginning work. Contractor Accounts will be active for a 90 day period, at which time they will be closed automatically. You may request an extension if necessary.

13.2.3  Termination of Access

When you cease being a member of the campus community (e.g., withdraw, graduate, terminate employment, retire, or otherwise leave Mary Baldwin), or if you are assigned a new position and/or responsibilities within the Mary Baldwin system, your access authorization may be reviewed and terminated. You must not use facilities, accounts, access codes, privileges or information for which you are not authorized in your new  circumstances.

Return to Top

13.2.4  Account Retention Policy

When you cease being a member of the campus community your access authorization is terminated on your exit date. Staff, faculty and adjunct accounts will be terminated, with all data removed, effective immediately upon their departure.

In some special cases, it may be desirable to temporarily have an exiting employee’s email delivered to another Mary Baldwin user, or to setup an auto responder message indicating the employee is no longer with Mary Baldwin.  These special email requests must be made in advance by the exiting employee’s hiring supervisor, and are not available for student accounts.  Such setups are not to exceed 30 days beyond the employee’s exit interview date.

Emeritus Faculty (see Mary Baldwin Faculty Handbook, Emeritus Status, Section 2.10.1.3) may retain their Mary Baldwin email account. Users of these accounts are expected to abide by applicable Mary Baldwin Appropriate Use Policies.

Graduating students receive a 30-day grace period from their walk date. After that  period their network, email and Online Registrar accounts are removed from Mary Baldwin’s server systems.  All other exiting student accounts will be terminated, with all data removed, effective immediately upon the departure of the student.
Accounts whose passwords exceed 30 days in age will be locked out, while accounts whose passwords exceed 90 days will be automatically removed from the system including all personally stored information residing on Mary Baldwin servers.

13.2.5  Faculty, Staff and Student Username and Passwords

Account Usernames and Passwords are assigned to an employee or student. For any computer account, you are responsible for the use made of that account. Only you are authorized to use your account.  You should never allow anyone else to use your Username and Password. You should not log on to a system using your Username and Password and allow others to then use the system.

You should set a Password which will protect your account from unauthorized use, and which will not be guessed easily. If you discover that someone has made unauthorized use of your account, you should change the Password and report the intrusion to the manager of that system and the Associate Vice President of the Office of Information Technology. You will be required to change your Password on a regular basis, to assure continued security of your account.

13.2.5.1  Password Requirements

It is necessary to restrict access to certain services and to certain types of information. This may be in order to prevent modification of student grades, to restrict access to software or services that are licensed on a per-user basis, or to make sure that one user does not accidentally delete files owned by someone else.  These protections may even be required in order to meet legal requirements, particularly with regard to privacy rights.

Mary Baldwin computing systems use the combination of a Username and Password to identify authorized users. You allege your identity by entering a Username. You prove that identity by providing a Password.  Because Usernames may be easily guessed, Passwords may be the only thing preventing an imposter from tampering with sensitive information.

You must keep your Password secret. Do not share it with anyone. Allowing anyone to use your Password violates our policy on system user accountability and may result in disciplinary action. Do not attempt to use any Username or Password that has not been assigned to you. State and federal law may make your use of someone else’s Password a crime.

USERS ARE RESPONSIBLE FOR ANY AND ALL ACTIONS TAKEN USING THEIR USERNAME AND PASSWORD.

Passwords must conform to requirements established by the Mary Baldwin Auditors and good industry standards. The requirements indicated below apply to all Mary Baldwin computing systems. These requirements fall into two basic categories: password selection and password management.

Return to Top

13.2.5.2  Password Selection:

When choosing a new Password, the following requirements must be met. Passwords must…

  • be at least 8 characters in length
  • not contain the Username
  • may not have been used as one of your previous twenty passwords
  • not match a dictionary of commonly (ab)used passwords
  • contain at least three of the following conditions:
    – uppercase letter
    -Lowercase letter
    -Number
    -“Special character” (anything other than a letter or number)

13.2.5.3  Password Management:

Proper management of passwords also requires that certain steps be taken to protect passwords once they have been chosen:

  • Never tell anyone your Password.
  • Never allow anyone else to use your Password.
  • Passwords must be changed every 90 days.
  • Passwords must not be written down where they can be seen.
  • Do not allow anyone to see your Password as you type it.
  • Any online Password changes will require encryption (e.g. SSL).

13.2.5.4  Initial Passwords:

Users may be assigned an initial, or “default” Password when their accounts are first created. These Passwords are valid for a maximum of 15 days and should be changed upon first use.  Initial Passwords may or may not provide access to all services; additional steps are required to fully activate a user’s account.

13.2.5.5  Enforcement of Password Requirements:

At the time any password is changed, the new password will be automatically checked to verify that it meets the stated requirements. Passwords that do not comply with this standard will not be accepted by the system.

Password auditing procedures may be used periodically. This policy serves as prior notification; typically no further advance warning will be given. Auditing procedures may include, but are not limited to, the use of password ‘cracking’ programs and other utilities. Should a user’s Password be revealed in this manner, the user will be contacted and required to choose a new Password.

Users may also be required to view a brief security awareness program as part of the Password change process and/or as part of initial account activation, or as part of ongoing account access.

13.2.5.6  Notification of Expiring Passwords

Where systems permit, users will be given notification 14 days before their Passwords expire.  Some notifications will be sent via email to Mary Baldwin email addresses only.  Users of non Mary Baldwin email systems should configure email forwarding from their Mary Baldwin account in order to receive these messages.

13.2.5.7  Password Reset Procedures

Should you need to reset your Password, call the Mary Baldwin Help Desk or follow the automated password reset process.  Passwords will not be reset or reactivated under any circumstances without first verifying the identity of the person making the request.  The user will be required to provide the last four digits of their social security number and Mary Baldwin ID number as proof of identity. Additional information may also be required.

In the event of a personal visit to the Help Desk, a Mary Baldwin photo ID will be considered valid proof of identity.

13.2.5.8  Additional Recommendations

Lock Your Computer When You Walk Away – If you are using a password-protected resource, don’t leave the workstation unattended.

Use the MS Window Lock Out feature by pressing the Windows icon and the “L” key simultaneously. Also, when you are finished using a password protected resource, be sure to exit the system (logout or shutdown the computer).  Most incidents of computer “hacking” or other forms of uninvited intrusions are the result of poor password selection or protection.  Don’t be a victim of this by being careless in your handling of passwords.

Log Out Before Letting Someone Else Use Your Computer – If someone else uses your computer for any reason, log out and require that person to log in with his or her own name and password.

REMINDER: The person to whom an account Username and Password is issued is responsible for all activity on that account.  You are not allowed to let anyone else use your account.  Proper Password security helps ensure that others do not misuse an account for which you are responsible.  If at any time you feel that your Password has been compromised, change it IMMEDIATELY.  Any misuse of your account should be reported to the Office of Information Technology by creating a Service Desk Ticket.

Return to Top

13.2.6  Use of Mary Baldwin Owned Computer Equipment & Software

13.2.6.1  General Use of Mary Baldwin Issued Equipment

You are responsible for the care of equipment issued to you by Mary Baldwin. It is expected that you will use it properly and not intentionally damage it in any way. All equipment is considered an asset of Mary Baldwin and is inventoried.

Should you be asked for inventorying purposes, you must be able to physically produce the equipment. If you cannot produce it, you will be personally responsible for replacing the equipment.

13.2.6.2  Off-Premise Use of Mary Baldwin Owned Computer Equipment

Removal of Mary Baldwin computer equipment must be authorized by the Office of Information Technology and by your supervisor or department head. A record of serial numbers and equipment types will be submitted to the Office of Information Technology where the inventory log is kept. This inventory must be completed before the actual movement of computer assets. All Mary Baldwin equipment removed from Mary Baldwin premises shall remain the property of Mary Baldwin.

Reasonable care shall be taken by the employee to preserve the equipment in working order. Mary Baldwin will assume no liability for consequential damages resulting from the malfunction or failure of Mary Baldwin equipment. The person removing equipment is responsible for insuring the equipment while in their possession either through homeowners or renters insurance. Equipment will be returned within one day of a request made by the Office of Information Technology or your supervisor.

13.2.6.3  Home Use of Mary Baldwin Licensed Software

Under no circumstances will users copy software made available to her/him without the written authorization of the Director of the Office of Information Technology or the appropriate departmental head.

Return to Top

13.2.7  Laptop – Use and protection of

13.2.7.1  Introduction

Mary Baldwin has a lifecycle replacement fund for computer technology. Currently, the replacement fund is not fully funded. Thus, the exact planning of replacing equipment remains more an art than a science. Currently, Mary Baldwin owns approximately 700 desktop and laptop computers, numerous printers, much classroom display equipment, many servers, etc. Much of the funding for the larger items must still come from special “one-time” funding allotments.  Because of funding limitations lifecycle replacement plan is conditional, since the funds available must be used not only for personal computers but also for lab and classroom computers.

Mary Baldwin makes a commitment to provide an appropriate (and up-to-date) desktop computer for each faculty and staff member. In some cases this may not be a brand-new computer. Recognizing the value in a portable computer, this policy aims to provide an opportunity for faculty to have a laptop computer instead of a desktop computer.

The following represents the laptop purchase policy for faculty/staff in academic departments and for staff in administrative departments.

13.2.7.2  Eligibility

In general, the following groups of faculty will be considered first:

  1. Online faculty who regularly teach two or more online courses each semester.
  2. Web-enhanced classes – Faculty who regularly teach 50% or more of their course load either as web-enhanced, hybrid, or online.
  3. Faculty teaching computer intensive courses or those who heavily utilize computers in the teaching of their classes.

13.2.7.3  Acceptable Use for Laptops

The use of laptops, including off-campus use, is strictly regulated by the Mary Baldwin’s Acceptable Use Policy.

13.2.7.3.a  Loss, Theft and Data Security

Laptops provide the convenience of portability. However, these devices are especially susceptible to loss, theft, and the distribution of malicious software because they are easily portable and can be used in a variety of environments.

Misplaced or unsecured laptops may expose sensitive information to the public. Examples may include personal identifiable data which may be protected by federal law or the process utilized to connect to the Mary Baldwin network. Given the difficulty in determining what information contained on a computer system has the potential to damage Mary Baldwin, all information must be protected until specifically determined otherwise.

All Mary Baldwin laptop users shall:

  • Report lost or stolen portable computers to the appropriate authorities including the department director, the OIT director and the Mary Baldwin Safety office.
  •  Assure portable computers are available to receive license synchronization at least once every 30 days. This is also recommended to facilitate current security fixes, patches, and anti-virus updates.

OIT Staff Members shall:

  • Educate users on the need to avoid leaving portable computers unsecured. If they must be left in a vehicle, they should be locked in the trunk.
  • Educate all users on the importance of data security; especially those utilizing a mobile computing environment.

Return to Top

13.2.7.3.b  Damage to Laptops

Laptops are more susceptible to damage, both due to their portable nature and their relatively fragile construction. Users are expected to take precautions to ensure that laptops are not stolen, lost, or damaged. If laptops are lost, stolen, or otherwise damaged such that they cannot be restored to normal working order, the employee may be responsible for the prorated cost of the laptop (first year: 100%; second year, 75%; third year, 50%; fourth year, 25%).

In case of theft or loss, the user must file a report with the Associate Vice President of OIT and Mary Baldwin’s Campus Safety Department. Users are encouraged to check their home insurance policies regarding coverage.

Mary Baldwin will evaluate the circumstances of the theft or loss to determine if the required reimbursement should be waived.

Insurance. Anyone choosing a laptop computer is strongly advised to check to see if they are covered under a homeowners or other insurance policy. Laptops supported by Mary Baldwin are insured up to the equipment’s value, but not the value of added software.

In the case of a stolen or damaged laptop, a deductible amount of $200 will be applied to every claim; in general, it is the responsibility of the faculty/staff member to cover this deductible. Mary Baldwin assumes no other responsibilities or liabilities than those listed here or required by applicable law.

Repair of laptop computers. Mary Baldwin purchases 3-year, on-site, next-day service for Dell Latitude laptops. Most repairs are performed by a certified Dell repair technician. In some cases a laptop computer can only be serviced by sending it back to the manufacturer. Users of laptops should be aware that this may cause inconvenience, since they may be without any computer during the time the laptop has been returned for service. OIT does not have loaners available for these repair periods.

In general, lost, stolen, or damaged laptops will be replaced with desktops from the pool of available cascaded computers. These computers will subsequently be upgraded according to the lifecycle refresh plan for desktops. At that time, users may be eligible for consideration for a laptop.

13.2.7.3.c  Virus, Hacking, and Security Protection

To ensure that virus protection and other security patches are current, laptops must be docked and connected to Mary Baldwin’s network over night at least once per month.

13.2.7.4  Software on Laptops

To the extent possible, OIT will install the same software (Microsoft Office Suite, etc.) on laptops as installed on Mary Baldwin desktops.

Course specific software will be evaluated on a case-by-case basis, and may need departmental approval and license funding. OIT will only install supported software, and no unlicensed software will be installed under any conditions. Because laptops are provided for Mary Baldwin related work, no personal software may be installed.

13.2.7.5  Laptop Equipment Return

Laptops must be returned to OIT if requested or if employment ends. No laptop will be upgraded or replaced unless the original equipment is returned in proper working order.

Return to Top

13.2.7.6  Support

OIT support of Mary Baldwin owned laptops will be equivalent to that provided for Mary Baldwin owned desktop computers. Direct support will only be provided while laptops are on campus, and laptops requiring support must be docked.

Users will need their own Internet Service Provider accounts if they wish to connect to the Internet from home. Specific questions regarding connecting remotely must be referred to the users’ ISPs.

13.2.8  Off-Campus Access to Computing & Network Resources

Mary Baldwin does not have provisions and does not routinely provide direct off campus access to Mary Baldwin’s network to faculty, staff, or students. Under extreme and unusual circumstances, a special VPN connection can be configured on Mary Baldwin owned computers for use by Mary Baldwin employees from off campus. Permission for off campus access is the sole discretion of the Associate Vice President of OIT.

13.2.9  Requesting Off Campus VPN Mary Baldwin Network Access

The Supervisor must make a formal written request to the OIT office care of the Director indicating:

  1.  who you wish to be authorized for off-campus connection.
  2.  a brief description of what type of work they will be doing (for hard copy documentation).
  3.  the Mary Baldwin owned device that is to be configured.

You must allow 5 working days for setup of the off campus account access.

13.2.10 Support for Off Campus Network Access

Mary Baldwin will not supply equipment to the employee for home access. OIT will not support employee’s personal equipment used for temporary off-campus in access.

Return to Top

 13.3 Privacy and Monitoring

13.3.1 Network Monitoring, Logging and Data Retention

Mary Baldwin does not routinely monitor or log network activity. However, users should also be aware that their uses of university computing resources are not completely private. The normal operation and maintenance of Mary Baldwin’s computing resources require the temporary backup and caching of data and communications, the logging of activity, the monitoring of general usage patterns, and other such activities that are necessary for the rendering of service.

Due to the nature of modern cyberattacks against persons and equipment, Mary Baldwin reserves the right to capture and log individual data, including but not limited to the contents of the data packets from individual’s PCs and all electronic devices used on campus.

Additionally, Mary Baldwin does not monitor or restrict material residing on any computer system, whether or not such computers are attached to campus networks. However, computers that are connected to the campus network and violate Mary Baldwin policies are subject to investigation and disconnection without notice. All computers are assigned Dynamic IP addresses which are subject to change at any time.

If the system administrator, in the performance of duties, uncovers information that an individual is acting inconsistent with this policy, or discovers evidence of criminal activity, the system administrator must report such findings to the appropriate authority. Mary Baldwin does not have the resources and capacity to log network data indefinitely. At no time will logging data be stored for longer than 30 days, and is subject to purge at any time per OIT discretion. Mary Baldwin reserves the right to amend and/or append this policy at any point, without prior notification.

13.3.2 Requesting Private Network User Activity Information

What We Can Release:
Mary Baldwin will not release personal user network and communication activity to anyone as we deem this information to be private information. However there may be times when log information may be requested as a part of a legal investigation. The following procedures are in keeping with similar procedures designed to protect private information of students, faculty and staff.

What We Do When We Get A Formal Request:
Should such information be requested for the investigation of possible illegal activity, the request must be made through the Mary Baldwin Campus Safety Office. The Campus Safety Office will determine if the request is a part of a legal investigation. If so, Campus Safety should request a formal written request (subpoena, court order, or other legal document) from the originating investigator. The request from the investigator must be specific in outlining the data wanted. The request, through the Mary Baldwin Campus Safety Office, should then be submitted to the Vice President of OIT who will consult with Mary Baldwin’s attorneys and determine if the request can be complied with. If so, the Director will instruct the appropriate technicians to gather the requested information. The information will then be turned over to the Campus Safety Office, who will then turn over the information to the requesting party.

Return to Top

13.4 User Support – Computer and Telephony

13.4.1 Getting Help

If you have any problems relating to your computer, phones or the Mary Baldwin network please create a Service Desk Ticket.

The Help Desk Analyst will create a work order for tracking every request for help. That way your problem can be tracked and a follow up ensured. Of course the Analyst will attempt to resolve your problem right then on the phone. Each analyst will have basic knowledge of the supported Mary Baldwin software packages, basic hardware and basic network problems. If the question can’t be answered or the problem can’t be resolved on the phone, the Help Desk Analyst will assign the problem to another appropriate OIT staff member.

13.4.2 Hours

Mary Baldwin supports computer usage by employees during normal working hours and days that the University is open, Monday through Friday, 8:00 am to 4:30 pm. Weekend and evening work requiring support must be approved by the Director of OIT in Advance. Deviations from normal hours must be cleared by a vice president. The supervisor will notify both Security and OIT.

ANY non-employee using the Administrative Computer Systems must have Mary Baldwin OIT clearance in writing in advance of use. The Help Desk will provide support via telephone. The Help Desk will be staffed to provide support from 8:30 am to 4:30 pm EST, Monday through Friday with the exception of University holidays..

OIT does not provide weekend support or after-hours support, except in legitimate emergencies or on a pre-scheduled basis. Requests for support received after 4:30 p.m. EST weekdays or anytime on the weekend are deferred until the next business day. At other times you may submit an online help request. You can also get help through e-mail via help@marybaldwin.edu. Be sure to include as much detail about the problem as possible in your email message; and include your name and phone number so we can contact you.

13.4.3 Help Desk Support

The goal of Help Desk is to assist Mary Baldwin faculty and staff with the use of Mary Baldwin supported software (see Mary Baldwin Supported Software) by answering questions and resolving problems specifically related to these items. The underlying assumption is that the faculty and staff members are generally knowledgeable about the software but have additional questions or problems not answered in the documentation or covered during training. The Help Desk cannot provide individual on-phone software training (see Software Training). The Help Desk will not provide software or hardware support for students’ personal computers. Limited support for students working in Labs is discussed in the section on Lab Support.

Help Desk Analysts strive to answer all calls promptly. All call requests are dated and time-stamped upon receipt. Requests for support are processed on a first come/first serve basis relative to software and priority. .

13.4.4 Problem Classification

As the first line of assistance for solving technology related problems, the Help Desk will try to determine the problem or likely source, and classify the situation as:

  • Track 1 (Help Desk)
  • Track 2 (Network Support group)
  • Track 3 (Administrative Software Support group).

If Track 1, the Analyst will use all available resources to best resolve the reported problem over the phone and close the Work Order. In cases where a call cannot be resolved over the phone, the Help Desk Analyst will classify the nature of the problem or request as Priority 1, Priority 2, or Priority 3 and will dispatch a Mary Baldwin Desktop Support Technician to perform on-site actions to resolve the issue.

If Track 2, the Analyst will report the problem or request to Mary Baldwin Network Support group for classification and monitor progress.

If Track 3, the Analyst will report the problem or request to Mary Baldwin Administrative Software Support group for classification and monitor progress.

Return to Top

13.4.5 Call Priority

Calls are prioritized using the following definitions:

Priority 1– We specify this status for critical issues that require immediate help. These are problems that may prevent the performance of a time bound institutional task that affects many members of the University community. Use this priority for mission-critical applications only. Examples of issues classified as Priority 1 are:

  • Critical Server or system outages
  • Faculty led classroom teaching
  • Registration
  • Billing or Payroll problems
  • Essential applications that won’t start

Priority 2– We specify this status for issues that are not urgent in nature, but do require a resolution within a reasonable amount of time. These are problems that inhibit an individual from performing their job, but there are other tasks that can be accomplished while their system is down. Examples of issues classified as Priority 2 are:

  • Application re-installs
  • E-mail problems

Priority 3 – We specify this status for general issues where there is no immediacy and that can be handled as time permits and does not require a resolution within 24 hours. Examples of issues classified as Priority 3 are:

  • Software upgrades
  • Computer installs
  • Printer installs

13.4.6 Response Times

During daytime hours a Help Desk Analyst should be available to answer your call immediately. During off hours only emergency calls should be directed to Campus Safety at 540-887-7000.

For calls classified as Priority 1, the Mary Baldwin Support Technician will return a call within a one-day period and attempt to close the call within three working days.

For calls classified as Priority 2, the Mary Baldwin Support Technician will return a call within a two-day period and attempt to close the call within five working days.

For calls classified as Priority 3, the Mary Baldwin Support Technician will return a call within a two working day period and determine a suitable timeframe for completion of the task.

13.4.7 Faculty and Staff Hardware Problems

Problems with hardware should go to the Help Desk for resolution or work order assignment. OIT does not have sufficient resources to guarantee the availability of loaner computers or monitors. Remember that you are responsible for your own data backups for files and documents stored on the equipment assigned to you. OIT cannot guarantee that data that has not been backed up can be recovered if lost due to hardware failure.

13.4.8 Obtaining or Procuring New Computer Equipment & Peripherals

All University computer equipment and peripherals, regardless of funding source, must be purchased through OIT.  You may not purchase equipment such as printers from local office supply stores unless approved. This ensures proper asset inventorying, equipment compatibility, support, and warranty coverage.

Return to Top

13.4.9 Mary Baldwin Hardware Specification Standards

Contact the Help Desk for the most up-to-date hardware specification standards.

13.4.10 Support NOT Provided by the Mary Baldwin Help

Desk Examples of situations that are not covered by the Help Desk include:

  • Support for a software product not purchased by Mary Baldwin.
  • Support for faculty and staff home computers and personal software, even if being used on campus.
  • Support for faculty-taught applications. The faculty member teaching those packages is responsible for support. OIT will support the faculty in getting the application installed and running.

13.4.11 Presentation Equipment

Portable presentation equipment is limited so proper and early scheduling is a must. All scheduling of presentation equipment is handled by the Help Desk. The Instructional Technology team will determine if the equipment is available and confirm your reservation. Software installed on loaners is limited by licensing. You should check with the Help Desk to be sure the software you need is installed. If the software is not loaded, you should contact OIT at least three days in advance of your scheduled use. If a license is available, then the software can be installed. If an additional license is required then it will have to be ordered and that may take time. Be advised that payment for an additional license may need to be charged to your department or discipline. Contact OIT by creating a Service Desk Ticket.

13.4.13 Software Training

The Help Desk cannot provide software training over the telephone. It is neither an effective or efficient training method. We make every effort to devote Help Desk time for the exclusive purpose of addressing problem issues and answering specific application questions. Help Desk is not a substitute for J1 training from your supervisor. Mary Baldwin provides limited training workshops as funding permits. Faculty and staff who are unfamiliar with basic software concepts and who need software training will be referred to other training providers.

Return to Top

13.4.15 Support of Faculty Taught Software

Faculty taught applications are not supported on the Help Desk. These include SPSS, Posit Cloud, applications within the Adobe Creative Suite, Final Cut Pro, Vectorworks, and other faculty-taught applications.

The faculty member teaching those packages is responsible for all instruction and support. It is the responsibility of the faculty member to ensure that the software they wish to use in a class will function properly on the currently deployed hardware platform and operating system. Before purchasing any software the faculty member must be sure to get certification from the software publisher that the software will operate with current operating systems.

The ultimate responsibility to make software function rests with the faculty member and the publisher. While OIT will do everything possible to assist faculty in this effort, we cannot be responsible for software that won’t run in the currently supported operating system. Because of the impact on a faculty member’s planned curriculum that non-functioning software can create, as much lead time as possible should be scheduled to test the software before deployment in the labs.

To ensure successful implementation of new software a minimum of ninety days is required from the time the software is delivered to faculty member and OIT for testing until the time of implementation. It is common for released software to fail to operate properly or not at all. Educational software vendors seldom have the support necessary to assist in resolving such serious problems, which may leave a faculty member with a planned course but no operable software. It is the responsibility of the faculty member using the class software to support the students using it in the course.

It should be made clear to students that they are to contact the faculty member with questions and problems. OIT cannot support software programs other than Mary Baldwin supported packages. You may not install personal software on Mary Baldwin equipment. All software loaded on Mary Baldwin equipment must be licensed to Mary Baldwin.

13.4.16 Student-Owned Computer Problems

Support for students’ personal computers is limited to help connecting to the Mary Baldwin network while on campus, and major MBU services such as Microsoft Office 365, Google Apps, and Canvas via the telephone or informative documentation. OIT will not work on individual student owned computers. To request advice on your particular problem you may request help by creating a Service Desk Ticket

Most problems are the result of downloaded programs, music, videos and screen savers. Many of these downloads also include viruses and various malware. Mary Baldwin requires all students to have updated Antivirus software running on their personal computers and expects students to keep their virus definitions and operating systems up to date. The OIT Service Desk team will not make any hardware repairs nor install or remove any software. If your computer or printer is actually broken, the consultant will tell you how to reach a private vendor for fee-based service.

Return to Top

13.5 Campus Messaging & Telephony Systems

Use of Mary Baldwin resources such as electronic mail (email), telephone, and voice mail is a privilege and must be treated as such. Misuse of these messaging systems can result in the loss of access to e mail and/or other resources.

13.5.1 Email Guidelines

Fraudulent, racist, harassing or obscene messages and/or materials are not to be sent, printed, requested or stored. Any use of email that would deprive others of resources is prohibited (such as, but not limited to, purposely congesting email systems with multiple messages).

Chain letters and other forms of mass mailings are not allowed.

Commercial use of email is not allowed. This includes using email as a classified ad service.

Any communication that violates Mary Baldwin policies and/or local, state or federal laws and regulations is prohibited.

The content and maintenance of an electronic mailbox is the responsibility of the person to whom the email account is assigned.

Check your email often and remove messages that are no longer needed.

Email messages are considered private unless they have been explicitly made available to others. Every attempt is made to assure the security of Mary Baldwin’s email systems so that there is a reasonable expectation that mail cannot be read by unauthorized individuals.

However, this is not a guarantee of the privacy of messages. Be aware of the potential for forged email. If a person has acquired another individual’s password, that person can pretend to be the other individual and send forged email. (This would be a policy violation but it can happen if someone is careless with his or her password.) Also, email that originates from outside Mary Baldwin may not be subject to strict security. If a message appears out of character for the sender, it may be a forgery and you should contact the sender by other means for verification.

Software for accessing email systems has been licensed by Mary Baldwin for use on Mary Baldwin owned computers only. Individuals who own their own computers are responsible for acquiring  the appropriate software licenses and hardware if they wish to access email from their own computers. There is no guarantee of available software for individually owned computers.

13.5.2 Email Security

Email is not a secure medium. The messages are merely text files that can be read by almost any text editor. Since email is such an open medium it is wise not to use email for any confidential information. There is a chance that your message will be delivered to the wrong mailbox. You may accidentally send the message to the wrong address. You may forget to remove the message from the computer you are working on. If the information you wish to relay is in any way sensitive or confidential use an alternative method of delivery.

Return to Top

13.5.3 Retention of Email

Mary Baldwin has a Zero day retention of email.

Overview of backup procedures:

OIT backs up files on its systems for the purpose of ensuring its ability to recover from computer or network failures or disturbances.

The OIT backup system is not designed or intended to be a means for members of the community to have access to long-term storage of files.

Backups of the user files on the systems are run periodically. Scheduled backups usually run during the weekend but may be run at any time if events warrant.

Each daily backup saves the contents of files and directories at the time the backup was performed. Therefore the backups do not record all activities or contents of users’ files throughout the day or week. A backup is simply a snapshot in time of the data present on the system at the time the backup ran. Therefore it is completely possible for a user to create and delete a file during the course of a day which will never appear on a backup. Users are urged to back up any critical information themselves for archival purposes or long-term storage off-line.

13.5.4 SMTP Policy (or running your own mail server)

Part 1

Connections originating outside the Mary Baldwin network to the SMTP port (port 25) of hosts on the Mary Baldwin network will be blocked. System administrators who need to operate independent mail systems should contact OIT to request an exception to Part 1.

Part 2

Connections originating on the Mary Baldwin network to the SMTP port of hosts outside the Mary Baldwin network will be blocked. All mail destined for hosts outside the Mary Baldwin network must be directed through the Mary Baldwin SMTP server, that is: mail.marybaldwin.edu

Return to Top

13.5.6 Office Telephone Policy

General

The Mary Baldwin telephone and fax systems must be kept open for Mary Baldwin business and emergency use.

Acquisition Guidelines

Mary Baldwin faculty and staff needing telephone service should submit a request to OIT (help@marybaldwin.edu). Requests should be authorized by the major Department VP and must include the Mary Baldwin account code to which the service will be billed.

Billing

Monthly billing for telephone services will be processed centrally. OIT will review the detailed usage statements. Statements will be emailed to Department heads. Charges will be posted by the Business office. Any discrepancies should be communicated to OIT for follow up.

From time to time, Business and Finance and/or OIT may review individual usage to assure that the most appropriate rate plan is in use and to screen for possible abuse. This information will then be forwarded to the user’s department for administrative review.

Personal Calls

Personal calls from Mary Baldwin telephones should be limited. Staff members are encouraged to make personal calls on their own devices. Extraordinary charges may be billed back to the department that the call originated from.

Repairs and Moves, Adds & Changes

Contact OIT regarding requests for a change in service, telephone instruments, cords, repair, etc.

13.5.8 Cell Phone Policy

General

Mobile (cellular) telephones are an effective resource for Mary Baldwin because they enable communication in areas or situations where conventional telephony is not available or is impractical. However, the cost incurred by mobile telephony must be weighed carefully against any benefits.

In general, mobile telephones (i.e., telephones connected to a commercial mobile telephone service (such as Verizon) may be assigned to employees for whom the nature of their work requires wide mobility and simultaneous access to the public telephone network (i.e., senior staff, directors, deans, technicians).

Acquisition Guidelines

All mobile phone acquisitions will be coordinated by OIT through established purchasing procedures. Individuals and/or departments are not permitted to contract for cellular services on their own.

Mary Baldwin faculty and staff needing mobile communications service must  submit a request to OIT (help@marybaldwin.edu). Requests should be authorized by the major Department VP and must include the Mary Baldwin account code to which the service will be billed. The justification for mobile telephony should demonstrate a clear connection to the user’s job responsibilities.

Mobile telephones should not be issued to student workers, contract employees, part-time, temporary personnel, adjunct faculty, or others not having a compelling use for the technology, unless specifically requested by the department head. Security of these phones is the responsibility of the department.

All costs associated with mobile telephones will be borne by the department ordering the equipment. Such costs include, but are not limited to, the following: equipment acquisition; service initiation; monthly fees for mobile service; per-minute cost of calls in excess of the calling plan allocation; maintenance and repair of equipment; and replacement of lost or stolen equipment.

LOST PHONES and REPAIRS

If the mobile telephone is stolen or otherwise misplaced, the holder MUST contact OIT  by creating a Service Desk Ticket immediately for temporary suspension. If after hours, OIT must be notified on the next business day. User departments will be responsible for coordinating repair of mobile communications equipment with OIT.

Billing

Monthly billing for mobile services will be processed centrally. OIT will review the detailed usage statements. Charges will be posted by the Business office.  From time to time, Business and Finance and/or OIT may review individual usage to assure that the most appropriate rate plan is in use and to screen for possible abuse. This information will then be forwarded to the user’s department for administrative review.

Personal Calls

Use of a Mary Baldwin-owned mobile telephone and mobile telephone airtime service is intended for official Mary Baldwin business. However, Mary Baldwin recognizes that personal calls are sometimes necessary. Personal calls should be kept to an absolute minimum.

Return to Top

13.6 Copyright Policy

Copyright information is located on the Grafton Library site:

13.6.1 What is copyright?

13.6.2 What is “Fair Use”?

13.6.3 Digital Milliennium Copyright Act?

13.6.4 What materials may be used without first obtaining the owner’s permission and/or paying a royalty?

13.6.5 How does Copyright Law affect Distance Learning?

13.6.6 What Guidelines apply to placing materials in the library on Reserve?

13.6.7 What Guidelines apply to Coursepacks?

13.6.8 What Guidelines apply to the use of Films and Video Recordings?

13.6.9 What Guidelines apply to Off-Air Recording of Broadcast?

13.6.10 What Guidelines apply to the copying of Sound Recording?

13.6.11 What Guidelines apply to the copying of Computer Software?

13.6.12 What Guidelines apply to the conversion of other Analog Materials to Digital Materials?

13.6.13 What guidelines apply to the downloading and sharing of Audio, Video, Software, and other files?

13.6.14 How do I obtain permission to show/broadcast video materials that do not currently have public performance rights?

13.6.15 Who assumes responsibility for copyright infringements?

13.6.16 Additional Sources of Copyright Information

13.8 Accountability for Data Resources

Computer Systems

Mary Baldwin, represented by its President and Board of Trustees, is the sole owner of its institutional information. Certain managers and/or department heads are designated custodians or caretakers of specific portions of this information. These people have sole and primary responsibility for the acquisition, maintenance, integrity, accuracy, and security of data within their jurisdiction, but not proprietary rights to it. In a shared database environment, like the one at Mary Baldwin, they are accountable to all other campus offices that may require the use of this information. No one is permitted to use, transmit in any form, sell, or otherwise disclose any information contained in Mary Baldwin’s computer systems, without advance written authorization of the responsible department head.

The major objectives of physical security are to prevent unauthorized use of equipment, software, and information; and to prevent the theft or damage of equipment, software, and information. The primary user, to whom the equipment is assigned, has the responsibility of ensuring that physical security measures are maintained.

Minimizing environmental hazards is accomplished through the use of surge protectors and (de)humidifiers.

Microcomputers processing sensitive data should never be left unattended. This includes recalculating spreadsheets, printing reports, writing letters with confidential information or processing a database. This prevents the unauthorized individual from stopping the application processing, reading or changing the information and restarting the application without detection.

Saves should be performed frequently to minimize data loss, and always before leaving the computer for any reason. Backups of sensitive or hard to replace data should be performed regularly by the user. If the information changes frequently, it should be backed up daily; otherwise a weekly backup will suffice.

the Office of Information Technology has the responsibility of backing up pertinent information stored on University servers. A full system backup is performed periodically for these servers and a copy is stored off-site.

13.9 Software Licensing Policy

Mary Baldwin is committed to abiding by Federal Copyright Law governing computer software. According to the U.S. Copyright law, illegal reproduction of software can be subject to civil damages of as much as $100,000 and criminal penalties including fines and imprisonment. Mary Baldwin employees who make, acquire or use unauthorized copies of computer software shall be disciplined as appropriate under the circumstances. Such circumstances may include termination. Mary Baldwin does not condone the illegal duplication of software.

Mary Baldwin licenses the use of computer software from a variety of outside companies. Mary Baldwin does not own this software or its related documentation and, unless authorized by the software developer, does not have the right to reproduce it. Any duplication of licensed software, except for backup purposes, is a violation of the Federal Copyright Law. The software that is loaded on Mary Baldwin owned computers might not be duplicated for use on any other personal computer. Many products are serial numbered and no two personal computers may have software with the same serial number.

Any employee giving software to any outside third party, including students shall also be disciplined as appropriate under the circumstances. Such discipline may include termination. If you need to use company software at home, you must first consult with Mary Baldwin OIT before removing the software from the premises to be sure that the license for that piece of software permits home use.

Software Licensing Filing for Department Purchased Software.
All software should be purchased through the Office of Information Technology even if the funding source is the department itself. In all purchases, a copy of the software license agreement must be filed with OIT so that it will be available in the event that a publisher’s audit of the licensing occurs.

Software Audit Policy.

Annually, OIT will inventory the software on only those Mary Baldwin owned computers where the appropriate user has given current written permission. The appropriate user would be the Mary Baldwin employee designated as the primary user of a given computer as listed on the computer database or the employee designated as being responsible for the security and maintenance of a given computer as listed on the computer database.

In those instances where written permission to inventory is denied, the appropriate person will provide an inventory of the Mary Baldwin owned software in his/her possession and affirm in writing the accuracy of the inventory. OIT will develop and provide a software audit tally form for this purpose.  In order to bring Mary Baldwin into compliance, unlicensed software that is discovered in the inventory process will either be removed/reclaimed or purchased with the appropriate budget account being charged. The appropriate account would be the account associated with the employee using the unlicensed software.

Return to Top

X