Information Technology Policy

Previously: Information Technology Acceptable Use Policy

Revised and Board Approved June 1, 2016 Revised December 5, 2001 Originally Approved March 5, 1997

1.0 Purpose

Clovis Community College (CCC) provides numerous Information Technology (IT) resources for use by its students, faculty, and staff.  IT includes, but is not limited to, all college computing equipment, software, systems, networks, electronic mail, and Internet access.  These resources are the property of Clovis Community College and are provided for the campus community to support the College’s mission and institutional goals.  The purpose of this policy is to protect CCC technology users and resources, to ensure equitable access, and to facilitate proper management of its resources.

1.1 Applicability

This policy applies to all users, including: employees, students, faculty, staff, contractors, administrators, and third parties that have access to Clovis Community College’s network.  By using the Internet access provided, the user must agree to this policy and acknowledge that we may record and monitor records of CCC user IDs and Internet access at all times with no expectation of privacy, whether using a company computer or using their own laptop, but connecting through the Clovis Community College network or using CCC credentials.

1.2 Responsibilities

Users are responsible for all their activities while using technology resources and services.  By using the College’s resources, users agree to abide by all relevant Clovis Community College policies and procedures, in addition to all federal, state, and local laws.  Each computing facility or service has specific rules and regulations that govern the use of its systems, and users must comply with those rules and regulations.  Users are responsible for keeping up to date with this Information Technology Policy and other applicable policies, procedures, and guidelines.  Current technology policies are available on the campus website, Pathway web portal, and at the Information Technology Office.

2.0 Access

Users of computing resources may be limited by issues of need, availability, or appropriate use.  Access to computing resources is provided to learn, explore, and grow as a part of a user’s education or employment at Clovis Community College.  However, activities related to the college’s educational mission and institutional goals take precedence over computing pursuits of a more personal nature.  Some applications may be actively discouraged due to the demand placed on limited resources.  Cooperation with College computing staff is expected if users are asked to refrain from running applications when resource use is heavy.  Users may not access networks, servers, drives, folders, or files to which the user has not been granted authorization.  Unauthorized users may not destroy, delete, erase, or conceal files or other data, or otherwise make files or data unavailable or inaccessible.  In addition, users may not access another employee’s computer, computer files, or electronic mail without authorization from his/her supervisor.

2.1 Security

Owners of computer accounts are responsible for safeguarding their user IDs and passwords.  Owners are responsible for all activity generated from their accounts.  Misuse of access rights will be reported to the appropriate department or division supervisor.

A screensaver and password feature must be used to protect an employee computer if the user must leave an active device.  This feature will log the user out of an active session and a username and password combination must be re-entered for further access.

Physical areas where information assets are kept, including server rooms, telecom closets and certain office areas that may contain sensitive information, are physically secured to prevent theft, tampering or tapping, or damage.

2.2 Privacy

Users should be aware that although Clovis Community College takes reasonable measures to protect the security of its computing resources and accounts assigned to individuals, CCC does not guarantee absolute security and privacy.  Clovis Community College owns the rights to all data and files in our computers, network, or other information systems, subject to applicable laws.  Clovis Community College may use software that allows us to monitor messages, files, or other information that is entered into, received by, sent, or viewed on CCC’s network.  By using equipment or Internet access provided by CCC, users consent to the monitoring of all network and information systems.  Communications and other documents created by means of Clovis Community College technology resources are subject to New Mexico’s Inspection of Public Records Act (See Resources for Compliance Information) to the same extent as if they existed on paper.  Information stored electronically may also be made available in administrative or judicial proceedings.  Current practice is to treat electronic data with as much privacy as possible.  However, situations may arise where employees with legitimate business purposes may have the need to view information, electronic mail, or monitor user activity on the network.  Clovis Community College will do so only when it is appropriate to prevent or correct improper use, satisfy a legal obligation, or ensure proper operation of the electronic resources.  The president, or his/her designee, may authorize access to employee or student electronic mail or computer files in a number of circumstances including, but not limited to:

  • Situations involving the health or safety of people or property;
  • Possible violations of codes of conduct, regulations, policies, or laws;
  • Termination of an employee;
  • Other legal responsibilities or obligations of Clovis Community College;
  • The need to locate information required for College business.

3.0 Mobile Computing

This section is applicable to all Clovis Community College employees, students, faculty, staff, contractors, administrators, and third parties who have access to CCC’s network via personal or College issued laptop computer, tablet, iPad, iTouch, iPhone, Palm, Blackberry, WebOS, Android, netbook, web-enabled cellphone, and like devices.

Clovis Community College provides its students and employees who acknowledge and agree to the terms and conditions, the opportunity to use their own computers, smart phones, tablets, and other devices to access and use Clovis Community College’s network.

Protection of laptop/mobile devices, especially when used off-site, is necessary in order to reduce the risk of both unauthorized access to the data contained on the device, as well as the data that the device has access to on the Clovis Community College network.  Protection is also necessary to safeguard against loss or damage of the device itself.  Generally, a laptop or other mobile computing device should be given the same level of protection as sensitive information in hard copy, on the Clovis Community College network, or in other CCC controlled environments.

3.0.1 Mobile Computing Guidelines

  • Clovis Community College owned laptop/mobile device make, model, serial number, and media access control address is to be recorded and stored in a safe location in order to give precise information to authorities in case of theft.
  • The Information Technology Department is responsible for installing software and hardware configurations and available upgrades to all laptop/mobile devices owned by Clovis Community College.
  • Unattended storage standards for laptop/mobile devices should be same as those for the storage of similar hard copy information.
  • The user has overall responsibility for the confidentiality, integrity, availability, and accessibility to personally, or Clovis Community College, owned laptop/mobile device and the data on or accessible through the laptop/mobile device.
  • Anti-virus/anti-malware software will be installed on the laptop/mobile device and all incoming disks/magnetic/digital media /jump drives should be virus‑checked before use.
  • Users must take active steps to prevent casual overview or attempted use by unauthorized personnel.
  • User ID and authentication is required before access is given to data and applications residing on the laptop/mobile device.
  • A screensaver and password feature should be used to protect the machine if the user must leave the activated laptop, and a user password must be re-entered for further access.
  • Passwords must meet the standards set forth by Clovis Community College or Third Party Vendors.

4.0 Electronic Communication

Clovis Community College provides a variety of electronic communication channels such as Internet, electronic mail, messaging, chats, lists, newsgroups, web pages, web Pathway portal, online learning management system, and other third party systems for use by students, faculty, and staff.  Users of these services are responsible for adhering to any third party terms of service that apply.  Clovis Community College encourages the appropriate use of these technologies to enhance its mission and goals.  Clovis Community College permits incidental personal use of electronic mail provided that such use does not interfere with the operation of the college and does not negatively impact the user’s job performance.

Users are instructed to use caution when opening electronic mail and attachments from unknown senders because these pieces of electronic mail and attachments may contain viruses, root kits, spyware or malware that can put our system and sensitive information at risk.

4.0.1 Student Email

Clovis Community College provides an electronic mail (email) address to all admitted students and is an official means of sending information to students.  The Information Technology department is responsible for creating and maintaining email accounts.  Students are responsible for reporting problems with their student email accounts to the Help Desk in a timely manner.  Upon initial third party login to student email, students agree to use their student email accounts for personal, non-commercial use only.

Clovis Community College email shall be considered an appropriate delivery method for official communication by Clovis Community College with students unless otherwise prohibited by the Family Educational Rights and Privacy Act of 1974 (FERPA) (See Resources for Compliance Information) regulations.  Students are responsible for adhering to both Clovis Community College’s Information Technology Policy relating to email and any third party terms of service that apply to their student email accounts.

Students are advised to check their official email regularly.  Faculty will determine how the use of electronic form of communication, including email, will be used in their classes and will specify their requirements in their syllabi.  Faculty can make the assumption that official student email accounts are being accessed and that they can use email for their classes accordingly.  Non-Clovis Community College students who are being taught by the college’s faculty members will not be given a CCC student email account.  Faculty is responsible for communicating with non-Clovis Community College students through alternative means.

Students must be aware of mailbox capacity and ensure there is sufficient space in their mailbox to receive email.  Certain communications may be time critical and those students who choose to forward Clovis Community College email to another account do so at their own risk.  Having email lost as a result of redirection does not absolve the student from responsibilities associated with communication sent to his/her official Clovis Community College email address.  However, the college will not hold the student responsible for CCC email system malfunctions that limit access to time critical information.

Name changes will affect student email addresses.  If a student requests a name change, a new email address will be created at the end of the semester.  Letters will then be compiled to update students of their new email addresses.

4.0.2 Employee Email

Supervisors are responsible for requesting email accounts for new employees.  A request for an email account can be made by submitting a completed “New Account Request Form” to the Information Technology Office.  Forms are emailed to the new employee’s supervisor from the Human Resource Services Office.  Upon receipt of the completed form, Information Technology will create the email account and contact the new employee to setup an appointment for software installation and training.  The employee must be present during the installation of the email software to verify the user ID and password.  Accounts will not be installed unless the employee is present.

Clovis Community College encourages employees to keep in mind that when using email, documents are not private and may be read by others at the College or outside the College under the appropriate circumstances.  Employees should be aware that there may be instances where such messages may be forwarded to others.  Although a message may be deleted from the email system, the record of it may still be retrievable.  Appropriate discretion in using employee email is advised.

Email is not appropriate for transmitting sensitive or confidential information, and the information shared with or regarding a student falls under the FERPA.  Employees are responsible for maintaining the confidentiality of student records in accordance with FERPA, and any applicable local, state, and federal laws.

4.1 Confidential Information

Confidential information, or personally identifiable information, includes any information that can be used to identify an individual such as date of birth, birthplace, social security number, and like information.  All employees are required to protect the integrity of Clovis Community College proprietary and confidential information and the proprietary and confidential information of other Clovis Community College, or third party, entities.  Employees must exercise a greater degree of caution in transmitting confidential information on the email system than with other communications.  Email is an inappropriate method to transmit confidential information.  Due to the ease by which information can be redistributed, confidential information should never be transmitted or forwarded to unauthorized individuals or companies. Forwarding messages with confidential content to employees at the college who are not on a need-to-know basis of the subject matter is prohibited.

4.1.1 Legal Custodian of an Email Message

Emails and attachments are records of value that need to be managed within the Clovis Community College’s records management policies like any other record.  The legal custodian of an email message will normally be the originator if that person is a college employee; otherwise, it will be the individual to whom the message is addressed once the message is received.  The legal custodian is the person responsible for ensuring compliance with the New Mexico Records Retention Schedule.

Although most individuals periodically back up information residing on system hard drives, this is not done for archival purposes or to meet the requirements of the New Mexico Records Retention Schedule. In the event the email system is unlawfully tampered with or fails, backups will be used as a safety measure. The system administrator is not the legal custodian of messages that may be included in such backup files.  While Clovis Community College email servers are provided to facilitate the delivery of email and permit archiving of email messages, the legal responsibility for retention and archiving rests with the legal custodian.

If the legal custodian of the email leaves employment, it is the responsibility of the relevant department administrator to ensure that any email remaining on the computer is retained or disposed in compliance with Clovis Community College’s approved records retention and disposition schedule.  The department director should ensure that such action is taken before an email account is closed.

4.1.2 Email Retention and Disposition

For additional information and guidelines regarding the retention and disposition of email messages, legal custodians of email messages should consult the New Mexico General Records Retention and Disposition Schedule (See Resources for Compliance Information).  Any records that are subject to audit proceedings or that relate to pending or probable litigation must be retained until the final conclusion of the audit or litigation, regardless of an approved disposition schedule that would permit earlier disposition.  Any record may be retained longer than the period stated in the disposition schedule, in the discretion of the custodian.

4.2 Email Quotas

Each employee email account has a limited disk storage quota assigned to it.  Clovis Community College does not provide unlimited disk space to employees.  Attachments of spreadsheets, word processing documents, graphics, or multi-media files consume significantly more space than the average text email message.  Users should consider the use of alternative methods such as FTP or the Web to share large files whenever possible.  The transfer of large documents not only consumes disk quota, but also slows mail delivery to all users.

For best practice, users should review messages every week and delete those that are not needed.  If the content of the message needs to be saved for longer than a week, it should be placed in a folder archived to a local hard disk or diskette, or printed out and saved in the appropriate file. 

If an email account is over 80% full, that user will be notified of the situation.  If that user does not remove messages to free disk space, the mailbox may reach capacity causing any new email messages to be rejected and/or returned to the sender.  Users should be aware that messages from list serve subscriptions can easily fill the mailbox, especially when absent from campus for extended periods of time.  It is a good idea to unsubscribe from lists if users are going to be absent from campus for a period of time.  Users can re-subscribe to the lists upon return to the campus.

4.3 Terminating an Email Account and Address

Email accounts can be terminated immediately at the request of a department director, division chair, or appropriate administrator depending on the type of employment separation.  Faculty accounts can remain active for a period of four weeks after the end of the employment contract with approval from the division chair.  Staff email accounts are terminated on the day the employee exit procedure takes place.  In lieu of terminating an employee’s email account, supervisors may request that mail messages be forwarded to another individual on campus.  Employees should be aware that redirected mail includes all messages, even those of a personal nature.

5.0 Social Media

A representative from Institutional Advancement is required to be appointed as administrator over Clovis Community College pages in order to aid in search and discover of any CCC pages and to encourage cross-promotion between groups on campus.  Clovis Community College supports self-expression, including the right to express oneself to others via letters to the editor, Internet blogs, social web pages, posting on open forums, or speaking during public events. Online social networking sites and other online communication platforms and technologies, such as Facebook, LinkedIn, MySpace, Twitter, YouTube and blogs, are primarily aimed at personal relationships and communications among individuals.  While CCC employees may use these media to communicate with friends and family outside of work, users should be mindful that whatever is published is publicly available to Clovis Community College employees, students, and other vendors to view.

5.0.1 Social Media Guidelines

  • Users are to conduct themselves in a professional and businesslike manner.
  • Users are not to reference or discuss private, internal-use only, copyrighted, or confidential information belonging to Clovis Community College.
  • Users are not to reference or discuss anything that would be a violation of FERPA regulations.
  • Users are not to use vulgar, obscene, offensive, threatening, harassing or defamatory language.

 

Also reference Clovis Community College Social Media Policy.

6.0 Appropriate Internet Usage

Users who purposely access sites or distribute electronic messages containing pornographic, lewd, sexually explicit, illegal, or other offensive material may expose Clovis Community College to liability for sexual harassment or other unlawful discrimination.  This includes information that contains sexual implications, racial slurs, gender-specific comments or any comment that offensively addresses someone’s age, sexual orientation, religious or political beliefs, national origin, or disability.  Additionally, intentional access or distribution of such information is not for business purposes and is not necessary for the performance of legitimate job duties and responsibilities.  Such use of the Internet is strictly prohibited.

6.1 Misuse of Technology Resources

Clovis Community College provides Information Technology resources for users to engage in activities that support the work of the institution.  Use of Clovis Community College resources for personal profit, non-college related activities, advertising the sale of personal items, or distributing political campaign materials is not permitted.  Employees may not use the “All Campus User” mass distribution list to send non-work related messages.  Other examples of misuse include, but are not limited to:

  • Attempting to defeat or circumvent any security measures, controls, accounts, or record-keeping systems;
  • Using systems for unauthorized access;
  • Intentionally altering, misappropriating, dismantling, disfiguring, disabling, or destroying any computing information, hardware, or services;
  • Using technology resources for workplace violence of any kind as defined in Campus Code of conduct;
  • Using technology resources for unlawful purposes including fraudulent, threatening, defamatory, harassing, or obscene communications;
  • Invading the privacy rights of anyone;
  • Disclosing or using non-public information for unauthorized purposes;
  • Disclosing student records in violation of FERPA;
  • Violating copyright law;
  • Using another person’s user ID, password, files, or data without permission.

7.0 Copyright

Clovis Community College respects copyright laws and insists that its faculty, staff, and students do likewise.  Copyright infringement and illegally downloading copyrighted content such as software, database files, documentation, articles, images/graphic files, or downloaded information will not be tolerated.  Users will not include copyrighted content in email, documentation, website, etc. unless evidence exists that Clovis Community College has the right to distribute, reproduce, or display that copyrighted material.

8.0 Third Party Services

Clovis Community College licenses the use of many third party services to provide additional resources to students and employees.  Third parties retain the ownership and distribution rights to this software.  Users may not distribute licensed software.  Students and employees are responsible for complying with the terms of service of any third party services that they utilize in addition to any Clovis Community College policies that apply to the use of that service.

9.0 Accountability and Responsibility

All employees, administrative consultants, contractors, and non-employee users are responsible for the secure handling, processing, transmittal and safeguarding of sensitive information.  This responsibility is fulfilled by the acceptable use of the Clovis Community College network and the Internet access it provides.

Third parties/vendors are responsible for ensuring their use and access to Clovis Community College and its computing resources, whether on their own information assets or on our assets, meet our security protections and safeguards and that the assets are used appropriately.

Information Technology is responsible for ensuring that a user acknowledgement or a non-disclosure agreement has been signed by all users acknowledging this Information Technology Policy before providing access to Clovis Community College sensitive computing resources.

10.0 Sanctions

Clovis Community College reserves the right to discipline any user in violation of the Information Technology Policy. Violations of this policy may lead to the suspension or revocation of system privileges and/or disciplinary action up to and including termination of employment.  Appropriate measures will be determined after an investigation by the president or vice president’s designee if a user violates federal or state law or Clovis Community College policy by misusing CCC resources or services.  Clovis Community College reserves the right to advise appropriate authorities of any violation of law.  Procedures contained in the faculty, professional, support, and student handbooks will determine disciplinary action, termination, and/or legal action.

11.0 Agreement

All users of Clovis Community College technology resources must read, understand, and comply with the guidelines outlined in this document.  By using any Clovis Community College Information Technology resources, users agree to comply with these policies.

12.0 Resources

Clovis Community College (CCC)

FERPA Family Educational Rights and Privacy Act

Information Technology Department (IT)

New Mexico Inspection of Public Records Act

Contact Info

Information Technology
Clovis Community College
417 Schepps Blvd.
Clovis, NM 88101

Email: bob.dart@clovis.edu
Call: 575.769.4074

Hours of Operation:
Monday-Thursday: 8:00 a.m. to 5:00 p.m.
Friday: 8:00 a.m. to 4:30 p.m.

 

©