Policy and Guidelines for Responsible Computing at CU Colorado Springs
Modified: 2 July 2002

Approved: UCCS Faculty Assembly
UCCS Student Government

I. Overview

In support of its mission of teaching, research, and public service, the University of Colorado at Colorado Springs provides access to computing and information resources for students, faculty, and staff of the University of Colorado within institutional priorities and financial capabilities. The Policy for Responsible Computing at UCCS contains the governing philosophy for regulating faculty, student, and staff use of the University's computing resources. It spells out the general principles regarding appropriate use of equipment, software, networks and data. In addition to this policy all members of the University community are also bound by local, state, and federal laws relating to copyrights, security, and other statutes regarding electronic media. Top

II. Policy

A. Purpose of resources; privileges.

CU Colorado Springs computing resources (facilities, equipment, systems, and personnel) are for the use of authorized individuals only and for use only in a manner consistent with each individual's authority. Access to and use of CU Colorado Springs computing resources is a privilege granted to authorized users for scholarly, research, academic, and administrative purposes. Authorized users include, but are not limited to, students, staff, faculty, and retired faculty and staff.

<top>

B. General use.

Central to appropriate and responsible use is the stipulation that, in general, computing resources shall be used in a manner consistent with the instructional, public service, research, and administrative objectives of the University. Use should also be consistent with the specific objectives of the project or task for which such use was authorized. All uses inconsistent with these objectives are considered to be inappropriate use and may jeopardize further access to services.
CU Colorado Springs's technology resources may not be used in any manner inconsistent with an individual's authority, prohibited by licenses, contracts, University policies, or local, state, or federal law. No one may grant permission for inappropriate use of computing resources, nor does the ability to perform inappropriate actions constitute permission to do so. All users of University-owned or University-leased technology systems (e.g., computers, networks, phones, media equipment, etc..) must respect the rights of other computer users, respect the integrity of the physical facilities and controls, and respect all pertinent license and contractual agreements.
University technology resources are not to be used for commercial purposes, personal gain, or non-University-related activities. Individuals using University information technology may not: (a) violate such matters as University or third party copyright or patent protection and authorizations, as well as license agreements and other contracts, (b) interfere with the intended use of the information resources, (c) seek to gain or gain unauthorized access to information resources, (d) without authorization, destroy, alter, dismantle, disfigure, prevent rightful access to or otherwise interfere with the integrity of computer-based information and/or information resources, (e) without authorization invade the privacy of individuals or entities that are creators, authors, users, or subjects of the information resources.

<top>

C. Specialized use.

Under special circumstances, University technology resources can be used for commercial purposes when those purposes are within the interests of the University. See the Director of IT for contractual agreements and other details.

<top>

D. Expectation.

Members of the CU Colorado Springs community who use computing resources are expected to do so in an effective, efficient, appropriate, ethical, and legal manner. Use of campus computing resources, depends upon mutual respect and cooperation to ensure that all members of the CU Colorado Springs community have equal access, privileges, privacy, and protection from interference and harassment.

<top>

E. Enforcement.

The University reserves the right to limit, restrict, revoke or extend computing privileges and access to its information resources. This policy applies equally to all University-owned or University-leased computers.

<top>

III. User Responsibilities

When you use the CU Colorado Springs computing services, you accept the following specific responsibilities:

• To respect the privacy of other users; for example, you shall not intentionally seek information on, obtain copies of, or modify files, tapes, or passwords belonging to other users or the University, shall not represent others, unless authorized to do so explicitly by those users, nor shall you divulge sensitive personal data to which you have access concerning faculty, staff, or students without explicit authorization to do so.
• To respect the rights of other users; for example, you shall comply with all University policies regarding sexual, racial, and other forms of harassment. Specifically, you shall not abuse, harass, intimidate, threaten, stalk or discriminate against others through the use of computing resources.
• To respect the legal protection provided by copyright and licensing of programs and data; for example, you shall not make copies of a licensed computer program to avoid paying additional license fees or to share with other users.
• To respect the intended usage of resources; for example, you shall use only those resources assigned to you by service providers, faculty, unit heads, or project directors for the purposes specified, and shall not access or use other such resources unless explicitly authorized to do so by the appropriate authority. You may not use University resources assigned to you or others for profit-making or fund-raising activities unless explicitly authorized to do so by the appropriate authority
• . To respect the shared nature of resources; for example, you shall avoid activities that unreasonably tax system resources or that, through frivolous use, go beyond the intended use of the system. For example, you should not play computer games within the computer labs at CU Colorado Springs.
• To respect the intended usage of systems for electronic exchange (such as e-mail, IRC, Usenet News, World Wide Web, etc.); for example, you shall not send forged electronic mail, mail that will intimidate or harass other users, chain messages that can interfere with the efficiency of the system, mass mailings not related to the topic(s) of the addressed group(s), or promotional mail for profit-making purposes. Also, you shall not break into another user's electronic mailbox or read someone else's electronic mail without his/her permission.
• To respect the integrity of the system or network; for example, you shall not intentionally develop or use programs, transactions, data, or processes that harass other users or infiltrate the system or damage or alter the software or data components of a system. Alterations to any system or network software or data component shall be made only under specific instructions from authorized faculty, unit heads, project directors, or management staff.
• To respect the financial structure of a computing or networking system; for example, you shall not intentionally develop or use any unauthorized mechanisms to alter or avoid charges levied by the University for computing, network, and data processing services.
• To adhere to all general University policies and procedures including, but not limited to, policies on proper use of information resources, information technology, and networks; acquisition, use, and disposal of University-owned computer equipment; use of telecommunications equipment; ethical and legal use of software; and ethical and legal use of administrative data.
• To adhere to all general University policies regarding student conduct and academic integrity.

<top>

IV. Appropriate Use Guidelines

The use of UCCS computing and network resources is a privilege that depends on using the resources appropriately. Appropriate use includes but is not limited to, adherence to the following guidelines:

<top>

A. Legal Guidelines

You must use all CU Colorado Springs resources in strict accordance with local, state, and federal laws. These laws cover such areas as illegal access to computer systems, networks, and files; copyright violations; slander, defamation and libel; and harassment issues.

• DO NOT copy and/or use software, images, music, or other intellectual property unless you are certain that you have the right to do so.
• DO NOT transmit to others inappropriate images, sounds, or messages that might reasonably be considered harassing. Harassment is defined as the creation of an intimidating, hostile, or offensive working or educational environment.
• You assume responsibility for actions initiated by you that may be interpreted as slanderous or of a libelous nature.
• DO NOT attempt to break into CU Colorado Springs systems, networks, or user accounts.
• DO NOT use CU Colorado Springs systems or networks as a staging ground for attempts to break into other systems or networks.
• DO NOT use CU Colorado Springs resources for partisan political purposes, such as using email to circulate advertising for political candidates.

<top>

B. Account Guidelines

Once you have an account on any UCCS computer, you are responsible for any and all use made of that account. Accounts are granted for use for work and or study at the University.

• DO NOT use easy to guess passwords. Immediately report any suspected unauthorized use of your account by calling the IT Help Desk at 255-3536 or sending email to helpdesk@uccs.edu. Change your password frequently and protect it.
• DO NOT share your login name or password or allow someone else to create an account under your name.
• DO NOT share any passwords that allow access to University-owned or leased software such as electronic database resources, unless you have the authority to do so.
• DO NOT open up your account and allow people that are not affiliated with the University to use University resources.
• DO NOT attempt to obtain unauthorized access to other users' account data or files.
• Be sure to log off any public computer if you leave the workstation unattended.

<top>

C. Email Guidelines

The use of email must meet the same standards that would apply to the use of campus telephones and campus mail. Further, the use must not interfere with the operation of the computers and networks or with the work of others. Please refer to the Board of Regents policy on email as well as the campus email policy; these may be found at http://www.uccs.edu/~it/policiesmenu/policies.htm.

• DO NOT send email to someone who has requested that you not do so.
• DO NOT send frivolous or excessive messages, either locally or off campus.
• DO NOT create, send, or forward chain letters.
• DO NOT flood another system, network, or user account with email.
• DO NOT obscure the true identity of the sender of email or forge email messages.
• DO NOT use campus email for personal commercial gain; for example, campus email may not be used to advertise rental properties, tickets, or work-for-hire.

<top>

D. World Wide Web Guidelines

The creation of World Wide Web pages must meet the same use guidelines that apply to other computing resources. In particular, World Wide Web pages should be used in a manner consistent with the instructional, public service, research, and administrative objectives of the University. Use should also be consistent with the specific objectives of the project or task for which such use was authorized. All uses inconsistent with these objectives are considered to be inappropriate use and may jeopardize further access to services.

<top>

1. Individual web pages

Individual web pages are encouraged for the following purposes:

• Presenting personal non-commercial information (resumes, family, etc.)
• Experimenting with available Web technologies and authoring tools;
• Publishing and disseminating academic work;
• Linking to cultural, scientific, or historical sites;
• Posting announcements, news bulletins, and other general information.

Individual web pages should not be put to inappropriate uses, which are those uses that are inconsistent with the instructional, public service, research, and administrative objectives of the University. In particular, inappropriate uses include but are not limited to:

• Use of copyrighted materials in any form beyond the 'fair use' laws without the express written permission of the original copyright owner. Please see the library staff for the most current information on the fair use laws for copyright material.
• Personal, commercial uses, which could result in a financial benefit for the page owner or his/her associates and which exist beyond the normal scholarly and teaching mission of the university.
• Use of audio, images (i.e., photographs, paintings, or derivatives thereof), videos, or movies of individuals without their consent. Work that is in or of the so-called 'public domain' is a possible exception to this use.
• Use of any personal information that is not public record pertaining to other individuals without their permission.
• Use of any personal information that is not public record pertaining to other individuals without their express written permission.
• Use of any images or data that are primarily intended to be abusive, obscene, harassing, threatening, or discriminatory. Exceptions to this include those uses that support the scholarly or teaching mission of the university.
• Use of any images or data that violate other University of Colorado or CU-Colorado Springs policies (e.g., Sexual Harassment Policy) or local, state, or Federal laws.
• Creation of direct hypertext links to abusive, obscene, harassing, threatening, or discriminatory material. Exceptions to this include those uses that support the scholarly or teaching mission of the university.
• Use of materials whose nature or volume compromise the ability of the system to serve other users' documents and web pages.
• Any use which constitutes academic dishonesty.
• Use of individual home pages to engage in illegal activity

<top>

2. Departmental and course web pages

Departmental and course pages are encouraged for the following purposes:

• Disseminating general departmental information (goals, office hours, point of contact, etc.);
• Highlighting departmental programs or activities;
• Introducing faculty or staff and/or hyper-linking to their personal pages;
• Departmental and course pages should not be put to inappropriate uses, which are those uses that are inconsistent with the instructional, public service, research, and administrative objectives of the University. In particular, inappropriate uses include but are not limited to: Use of copyrighted materials in any form without the express written permission of the original copyright owner.
• Personal, commercial uses, which could result in a financial benefit for the page owner or his/her associates and which exist beyond the normal scholarly and teaching mission of the university.
• Use of audio, images (i.e., photographs, paintings, or derivatives thereof), videos, or movies of individuals without their consent. Work that is in or of the so-called 'public domain' is a possible exception to this use.
• Use of audio, images (i.e., photographs, paintings, or derivatives thereof), videos, or movies of individuals without their consent. Work that is in or of the so-called 'public domain' is a possible exception to this use.
• Use of any personal information that is not public record pertaining to other individuals without their express written permission.
• Use of any images or data that are primarily intended to be abusive, obscene, harassing, threatening, or discriminatory. Exceptions to this include those uses that support the scholarly or teaching mission of the university.
• Use of any images or data that violate other University of Colorado or CU Colorado Springs policies (e.g., Sexual Harassment Policy) or local, state, or Federal laws.
• Creation of direct hypertext links to abusive, obscene, harassing, threatening, or discriminatory material. Exceptions to this include those uses that support the scholarly or teaching mission of the university.
• Use of materials whose nature or volume compromise the ability of the system to serve other users' documents and web pages.
• Any use which constitutes academic dishonesty
• Use of departmental pages to engage in illegal activity.

<top>

E. System and Network Integrity Guidelines and policy

You must respect the integrity of CU Colorado Springs systems and networks and other people's systems and networks. You must not access any CU Colorado Springs computers or networks nor any computers or networks connected to CU Colorado Springs without proper authorization. In no case may you disrupt or harm computers, computer software, computer data or information, or networks regardless of whether the computer, software, data, information, or network in question is owned by the University.

The Information Technology Department at CU Colorado Springs supports and maintains a number of servers for general campus usage. All servers connected to CU Colorado Springs campus network must be registered with the CU Colorado Springs Information Technology (IT) Department. This includes all web servers located outside of the IT department.

<top>

V. Privacy Issues

The University of Colorado will make reasonable efforts to maintain the integrity and effective operation of its technology systems, but users are advised that those systems should in no way be regarded as a secure medium for the communication of sensitive or confidential information. Because of the nature and technology of electronic communication, the University can assure neither the privacy nor the confidentiality of an individual user's use of the University's technology resources. To be clear, the user has no right to privacy concerning the use of University's technology resources.
In addition, Colorado law provides that communications of University personnel that are sent by electronic mail may constitute "correspondence" and, therefore, may be considered public records subject to public inspection under Colorado's Public Records Act, C.R.S. 24-72-203.

<top>

VI. Consequences of Illegal or Unethical Actions

Actions that are illegal or against University policy will be referred to the appropriate officials regardless of whether or not a computer was involved in their commission. The Information Technology Department's role is to provide technical assistance to the authorities. IT may monitor user activities and access any files or information in the course of performing normal system and network maintenance or while investigating possible violations of laws or policy. Anyone using University resources expressly consents to such monitoring and is advised that if such monitoring reveals possible evidence of criminal activity, IT will provide the evidence to law enforcement officials.

<top>

A. Enforcement

Violations of CU Colorado Springs Computing Policies may result in disciplinary action, including, but not limited to, suspension of access to the WWW, suspension of email privileges, suspension of computing privileges, suspension or expulsion from the University, suspension or termination of employment, imposition of fines, and referral for legal action. The IT Director may recommend to proper campus authorities through proper campus procedures that disciplinary action be taken against the violator.

<top>

B. Reporting

Any individuals who become aware of inappropriate, unethical, or illegal use of CU Colorado Springs computing resources, inappropriate content of an individual home page, or any inappropriate electronic communication should notify the Director of Information Technology.

<top>

C. Illegal Activities

Any illegal activity, particularly those that involve child pornography, will be immediately referred to the CU Colorado Springs Police Department and will also be subject to the procedures that follow.

<top>

D. Notification of Policy Violation

The Director of Information Technology Department will notify the user who is alleged to have violated campus computing policies of the nature of the alleged violation and will provide the user with a copy of campus Computing Policies.

<top>

E. Suspension of Privileges during Investigation

During the investigation of an alleged policy violation, a user's computing and network access may be suspended. CU Colorado Springs reserves the right to examine a user's recorded and stored information in the course of investigating an alleged policy violation.

<top>

F. Procedures

1. The IT Director will review the materials or activity alleged to be in violation of CU Colorado Springs's Computing Policies. If the IT Director believes that the actions or materials violate the policies, the IT Director is authorized to terminate the activity and/or to remove violating materials.

2. If the alleged violator fails or refuses to comply with the IT Director's actions, the IT Director may impose sanctions including suspension of access to the WWW, suspension of email privileges, or suspension of all computing privileges or may refer the matter to the CU Colorado Springs IT Leadership Team (IT Director, Vice Chancellor for Academic Affairs, Vice Chancellor for Student Success, Vice Chancellor for Administration and Finance, and the Senior Faculty Associate for Information Technology) for action. (See the attached appendix for the IT Leadership Team document.)

3. If the alleged violator disagrees with the IT Director, the user may file a written petition requesting the IT Leadership Team to review the case.

4. The IT Leadership Team, in consultation with the alleged policy violator, will appoint a three-person committee to review the case. The committee will consist of a student, a faculty member and a staff person. At least one member will also be a member of the IT Advisory Council. The IT Director will not be a member of this committee.

5. After consulting with the alleged violator and with the IT Director, the committee will determine (a) if a policy violation has occurred and, (b) if a policy violation has been found, what action should be taken to remedy the policy violation.

6. In the event that the committee's decision is appealed, an appropriate recourse will be established by the IT Leadership Team, in consultation with the Staff Council, Faculty Assembly, and Student Government.

<top>

VII. Acknowledgments

These policy guidelines include language adapted from those of many other universities and departments, including the University of Colorado at Denver, University of Delaware, the University of Michigan, the University of Washington, the University of Virginia, and Massachusetts Institute of Technology. Top

<top>

VIII. APPENDIX: IT Leadership Team

Overview Information Technology (IT) has become a pervasive and transcendental resource at CU Colorado Springs. Every unit on campus has become increasingly reliant on IT, which includes computing services, media, and telecommunications. Consequently, information technology must be viewed as an institutional resource and requires careful strategic management. This document outlines how the campus has organized to ensure that IT institutional strategic management has been implemented.

Resources Information Technology is a tool that supports the instructional, research and administrative needs of CU Colorado Springs. The IT Department at CU Colorado Springs supports the IT infrastructure on campus while some specialized needs of various units are supported either by the CU System or by the units themselves. A description of the division of the basic, common and specialized services are available in the Information Technology Services and Responsibilities Memorandum of Understanding Draft. The IT Department is led by the Director of IT, who is responsible for the operation of this department and for assisting in the guidance of IT direction on campus.

The Senior Faculty Associate for Information Technology regularly represents the broad IT perspective on the campus Executive Team, and helps to lead the campus toward a strategic vision for IT by participating in the IT Leadership Team and by chairing the IT Advisory Council (see below for details). In addition, the Senior Faculty Associate will act as a liaison to the CU system on major technology policy committees, manage the Student Technology Fee, serve as chair of the Student Technology Fee Committee, work closely with the campus governance organizations, provide leadership in developing and updating the campus technology plan, provide the linkage of the instructional, research, and administrative management needs to the overall technology decisions of the campus, and ensure that information technology supports the entire University towards fulfilling its educational mission.

Team approach Since IT strategy must reflect not only the mission of the campus but the needs of Academic Affairs, Administration and Finance, and Student Success, the vision, direction and priority setting of IT must include the leadership from these three areas. Further, it is absolutely essential that input from the users is reflected in the IT strategy. Finally, the IT strategy must include the operational aspect of IT. As a result, the campus has chosen to use a team approach in order to ensure that a clear IT strategy, which reflects the needs of all the campus.

<top>

IT Leadership Team

Membership The VCAA, VCAF, VCSS, IT Director, and the Senior Faculty Associate for IT.

Responsibilities The IT Leadership team is to provide overall leadership to the strategic direction of IT at CU Colorado Springs

• Manage pressing IT strategic issues that require executive decision recommendations.
• Determine membership of IT Council.
• Makes recommendations to the IT Strategic Council for input and discussion.
• Recommends agenda items for IT Council
  • Decides on which issues and recommendations to bring to the Chancellor's Executive Team.
  • Frequency of meetings: Informal meetings once a month in the week prior to the monthly meeting of the IT Strategic Council or on an as-needed basis.

<top>

IT Advisory Council (ITAC)

Membership IT Director, Senior Faculty Associate for IT (Chair), and representatives of major user groups within AA, AF, and SS. Members will serve 3 year terms on a rotating basis. One Vice Chancellor will sit as ex-officio member on a rotating basis.

Responsibilities The IT Advisory Council is responsible for advising and providing input to the IT Leadership Team regarding the information technology strategic direction, priorities, and policies at CU Colorado Springs. With direction from the IT Leadership Team, the IT Advisory Council will:

• Advise IT priorities and services.
• Recommend IT budget priorities for next fiscal year.
• Draft and review the IT Strategic Plan.
• Draft and review IT Policy to the IT Leadership Team.
• Frequency of meetings: Once a month throughout the calendar year.

<top>

IT Operating Committee

Membership IT Director (chair), key IT managers and staff, and representatives of user groups selected by the IT Advisory Council. The Senior Faculty Associate will sit on the Council as an Ex Officio member. Representatives serve 3-year terms.

Responsibilities The IT Operating Committee is responsible for providing guidance and assistance to the IT Director with the operational activities of the campus Information Technology department. The IT Operating Committee is NOT to be an oversight committee nor is it to micromanage the IT Department. Instead, the IT Operating Committee is to increase communication between IT operations and the end users. In addition, the IT Operating Committee provides input to the IT Advisory Council concerning IT operating issues that have strategic importance. The IT Director, who chairs the IT Operating Committee, will file reports to the Chair of the IT Advisory Council that summarize and strategic recommendations made by the IT Operating Committee are brought to the IT Advisory Council for review and approval.

Frequency of meetings Once per month throughout the calendar year.

Academic Computing Policy Committee

Membership All regular faculty who currently sit on the ITAC. The chair of the ACPC shall selected by election from the ACPC members.

Responsibilities The ACPC is responsible for reporting information between the ITAC and the Faculty Assembly and is charged with making recommendations concerning IT issues that directly affect the academic areas on campus.

Frequency of meetings: As needed.

<top>