Procedure Title: Acceptable Use

Impact: Employees/Students/Affiliates

Responsibility: Chief Information Officer

Effective Date: 6/26/1996

Revised Date: 8/23/2017

Reviewed Date:

Relates to Procedure(s): 3.08.01

Legal Citation(s):

I. Acceptable Use

North Idaho College (NIC) Information Technology (IT) resources must be used appropriately to ensure and preserve their integrity and confidentiality so that NIC can meet its mission and goals.  Federal and State laws and regulations, and NIC policies also require appropriate use and the adequate protection of NIC information technology resources and data.

All users are responsible for using and protecting NIC IT resources and data appropriately and in accordance with this policy, procedure, and guidelines.

Nothing in this policy supersedes or modifies any other applicable NIC policy, Federal and State laws and regulations. 

1. Definitions
   1. “Affiliate” refers to any authorized individual, business, or organization connected to NIC, authorized to act on behalf of NIC, or authorized to conduct work related to NIC needs.
   2. “Information Technology” or “IT” resources refers to any resource related to the access and use of digitized information, including but not limited to hardware, software, devices, appliances, and network bandwidth.

Procedure Title: Acceptable Use

Impact: Employees/Students/Affiliates

Responsibility: Chief Information Technology

Effective Date: 4/18/2012

Revised Date: 5/11/2017

Reviewed Date:

Relates to Policy(s): 3.08.01

Legal Citation(s):

I. Ownership and Access

1. All North Idaho College (NIC) Information Technology (IT) resources are the property of NIC and subject to the applicable polices of NIC, Federal and State laws. All data created, processed, and/or retained by a user using NIC IT resources are subject to this policy and procedure.
2. Users have a reasonable expectation of privacy in anything they create, store, send, or receive on NIC data and IT resources, yet NIC reserves the right to monitor IT resources and the use of those resources for operational needs and to ensure compliance with applicable laws and NIC policies and procedures.
3. When NIC receives a public records request, subpoena, litigation or other similar request for information or documents, NIC will take necessary measures to access NIC data and IT resources to comply with its legal obligations.

  II. Responsibility of Users

1. Users of NIC IT resources must adhere to all applicable NIC policies, procedures, guidelines, contracts, and licenses as well all applicable federal, state, and local laws and regulations.
2. Authorized individuals shall only use NIC data and IT resources for the purpose for which access is granted.
3. Users are responsible for reporting violations of acceptable use to the appropriate manager, administrator, or IT department.
4. Incidental personal use of IT resources is permitted; however, users are advised they have no guarantee of privacy or confidentiality in connection with the personal use of these resources.

Personal use must not:

1. 1. Consume resources that interfere with normal NIC operations.
   2. Interfere with work- and job-related duties.
   3. Preempt any business activity.
   4. Violate any NIC policy or applicable laws.
      
      

III. Acceptable Use

The following items include guiding principles for acceptable use of IT resources at NIC.  The IT department in conjunction with the Information Technology Policy and Planning Council (ITPPC) will publish detailed guidelines and examples of acceptable and prohibited use cases.

1. Guiding Principles
   
   

1. 1. Users will use NIC IT resources in a lawful and appropriate manner.
   2. Users will respect the integrity and the security of NIC IT resources and data.
   3. Users will be considerate of the needs of other users by making every reasonable attempt not to impede the ability of others to use IT resources and show restraint in the consumption of IT resources.
   4. Users will respect the rights and property of others, including privacy, confidentiality, and intellectual property.
   5. Users will cooperate with NIC to investigate potential unauthorized and/or illegal use of NIC IT resources.
      
      

IV. Enforcement

Regarding employees and other affiliates, the consequences of policy violation will be commensurate with the severity and frequency of the offense and may include termination of employment or contract.

Regarding students, the consequences of policy violations will be commensurate with the severity and frequency of the offense and may include suspension or expulsion.

Violations of this policy will be addressed in accordance with appropriate NIC policies and procedures, as issued and enforced by the appropriate authorities.

Violations of any local, state, or federal law will be reported to law enforcement.

Consequences of policy violation may include, but are not necessarily limited to, the following:

1. Notification: alerting a user to what appears to be an inadvertent violation of this policy in order to educate the user to avoid subsequent violations.
2. Warning: alerting a user to the violation, with the understanding that any additional violation will result in a greater penalty.
3. Loss of computer and/or network privileges: limitation or removal of computer and/or network privileges, either permanently or for a specified period of time.
4. Penalties: if applicable, the violator may be subject to criminal or civil penalties.

V. Appeal

For employees, appeal of actions taken which result in an unresolved dispute will be handled via the Grievance Policy and Procedure.  For students, all provisions of the Student Code of Conduct shall apply.

VI. Maintenance

This procedure will be reviewed by NIC’s Chief Information Officer (CIO), IT Department, and the ITPPC every three years or as deemed appropriate based on changes in technology or regulatory requirements.

VII. Exceptions

Exceptions to this procedure must be approved by the NIC IT Department and formally documented under the guidance of the CIO, and President’s Cabinet.