Lasell Acceptable Use of Information Technology Systems
Lasell College and Lasell Village (Lasell) maintains information technology and services which are essential to the mission of these organizations. All employees (including student employees), students and residents of Lasell College and Lasell Village, guests and affiliates of Lasell (Lasell Community) are obliged to use the information technology appropriately and lawfully and maintain the college's values of integrity, honesty, and ethical decision making. Upon acceptance of your account information and agreement to follow these procedures, you will be granted access to Lasell's information technology.
Some departments on campus may have additional policies and procedures that apply to the use of information technology within those departments. In addition to this Acceptable Use of Information Technology Systems document, the use of these information technologies is governed by the Student and Employee Handbooks, Written Information Security Plan, Record Retention and Disposition Policy, and all other college policies and procedures.
These procedures apply to all users of information technology resources owned or managed by Lasell College and/or Lasell Village. Individuals covered by the document include (but are not limited to) Lasell full-time and adjunct faculty, staff, students, Lasell Village residents, guests or agents of the administration, external individuals and organizations accessing network services via Lasell College's information technology facilities.
Information technology consists of, but is not limited to, computer hardware devices, software, databases, audiovisual equipment, multimedia, information services the college is subscribed to, telephone systems, mobile devices, cable television, computer networks, data, wiring, infrastructure and other information systems that are made available to support and facilitate the missions of Lasell College and Lasell Village.
The Lasell Community and affiliates must satisfy the requirements outlined below.
- Comply with intended use of Lasell's information technology, processes and services
Circumventing Lasell's technical, administrative, or process controls is prohibited. One should not cause, intentionally or not, disruption to day-to-day or "normal" activity on Lasell's information systems unless official authority is given to do so.
- Respect Lasell Policies and local, state, and federal laws
Lasell College and Lasell Village are subject to and must comply with the federal, state and local legislations. Lasell forbids the use of its resources for activities such as sharing, selling or subversion of Lasell information technology, services, or data which is outside of official authority. Under no circumstances may anyone use information technology and services in ways that threaten Lasell's tax-exempt or other statuses.
- Ensure ethical use of Lasell information technology and services
Use of any Lasell information system or service for unethical or illegal activity or personal gain is prohibited. Harassment, violation of privacy, inappropriate data use, forgery or other misrepresentation of one's identity, and attacks using Lasell information technology are some examples of unethical activities.
- Respect personal property
Data pertaining to the security protection and/or mechanisms of Lasell technology assets, including, but not limited to, system administrative passwords, key codes, and firewall policy definitions, must be kept in the strictest confidence, and may not be disclosed or intentionally discovered without official authority. The Lasell Community and affiliates must respect the propriety rights of those within or outside the Lasell Community. Use of or sharing Lasell information systems and services with those outside the Lasell Community is forbidden unless official authority is given to do so.
Lasell's network (wired and wireless) is essential to the day-to-day operations of Lasell College and Lasell Village. This standard defines acceptable use of Lasell's wired and wireless network.
The Lasell Community and affiliates must satisfy the requirements outlined below:
- The security of Lasell information systems is the responsibility of all members of the Lasell Community and affiliates. Everyone is personally responsible for the security of their accounts, credentials and passwords. Passwords should be difficult to guess and never be disclosed, loaned or sold to another individual. Ways to ensure this include avoiding storing passwords or any other information that could be used to gain access to other technology resources on workstations, sharing passwords, or by leaving them in easily discoverable locations. Everyone has the responsibility to report a suspected breach of any Lasell account, credential, or password to the Technology Help Desk.
- The Lasell network should be used ethically and it is unacceptable to access systems or data (even when available) which are outside one's job duties and responsibilities or role in the Lasell Community. Information technology should not be used to: gain unauthorized access to other computer systems; create and/or run programs that are designed to identify security loopholes, network schemes, data protection schemes and/or decrypt secured data; spoof or misrepresent one's identity by alteration or appropriation of IP address(es), packet content, or other identifying or authentication information. It is unacceptable to create unauthorized credentials; provide misleading information in order to obtain access to information technology. Unauthorized use of monitoring, management or decoding tools to capture and/or view network traffic including SNMP probing, packet capturing, network discovery tools or tools used to assess security (e.g. vulnerability scanners) is forbidden. Access to information technology operations areas (including but not limited to the server room, switch closets and phone closets) is restricted to those responsible for operation and maintenance.
- The Lasell Community and affiliates must act responsibly when using the Lasell network and Lasell owned computers and should not compromise internal or external information systems. Some examples include, but are not limited to, knowingly or carelessly running or installing unlicensed software on any computer system or network; giving another user a program intended to damage the system; running or installing any program that places an excessive load on a computer system or network, or compromises the security of the systems or network; violating terms of applicable software licensing agreements, including copying or reproducing any licensed software; unauthorized removal of software from Lasell computers; spreading viruses; unauthorized destroying of information and using imaging equipment to duplicate, alter and subsequently reproduce official documents.
- Lasell requires that all non-Lasell owned computers connected to the Lasell network have all critical patches applied to the operating system and updated anti-virus software installed.
- All employees must keep a copy of all electronic work-related files and data on the Lasell network so they are properly backed up and archived. Personal files or data (non-work or academic related) may not be stored on the Lasell network as they waste Lasell resources.
- Viewing, displaying, downloading or hosting objectionable or pornographic material will be interpreted as a form of harassment and as such will not be tolerated.
- Lasell's wireless network provides wireless access to the Lasell network resources and to ensure a safe and secure network all wireless devices must access the network through CiscoNAC. Student are permitted to use personal access points but they may not identify them with ESSIDs which mimic or suggest official Lasell network access. Lasell prohibits the use of wireless sniffers, wireless services or software that interfere with normal functionality of the network, systems that deny wireless network use, and system which violate the privacy of other wireless users.
Electronic communication tools such as, but not limited to, Lasell websites and email accounts, social networks, blogging, cell phones, instant messaging, texting, videos and video conferencing are covered under this Acceptable Use of Information Technology Systems. Everyone in the Lasell Community is responsible for all communication made under the authorization of his or her (owned or assigned) device or account, credential or password.
The Lasell Community and affiliates must satisfy the requirements outlined below:
- Electronic communication and social networks should be used ethically and responsibly. Inappropriate uses of these systems include, but not limited to harassment, sending email that may be perceived as harassment, libel, pornographic, off-color, obscene, hate mail, and initiating or propagating electronic chain letters. Employees should not use Lasell electronic communications for the following personal reasons: soliciting support (financial or otherwise) for charity or special causes not connected with Lasell or proselytizing and espousing political and religious views. (Please refer to the Employee Manual for the College's Solicitation Policy.)
- Respect individual personal privacy and identity when using electronic communication. This includes, but is not limited to, subscribing others to mailing lists or providing the email addresses of others to bulk mailers without their approval; forging the identity of a user or machine in an electronic communication or sending anonymous email; attempting to monitor or tamper with another user's electronic communications; and reading, copying, changing, or deleting another user's email or communications without the explicit agreement of the owner.
- Electronic communication tools such as email should be treated as public information as their confidentiality cannot be assured. Account information, credentials and Personal Information (PI) under MA 201 CMR 17.00 should never be communicated or transmitted through unencrypted electronic communication tools. See Written Information Security Plan for definition of PI.
- Employees and affiliates are forbidden to automatically forward emails messages or entire mailboxes to a third party account such as Gmail, HotMail, etc. Instances of such must be approved by the Vice President for the respective department or office.
- The CAN-SPAM Act requires that any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service must meet the following requirements:
- Don't use false or misleading header information.
- Don't use deceptive subject lines.
- Identity the message as an advertisement.
- Tell recipients where you're located.
- Tell recipients how to opt out of receiving future emails from you.
- Honor opt-out requests promptly.
- Monitor what others are doing on your behalf.
If you are unsure if your email falls under the CAN-SPAM, please contact the Director of Web & Electronic Marketing.
- Lasell employees who contribute to social networks including Facebook and blogs that mention Lasell, employees, partners, customers, and competitors of the college, must write knowledgeably, accurately, and use appropriate professionalism as well as identify that you are an employee of Lasell and that the views expressed on the blog or Web site are yours alone and do not represent the views of Lasell. If you are charged with the responsibility for creating an electronic presence outside of Lasell College's external website, social networking web sites, photography web sites, blogs, video, etc. there must be at least two administrators per account. One administrator must be from the Office of Web & Electronic Marketing.
- Lasell employees who have access to maintain their department web page(s) on the College website(s) should only use the functionality available within the content management system. Those employees responsible for the content shall do so ethically and without personal bias.
- Email groups are intended for: announcement of major Lasell events and deadlines; changes in campus policies, procedures, organizations, or departments; and notification of the availability of services and/or facilities.
- MyLasell announcements are intended for: announcement of Lasell related information, events and deadlines; campus policies and procedures; lost and found items; and soliciting support (financial or otherwise) for charity or special causes connected with Lasell.
Music, programs, books, or other intellectual works that a person buys from a store or company usually are protected by a copyright. What this means is that the purchased work is meant for personal use only and that the buyer cannot copy it, hand it out, or make a profit from it. This is how writers, artists, and musicians protect their work and the profit that work will generate.
What a copyright law controls or states is that the author is the owner of the work and controls how it can be used. That includes the reproduction, distribution and public display of a work. In recent years with the development of the computer and an increase in the number of people who own them, there has also been an increase in the violation of copyrights with such things as movies, music, and computer software.
The Digital Millennium Copyright Act addresses these issues. This act also limits the liability of Internet Service Providers from the actions of its users who may be using their equipment to distribute copyrighted material. This means that if a record company or some other company wants to sue for a violation of copyright they will sue the user violating it and not the Internet Service Provider.
Lasell prohibits the use of its information technology to violate copyright. In addition to action by Lasell, copyright violators can be subject to criminal prosecution. Because Lasell is also classified as an Internet Service Provider, the Digital Millennium Act protects Lasell from legal actions. If a member of the Lasell community is caught in violation of copyright, he or she will be targeted by the record companies and the distributors, not Lasell.
Lasell recognizes that employees and affiliates may connect to the Lasell network through personal computers and digital devices. This standard defines the responsibilities of the employee and affiliates well as Lasell's rights when Lasell information technology resources and data are accessed from devices and computers not owned by Lasell.
The Lasell Community and affiliates must satisfy the requirements outlined below:
- Employees or affiliates who connect personal devices to the Lasell Exchange email system are required to agree to Lasell's password requirements for these devices.
- Lasell data classified as PI should never be accessed from a non-Lasell owned device or computer except through a remote desktop connection.
- Lasell data classified as PI should never be printed or faxed from a non-Lasell owned printer or fax machine.
- A remote desktop connection may not be used on any computer or device unless approved through Lasell's Change Management system.
- If a personal device or computer which has access to Lasell's information technology has been lost or stolen, the employee or affiliate must immediately notify the Technology Help Desk.
- When an employee or affiliate separates from Lasell, they must wipe (by reinstalling the OS) all devices (such as iPads, smartphones, etc.) that have connected to Lasell's information systems. Contact the Technology Help Desk firstname.lastname@example.org for assistance.
- It is forbidden to connect a device to the Lasell network which has been modified in any way that voids the warranty.
The Department of IT reserves the right to monitor and collect data on all traffic and devices on the Lasell network and those managed or owned by Lasell. Lasell may choose to set limits on an individual's use of a resource through quotas, time limits, and other mechanisms to ensure that these resources can be used by anyone who needs them. The Department of IT will immediately terminate network service with or without notice, to any individual and/or device that is found out of compliance with these procedures or is a threat to security of privacy of data. All potential threats will be investigated and reported to the Chief Information Officer. All data pertaining to the activity of an employee or student will be released when permission from the Director of Human Resources (employees) or Director of Campus Police (students and Village Residents) and the Vice President for the area or President of the college is obtained. All data pertaining to legal matters will be released with the permission of Lasell's legal counsel or the Vice President of Business and Finance.
Indemnification of Lasell College and Lasell Village
Members of the Lasell Community and their affiliates, in consideration of access to Lasell's information technology, indemnify, defend, and hold harmless Lasell College and Lasell Village for any suits, claims, losses, expenses or damages, including, but not limited to, damage, corruption, loss of data, or breach of data, as a result of connecting to or using Lasell's information systems.
The Department of Information Technology enforces the Lasell Acceptable Use of Information Technology Systems and its standards at all times. The Department of IT works in concert with the Office of Student Affairs, Human Resources, Campus Police, and the Executive Director of Lasell Village to ensure fair and appropriate investigation, considerations, and consequences where appropriate. Consequences may include the monitoring of the offenders account by an Information Technology (IT) staff member. In addition, the offender may be subject to disciplinary action, up to and including termination, expulsion, and notification of legal authorities.
The Acceptable Use of Information Systems procedures are governed by the Department of Information Technology (IT) for Lasell College and Lasell Village. IT reserves the right to modify or amend this document and to limit or restrict the use of information technology and services.
It is the responsibility of all individuals in the Lasell Community to urge their peers and colleagues to use Lasell information technology and services appropriately and according to this document. Individuals are urged to report violations of the Acceptable Use Systems to the Vice President of Student Affairs, their supervisor, Director of Human Resources, or Chief Information Officer.
Questions and Assistance
If you have any questions or concerns about these procedures, contact the Vice President of Student Affairs, a direct supervisor, Director of Human Resources, or Chief Information Officer.