Back to Table of Contents                                                         

3.3.4.p.1. Procedure: Southeastern Technical College Computer Use

1.0 Overview

Due to the technological revolution in the workplace, businesses such as Southeastern Technical College (STC) have turned to computer technology as the primary tool used to communicate, perform research, and accumulate information.

Electronic information research skills are now fundamental to preparation of citizens and future employees. STC expects faculty to blend thoughtful use of the Internet throughout the curriculum and provide guidance and instruction to students in its use. As much as possible, access from STC to Internet resources should be structured in ways that point students to those resources that have been evaluated prior to use. While students shall be able to move beyond those resources to others that have not been previewed by staff, they shall be provided with guidelines and lists of resources particularly suited to learning objectives. Students and employees utilizing technical college-provided Internet access are responsible for good behavior on-line just as they are in a classroom or other area of the college.

As the number of users logging on to the college’s network at the school or by remote access has increased, so has the possibility of STC’s computer resources being mistreated; compromised; or experience unauthorized access, disclosure, destruction, modification, or loss. With easy access to STC’s Internet and network resources, it is very important to have well-defined computer use guidelines. Well defined regulations/procedures help protect the end-user as well as STC. Using a computer without permission is theft of services and is illegal under state and federal laws. Federal law prohibits misuse of computer resources. In addition, the following specific computer crimes are prohibited by state law in Georgia (O.C.G.A. § 16-9-90 et seq.:
a. Computer Theft
b. Computer Trespass
c. Computer Invasion of Privacy
d. Computer Forgery

Effective security is a team effort involving the participation and support of every STC employee and any affiliate who deals with information and/or information systems. It is the responsibility of every computer user to know these guidelines, and to conduct their activities accordingly. Users of STC computers and computer systems are subject to the Technical College System of Georgia (TCSG) policy and the STC procedure on the development of Intellectual Property.

Users of STC computers and computer systems or hosted services are subject to the STCs Information Security Standards. STC makes no warranties of any kind, either express or implied, for the computers, computer systems and Internet access it provides. STC shall not be responsible for any damages users suffer, including but not limited to loss of data resulting from delays or interruptions in service. STC shall not be responsible for the accuracy, nature or quality of information gathered through technical college hard drives or servers; nor for the accuracy, nature or quality of information gathered through technical college-provided Internet access. STC shall not be responsible for personal property used to access its computers or networks or for technical college-provided Internet access. STC shall not be responsible for unauthorized financial obligations resulting from technical college-provided access to the Internet.

These standards are equally applicable to employees of STC, wherever housed, and to employees and students of the technical college.

2.0 Purpose

The purpose of STC provided computers, computer systems, and Internet access is to facilitate the development of skills and enhance communications in support of research, and education, and workforce development. To remain eligible as users, employees and students' use must be in support of and consistent with the educational objectives of STC access is a privilege, not a right. Access entails responsibility. The purpose of this procedure is to outline the acceptable use of computer equipment at STC. These rules are in place to protect STC as well as its employees, students, and guests. Inappropriate use exposes STC to risks including virus attacks, compromise of network systems and services, and legal issues.

3.0 Scope

This procedure applies to employees, students, contractors, consultants, temporaries, and other workers at STC, including all personnel affiliated with third parties. This procedure applies to all equipment that is owned or leased by STC.

4.0 Procedure

4.1 General Use and Ownership

1. While STC's network administration desires to provide a reasonable level of privacy, users should be aware that the data they create on the college systems remains the property of STC. Because of the need to protect STC's network, users should not expect files stored on STC’s computers and/or network to be private. Electronic messages and files stored on STC computers shall be treated like other STC premises that are temporarily assigned for individual use. Administrators may review files and messages in an effort to maintain system integrity and in an effort to insure that users are acting responsibly. Moreover, STC officials are expected to cooperate with law enforcement officials who are properly authorized to search STC computers and computer systems.

2.  End-users are responsible for exercising good judgment regarding the reasonableness of personal use.  Occasional and appropriate personal use is acceptable and permitted by the college.  However, this use should be brief, infrequent, comply with this procedure, and shall not interfere with the user’s performance, duties, and responsibilities.

3.  For security and network maintenance purposes, authorized individuals within STC may monitor equipment, systems and network traffic at any time.

4.  STC reserves the right to audit networks and systems on a periodic basis to ensure compliance with this procedure.

5.  Only the Information Technology Department staff is authorized to provide support, perform installations of new equipment/software, and/or configure devices for the multi-campus network.

6.  Any individual associated with STC needing to connect personally owned devices to the college’s network must obtain prior approval from the Information Technology Department.

4.2 Security and Proprietary Information

1.  Keep passwords secure and do not share accounts. Authorized users are responsible for the security of their passwords and accounts. Passwords should be changed every 90 days.

2.  All faculty and staff PCs, laptops and workstations should be secured with a password-protected screensaver with the automatic activation feature set at 10 minutes or less, or by logging-off (control-alt-delete) when the host will be unattended.

3.  Because information contained on portable computers is especially vulnerable, special care should be exercised.

4.  Any and all critical information (data, files, etc) should be saved to the network. The IT Department is not responsible for any end-user files not saved to the network.

5.  Postings by employees from a STC email address to newsgroups should contain a disclaimer stating that the opinions expressed are strictly their own and not necessarily those of STC, unless posting is in the course of business duties.

6.  All computers that are connected to the STC Internet/Intranet/Extranet, whether owned by an employee, student, third-party, or STC, shall be continually executing approved virus-scanning software with a current virus database.

7.  Employees and students must use extreme caution when opening e-mail attachments received from unknown senders, which may contain viruses, e-mail bombs, or Trojan horse code.

4.3. Unacceptable Use

Under no circumstances is an employee, student, or third-party of STC authorized to engage in any activity that is illegal under local, state, federal or international law while utilizing STC-owned resources.

In addition to the computer crimes delineated in O.C.G.A 16-9-93, the lists below are by no means exhaustive, but attempt to provide a framework for activities which fall into the category of unacceptable use.

System and Network Activities
The following activities are strictly prohibited, with no exceptions:

1.  Violations of the rights of any person or company protected by copyright, trade secret, patent or other intellectual property, or similar laws or regulations, including, but not limited to, the installation or distribution of "pirated" or other software products that are not appropriately licensed for use by STC.

2.  Unauthorized copying of copyrighted material including, but not limited to, digitization and distribution of photographs from magazines, books or other copyrighted sources, copyrighted music, and the installation of any copyrighted software for which STC or the end user does not have an active license is strictly prohibited. Knowingly transmit copyrighted material using peer to peer file sharing technology.

3.  Exporting software, technical information, encryption software or technology, in violation of international or regional export control laws, is illegal. The appropriate management should be consulted prior to export of any material that is in question.

4.  Create, install, or knowingly distribute a computer virus, rootkit, keystroke logger, "Trojan horse," Malware, or other surreptitiously destructive program on any STC computer or network facility, regardless of whether any demonstrable harm results.

5.  Revealing your account password to others or allowing use of your account by others. This includes family and other household members when work is being done at home.

6.  Using an STC computing asset to actively engage in procuring or transmitting material that is in violation of sexual harassment or hostile workplace laws in the user's local jurisdiction.

7.  Making fraudulent offers of products, items, or services originating from any STC account.

8.  Effecting security breaches or disruptions of network communication.  Security breaches include, but are not limited to, accessing data of which the employee, student, or third-party is not an intended recipient or logging into a server or account that the employee, student, or third-party is not expressly authorized to access, unless these duties are within the scope of regular duties.  For purposes of this section, "disruption" includes, but is not limited to, network sniffing, pinged floods, packet spoofing, denial of service, and forged routing information for malicious purposes.

9.  Port scanning or security scanning is expressly prohibited unless prior authorization from the Information Technology Department authorized.

10. Executing any form of network monitoring which will intercept data not intended for the end-user's host, unless prior approval of this activity from the Information Technology Department is authorized.

11. Circumventing user authentication or security of any host, network, or account.

12. Perform any activity that could cause the loss, corruption of, prevention of rightful access to, or unauthorized distribution of STC data and information. Interfering with or denying service to any other host or user other than the end-user’s host (for example, denial of service attack).

13. Using any program/script/command, or sending messages of any kind, with the intent to interfere with, or disable, a user's terminal and/or network session, via any means, locally or via the Internet/Intranet/Extranet.

14. Providing information about, or lists of, STC employees to parties outside STC.

15. Create, access or transmit sexually explicit, obscene, or pornographic material.

16. Create, access or transmit material that could be considered unlawful conduct based on race, color, creed, national or ethnic origin, gender, religion, disability, age, genetic information, political affirmation or belief, disabled veteran, veteran of the Vietnam Era or citizenship status addressed directly to any individual or group that has the purpose or effect of unreasonably and objectively interfering with that individual or groups: (1) performance, (2) work or educational environment or (3) ability to participate in an educational program or activity.

17. Violate any local, state or federal statute.

18. Vandalize, damage, or disable the property of another individual or organization.

19. Access another individual's password, materials, information, or files without permission.

20. Conduct private or personal for-profit activities. This includes use for private purposes such as business transactions, private advertising of products or services, and any activity meant to foster personal gain.

21. Knowingly endanger the security of any STC computer or network.

22. Willfully interfere with another's authorized computer usage.

23. Knowingly connect any computer to any of the STC networks unless it meets technical and security standards.

24. Modify or reconfigure the software or hardware of any STC computer or Network without proper authorization.

25. Conduct unauthorized not-for-profit business activities.

26. Conduct any activity or solicitation for political or religious causes.

27. Create, access, or participate in online gambling. Occasional access to information or websites of the Georgia Lottery Corporation shall not constitute nor be considered inappropriate use.

28. Knowingly evade Internet content filtering or other traffic monitoring tools using VPN, Proxy Services, or similar technologies.

Email and Communications Activities

1.  Sending unsolicited email messages, including the sending of "junk mail" or other advertising material to individuals who did not specifically request such material (email spam).

2.  Any form of harassment via email, telephone, or paging, whether through language, frequency, or size of messages.

3.  Unauthorized use, or forging, of email header information.

4.  Solicitation of email for any other email address, other than that of the poster's account, with the intent to harass or to collect replies.

5.  Creating or forwarding "chain letters", "Ponzi" or other "pyramid" schemes of any type.

6.  Use of unsolicited email originating from within STC's networks of other Internet/Intranet/Extranet service providers on behalf of, or to advertise, any service hosted by STC or connected via STC's network.

7.  Posting the same or similar non-business-related messages to large numbers of Usenet newsgroups (newsgroup spam).

5.0 Enforcement

Abuse or misuse of computing/information technology services may violate this procedure, but it may also violate criminal statutes.  Therefore, STC will take appropriate action in response to user abuse or misuse of computing/information technology services.Violations of these policies incur the same types of disciplinary measures as violations of other STC policies or state or federal laws, including criminal prosecution. Action may include, but not necessarily limited to, the following:

1.  Suspension or revocation of computing privileges.  Access to all computing facilities and systems can, may, or will be, denied;

2.  Reimbursement to Southeastern Tech for resources consumed;

3.  Other legal action including action to recover damages;

4.  Referral to law enforcement authorities;

5.  Computer users (faculty, staff and/or students) will be referred to the appropriate office for disciplinary action.

6.0 Definitions

End-user: Any person using STC’s information systems and/or computers.

Ponzi: Fraudulent investment operation that involves paying returns to investors out of the money raised from subsequent investors.

Spam: Unauthorized and/or unsolicited electronic mass mailings.

Trojan horse: A program in which malicious or harmful code is contained inside.

Virus: A software program capable of reproducing itself and usually capable of causing great harm to files or other programs on the same computer.

Computer theft: Theft of computer services, intellectual property such as copyrighted material, and any other property.

Computer trespass: Unauthorized use of computers to delete or alter data or interfere with others' usage.

Computer invasion of privacy: Unauthorized access to financial or personal data or the like.

Adopted: June 25, 2009
Reviewed: August 15, 2016; September 15, 2016; September 18, 2017; March 19, 2018; March 25, 2019; March 16, 2020; March 15, 2021;
Revised: January 30, 2018;