Information Technology Policies
Authority
Dunwoody’s Chief Technology Officer or their designee is responsible for maintaining this policy and responding to questions regarding this policy. The College reserves the right to amend this policy and to limit or restrict the use of its electronic information resources at its sole discretion.
Scope
This policy applies to all individuals who access, use, or control College electronic resources. Those individuals include but are not limited to faculty, staff, students, those working on behalf of the College, and individuals authorized by affiliated institutions and organizations.
Non-compliance
It is the responsibility of every employee and student to comply with the Information Technology Policies of Dunwoody College of Technology. It is also the responsibility of every employee and student to report any Information Technology Policy Non-Compliance to the Information Technology Department for investigation and resolution. The Information Technology Department will document and process all non-compliance issues.
This policy applies to all employees and students. Non-compliance with this policy will result in appropriate disciplinary action up to and including termination.
Acceptable Use Policy
Consistent with its mission and purpose, Dunwoody provides computing resources to students and employees for instruction, study, academic research, and official College work. To maintain a safe and productive environment for all users, individuals must:
- Comply with all federal, state, and local laws.
- Comply with all Dunwoody rules, policies, contracts, and software license requirements.
- Use only the resources and information they are authorized to access, and only for the purpose and scope for which access was granted.
- Respect the intellectual property, work, privacy, and account security of other users.
- Use College technology resources responsibly and at reasonable levels.
- Protect usernames, passwords, passphrases, ID cards, and authentication methods from unauthorized use.
- Cooperate with IT administrators when contacted about an account, device, security, or system issue.
The following types of activities, although not an exclusive list, are expressly prohibited and may result in appropriate disciplinary action:
- View, damage, transfer, edit or delete other users’ files, or communications without authorization.
- Use Dunwoody-owned or supplied account, credentials, computer, or network to gain unauthorized access into or compromise the security of any computer system in any location.
- Unauthorized and illegal processing, distribution, storage, or sharing of intellectual property or copyrighted material (i.e., music, movies, and software), including the use of unauthorized peer-to-peer file-sharing applications or services, may also be subject to civil and criminal liabilities, including fines and imprisonment.
- Engage in any activity that may be harmful to systems or data stored upon said systems, such as sharing your password or account with others, creating or propagating viruses, worms, and Trojans, or disabling or circumventing anti-malware protections or other protective systems.
- Use Dunwoody-owned or supplied communications system, such as email or voicemail, to threaten, intimidate, or harass others.
- Use Dunwoody-owned or supplied systems or content to distribute political campaign materials or for financial gain, whether personal or commercial, including spam, chain letters, solicitation of business or services, sales of property, etc.
- Abuse email systems, including spoofing sender addresses, impersonating a user or system, or sending unauthorized all-campus email messages.
- Create, store, process, browse, or display any racially offensive, gender-offensive, or likewise obscene material, including pornography.
- Consume network or computer resources to the exclusion of another’s use; for example, overloading the network with legitimate (i.e., file backup, videos, etc.) or illegitimate (i.e., denial of service attack) activities.
- Attach any device or computer not owned or supplied by Dunwoody to the campus network without prior authorization.
- Post or transmit Dunwoody confidential materials, policies, procedures, or protected information on websites, electronic bulletin boards, chat rooms, or other publicly accessible digital media in violation of applicable laws, regulations, College policies, or codes of conduct.
Communication and Collaboration Systems Policy
It is the policy of Dunwoody College of Technology to establish uniform procedures and guidelines pertaining to the operation and utilization of the Communication and Collaboration Systems.
Email, Messaging, Voice mail, Internet, and Other Electronic Communications
The email, messaging, computer, internet, telephone, facsimile, printer, College-owned/provided cell phones, and voice systems are College property. These systems are in place to facilitate our employees’ ability to do their jobs efficiently and productively. To that end, Dunwoody provides these systems for business purposes and use. While occasional use of these systems for personal, non-business use is acceptable, College employees must demonstrate a sense of responsibility and may not abuse system privileges.
All employees should be aware that the College has software systems in place that are capable of monitoring and recording all network traffic to and from any computer employees may use. The College reserves the right to access, review, copy, and delete any information, data, or messages accessed through these systems with or without notice to the employee or in the employee’s absence. The information accessible to the College includes, but is not limited to:
- all email or voicemail messages sent or received,
- all internet or websites visited,
- all chat sessions or electronic bulletin boards participated in,
- all newsgroup activity (including groups visited, messages read, and employee postings), and
- all file transfers into and out of the College’s internal networks.
The College further reserves the right to retrieve previously deleted messages from email or voice mail and monitor usage of the internet, including websites visited and any information employees have downloaded. In addition, the College may review Internet and technology systems activity and analyze usage patterns and may choose to publicize this data to assure that technology systems are devoted to legitimate business purposes. Accordingly, employees should not have any expectation of privacy as to their Internet or technology systems usage and should not use these systems for information they wish to keep private.
Communications and use of email, computers, and Internet, telephone and voice mail systems will be held to the same standard as all other business communications, including compliance with our anti-discrimination and anti-harassment policies. This means that the College does not allow these systems to be used in creating, receiving, sending or storing data that may reasonably be considered to be offensive, defamatory, obscene, or harassing. This data includes, but is not limited to, sexual images and comments, racial and gender-based slurs, or anything that would reasonably be expected to offend someone based on their disability, age, religion, marital status, sexual orientation, political beliefs, national origin, culture or any other factor protected by law. Any such use would violate this policy and may violate other College policies. Additionally, email must not be used to solicit others for commercial ventures, religious or political causes, outside organizations, or other non-business matters. Employees must not use the email or voice mail systems in a way that causes congestion on the systems or that significantly interferes with another employee’s ability to use the systems. The College expects its employees to use good judgment in the use of our college’s systems. Management should be notified of unsolicited, offensive materials received by an employee on any of these systems.
Employees must respect other people’s electronic communications. Employees may not obtain unauthorized access to another’s email or voice mail messages, except pursuant to direction from the College’s executive management and Human Resources for the purposes specified above.
Employees consent to and acknowledge that compliance with email, computer, Internet, telephone, facsimile, printer, pager, cell phone and voice mail policies are a term and condition of employment. Failure to abide by these policies and rules, or failure to consent to any intercepting, monitoring, copying, reviewing or downloading of any communications or files is subject to disciplinary action up to and including termination of employment with the College. Employees should never, without an appropriate Dunwoody-owned license and permission from the College, copy or distribute, including the College email systems, copyrighted material. Copyrighted material includes, but is not limited to, College and third-party software, database files, and documentation.
Employees must not disseminate, forward, copy or send email correspondence or any other communication to anyone or any employee who has no reasonable need to receive such email. Further, email and other communications containing misleading, inaccurate, or inappropriate information or references may constitute misconduct by an employee. Employees should always be mindful of the content of their email and other communications because such communications can be later construed against the employee and the College. Email and electronic communications regarding (i) College products, services, or price quotations, and (ii) vendor quotes for purchase by the College of outside parties’ products or services are often later construed as binding contracts with the College. These situations may cause unintended and substantial damage and obligations for the College. It is very important to avoid these situations. It is College policy that all email and electronic communications regarding the sale of College products or services and the purchase by the College of goods and services must always contain a clear statement that such communications are “for discussion purposes only and not binding on the College.” It is each employee’s responsibility to adhere to the College’s policies regarding purchasing and sales contracts.
Data Privacy Policy
Dunwoody makes reasonable efforts to maintain data privacy; however, there is no guarantee of privacy for files, chats, email messages, or other data stored on or transmitted through College systems or networks. Dunwoody reserves the right for designated College personnel to log, review, retrieve, and examine network traffic and files stored on College systems when necessary, including but not limited to the following situations:
- If the College receives a subpoena in relation to a court proceeding, Dunwoody will comply with electronic discovery laws requiring the disclosure of digital data, including deleted information that has been restored from backup systems.
- If an individual is suspected of or investigated for an infraction of Dunwoody policies or federal, state, or local laws, the Dunwoody IT Department will provide the appropriate data and assistance to the Office of the Dean of Students or Human Resources Department as part of an authorized investigation.
- If requested by a federal, state, or local law enforcement agency as part of an authorized investigation.
Data Storage
Dunwoody College of Technology has established procedures and guidelines for storing and backing up employee data and files on Dunwoody-owned or issued computers. College data, especially confidential or restricted information, must be stored in approved College systems rather than on local hard drives or unauthorized personal storage locations.
Employees are responsible for the data backup of their Dunwoody-owned or issued computer. The IT Department provides each employee with a limited amount of secure disk space on the network for storing work-related data. This secured area is included in the scheduled network backup process. Upon request, the IT Service Desk will provide you with a backup-process document and guidance. It is the responsibility of each employee to ensure that their data is stored in this secure disk space. The IT Department (at its discretion) will review requests for additional disk space should the minimum allowance be exceeded.
In addition to on-premises network storage, Dunwoody provides Microsoft 365 accounts that include OneDrive storage for approved College use. OneDrive and SharePoint may be used as secure storage and collaboration locations when used in accordance with College sharing, access, and data protection requirements.
Should a Dunwoody issued computer encounter a hard drive issue, which makes the hard drive inoperable, the IT Department will make its best effort to access the hard drive whereby the employee may be provided the opportunity to back up their data to the network.
Confidential Information
Dunwoody systems contain confidential and restricted information. All employees are responsible for protecting that information and limiting access to individuals with a legitimate need to know. Employees must not share account credentials and must avoid storing confidential information on personal devices, personal email accounts, unauthorized cloud services, or removable media unless specifically approved. Confidential information must not be sent by unsecured email or automatically forwarded from a Dunwoody email account to a personal email account.
Electronic Data Disposal Policy
All computer systems, electronic devices, and electronic media must be properly sanitized before being transferred outside Dunwoody College, repurposed, or reused within DCT. When electronic storage devices cannot be sanitized, the media must be destroyed using IT-approved vendors and processes. Disposal of electronic equipment is completed on a quarterly schedule or as otherwise directed by IT and Facilities.
Electronic data stored on computer systems and electronic media throughout DCT may include confidential information such as student records, financial data, personnel records, and research information. The College is subject to laws, regulations, copyright requirements, and software license agreements that require appropriate protection of this information. Unauthorized disclosure may expose the College to legal liability, negative publicity, monetary penalties, and loss of funding. This policy outlines responsibilities for carrying out these protective measures.
This policy applies to all departments, faculty, employees, students and contracted personnel that use or maintain DCT information systems or media which contains confidential information. The primary responsibility for sanitizing and/or disposal of data that resides on computer systems or electronic media devices rests with the units that procured, purchased, or leased the electronic media.
Removal of data from a hard drive or other electronic medium means placing the medium in a condition so that the prior data stored on it cannot be read or recovered.
Electronic Media refers to any device that can store data and includes, but is not limited to, computers (servers, desktop, laptop and tablets), disk drives, portable disks, backup tapes, CD-ROMS, flash/thumb drives, portable drives, cell phones and PDAs.
Policy Procedures:
- Deans, directors and department heads are responsible for ensuring proper disposal of any computer related teaching and learning lab equipment in accordance with this policy.
- All College employees are responsible for the proper disposal of non-reusable electronic media, and the removal of sensitive data contained within.
- Software used by IT or vendors responsible for disposal of technology equipment to delete data from computer hard drives must be compliant with Department of Defense standards. Any medium that cannot have its data removed with such software must be physically destroyed.
- The DCT Facilities Department is responsible for the disposition of surplus computer systems and electronic devices that is contracted to a preferred vendor for proper deletion of data and destruction. The vendor must provide DCT Facilities with any destruction of equipment certificate upon removal of technology equipment that may contain sensitive data, such as but not limited to, hard drives, phones, printers, and electronic media.
- Any disposal of computer systems and media must comply with all environmental regulations.
- All confidential College information maintained on electronic media must be carefully removed before the media are made available for re-use within DCT.
Document Retention Policy
The College records of Dunwoody College of Technology are important assets. College records include essentially all records you produce as an employee, whether paper or electronic. A record may be as obvious as a memorandum, an email, a contract, or a case study, or something not as obvious, such as a computerized desk calendar, an appointment book, or an expense record.
The law requires the College to maintain certain types of school records, usually for a specified period. Failure to retain those records for those minimum periods could subject you and the College to penalties and fines, cause the loss of rights, obstruct justice, spoil potential evidence in a lawsuit, place the College in contempt of court, or seriously disadvantage the College in litigation.
The College expects all employees to fully comply with any published records retention or destruction policies and schedules, provided that all employees should note the following general exception to any stated destruction schedule: If you believe, or the College informs you, that College records are relevant to litigation, or potential litigation (i.e., a dispute that could result in litigation), then you must preserve those records until the Legal Counsel determines the records are no longer needed. That exception supersedes any previously or subsequently established destruction schedule for those records. If you believe that exception may apply or have any questions regarding the possible applicability of that exception, please contact Human Resources.
From time to time, the College establishes retention or destruction policies or schedules for specific categories of records to ensure legal compliance and to accomplish other objectives, such as preserving intellectual property and cost management. Several categories of documents that bear special consideration are identified below. While minimum retention periods are suggested, the retention of the documents identified below and of documents not included in the identified categories should be determined primarily by the application of the general guidelines affecting document retention identified above, as well as any other pertinent factors.
Tax Records. Tax records include, but may not be limited to, documents concerning payroll, expenses, proof of deductions, business costs, accounting procedures, and other documents concerning the College’s revenues. Tax records should be retained for at least six years from the date of filing the applicable return.
Employment Records/Personnel Records. State and federal statutes require the College to keep certain recruitment, employment, and personnel information. The College should also keep personnel files that reflect performance reviews and any complaints brought against the College or individual employees under applicable state and federal statutes. The College should also keep all final memoranda and correspondence reflecting performance reviews and actions taken by or against personnel in the employee’s personnel file. Employment and personnel records should be retained for six years.
College Board of Trustees and Board Committee Materials. Meeting minutes should be retained in perpetuity in the College’s minute book. A clean copy of all Board and Board Committee materials should be kept for no less than three years by the College.
Press Releases/Public Filings. The College should retain permanent copies of all press releases and publicly filed documents under the theory that the College should have its own copy to test the accuracy of any document a member of the public can theoretically produce against that College.
Legal Files. Legal counsel & Human Resources should be consulted to determine the retention period of particular documents, but legal documents should generally be maintained for a period of ten years.
Marketing and Sales Documents. The College should keep final copies of marketing and sales documents for the same period of time it keeps other corporate files, generally three years. An exception to the three‐year policy may be sales invoices, contracts, leases, licenses, and other legal documentation. These documents should be kept for at least three years beyond the life of the agreement.
Development/Intellectual Property. Development documents are often subject to intellectual property protection in their final form (e.g., patents and copyrights). The documents detailing the development process are often also of value to the College and are protected as a trade secret where the College:
- derives independent economic value from the secrecy of the information.
- and the College has taken affirmative steps to keep the information confidential.
The College should keep all documents designated as containing trade secret information for at least the life of the trade secret.
Contracts. Final executed copies of all contracts entered into by the College should be retained. The College should retain copies of the final contracts for at least three years beyond the life of the agreement and longer in the case of publicly filed contracts.
Electronic Mail. Email messages that are not college records are considered transitory correspondence. Transitory messages are created primarily for routine communication and should be deleted once they are no longer useful. For instance, an email message that notifies employees of an upcoming meeting would only have value until the meeting is held.
Email messages that are college records are to be kept by:
- printed in hard copy and kept in the appropriate file; or
- downloaded to a computer file and kept electronically or on disk as a separate file. Electronic emails will also be saved internally through backup servers (tapes) periodically for e‐discovery purposes. The retention period depends upon the subject matter of the email, as covered elsewhere in this policy.
- Backups are maintained solely for systems restoration and disaster recovery purposes, not for email retention purposes.
Email is an official communication method at Dunwoody. Users should check their Dunwoody email account regularly and maintain their mailbox. If a mailbox exceeds the allocated storage limit, the mailbox may no longer be able to send or receive email. Forwarding Dunwoody email to a personal email account is prohibited.
If you have issues with or questions about your email account, including messages received in error, missing expected messages, off-campus access, or inability to access your account, contact the IT Service Desk.
Phishing and Other Forms of Social Engineering
Use caution with phishing emails, attachments, links, text messages, QR codes, phone calls, and other forms of social engineering. Phishing messages may appear legitimate and may use spoofed sender addresses, familiar branding, urgent requests, or malicious links and attachments. These attacks may be used to steal credentials, install malware, deploy ransomware, or gain initial access to College systems.
- Ransomware (https://www.microsoft.com/en-us/wdsi/threats/ransomware)
- Phishing (http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx)
Use caution when responding to messages, opening attachments, scanning QR codes, or clicking links. If you are unsure whether a message or website is authentic, contact the IT Service Desk or report the message using the Phish Alert Button so IT can review and respond. Never enter your username, password, passphrase, or multifactor authentication information unless you have verified the legitimacy of the request.
Internet Filters and Blocked Websites
To comply with laws such as the Higher Education Opportunity Act (HEOA), secure, confidential information, and guard against issues such as harassment and malware, Dunwoody actively filters traffic to and from the internet. The leadership of Dunwoody approved these filters, and the filters exist to protect Dunwoody and its employees and students from individuals and organizations that intend to do harm. Employees and students should not attempt to circumvent these filters. If there is something on the internet that you cannot do, discuss your needs with the IT Help Desk or the Dean of Students.
Student Laptops
Everyone at Dunwoody receives a laptop, except for programs that offer Bring Your Own Device (BYOD). You must sign a legally binding contract and return the laptop when the relationship with Dunwoody ends or when directed by the IT Department for replacement. Anyone may bring a personal laptop or tablet to campus and connect that device to the guest Wi-Fi network; however, all work or school-related data must be saved securely on Dunwoody resources and not on personal laptops, tablets, or storage devices. Dunwoody will not reimburse for the purchase or use of a personal laptop or tablet. If your laptop is stolen, you must file a police report, and provide a copy of the report to the IT Service Desk. Once the police report is verified by the IT Service Desk, they will prepare a new laptop for the user. Students are responsible for paying a stolen laptop fee up to $800, which is refundable only if the laptop is returned.
Passwords
The security of Dunwoody College of Technology user accounts has become critically important with the increasing growth of online information, services, and resources that rely on centrally issued accounts for authentication and authorization. It is the responsibility of both the institution and the individual user to safeguard the security and integrity of each person’s identity and guard against unauthorized access and use of their account.
The password for an individual’s account is the sole key for protecting that account and the Dunwoody resources that the account can access. It proves their identity, authorizes them to access and control important personal and institutional information, grants rights to licensed resources and allows others to trust the identity of the person linked to their assigned user account. Therefore, the strength and privacy of that password are of paramount importance.
Employees are responsible for safeguarding their passwords for access to the communication system. Individual passwords must not be printed, stored online, or given to others.
Identify and Verification Policy
Before distributing user credentials to a student or employee at Dunwoody College of Technology, the members of the Information Technology department shall verify said person’s identity using one of three methods. If IT cannot positively identify the user, IT cannot distribute the user credentials.
Method 1: In-person
If the user is at the IT Service Desk in Green 70, members shall use the user’s Dunwoody-issued ID or a government-issued ID (E.g., driver’s license, state-issued identity card, passport, etc.) to verify the identity the user.
Method 2: Video
If the user is unable to appear in-person, IT will attempt to contact the user via video conferencing technology with cameras. Upon a successful connection, the user shall present an appropriate picture ID card, such as their Dunwoody or government issued ID, along with their face.
Method 3: Personally Identifiable Information
If the user contacts IT by telephone, IT must verify the identity of the user using three forms of personally identifiable information before proceeding with a telephone request. The answers from the user must match the information Dunwoody has on file. The following list includes (but is not exclusive to) permitted identifying information:
• Student ID Number
• Birthdate
• Last 4 digits of Social Security Number
• Home Address
• Home Phone Number
• Mobile Phone Number
• High School
Password Policy
All user accounts require authentication that meets current Dunwoody security requirements. Passwords and passphrases must meet the following minimum standards unless a system requires stronger controls:
- Length: Passwords or passphrases must be at least 14 characters long.
- Complexity: Must contain at least three of the following four categories:
- English uppercase characters (A - Z)
- English lowercase characters (a – z)
- Digits (0-9)
- Non-alphanumeric (e.g., !@#$^*)(_=<>&%+)
- Strength: Users are encouraged to use longer passphrases that are memorable, unique, and difficult to guess.
- Uniqueness: Dunwoody passwords and passphrases must not be reused for personal or non-Dunwoody accounts.
- Name: Passwords and passphrases cannot contain three or more consecutive characters from the user’s first name, last name, or username.
- Expiration: Passwords should be changed when required by system policy, when compromise is suspected, or when directed by the IT Department.
- Lockout: Excessive unsuccessful login attempts must trigger an account lockout or other protective control.
- History: Passwords cannot be the same as the last 12 passwords used.
- Inactivity Timeout: Sessions should be disabled after 60 minutes of inactivity where technically feasible.
How to Create Strong Passwords:
A strong password can be memorable to you but is nearly impossible for someone else to guess. Learn what makes a good password, and then follow these tips to create your own:
- Make your password unique. Use a different password for each of your personal accounts.
- Make your password longer and more memorable. Spaces are allowed, so feel free to use a phrase such as a lyric from a song or quote from a movie or speech.
- Use letters, numbers, and symbols. Learn to incorporate letters, numbers, and symbols into your phrase so it is not so easily guessed.
- Bad example: “4s&7ya”. Small number of characters along with no spacing.
- Good example: “four score and seven years”. Large number of characters along with spacing.
- Avoid personal information and common words. Avoid creating passwords from info that others might know or could easily find out.
Creating Strong Passphrases
A passphrase is a longer form of password made up of multiple words, spaces, and optional symbols. A strong passphrase is easier to remember than a short complex password and is often more resistant to guessing or brute-force attacks when it is long, unique, and not based on common phrases or personal information.
When creating a passphrase, use random words or an uncommon phrase that is meaningful only to you. Avoid quotes, song lyrics, common sayings, personal details, predictable substitutions, or anything that could be easily guessed. A passphrase should be unique for each account and should not be reused across College and personal services.
- Use at least 14 characters; longer is better where supported.
- Use several unrelated words, spaces, and optional symbols or numbers.
- Avoid popular phrases, song lyrics, names, dates, sports teams, or other personal information.
- Do not reuse a passphrase for multiple accounts.
- Use a College-approved password manager when available and appropriate.
- Change a passphrase immediately if you believe it may have been exposed or compromised.
Employee Personal Hardware & Software Policy
It is the policy of Dunwoody College of Technology to establish uniform procedures and guidelines for personal hardware and software. Personal hardware, peripherals, or software may not be installed on Dunwoody computers unless specifically approved by the Information Technology Department. Dunwoody-owned hardware, peripherals, software, and internally developed programs are College property and must be purchased, installed, managed, and supported through approved IT procurement and support processes. This policy helps reduce equipment and software failures, prevent data loss, limit cybersecurity risk, and protect access to College data and systems.
Personal Hardware & Software Procedures
The Information Technology Department prohibits installing Dunwoody-licensed software on personal devices unless expressly permitted by license terms and approved by IT. Likewise, personally licensed software may not be installed on Dunwoody-owned hardware without IT approval. Unauthorized personal hardware, peripherals, or software may be removed, and Human Resources may be notified of policy non-compliance.
The Information Technology Department is not responsible for the backup or restoration of personal software before removal.
Peer to Peer (P2P) File Sharing Policy
Dunwoody College of Technology has established this policy to maintain student and employee compliance with the Higher Education Opportunity Act (HEOA) P2P File Sharing requirement.
Dunwoody College of Technology employs technical deterrents against P2P File Sharing within the Dunwoody network. The deterrents include blocking P2P network traffic, shaping bandwidth to some Internet sites, monitoring traffic to identify the largest users of Internet bandwidth, and the Dunwoody College Information Technology department will periodically scan each laptop for P2P File Sharing software.
If the scan finds P2P File Sharing software, the Dunwoody College Information Technology department will remove said software and notify the Office of the Dean of Students of its policy non-compliance.
Non-compliance with this policy will result in appropriate disciplinary action up to and including expulsion. Furthermore, Dunwoody reserves the right to initiate a legal investigation.
The College provides access to alternative legal sites for images and music but does not provide pay-for-use subscriptions. Sites made available include, but are not limited to, iTunes, YouTube, and Hulu. Images and music obtained through documented legal procurement on Dunwoody computers for the purpose of entertainment are permissible within the scope of this policy.
Copyright infringement is the act of exercising, without permission or legal authority, one or more of the exclusive rights granted to the copyright owner under section 106 of the Copyright Act (Title 17 of the United States Code). These rights include the right to reproduce or distribute a copyrighted work. In the file-sharing context, downloading or uploading substantial parts of a copyrighted work without authority constitutes an infringement.
Penalties for copyright infringement include civil and criminal penalties. In general, anyone found liable for civil copyright infringement may be ordered to pay either actual damages or “statutory” damages affixed at not less than $750 and not more than $30,000 per work infringed. For “willful” infringement, a court may award up to $150,000 per work infringed. A court can, in its discretion, also assess costs and attorneys ‘fees. For details, see Title 17, United States Code, Sections 504, 505.
Willful copyright infringement can also result in criminal penalties, including imprisonment of up to five years and fines of up to $250,000 per offense.
For more information, please see the website of the US Copyright Office, especially their FAQs.
Specialized Software
The IT Department acquires, approves, and manages software used by the organization, whether purchased, donated, licensed, or provided as a cloud-based service. This policy ensures software is properly licensed, documented, supported, secured, and compatible with Dunwoody systems. Requests for additional software should be submitted to the IT Service Desk before purchase or installation because an existing license or approved alternative may already be available. Software purchased or installed outside approved processes may not be reimbursed or supported.