Technology and Acceptable Use Policy

Adopted: July 16, 1996

Reviewed: March, 2024

Revised: April 9, 2024

Introduction: The technology facilities and services provided by North Iowa Area Community College including computing, telecommunications and media services are primarily intended for teaching, learning, student support and administrative purposes. NIACC encourages staff to make appropriate and innovative uses of electronic information resources and technologies to improve the academic programs and services to staff and students; and encourages students to make appropriate and innovative uses of such resources to further their learning. The use of technology and information resources is governed by all applicable College faculty, staff and student policies as well as applicable federal, state and local laws and statutes. It is not the intent of NIACC to provide access to technology and information resources for alumni, the general public, or for private use.

Purpose: The purpose of this policy is to establish acceptable practices regarding the use of North Iowa Area Community College Information Resources to protect the confidentiality, integrity and availability of information created, collected, and maintained.

Audience: This policy applies to all employees and any individuals, entities, or processes that interacts with any North Iowa Area Community College Information Resource.

Acceptable Use:

• Individuals are responsible for complying with North Iowa Area Community College policies when using North Iowa Area Community College information resources and/or on North Iowa Area Community College time. If requirements or responsibilities are unclear, please seek assistance from the Chief Information Officer.
• Individuals using North Iowa Area Community College’s information resources should not have an expectation of privacy in such use. North Iowa Area Community College may monitor employees’ use of such information resources at any time with or without notice.
• Individuals must promptly report the theft, loss, or unauthorized disclosure of North Iowa Area Community College confidential or internal information to the Chief Information Officer.
• Individuals should not use Information Resource means or otherwise to purposely engage in activity that may:
  • harass, threaten, or abuse others;
  • degrade the performance of North Iowa Area Community College Information Resources;
  • negatively impact students or any education experiences
  • deprive authorized North Iowa Area Community College personnel access to a North Iowa Area Community College Information Resource;
  • obtain additional resources beyond those allocated;
  • or circumvent North Iowa Area Community College computer security measures.
• Individuals should not download, install, or run programs, utilities or any other non-approved programs on any North Iowa Area Community College Information Resource.

All inventions, intellectual property, and proprietary information, including reports, drawings, blue prints, software codes, computer programs, data, writings, and technical information, developed on North Iowa Area Community College time and/or using North Iowa Area Community College Information Resources are the property of North Iowa Area Community College.

• Use of encryption should be managed and used in a conjunction with Technology Services in a manner that allows secure data storage and North Iowa Area Community College personnel to promptly access all data.
• North Iowa Area Community College Information Resources are provided to facilitate College works and should not be used for personal financial gain.
• Individuals are expected to cooperate with incident investigations, including any federal or state investigations.
• Individuals are expected to respect and comply with all legal protections provided by patents, copyrights, trademarks, and intellectual property rights for any software and/or materials viewed, used, or obtained using North Iowa Area Community College Information Resources.
• Individuals should not intentionally access, create, store or transmit material, which North Iowa Area Community College may deem to be offensive, indecent, or obscene.

Institutional Data: Access to NIACC institutional data--the permission to view or query institutional data--shall be granted to all eligible employees of NIACC for legitimate College purposes. The Board Policy Data Classification Policy details how all College data is classified into defined access levels and that data may not be accessed without proper authorization.

Data users will be expected to access institutional data only in their conduct of College business, to respect the confidentiality and privacy of individuals whose records they may access, to observe any ethical restrictions that may apply to data to which they have access, and to abide by applicable laws and policies with respect to access, use, or disclosure of information.

• Access to information is based on a "need to know" basis and will be assigned according and by recommendation of the immediate supervisor.
• Individuals are permitted to use only those network resources assigned for their use and should not attempt to access any data or programs not assigned to them.
• All remote access connections made to internal North Iowa Area Community College networks and/or environments must be made through approved virtual private networks (VPNs). Which may be logged and reviewed by college personnel.
• Individuals should not divulge any access information to anyone not specifically authorized to receive such information.
• Individuals must not share their North Iowa Area Community College authentication information, including:
  • Account passwords,
  • Personal Identification Numbers (PINs),
  • Security Tokens (i.e. Smartcard),
  • Access cards and/or keys,
  • Digital certificates,
  • Or similar information or devices used for identification and authentication purposes.

Authentication/Passwords:

• All Individuals are required to maintain the confidentiality of personal authentication information.
• Any group/shared authentication information must be maintained solely among the authorized members of the group.
• All passwords, including initial and/or temporary passwords, must be constructed, and implemented according to NIACC Password Policy:
• Unique passwords should be used for each system, whenever possible.
• User account passwords must not be divulged to anyone. North Iowa Area Community College Technology Services support personnel and/or contractors should never ask for user account passwords.
• If the security of a password is in doubt, the password should be changed immediately.
• Individuals should not circumvent password entry with application remembering, embedded scripts or hard coded passwords in client software.

Clear Desk/Clear Screen:

• Individuals should log off from applications or network services when they are no longer needed.
• NIACC will implement a default auto lock screen currently set at 15 minutes.
• Individuals should log off or lock their workstations and laptops when their workspace is unattended.
• Confidential or internal information should be removed or placed in a locked drawer or file cabinet when the workstation is unattended and at the end of the workday if physical access to the workspace cannot be secured by other means.
• Physical and/or electronic keys used to access confidential information should not be left on an unattended desk or in an unattended workspace if the workspace itself is not physically secured.
• Laptops should be either locked with a locking cable or locked away in a drawer or cabinet when the work area is unattended or at the end of the workday if the laptop is not encrypted.
• Passwords must not be posted on or under a computer or in any other physically accessible location.

Data Security:

• Individuals should use approved encrypted communication methods whenever sending confidential information over the Internet.
• Only authorized cloud computing applications may be used for sharing, storing, and transferring confidential or internal information.
• Any unauthorized use of cloud system(s) may result in the college removing information from the unauthorized cloud system(s).
• Information must be appropriately shared, handled, transferred, saved, and destroyed,based on the information sensitivity and data classification standard.
• Confidential information must be transported by either a North Iowa Area Community College employee or a courier approved by the college.
• All electronic media containing confidential information must be securely disposed. Please contact Technology Services for guidance or assistance.
• Personal information stored on NIACC technology resources may be deleted at any time for any reason.

Copyright: NIACC recognizes and adheres to U.S. and International copyright laws, software licenses and intellectual property rights associated with both print and non-print materials.

Internet Access: The College does not accept any responsibility for the accuracy and/or quality of information obtained through its Internet services.

It is expected that each College employee and student will follow ethical and professional guidelines and abide by College policies when using College computer equipment and services to access the Internet.

• The Internet must not be used to communicate North Iowa Area Community College confidential or internal information, unless the confidentiality and integrity of the information is ensured and the identity of the recipient(s) is established.
• Use of the Internet with North Iowa Area Community College networking or computing resources must only be used for college business related activities. Unapproved activities include, but are not limited to:
  • Recreational games, Streaming media, Personal social media,
  • Accessing or distributing pornographic or sexually oriented materials,
  • Harassing or bullying through social media or other social networks,
  • Attempting or making unauthorized entry to any network or computer accessible from the Internet.
• Access to the Internet from outside the North Iowa Area Community College network using a North Iowa Area Community College owned computer must adhere to all of the same policies that apply to use from within North Iowa Area Community College facilities.

Incidental Use:

• As a convenience to North Iowa Area Community College employees, incidental use ofInformation Resources is permitted. The following restrictions apply:
  • Incidental personal use of electronic communications including internet access,personal phone calls and access to personal email may be acceptable when it does not interfere with NIACC’s business operations and is incidental.
  • Incidental use should not result in direct costs to North Iowa Area Community College.
  • Incidental use should not interfere with the normal performance of an employee’s work duties.
  • No files or documents may be sent or received that may cause legal action against, or embarrassment to, North Iowa Area Community College or its students.
• Storage of personal email messages, voice messages, files and documents within North Iowa Area Community College Information Resources must be nominal.
• All information located on North Iowa Area Community College Information Resources are owned by North Iowa Area Community College may be subject to open records requests, and may be accessed in accordance with this policy. Employees should have no expectation of privacy in their use of North Iowa Area Community College’s Information Resources. Such use is subject to monitoring by North Iowa Area Community College at any time with or without notice.

E- Mail and Electronic Communication: Appropriate use of e-mail and electronic communication for College-related business and activities is expected. While electronic messages being sent or stored on networks or servers will be considered by NIACC to be private communications and the responsibility of the staff member or student, users should be aware that it is possible for a hacker or a network administrator at any point along the worldwide Internet communication path to intercept and view documents. In addition, use of e-mail and electronic communications through NIACC’s Information Resources may be monitored at any time with or without notice. NIACC will not be held liable for individual use of electronic mail or use of the Internet.

• Electronic communications should not misrepresent the originator or North Iowa Area Community College.
• Individuals are responsible for the accounts assigned to them and for the actions taken with their accounts.
• Accounts must not be shared without prior authorization from North Iowa Area Community College Technology Services, with the exception of calendars and related calendaring functions.
• Individuals should not use personal email accounts to send or receive North Iowa Area Community College confidential information.
• Any use of North Iowa Area Community College provided email should not:
  • Involve solicitation. Be associated with any political entity.
  • Have the potential to harm the reputation of North Iowa Area Community College.
  • Bully or threaten anyone. Forward chain emails. Contain or promote anti-social or unethical behavior. Violate local, state, federal, or international laws or regulations.
  • Result in unauthorized disclosure of North Iowa Area Community College confidential information.
• Individuals should only send confidential information using secure electronic messaging solutions.
• Individuals should use caution when responding to, clicking on links within, or opening attachments included in electronic communications. Any questions about the validity of the email, contact abuse@niacc.edu
• Individuals should use discretion in disclosing confidential or internal information in Out of Office or other automated responses, such as employment data, internal telephone numbers, location information or other sensitive data.
• If you receive an email you believe to violate any of these rules you should forward the email to abuse@niacc.edu

Hardware and Software:

• All hardware must be formally approved by the Chief Information Officer before being connected to North Iowa Area Community College networks.
• Software installed on North Iowa Area Community College equipment must be approved by the Chief Information Officer and installed by North Iowa Area Community College Technology Services personnel.
• All North Iowa Area Community College assets taken off-site should be physically secured at all times.
• Individuals traveling to a High-Risk location, as defined by FBI and Office of Foreign Asset control, must contact Technology Services for approval to travel with NIACC technology.
• Individuals should not allow family members or other non-employees to access North Iowa Area Community College Information Resources.

World Wide Web: The World Wide Web (WWW or Web) provides an opportunity for NIACC to have a presence in the Internet community for public relations, to provide information, and for educational purposes. NIACC's "Home Page" (or pages) on the Web represent the College's programs, policies, and image to the world. NIACC will recommend standards for NIACC Web pages on the Internet, but will not be liable for the content of personal web pages.

Computer Lab Access: The following priority will dictate computer lab access:

1. Scheduled classes and workshops.
2. Students doing assignments required for classes or staff preparing for classes.
3. Personal exploration of the Internet and e-mail.

Electronic Document Retention: In the event the College reasonably anticipates litigation in which electronic documents of relevance will be collected, all routine document destruction policies will be suspended and placed in a litigation hold to ensure the preservation of relevant documents.

Mobile Devices and Bring Your Own Device (BYOD): Employees have been provided the opportunity to use their own personal devices to conduct business on behalf of the College.

Just as there is not expectation for privacy of the use of NIACC equipment and accounts, no employee should expect any privacy when personal devices (computer, smartphone, tablet, or personal email) are used in the employee’s service to the college. In the event of an open records discovery request, litigation, and internal or regulatory investigations an employee’s personal devices used in service to the college may be retained to access and collect College information. In such instances, personal employee data and information may be accessed as it may not be feasible to separate personal information from employer information. In these instances NIACC may be privy to additional information beyond what might be expected.

NIACC has the responsibility to maintain a secure network; this includes the right to monitor, review, and preserve or release personal and college-related data on personal devices to government agencies or third parties during an investigation or litigation. Furthermore, no employee shall knowingly disable or circumvent any network software or system identified as a tool used in the provision of the secure network.

While conducting business on behalf of the employer, employees are expected to exercise the same discretion in using their personal devices as is expected for the use of company devices. Company policies pertaining to harassment, discrimination, retaliation, trade secrets, confidential information and ethics apply to the use of personal devices for work-related activities.

• The use of a personally-owned mobile device to connect to the North Iowa Area Community College network is acceptable as long as the device:
• is secured with a password or similar security method.
• regularly updating the software according to the manufacturer.
• Actively monitor device to ensure security standards are upheld.
• All personally owned laptops and/or workstations must have approved virus and spyware detection/protection software along with personal firewall protection active.
• Mobile devices that access North Iowa Area Community College email must have a PIN or other authentication mechanism enabled.
• Confidential data should only be stored on devices that are encrypted.
• North Iowa Area Community College confidential information should not be stored on any personally owned device.
• Theft or loss of any mobile device that has been used to create, store, or access confidential or internal information must be reported to North Iowa Area Community College Technology Services immediately.
• All mobile devices must maintain up-to-date versions of all software and applications.
• All personnel are expected to use mobile devices in an ethical manner.
• Jail-broken or rooted devices should not be used to connect to North Iowa Area Community College Information Resources.
• North Iowa Area Community College Technology Services may choose to execute “remote wipe” capabilities for mobile devices without warning.
• In the event there is a suspected incident or breach associated with a mobile device, it may be necessary to remove the device from the personnel’s possession as part of a formal investigation.
• All mobile device usage in relation to North Iowa Area Community College Information Resources may be monitored, at the discretion of North Iowa Area Community College Technology Services Management. North Iowa Area Community College Technology Services support for personally owned mobile devices is limited to assistance in complying with this policy. North Iowa Area Community College Technology Services support may not assist in troubleshooting device usability issues.
• Use of personally owned devices must be in compliance with all other North Iowa Area Community College policies.
• North Iowa Area Community College reserves the right to revoke personally owned mobile device use privileges in the event that personnel do not abide by the requirements set forth in this policy.
• Texting or emailing while driving is not permitted while on college time or using North Iowa Area Community College resources. Only hands-free talking while driving is permitted, while on college time or when using North Iowa Area Community College resources.

Physical Security:

• Photographic, video, audio, or other recording equipment, such as cameras in mobile devices, are not allowed in secure areas.
• Employees must badge in and out of access-controlled areas. Piggy-backing, door propping and any other activity to circumvent door access controls are prohibited.
• Visitors accessing card-controlled areas of facilities must be accompanied by authorized personnel at all times.
• Eating or drinking are not allowed in data centers. Caution must be used when eating or drinking near workstations.

Privacy: Information created, sent, received, or stored on North Iowa Area Community College Information Resources are not private and may be accessed by North Iowa Area Community College Technology Services employees at any time, under the direction of North Iowa Area Community College Chief Information Officer, without knowledge of the user or resource owner.