4.181 Administration & Finance
INFORMATION SYSTEMS POLICIES AND PROCEDURES
Date Adopted/Most Recent Revision: 08/04/2006
  1. General
    This policy applies to all users of the university's telecommunications, computer and network services. The university provides telephone, computer and network resources for use by students, faculty, staff and other persons affiliated with the university.

  2. Definitions
    1. Telecommunications
      Hardware, software and personnel to provide audio and digital voice communications on and off campus. This includes the installation, maintenance and design of existing and future voice requirements.

    2. Computer Systems
      Mainframe and personal computer assets that are used for university administration, student development and academic endeavors. Use of these assets are governed by legal statues for copyrighted software, university-developed software policy, and software developer licenses.

    3. Network Services
      Operations, maintenance and technical services that are provided to the university for the continued growth and development of the campus-wide communications network. These services include small computer software and hardware maintenance and installation of university-purchased equipment.

  3. Guidelines
    The university has established the following guidelines governing the proper use and workload management of Information Systems resources and personnel.

    1. Telecommunications
      All telephone outages will be reported by the user through the telephone outage reporting system at Ext. 4555. Requests for new installations, system reprogramming and telephone instrument relocations will be submitted using the Information Systems Service Request Form.

    2. Computer Systems Programming Requests
      Information Systems Service Request Forms will be completed and set to the President , Provost or appropriate vice president for approval and prioritization. The approved request form will then be forwarded to the Director of Information Systems for scheduling. Programmer analyst personnel will provide software implementation and maintenance to the university faculty and staff based on approved programming requests using the following priority ranking system:

      1. Priority 1:
        Downward directed requests from outside agencies of the state or federal government. These tasks will require firm due dates and specific instructions for development.

      2. Priority 2:
        University-directed requests. Departmental requests to correct errors in existing software programs or to provide approved management reports.

      3. Priority 3: Other requests.
        These requests are not essential to the operations or management of the university (i.e. labels for outside vendors).

    3. Network Services
      Trouble resolution, technical solutions, network upgrades and network security services will be provided to the university by Information Systems. All services other than trouble reporting must be requested using the Information Systems Service Request Form. All request forms must have a control number prior to work scheduling. This includes requests for technical solutions or network design.

    4. Trouble Reporting
      Small computer software and hardware trouble reporting will be managed through the Information Systems Trouble Desk at Ext. 4278. Users should call the telephone number and report detailed information. A work order will be assigned and tracked until completion. New installations of small computers will be accomplished according to the delivery schedule provided by the vendor. Any modifications to this schedule will be determined by the Director of Information Systems.

    5. Technical Solutions
      Technical solutions will be provided to the university faculty and staff to satisfy approved requirements for information technology equipment and software. These solutions will conform to the university guidelines established for interoperability and uniformity.

    6. Network Upgrades
      Information Systems will be responsible for the network upgrades that are consistent with university policy and technology availability. All upgrades will provide a migratory path for future conversions and implementations.

    7. Laboratory Management
      Information systems is responsible for providing technical staffing for the general purpose student labs. This includes the following:

      1. Provide general purpose software and qualified student employees for general purpose student labs.
      2. Provide supplies and printer services as required during normally scheduled lab periods.
      3. Provide first-look maintenance on equipment and outage reporting.
      4. Maintain lab physical security and cleanliness.
    8. Electronic Network Access
      Users of the university electronic network facilities and services will indemnify and hold harmless the university against any and all actions or claims of infringement of intellectual property rights arising from the use of a network-based service or facility provided by the university. Network access is provided by password control. All passwords are managed and controlled by Information Systems. The following policies are established for network access:

      1. Use of facilities and services in such a way as could be deemed foul, threatening, inappropriate, harassing, or abusive including but not limited to racial and sexual slurs, is prohibited.
      2. All accounts are for the sole use of the student, faculty or staff of the university. Account information will not be released by Information Systems to any other individual.
      3. Network access shall not be used for any non-university related activity. Use of network access should be consistent with the instructional, research, public service and administrative purposes and goals of the university.
      4. A network access account may be requested by a currently enrolled student, employed faculty/staff member or emeriti faculty/administrator.
      5. Student access will be deactivated upon the student's withdrawal from the university or non-enrollment.
      6. Faculty and staff network access accounts will be deactivated upon termination of employment.
      7. Unauthorized access to the network is strictly prohibited and could result in disciplinary action up to and including legal criminal action. Network account information is for the sole use of the original requester.
      8. Electronic mail is subject to search at any time, with or without notice, as the university administration deems necessary.
      9. Use of university electronic mail accounts to send unsolicited commercial mail is prohibited.
      10. To best serve the general campus population and to conserve limited resources, remote access users will be limited to four (4) hours of on-line time per session.
    9. Copyright and Computer Software
      Midwestern State University and its students, faculty, and staff must maintain legal and ethical standards regarding the use of computer software. The unauthorized duplication of computer software, data or computer manuals, unless appropriate written consent is obtained, is grounds for disciplinary action and referral to the appropriate law enforcement or investigative agency.

      1. In strict compliance with Public Law 96-517, Section 10(b), which, in amending Section 117 of Title 17 U.S. Code to allow for the making of computer software back-up copies, state in part "it is not an infringement for the owner of a copy of a computer program to make or authorize the making of another copy of adaptation of that computer program provided:

        1. "That such a new copy or adaptation is created as an essential step in utilization of the computer program in conjunction with a machine and that it is used for no other manner, or
        2. "That such a new copy and adaptation is for archival purposes only and that all archival copies are destroyed in the event that continued possession of the computer program should cease to be rightful."
        3. Where appropriate written consent (from the holder of such copyright) is obtained.
        4. Where the software is in the public domain and that can be proven.
      2. Under PL 101-650, phonograph records, computer programs, tapes, CDs or videos may not be rented, leased or loaned for direct or indirect commercial advantage. However, the nonprofit lease or lending of computer software (bearing the warning noticed prescribed by the Register of Copyrights) to this institution's staff, faculty and students for their nonprofit use is exempt from these restrictions.
      3. Also exempt (from PL 101-650's restrictions) is the lawful transfer of possession of a lawfully made copy of a computer program between nonprofit education institutions and between such institutions and the individual comprising their staff, faculties, and student bodies.
      4. Illegal copies of software may not be used on this university's computers.
      5. Determination made under section 2 and 3 above are to be made by Midwestern State University and not the individual. Any indication of a violation of Section 4 will be promptly and thoroughly investigated.
    10. Computer Security and Privacy
      All faculty and staff employees and students shall be responsible for complying with the Computer Security and Privacy policies. These policies are as follows:

      1. The university president shall appoint an administrator responsible for developing and maintaining university regulations and procedures regarding security and privacy of computer data, software, and hardware.
      2. Any student's or faculty/staff employee's use of university computing facilities is a privilege that shall be revoked for violation of this policy, regardless of the need for computer use in performing assigned duties or class work. Specific causes for revocations are as follows:

        1. Student, faculty or staff who intentionally gains access to a computer or file that is protected from general access by the public.
        2. Gaining unauthorized access to privacy protected information that may reside on the university mainframe.
        3. Purposely placing or injecting a virus into the university computer systems or networks.
        4. Removing university computer assets from campus without prior approval.
        5. Connecting personally owned computers and software to the university networks without prior approval.
        6. Public domain (shareware) will not be downloaded from public access bulletin board systems to any user computer connected to the campus network. All software loaded on university computers will first be approved by Information Systems and certified virus free.
        7. User departments will identify to Information Systems, personnel computer workstations used to store confidential or sensitive information or to run critical applications. The users will be responsible for notifying Information Systems for periodic virus scans.
      3. Some jobs or activities of the university involve access to resources critical to computer security and privacy. The university may require faculty/staff employees or students involved in these jobs or activities to disclose personal histories, participate in special training, and /or sign special agreements concerning computer use.
      4. All students and faculty/staff employees shall cooperate with official state and federal law enforcement authorities in aiding the investigation and prosecution of any suspected infraction of security and privacy involving either university personnel or university computing facilities.
    11. Mainframe Access Control
      The Director of Information Systems will maintain the mainframe computer system integrity through the effective use of security controls. In an effort to control access to computing resources, the following policy is in effect:

      1. Only employees of the university or approved student workers may be assigned a logon to allow use of the mainframe computing resources. All passwords will be changed monthly.
      2. Each request for the assignment of a logon must be approved in advance by a university dean or appropriate vice president and submitted to the Director of Information Systems.
      3. Each director level supervisor must determine the level of access (input vs. inquiry) for each employee within his or her supervision.
      4. Each employee who is granted access to the university student records or financial accounting records must be assigned a unique logon. Generic logons are not acceptable.
      5. Assigned passwords must be protected from unauthorized use. Sharing of passwords or logging-on in order for someone else to use the systems is a violation of university policy and strictly prohibited.
      6. No exceptions will be granted to this policy without written approval from the appropriate vice president.
    12. Computer Operations Center
      The Director of Information Systems will maintain control and supervision of the production, scheduling and output of the Computer Operations Center. The following policies for services provided by the operations center are in effect.

      1. The user departments are responsible for scheduling of processing and reports prior to the actual run time. Schedules will be made according to cycles (semester, month, week, etc.). All efforts will be made to conform to the customer requests providing other conflicts for processing do not take priority.
      2. Input data should be checked for validity and accuracy by the submitting departments.
      3. Output reports should first be checked for accuracy by the computer operator and then rechecked by the user department before distribution and/or use. It is the user department's responsibility for accuracy of the reports.
      4. All non-emergency requests and daily processing requests must be initiated by completing the Information Systems Service Request. This request will provide detailed information on the task as well as a realistic due date.