Governing Board Handbook 9.03, Inspection/Release of College Records Central New Mexico Community College (CNM) promotes and provides Information Technology (IT) resources that enhance educational services and facilitate job performance and College operations. These resources are shared by students, faculty, staff, and the public. All persons using these systems share the responsibility for seeing that they are used in an effective, efficient, ethical, and lawful manner. The aim of this administrative directive is to safeguard equipment, networks, data, and software that are acquired and maintained with public funds as well as define the acceptable use of these resources. Users of CNM technology resources, including those who interface with CNM systems and networks, are subject to this administrative directive, in addition to local, state, and federal laws relating to copyrights, security, and other issues regarding electronic media. Any violation of this CNM policy, administrative directive, the Employee Handbook, or the Student Code of Conduct may result in the removal of access privileges and subject the violator to administrative and disciplinary action. Examples of Information Technology Use violations are listed on the Violation Matrix. Information Technology at CNM This administrative directive applies to all individuals and groups utilizing College-owned Information Technology resources, whether individually controlled or shared, stand-alone or networked. 1. Promotion of Information Technology Use CNM encourages students, instructors, and employees to make use of Information Technology resources. To support this intent, CNM provides computer access at several computer labs throughout the College and offers a variety of computer-related courses. Please check with the individual labs for hours of operation and the category of users they serve. Courses and workshops on computer use and Information Technology are available at CNM to students and employees through the following divisions:
1.1 Instructors are encouraged to assign projects and homework that require the use of computer technology. This gives the student an opportunity to prepare for jobs and continuing education as well as partner in the protection of CNM’s Information Technology resources. Instructors should provide an explanation of student responsibilities and encourage students to read the Information Technology Use Administrative Directive which also provides links to CNM Governing Board Policy. 1.2 Employees are encouraged to become familiar with and use the Information Technology resources at CNM. Employees can enroll in CNM courses and workshops. Workshops are also available through Organizational Learning. These workshops are designed for instructional staff but are open to other CNM employees if space is available. Tuition waivers are available to eligible individuals. 1.3 CNM encourages every student and employee to have a current account, to promote student-faculty dialogue and timely response to business-related communication among the CNM community. CNM accounts are available to eligible individuals. 2. Administration of CNM’s Enterprise Resources and Systems In support of CNM’s mission to provide dynamic education for the community, the College has charged CNM's Office of Information Technology Services (ITS) with the responsibility of maintaining the capacity, performance, security, and stability of CNM’s Enterprise resources. To accomplish this and ensure maximum availability of computing resources, the following applies: 2.1 All systems attached to CNM's networks, including those not administered by ITS are required to adhere to this, and any other applicable administrative directives, as well as processes, procedures and best practices necessary to maintain the integrity of CNM’s systems and networks.
2.2 Prior to the purchase of new
hardware or software, it is recommended that ITS be involved
2.3 All new systems, and changes to or
deletions of existing systems attached to CNM's networks, 3. CNM Enterprise Resources and Systems This administrative directive governs and protects all communication and computer resources utilized by the CNM community. Information Technology systems at CNM consist of enterprise applications, services, and equipment. The categories and items listed below provide a general overview of the most common resources in use at CNM.
Technology Use 4. Information Technology Users 4.1 By using any of CNM’s resources and systems, users agree to familiarize themselves with, and accept the terms of the Information Technology Use Administrative Directive. 4.2
The individuals and groups who are governed and protected by this directive
include, but are not limited to: 4.3 The general public, while using CNM resources and systems, are subject to all applicable CNM policies, administrative directives, and procedures. The aim of this agreement and compliance is to ensure that CNM's Information Technology resources and systems are used in an appropriate manner. Agreement and compliance with this administrative directive ensures that the CNM community has optimum access to and use of these resources. 5.1 Information Technology standards, directives, and requirements must be in compliance with this administrative directive so that all processes support the integrity of CNM's resources and systems. Users agree to abide by this administrative directive for systems, networks, or services that they may access through CNM's systems.
5.2 Area directives and procedures may be established to further
support appropriate Information Users agree to become familiar with and to abide by all applicable directives in addition to the Information Technology Use administrative directive. 5.3 The ITS Helpdesk and/or the Policies and Procedure Office staff are available to explain or interpret the information contained in this administrative directive or other applicable area directives that may need clarification. 6. Dissemination of User Information College leadership is encouraged to make every reasonable effort to make the information contained in this CNM policy and administrative directive available to students, employees and the public. By logging into any of CNM’s networks or applications, users agree to comply with this administrative directive. However, it is recommended that users read the CNM Information Technology Use Policy and Administrative Directive to fully understand their rights and responsibilities. 6.1
Information may be conveyed in various ways, some of which are: CNM and the users of CNM's Information Technology resources and systems have certain rights that are in place to safeguard both the College and the CNM community. These rights are not intended to be in conflict with each other, but rather to promote a reciprocal relationship between the administrators of CNM's Information Technology resources and their users. Rights of CNM 7.1 CNM’s Information Technology resources and systems are owned and operated by CNM. These resources include systems, networks, software/licenses, facilities, accounts, and information. CNM reserves all rights to these resources, including termination of service without prior notice should an individual violate CNM’s Information Technology Use Administrative Directive. CNM further reserves the right to review all software and files maintained on CNM’s computers. Privileges 7.2 Access to CNM’s resources and systems is a privilege granted to users, not a right. Access privileges are offered to users so they have full use of the technology available for academic or CNM work-related purposes. Access to any system may be denied or revoked at any time without prior notice as a protective measure to ensure CNM's system integrity or compliance with legal mandates. 7.3 Users may not, under any circumstances, transfer or confer these access privileges to other individuals. 7.4 Access privileges to CNM’s Inter/Intranet require responsible behavior by users and their compliance with the Information Technology Use Policy. 7.5 Access privileges may be temporarily suspended, if necessary or appropriate, to maintain the integrity of CNM’s systems or networks. CNM's role in managing Information Technology resources and systems is to administer and support CNM's Information Technology resources and to facilitate the transmission of data. However, CNM’s liability is limited by the following: 8.1 CNM does not represent or warrant that any computers or software supplied by CNM will function or perform to any specifications.
8.2 CNM cannot protect individuals against the receipt of material
that may be offensive to
8.3 The user is solely
responsible for the message transmitted and may be subject to
8.4. CNM is not responsible for monitoring transmissions for compliance with this administrative directive or any applicable state or federal law. However, when warranted, CNM may elect to monitor electronic communications and activity.
8.5 CNM is not responsible if a user’s data becomes corrupted or is lost. Locally stored data is not backed-up by ITS (i.e., data/files stored on user’s PC hard drives). It is advisable that users back-up data they consider critical to their academic work, job or intellectual property, using modern procedures. ITS provides assistance with back-ups of data on a routine basis as requested. Contact the ITS Helpdesk for assistance with establishing a back-up routine if needed. 9.1 Users are responsible for
backing-up data they consider to be critical to their academic 9.2 Users are solely responsible for any messages transmitted with CNM’s resources and systems. Users may not send messages which are intended to mislead the recipient by suggesting that the message originated from a source other than the person transmitting the message. Further, messages should be appropriate only for a learning environment. Should the transmission be in violation of this administrative directive, the user may also be subject to disciplinary action in accordance with the Student Code of Conduct and/or the Employee Handbook. 9.3 A user who violates intellectual property law may be liable to the owner for actual damages, statutory damages, profits, court costs and attorney fees. In addition, in certain cases the user may be criminally prosecuted and subject to a fine and imprisonment. CNM authorizes the use of its Information Technology resources and systems, per the account eligibility requirements, for the following:
Prudent and responsible use of Information Technology resources and systems begins with common sense and includes respecting the rights and privacy of other users. 11.1 Responsible use of
CNM Information Technology resources and systems includes, but is · proper use of the system per the information provided in this administrative directive · proper use of hardware (e.g., not abusing or misusing keyboards, mice, etc.) · compliance with this administrative directive and other applicable College policies and administrative directives as well as processes, procedures and best practices identified by CNM to be necessary to maintain CNM’s resources and systems · use of CNM resources and systems in a manner that respects the privacy of others · protection of CNM’s resources and systems by not engaging in any prohibited or illegal activities. · protection of their user accounts and data (i.e., password protection, not leaving unattended any device they are logged into, backing up critical data) · proper use of their access to Information Technology resources and systems (i.e., not using it beyond the scope of the job duties they are assigned) · keeping information/data confidential as required by the user’s position or relationship to CNM 12.1
The same standards of behavior and etiquette are expected in the use of
e-mail, web, and 12.2
The items listed in the
Example Violations matrix apply to the transmission and
Content of 12.3
CNM reserves the right to take measures to protect the integrity of its
Information 12.4 Electronic mail lists
(personal, public distribution or group lists) are for academic or CNM work- CNM allows incidental personal use of Information Technology resources and systems such as telephones, e-mail, and the Internet, as long as it does not adversely affect the College, an employee’s job performance, or other users’ access to resources.
13.1 Personal use of Information Technology resources and
systems should be kept to a minimum as determined by individual department managers, supervisors, and
instructors. Should such use
13.2 Personal use of these resources and systems may be
curtailed by a supervisor if such use
13.3 Supervisors and managers determine, in concert with this
directive, what is acceptable regarding System Access Access privileges fall into four categories – account access, network/system access, access to computer labs, and library resources. Access privileges and eligibility are based on the user’s relationship to the College. 14.1 Account access is limited to
systems which allow users to perform specific functions 14.2 Network/system access can be via
Intra/Internet, allowing access to multiple systems 14.3 Access to most computer labs is restricted to certain user populations. 14.4 Library facilities are available
to all users, but some specific resources are Account Access Privileges 14.5
14.5 Access privileges to CNM Information Technology resources and systems are
assigned and 14.7 To be eligible for a CNM account, an individual or group must be one of the
following: Account Management 14.8 Because account access is granted on an individual basis for educational and CNM work-related purposes, usernames and passwords are used to access CNM’s resources. 14.9 Users are required to
log off any device before leaving the area to prevent unauthorized 14.11 Accounts residing on,
or accessing CNM’s resources and systems must conform to
copyright Passphrases/Passwords 14.12 Account passphrases/passwords are crucial in the protection of information, systems and networks. They provide a first line defense to safeguard CNM's data. A weak passphrase/password could result in a compromise. The selection of a strong passphrase/password provides protection for both user and system accounts. Passphrases - for Network Accounts
The following link provides guidance for selecting an easy to remember,
strong passphrase: Passwords - for the Banner System The following outlines CNM's Banner System Password requirements: Length: 8 to 30 characters Must: Begin with a letter, use two or more numbers and a special character Can: Contain letters, numbers and only the following special characters: * % ! Cannot: Be a repeat of the current or last 4 passwords or contain username or your name Change: Change the password every 125 days and/or whenever a compromise is suspected
Protection: Users are
required to protect their passwords at all times:
The following link provides
guidance for selecting an easy to remember, strong password:
Revocation or
Denial of Access Privilege CNM offers a variety of computer accounts including, but not limited to, portal, email, and web accounts. 15.1 Portal accounts (CNM Passport) are automatically created for all students, staff, and faculty. 15.2 Student portal groups are subject to approval by the Dean of Students Office. 15.3 Employee portal groups may be created for official CNM business and are subject to approval as follows: Interdepartmental Faculty
Groups - Vice President for Instruction or designee 15.4 Websites must conform to CNM’s Web Administrative Directive (currently unavailable) soon to be available on CNM’s website via The Source. Hard copies of The Source are available from all campus libraries. Any questions regarding Web Policy should be directed to the CNM Webmaster. There are times when events, such as employment separation or a suspected violation of this administrative directive, may necessitate the locking of a user's account to preserve and protect the integrity of CNM’s systems and networks. Employee Accounts 16.1 Accounts are locked upon termination of employment at CNM. It is the supervisor’s responsibility to ensure that the separation checklist is processed through ITS on the same day of the employee’s separation from the College. If an employee’s termination results in insufficient time to complete the separation checklist before they leave the College, Human Resources can notify ITS via e-mail to lock the employee’s account. However, the separation checklist should be completed as soon as possible. 16.2 Upon separation from the College, an employee’s data and system files are, and remain, the property of the College. 16.3 Information contained in each locked account is kept for a period of no less than thirty days. At the end of that period, the information may be retained or deleted at the College's discretion and in accordance with state statutes and codes regarding record retention. 16.4 Access to information in an employee’s, or separated employee’s locked account requires approval from the Human Resources Department. 16.5 Any employee whose account is locked as a result of a suspected violation of the Information Technology Use Administrative Directive is notified by the Human Resources Department. Student Accounts 16.6 Student accounts are kept active until the beginning of the next fall or spring term following their last enrollment. At that time, if the user is no longer a registered student, the account is locked. 16.7 Information contained in the account will be kept until the end of the term in which the account was locked and then archived for the duration of the next fall or spring term. If, by the end of that term, the account has not been re-activated due to re-enrollment, the information in the account will be deleted. 16.8 Access to information in a student’s locked account requires approval from the Office of the Dean of Students. 16.9 Any student whose account is locked as a result of a suspected violation of the Information Technology Use policy is notified by the Office of the Dean of Students. 16.10
Guest Accounts It is the responsibility of ITS, and/or departmental staff that provide support, to ensure proper notification to individual users and the CNM community at large of any actions that would impact the use of institutional Information Technology resources and systems. Emergency 17.1 Emergency outages of
network and computer systems occur on occasion due to hardware or 17.2 The
ITS Helpdesk notifies impacted users of emergency outages, via e-mail or the Non-Emergency 17.3
ITS makes
every reasonable effort to minimize disruptions of service to Enterprise Examples:
Software or hardware upgrades and installations; transferring data
from 17.5
ITS can facilitate notification of
planned outages for non-Enterprise resources and systems Other Disruptions To Resources and Systems
17.6 If technical problems are experienced with CNM computer hardware or
software, contact
17.7 Report detected or suspected viruses on PCs or networks to the
ITS
Helpdesk ITS provides advisement, consulting, hardware and software installation, and support services for users of CNM’s Information Technology resources and systems. 18.1 For questions and information
regarding CNM’s Enterprise Information Technology
System and User Protection Inspections 19.1 CNM does not routinely monitor transmissions, files, or data. However, to protect CNM and the community, CNM reserves the right to monitor transmissions, files or data , if a student or employee Code of Conduct or legal violation is suspected, or for other just cause. Audits
19.2 Audits are prompted by compliance concerns that threaten
CNM
systems, networks, or
19.3 If there is evidence or suspicion of a
violation of this administrative directive or any other CNM CNM makes every reasonable effort to ensure the security of its systems and networks. While attempts have been made to ensure the privacy of all accounts by assigning individual PINs and passwords, CNM offers no guarantee or representation that any account, electronic mail, or voice mail is private. Users should also note that CNM's systems and networks are not guaranteed to be secure. However, CNM does secure sensitive information such as credit card and/or social security numbers entered for Online Registration through the use of encryption software. There are several internal and external factors that can impact user privacy: federal and state law, protocol intrinsic to computing technology, and standard practices. Federal and State Law Personally identifiable information, as well as certain information pertaining to students is protected by state and federal laws. The following federal and state laws, although not an all-inclusive list, provide additional information regarding privacy.
Protocol
Intrinsic to Computing Technology In the course of performing routine operations and maintenance, as well as in adherence to procedures to secure CNM’s Information Technology resources and systems, systems administrators and other authorized personnel have access to user data and account information. It is incumbent on such personnel to protect the privacy of all user data and account information. The type of information accessed during routine operations and maintenance can be found at this link. Standard Practices It is an expectation of all users of CNM’s Information Technology resources to ensure the privacy and confidentiality of past, present and future members of the CNM community. Users of CNM’s Information Technology resources and systems share the responsibility for keeping their own and the College’s data private and secure through standard practices that support Information Technology use at CNM. With the steady advancement and use of Information Technology and the move toward electronic records and record storage, CNM is increasingly dependent on the accuracy, availability, and accessibility of information stored electronically and on the computing and networking resources that store, process, and transmit this information. 21.1 CNM complies with State records retention codes and regulations. Some departments within the College may have longer retention schedules that exceed state requirements. 21.2 Requirements for the retention of electronic records (employee files, student records, and business files) are the same as those for paper files, records, or any other academic and/or employment-related material. 21.3 Those who handle electronic records of any kind must protect them from unauthorized modification, disclosure, and destruction to preserve the original integrity of the records. 21.4 Information, including data and software, is to be protected regardless of the form or medium that carries the information. Because technology gives individuals the ability to access and copy information from remote sources, users must be aware of ownership rights and laws concerning intellectual property. The use of CNM’s resources and systems in sending e-mail, creating and maintaining websites, installing software, downloading from the Internet, or uploading to CNM's systems and networks is contingent upon the user agreeing not to violate any of the laws and regulations.
22.1 The owner of a copyrighted work owns the rights
to reproduction, modification,
For instance, copyright law protects "original works of authorship fixed in
any tangible
The Internet has provided easy methods of copying some works which are
protected by the
22.2 The punishment for violation of copyright laws
is very clear
and very strict. Anyone 22.3 User's of CNM's Information Technology resources agree not to use these resources in any way that violates federal, state, local or international law or the rights of others. Users may not violate trade secret, copyright, trademark or patent rights. In appropriate circumstances, termination of accounts will be the consequence of repeat copyright infringement.
22.4 There are some exceptions to these laws, such as the fair use
limitation described in 22.5 Notification of potential copyright infringement using CNM's resources and systems should be reported to CNM's Information Technology Audit & Security Officer. Contact may be made though the ITS Helpdesk at (505) 224-4357. The intent of the College is to provide an environment that discourages harassment. Each user is responsible for using common sense and good judgment when accessing material via the Internet. Users who access materials that are considered offensive and/or obscene may be subject to disciplinary action in compliance with the Information Technology Use Policy and Administrative Directive, and/or the Sexual Harassment Policy and Administrative Directive and/or the CNM Student Code of Conduct. CNM cannot protect individuals against the existence or receipt of material that may be offensive to them. Offensive Material 23.1 If online material is visible or audible to others and there is a complaint that it is offensive or considered harassing, the offending user is expected to cooperate in resolving the complaint. This may involve turning off the offensive material or moving to a more private location. A refusal to cooperate is considered a violation of the Information Technology Use Policy, subject to disciplinary action. Obscene Material
23.2 Works lacking in literary or artistic value while depicting sexual
acts in an offensive way and 23.3 Pornography is a severe violation of the Information Technology Use Policy and, in some cases, may be a violation of federal, state and local law, subject to disciplinary action and legal action. 23.4 In order to protect/minimize CNM's legal liability and the risk of security threats introduced via the internet, it is the college's position to prevent access to Internet sites containing pornographic materials and sex sites while providing latitude to enable individual access for justified legitimate need. CNM filters access to Internet sites with inappropriate content. Access to such sites for educational and research purposes may be requested by submitting a CNM Web Page Access Request form. Requests from students and faculty are subject to approval by the appropriate Dean. Requests from administrative staff are subject to approval by the appropriate Director or Vice President. Requests from the community should be submitted to the Dean or department head responsible for the open lab. Information Technology Use Controls The reporting of Information Technology Use violations is the responsibility of every employee and student at CNM. This includes full and part-time employees, all employees who direct the work of one or more individuals, and employees who are in charge of computer labs or other areas containing Information Technology resources and systems. Enforcing this administrative directive begins with recognizing what constitutes a violation and then strategizing and responding to the violation. A 3-Step response to a violation process has been defined and should be used as a tool when a violation occurs. 25.1 The Human Resources Department and the Office of the Dean of Students conduct any necessary investigations for suspected Information Technology use violations. The system administrator, department supervisors/instructors, ITS, and Campus Security serve as consultants in support of investigations. 26. Information Technology Use Violations To maintain the integrity of CNM's Information Technology resources and systems it is necessary to identify common violations that can be addressed quickly to maintain effective technology use at CNM. Common violations are noted in the Violation Matrix and are identified as minor or major. This list is not intended to be all-inclusive but represents the types of offenses that are considered violations under this administrative directive. Category 1 violations are considered minor and Category 2 or 3 violations are identified as major offenses. These violations apply to any device, whether College owned or personal, used to access CNM’s systems and networks. Engaging in activities that violate this, or other administrative directives, may result in loss of access privileges as well as possible disciplinary action. Violation Categories 26.1 Category 1 - Minor Violation A Category 1 (minor offense) is considered a low level offense involving non-threatening action that is offensive or disruptive. Low level offenses can also involve abuse or misuse of CNM technology systems or networks. Minor offenses include such things as drinking or eating in lab settings, or viewing images that may be offensive to another person in the area but are not illegal. 26.1.1 All minor violations
should be addressed using the 3-Step Response to a Violation 26.1.2 Refer to applicable
area directives and College policies and procedures to resolve and 26.1.3 Any employee who is
uncomfortable attempting to resolve a violation should contact an 26.1.4 Notification and
documentation of minor violations are done according to 26.1.5 Repeated minor
violations by an individual can be escalated to a major violation 26.2 Category 2 and Category 3 – Major Violations A Category 2 (major offense) involves suspected violations of international, federal, state, or local law, a system/network performance threat caused by reckless activity, or individuals who do not comply with requests to discontinue unacceptable activities identified as Category 1 (minor) violations. This can include individuals who become physically or verbally abusive in response to a request to discontinue minor violations. A Category 3 (major offense) involves obvious violations of federal, state, or local law or a system/network performance threat caused by intentional activity. In most cases it may be difficult to determine whether a violation is a Category 2 or a Category 3 until the investigation is complete. Although they may appear the same, intentional activity that violates Information Technology Use policy (Category 3) can result in more severe disciplinary action than reckless activity (Category 2 violation). 26.2.1 All Category 2 and
Category 3 (major) violations should be addressed using the 26.2.2 Any emergency
situation that involves risk to an individual and/or property may dictate 26.2.3 Major violations
require the immediate notification of the next level of supervision in the 26.2.4 Any inappropriate
behavior resulting in students being temporarily removed from facilities 26.2.5 Category 2 and 3
Violations require completion of the
Information Technology Use Employee violations are submitted to the Human Resources Department and student violations are submitted to the Office of the Dean of Students. Violations involving individuals from the general public are referred to the Office of the Dean of Students. The Human Resources Department and the Office of the Dean of Students acknowledge receiving Information Technology Use Violation Reports via email response to the submitting individual or area. 26.2.6 The Human
Resources Department or the Office of the Dean of Students conduct
26.2.7 All
documentation and evidence gathered during an investigation is maintained by
the 27. 3-Step Response to a Violation The 3-Step Response to a Violation process is designed to assist CNM employees in responding to an Information Technology use violation. Step 1, Recognize, recommends identification and evaluation of what is actually happening. Step 2, Strategize, involves developing a plan for an appropriate response to the violation. Step 3, Respond, is based upon the category of the violation. Refer to the 3-Step Response to a Violation chart for clarification. 28. Definitions
| ||||||||||||||||||||||||||||||||||||||||
