2023-2024 Administrative Policy Manual Published August 22, 2023 
    
    Nov 21, 2024  
2023-2024 Administrative Policy Manual Published August 22, 2023 [ARCHIVED COPY]

Acceptable Use of Information Technology Resources


Policy Number: 11.50.1.1
Effective Date: February 24, 2023
Revision History: None
Policy Contact: Vice President for Information Technology/Chief Information Officer

I. Purpose and Policy Statement

Georgia Gwinnett College (“GGC”) provides information technology (“IT”) resources to support teaching, learning, administration, and other aspects of campus life. Information technology resources may only be used by authorized persons for approved uses. This policy provides examples of acceptable and unacceptable uses of GGC information and information technology resources.

GGC adopted the policy principles established in the National Institute of Standards (“NIST”) 800 series of publications, and this policy is based on those guidelines.

The Georgia Open Records Act requires that public records be open and available for review by any member of the public unless the record is protected by an exemption. Records created while conducting College business should not be considered private; this includes paper and computer-generated records such as email, documents, etc.

Users should be aware that any activity on systems and networks may be monitored, logged, and reviewed by authorized personnel or may be discovered in legal proceedings. All records created, stored, transmitted, or received on GGC computers and networks may be subject to monitoring by authorized personnel.

GGC IT resources are provided to conduct authorized activities of the College. Incidental personal use of IT resources is acceptable if it is minimal and does not interfere with performance of duties, incur costs, burden College resources, violate any applicable laws or polices, or create additional risk to the confidentiality, integrity, and availability of the College’s resources. All users are prohibited from using GGC IT resources for personal gain or illegal activities.

Users must not transmit restricted, non-public, personal, private, sensitive, or confidential GGC information via personal email accounts (e.g., Gmail, Hotmail, Yahoo) or use a personal email account to conduct GGC business unless explicitly authorized. Users must not store restricted, non-public, personal, private, sensitive, or confidential information on a device that was not issued by GGC, or with a third-party file storage service that has not been approved for such storage by IT. 

Devices that contain GGC information must always be attended or physically secured and must not be checked in transportation carrier luggage systems.

Users must report all suspected or observed illegal activities to the appropriate College personnel. Examples include theft, fraud, copyright infringement, illegal electronic file sharing, sound or video recording piracy, hacking, and viewing or distribution of pornography.

All employees will attend and apply biannual cybersecurity awareness training as required by the University System of Georgia (“USG”).

II. Scope

This policy applies to all users of GGC IT resources, regardless of affiliation, and it applies to both on campus and off campus uses of GGC IT resources.

III. Definitions

Electronic Communication: Digital correspondence, including, but not limited to email, text-messaging, instant messaging, and social networks.

Information Technology Resource: Any hardware, software, service, system, or database used in support of College activities. This includes systems and applications hosted on premise or in the cloud and applications created by the College.
Systems Administrators: Employees in Information Technology who are authorized to administer GGC systems by engaging in patching, monitoring, and other activities to ensure system performance, compliance with applicable laws and policies, and security.

User: All persons and/or organizations that use GGC information technology resources or information.

IV. Compliance
  1. The following acceptable and unacceptable uses apply to all users of GGC information technology resources and information. These are examples of acceptable and unacceptable uses and should not be considered exhaustive.
  2. Acceptable uses include:
    1. Complying with all applicable laws, policies, procedures, and standards to ensure confidentiality, integrity, and availability of College information and information technology resources;
    2. Using only authorized information technology resources, software, services, and information;
    3. Securing physical and network access to College information technology resources and data by locking offices and computers when not attended;
    4. Using College-provided software in a manner that strictly adheres to all licensing provisions including installation, use, and other terms of the license;
    5. Immediately reporting suspected information security incidents or weaknesses to Information Security personnel by contacting infosec@ggc.edu. If a User suspects unauthorized activity or account comprise, the user must change passwords immediately; and/or,
    6. Consulting with Information Technology (“IT”) on acceptable use issues not specifically addressed in this policy.
  3. Unacceptable uses include:
    1. Sharing passwords;
    2. Using IT resources or information without authorization;
    3. Using IT resources to circulate unauthorized solicitations or advertisements for non-organizational purposes including religious, political, or not-for-profit entities;
    4. Distributing, transmitting, posting, or storing any electronic communications, material or correspondence that is threatening, obscene, harassing, pornographic, offensive, defamatory, discriminatory, inflammatory, illegal, or intentionally false or inaccurate;
    5. Disclosing unauthorized personal, private, sensitive, and/or confidential information;
    6. Tampering, modifying, or altering any restrictions or protections placed on GGC accounts and the College’s systems or networks;
    7. Physically damaging or vandalizing College resources;
    8. Committing copyright infringement, including file sharing of video, audio, or data without permission from the copyright owner;
    9. Using College resources to introduce, create, or propagate SPAM, PHISHING email, computer viruses, worms, Trojan horses, or other malicious code;
    10. Attempting to degrade the performance or availability of any system or to deprive authorized Users access to any College resources;
    11. Misrepresenting identity with actions such as IP address “spoofing,” email address falsification, or social engineering;
    12. Sending email chain letters or mass mailings for purposes other than authorized College business;
    13. Engaging in activities that violate state or federal law, a contractual obligation, or another College policy including but not limited to Human Resources policies and the Code of Conduct for students;
    14. Connecting devices (such as switches, routers, hubs, computer systems, and wireless access points) to the network without prior approval from IT;
    15. Unauthorized use of any device or application that consumes a disproportionate amount of network bandwidth; and/or,
    16. Including or requesting sensitive information be included in unprotected electronic communications (email, instant message, text message, etc.).
  4. Access to Information Technology Resources is a privilege, and continued access is contingent upon compliance with this and other GGC policies. All community members are responsible for compliance with all policies, standards, and procedures. Individuals found to be in violation of this policy may be subject to disciplinary or legal action.
V. Related Regulations, Statutes, Policies, and Procedures

APM 10.8 Data Management and Classification  
APM 10.9 Student Education Records Management Policy  
Georgia Open Records Act
National Institute of Standards and Technology (NIST) Special Publication 800-53
USG IT Handbook
Board of Regents Business Procedures Manual
Board of Regents Policy Manual 8.2.18 Personnel Conduct