Shenandoah University IT Policy
Mission Statement & Purpose
This policy supports Shenandoah University’s mission statement, promotes responsible use of technology, further enhances academic learning through technology and establishes rules and guidelines for the proper use of University technology.
In order to keep up with changes in technology and/or state and federal laws, the University reserves the right to interpret, revise, or delete any of the provisions of these policies, with or without notice, as the University deems appropriate, in its discretion.
All members of the Shenandoah University community who use the University’s computing and network resources must use them in an efficient, ethical and lawful manner. The University provides computers, accounts, software, and network equipment for use by the University, and members of the University community must use them for purposes which are consistent with the business and mission of the University.
Just as certain privileges are given to each member of the campus community, each member is held accountable for their actions as a condition of continued membership in the Shenandoah community. For more information, please refer to your applicable handbook.
Acceptable Use and Prohibited Conduct
Inappropriate and/or illegal use of computer accounts or resources are subject to disciplinary, criminal and legal actions.
Users will be held responsible for misuse which occurs through authorized or unauthorized use of their credentials.
The use of Shenandoah resources to access, further or otherwise participate in activity which is inconsistent with the mission of the University is prohibited.
Using the University network to provide any service that is visible off campus, without prior Institutional approval, is prohibited. This applies to services such as, but not limited to, HTTP (Web), SSH, FTP, IRC, email, private VPN, etc.
Configuring a computer to provide SUnet access to anyone who is not a Shenandoah University faculty, staff member or student is prohibited.
Users are responsible for keeping their computer applications updated with all security patches/fixes from the appropriate software update services. Many are also available through our ‘Self Service’ application.
Users are responsible for their computer, including its hardware, software, and any network traffic transmitted by it. Please contact IT Help Desk if you have any questions about whether or not certain software/hardware might conflict with this acceptable use policy.
SU has at its sole discretion the right to disable any SU accounts at the university with or without cause.
Personal Use: University IT equipment is primarily for education and business use to assist all users in the performance of their jobs and educational pursuits. Limited, occasional, or incidental use of university IT resources for personal, non-business/education purposes is understandable and acceptable, and all such use should be done in a manner that does not negatively affect the systems' use for their educational and/or business purposes. However, all users are expected to demonstrate a sense of responsibility and not abuse this privilege.
Violations of Permissible Use: Any user who abuses the privilege of their access to e-mail or the Internet in violation of this policy will be subject to disciplinary action, including dismissal, termination of employment, legal action, and criminal liability.
Online Harassment and Cyber Stalking
Online Harassment
No member of the Shenandoah University community may, under any circumstances, use Shenandoah University’s network or computing services to libel, slander or harass any other person or entity. Online harassment includes, but is not limited to, the following examples:
Any action that is unsolicited and inappropriate or deemed harmful to the recipient. Harassment includes anything illegal, including SPAM and sending anonymous e-mail;
Use of objectionable or abusive language, sending obscene or sexually oriented messages or images and sending faked or forged messages;
Contacting another person repeatedly after the recipient has provided reasonable notice that he/she desires such communication to cease;
Use of network or computer resources to disrupt or damage academic, research, administrative or related pursuits; and
Use of network or computer resources to invade or threaten to invade the privacy of another.
If a user receives e-mail or online message that he/she considers harassment, the user should:
Employees immediately report the harassment in writing to his/her supervisor and the Associate Vice President and CIO of IT
Students immediately report the harassment in writing to Student Life and the Associate Vice President and CIO of IT
Send a copy of the offending e-mail or message to the Associate Vice President and CIO of IT
Most important, the user should not delete the e-mail or message.
Cyber stalking
Cyber stalking is an escalation of online harassment in which an individual “tracks” another via the Internet.
If you are being cyber stalked, tell the person harassing you in straightforward terms, “Leave me alone. Stop harassing me. Do not contact me again.” Log off the application immediately, and if possible stay logged off for at least 24 hours. Do not reply to anything further. Utilize any blocking features the application may have to block the person cyber stalking you. Save, print and keep all e-mail messages including all full headers, in a separate folder. If you are being cyber stalked, contact Shenandoah University’s Department of Public Safety at (540) 678-4444. If you ever feel you are in a physical danger from a stalker, immediately contact DPS and/or Winchester Police Department at (540)662-4131 or 911.
Copyright Policy
All members of the Shenandoah University community must comply with federal copyright law (U.S. Code Title 17).Copyright infringement is defined as unauthorized possession or sharing of copyrighted materials, including but not limited to music, movies, computer software and games, videos or any other media which requires a license to possess. Sharing of copyrighted material without permission is a violation of the Digital Millennium Copyright Act (DMCA) and this policy. Both the entertainment and software industries actively monitor the Internet for possible copyright infringements with legal action becoming more common. The law requires the University to respond expeditiously when notified that a user is violating copyright law.
Examples of copyright infringement include, but are not limited to sharing files through:
Email
Peer-to-Peer (P2P) file-sharing programs/services
Posting materials on an Internet web page or folders
Instant message file transfers
Sharing of physical media (CD-ROMs, DVD, USB thumb drives, flash memory, and hard drives)
If the University receives a valid subpoena, it is obligated to turn over any electronic information we have regarding specific instances of data transmitted via our networks.
For further information:
Faculty refer to the Faculty Handbook.
Contact the University Library for more information.
Access to Specific Systems and University Information
Students, faculty and staff should be able to view general data about themselves maintained by the University
Access to selected institutional information will be granted to individuals by the appropriate data custodian
The data custodian is a designated person of a department that has primary responsibility for the maintenance and accuracy of a subset of institutional data. The data custodian is responsible for informing IT when access is no longer needed.
Certain University information is automatically available to groups of people based on their role at the University, e.g.: students, faculty, staff, chair persons, directors, Vice Presidents, President
Access to student record information shall comply with the Family Educational Rights and Privacy Act (FERPA) and the Health Insurance Portability and Accountability Act (HIPAA)
Digital Communications & Data Retention
The purpose of this policy is to ensure the proper use of Shenandoah University’s email, voicemail and other electronic communication systems by all members of the community.
All e-mail communication goes through a secure connection to Google's servers. All official e-mail communications directed to Shenandoah University students, faculty and staff members is exclusively sent to SU-assigned e-mail accounts to ensure timely and accurate delivery of information.
E-Mail and Voicemail Appropriate Use
In using Shenandoah University’s e-mail and voicemail systems, the following procedures and cautions shall be followed by all users:
The e-mail and voicemail systems belong to Shenandoah University and are to be used for appropriate purposes.
Neither e-mail nor voicemail is private. E-mail should be treated as a postcard not a sealed envelope. Never say anything in an e-mail or voicemail message that you would not want to see on the front page of the newspaper or that you would not want an unintended person to read.
No privacy right is granted or provided in e-mail or voicemail messages by Shenandoah University to users, and users should not assume that they have any privacy rights in either their e-mail or voicemail messages or the University’s system.
No user has any right to expect that his or her messages will not be intercepted, read or listened to either by mistake or intentionally by another person.
Shenandoah University owns the e-mail and voicemail systems, and the University will periodically, on an unannounced basis, access, retrieve, monitor, copy and delete messages to ensure that the system is working properly, that no viruses have been introduced, and that all users, primarily employees, are following this policy. This includes retrieving e-mail messages that the user may have deleted but that are retained by the system.
Do not knowingly retrieve, access or read e-mail messages, and do not listen to voicemail messages, that are sent to or intended for another recipient.
All SU e-mail accounts are also subject to Google’s Acceptable Use Policy,
http://www.google.com/a/help/intl/en/admins/use_policy.html.
E-Mail Backup
Shenandoah University does not keep backups of e-mail; all e-mail messages are stored on Google servers.
Data Purging and Record Retention
Individuals are responsible for saving e-mail messages as they are required by law, guided by their supervisor or instructors or as they deem appropriate.
E-mail messages are subject to Google’s purge policies, which may change from time to time without notice. Google currently provides the following guidelines for purging folders: Trash – 30 days; Spam - 30 days.
Users who have actual knowledge of matters in which it can be reasonably anticipated that a court action will be filed, a subpoena has been served or notice of same has been given, or records are sought pursuant to an audit, a government investigation or in similar circumstances must preserve University records, including e-mails or instant messages.
Upon departure from the University (graduation, resignation, etc.), all user data in Google Workplace for Education apps will be subject to deletion after a specified amount of time, which will be communicated to the user upon their departure.
Network Security Policy
Addressing and Domain Services
Individuals, academic colleges/departments or administrative departments at Shenandoah University may not create nor support an Internet domain, hosted from the University's network without prior approval of IT.
IT will provision and manage the public Shenandoah University IP address space and all other private addresses in use by the University.
IT will manage any related domain names (e.g., su.edu).
IT may delegate administrative responsibilities to individuals for certain subnets, but retains the right of ownership for those networks.
University Network Equipment
Unauthorized access to University networking equipment (routers, switches, hubs, etc.) is not permitted. This includes any port scanning or attempts to ssh, snmp or otherwise gain access to University equipment.
Unauthorized access to University equipment closets is strictly prohibited
Network Security
Systems on the network must have adequate security installed and maintained. All systems connecting to the University network must be configured and maintained in such a manner as to prohibit unauthorized access or misuse.
If security problems are observed, it is the responsibility of all SUnet users to report problems to the appropriate system administrators or IT for investigation.
Enforcement
Any device or account found to be in violation of this policy, or found to be causing problems that may impair or disable the network in any way is subject to immediate disconnection from the University's network. IC may subsequently require specific security improvements where potential security problems are identified, before the device is reconnected.
Attempting to circumvent security or administrative access controls for information resources is a violation of this policy. Assisting someone else or requesting someone else to circumvent security or administrative access controls is a violation of this policy.
The University considers any violation of acceptable use principles or guidelines to be a serious offense, and reserves the right to test and monitor security, and reserves the right to copy and examine any files or information resident on University systems allegedly related to unacceptable use.
Monitoring and Auditing
IT will maintain traffic logs of the firewall for security auditing purposes.
IT reserves the right to monitor, access, retrieve, read and/or disclose data communications when there is reasonable cause to suspect a University policy violation, criminal activity, monitoring required by law enforcement or at management request. Reasonable cause may be provided by a complaint of a policy violation or crime or as incidentally noticed while carrying out the normal duties of IC staff.
IT may perform a non-intrusive security audit of any computer system attached to the University's network at any time, to determine what risks that system may pose to overall information security. Any audit consisting of a penetration test would be performed with advance notice to the system administrator or his/her superior.
Internet Traffic Priority
Shenandoah University maintains a private network and is not an Internet service provider.
Access to the Internet via the University's network is primarily for academic purposes and is supported for that purpose. The University retains the right to adjust network settings to give higher priority to academic and University business traffic over all other traffic.
Software Request and Support
IT maintains and supports software that is licensed for campus-wide use. Individual specialized departmental software must be budgeted, purchased and maintained by the individual department. All new software requests must be reviewed and approved by the software evaluation committee.
Faculty software requests should be submitted to the Information and Technology Committee for review and approval.
In accordance with university policy, IT should be notified prior to contacting vendors or scheduling demos with new or existing software vendors.
New Employee Training
Employees should remember that they carry the University’s reputation and name in all that they do. As such, they should conduct themselves accordingly when using the University’s IT resources.
New employees (staff, faculty, adjunct faculty) are required to complete IT training within the first two weeks of hire. This training is to ensure the security of the University. Should a new hire not complete IT training within this time frame, the employee's account will be temporarily disabled until training has been completed.