Information Technology Policies
Acceptable Use Policy and User Agreement
I. Justification and Statement of Policy
This policy defines the acceptable use of Franklin & Marshall (F&M) information and technology assets. Those users who violate this policy are subject to the range of sanctions set forth in the Student Code, Human Resources and College policies, as well as any applicable local, state, and federal laws. The College Infrastructure Committee reserves the right to modify this policy at any time.
II. Scope
This policy applies to all members of the F&M community, which includes employees, students, faculty, emeriti faculty, visitors, volunteers, third parties, alumni, contractors, consultants, clients, temporaries, and others (collectively known as "users"), who have access to, support, administer, manage, or maintain F&M information and technology assets.
III. Policy
Access to information and technology assets provided by the College is a privilege granted to the members of the College community. These assets are to be used for the activities for which they were designed. The College also recognizes that local, state, and federal laws relating to copyright, information security, and intellectual property are applicable to all members of the College community. The College reserves the right to limit or restrict computing privileges and access to its information and technology assets without notice.
Privacy
While the College respects an individual's use of computing resources, it should be noted that there
are no facilities provided for sending, receiving, storing, or otherwise manipulating
private messages, information, or files, and there should be no expectation of privacy
when using the College’s network or systems. It is not technically possible to ensure
privacy. The College does not examine or disclose the contents of electronic communications
and traffic data without the consent of the individual participating in the communication,
except in certain cases such as responding to a cybersecurity event, phishing attack,
or network issue, or as outlined elsewhere in this and other policies.
Personal use of F&M technology assets
Technology assets are provided by F&M for the ongoing business needs of the College.
Personal use of equipment assigned to an individual, such as a laptop or tablet, unrelated
to the business needs of the College, is strongly discouraged, as many cybersecurity
events are borne from such crossover usage. Any such personal usage is at your own
risk with no expectation of confidentiality, integrity, or availability.
Using personally owned computing equipment for College business
Employees are provided computing equipment by F&M for the purposes of performing their
job functions. Using personally owned computers to directly access College administrative
systems that are used for the ongoing business operations of the College, such as
HR, payroll, and finance, is strongly discouraged. Employees are expected to use the
equipment they have been provided for such access.
On occasion, situations arise and scenarios occur that may require access to information stored within College systems. This may be prompted, for example, by legal action, health or safety concerns, or by urgent College business needs. Access may be provided with the approval of the following College officer.
Constituency |
College Officer |
Students |
Vice President for Student Affairs |
Faculty |
Provost |
Senior Officers |
President of the College |
President |
Chair, Board of Trustees |
Staff |
AVP for Human Resources |
Internet Use
Users must observe the protections outlined in the College’s Data Classification Policy before using any Internet service to transmit, store, or process confidential or
sensitive data.
Risks that users accept when accessing the Internet include:
-
-
Lack of confidentiality and/or integrity of information accessed, sent, or received.
-
No privacy protections.
-
Website operators and other third parties may collect, store, and share information about users who visit their sites or use their services.
-
Email accounts
All College email accounts
and all data transferred or stored using the College’s email system are considered College records. Ownership of intellectual property is retained by its respective creator(s). This policy is not intended to supersede the College’s Intellectual Property policies.
College email accounts:
-
-
are provided for College-related activities and business.
-
personal use with third-party services that have not been provisioned by the College (streaming services, social media, etc.) is discouraged. A personal email account should be used to limit the individual's and College’s security profile exposure.
-
Personal email accounts (i.e., email accounts not provided by the College):
-
-
are prohibited from being used for official College business.
-
are encouraged to be used with personal services such as social media or online shopping.
-
Inappropriate Use of Email
Sending inappropriate email that violates any College policy is prohibited. Users receiving inappropriate email
should immediately contact the ITS Help Desk at 717-358-6789 or helpdesk@fandm.edu.
In the case of serious risk or potential harm, users should contact the Office of
Public Safety immediately at 717-358-3939.
Selected examples of inappropriate use include:
-
-
harassing, obscene, or threatening messages
-
the unauthorized exchange of sensitive or confidential data
-
sending non-College-sanctioned advertisements, solicitations, or chain letters
-
sending malware or a message that is intended to mislead the recipient into performing an action
-
misrepresenting the identity of the sender of a message
-
using or attempting to use the accounts of others without their permission
-
Network Access
The College reserves the right to determine the information security level of any non-College-owned
or non-College-managed systems that connect to the College network or systems. Before
granting access to the College network, the College will ensure that a baseline level
of security has been met. Users are responsible for their personally owned devices
while they are connected to College information resources. The College also reserves
the right to block software, applications, sites, or services that are determined
to be malicious, that negatively impact network performance, or that are commonly
used for copyright infringement.
Conflicting Network Services
Users may not connect systems to the College network that emulate, spoof, replicate, or interfere
with existing information technology services provided by the College. Some contracted
services, College network tenants, shared services organizations, etc., may inquire
regarding an exemption to this “Conflicting Network Services” section by contacting
the ITS department before installing any software, systems, or equipment and receiving
written permission.
User Prohibitions
User accounts or user device access or services may be suspended for:
-
-
actions negatively impacting any College provided information or technology asset.
-
obstructing others from accessing College resources.
-
violating College licensing or contractual agreements.
-
Users are prohibited from:
-
-
distributing copyrighted material such as images, music, software, movies, electronic books, journals, or any other digital content for which the user does not have appropriate rights.
-
storing information for, or producing, physical items that could be considered weapons of any kind.
-
using College resources to offer goods or services of a commercial nature not sanctioned by the College.
-
User Agreement
I agree to the obligations described above and agree not to use F&M's information and technology
assets in any way that diminishes the effectiveness of those assets or interferes
with the reasonable and individual use of those systems by others. I acknowledge the
right of Franklin & Marshall College and its designated staff, to inspect, when necessary
as a function of responsible system management, all files stored in, or data transmitted
through, the College’s information and technology assets.
I understand that upon violation of the terms of this agreement, the College retains the right to deny current and future computing privileges. I understand that I may also be subject to further disciplinary action by the College and/or legal action arising from the violation of any federal, state, or local laws.
Policy Maintenance
The College Infrastructure Committee will review this policy on an annual basis. All revisions will be presented to the
Chief Information Officer (CIO) and Chief Information Security Officer (CISO) for
approval.
--------
Policy Maintained by: Information Technology Services, Vice President and Chief Information
Officer
Last Reviewed: September 11, 2024