Policy and Procedure

Table of Contents | Index | Internal Audit Web

PURPOSE

Mississippi State University's computing and network resources service a large number of faculty, students, staff, and others. In light of the legal responsibilities inherent in operation of such a system, the university has a number of areas of potential liabilities. This policy addresses the responsibilities of the users and the University.

POLICY

All users have the responsibility to use the University computing and network resources in an effective, efficient, ethical, and lawful manner. Use of Mississippi State University's computer and network resources is not a matter of right, nor is it provided as a public forum, but rather all use of Mississippi State University's computer and network resources must be consistent with the mission of the University in support of public education, research, and public service.

GUIDELINES

Security

The user is responsible for correct and sufficient use of the tools each computer system provides for maintaining the security of stored information. A summary of the security procedures relevant to the end users of computing resources is given below:

a. Computer accounts, passwords, and other types of authorization are assigned to individual users and should not be shared with others.

b. The user should select an obscure password and change it frequently.

c. The user should understand the level of protection each computer system automatically applies to files and supplement that protection, if necessary, for sensitive information.

d. The user should be aware of computer viruses and other destructive computer programs, and take steps to avoid being either their victim or propagator. Minimally, the user must ensure that appropriate antivirus software is operational on all personal computers and that virus definitions are kept current.

Academic Freedom

Free expression of ideas is central to the academic process. However, the University may remove any electronic information from its systems if it is determined that:

a. The presence of the information involves illegality (e.g., copyrighted material, software used in violation of a license agreement).

b. The information in some way endangers computing, network resources, or the information of other users (e.g., a computer worm, virus, or other destructive program).

c. The information is inappropriate, because it is inconsistent with the mission of the University, or is otherwise not in compliance with the legal and ethical usage governed by Federal or State law or regulation, or with University or Board of Trustees policies.

d. The cost of maintaining the information is deemed prohibitive by the responsible administrative unit.

e. The user is no longer authorized for access.

Privacy

It is the policy of the University not to routinely monitor individual use of computing and network resources. However, users should be aware that their use of these resources may not be private. The normal operation and maintenance of the university's computing and network infrastructure require the backup of data and communications, the logging of activity, the monitoring of general usage patterns and other such activities that are necessary for the provision of service. While also a normal activity, routine hardware and software maintenance of personal computers is done only in consultation with the user, their unit head, or the department’s designated technical contact.

The University may monitor the activity and accounts of individual users, including individual login sessions, personal computers, and the content of individual files and communications when:

a. The user has voluntarily made them accessible to the public, as by posting to Usenet or a Web page;

b. It reasonably appears necessary to do so to protect the integrity, security, or functionality of university or other computing and network resources or to protect the university from liability;

c. There is reasonable cause to believe that the user has violated or is in violation of university policy;

d. Or it is otherwise required or permitted by law.

Any monitoring of individual users, other than that allowed by the user or that necessary to respond to perceived emergency situations, must be authorized in advance by the appropriate Vice President with advice of the Office of General Counsel.

The University, in its discretion, may disclose the results of any such general or individual monitoring, including the contents and records of individual files and communications, to appropriate university personnel or law enforcement agencies and may use those results in appropriate university disciplinary proceedings. Communications made by means of university computing and network resources are also generally subject to the Mississippi Public Records Act to the same extent as they would be if made on paper.

Inappropriate Usage

Computing and network resources should be used only in accord with the guidelines defined in this policy and procedure. Examples of inappropriate and unacceptable use of computing and network resources include, but are not limited to:

a. Harassment of other users.

b. Destruction of or damage to equipment, software, or data belonging to Mississippi State University or other users.

c. Disruption or unauthorized monitoring of electronic communications.

d. Violations of computer system security.

e. Unauthorized use of computer accounts, access codes, passwords, or other network identification words or numbers assigned to others.

f. Use of computer and/or network facilities in ways that impede the computing activities of others, including randomly initiating interactive electronic communications or e-mail exchanges, overuse of interactive network utilities, overuse of network accessible bulletin boards or conferences, and the "off topic" posting of materials to bulletin boards or conferences.

g. Use of computing facilities for business purposes of the user.

h. Violations of trademarks, patents, or copyrights and violation of software license agreements. (Refer to policies of the university.)

i. Violation of the usage policies and regulations of the network that Mississippi State University is a member of or has authority to use.

j. Violation of another user's privacy.

k. Academic dishonesty (e.g., plagiarism or cheating).

l. Commercial advertising or political campaigning.

m. Violation of applicable laws, regulations, or policies.

Personal use

Incidental personal use of computing and network resources is permitted, subject to review and reasonable restrictions by the employee’s supervisor; adherence to applicable University policies and state and federal law; and as long as such usage does not interfere with the employee’s accomplishment of his or her job duties and does not result in any additional costs to the University. (See OP 01.19, Misuse of University Assets)

Sanctions

Violation of the policies described herein for use of computing and network resources are dealt with seriously. Violators who are University faculty, students, or staff are subject to the disciplinary procedures of the University and, in addition, may lose computing privileges. Illegal acts involving Mississippi State University computing and networking facilities may also be subject to prosecution by state and federal officials.

REVIEW

This policy and procedure will be reviewed as needed (AN) but at least every 4 years by the Mississippi State University Information Technologies Oversight Committee with recommendations for revisions presented to the President.

OP 01.12
01/31/08

For information about this policy, contact the responsible/reviewing department hyperlinked above.