Information Technology Policies
Acceptable Use Policy
In accordance with its mission and purpose, Dunwoody provides computing resources to Dunwoody students and employees. These resources are for instruction, study, academic research, and the official work of college organizations and offices. To maintain a safe and productive environment for all users of these computing resources you must:
- Comply with all federal, state, and local laws
- Comply with all Dunwoody rules, policies, and applicable contracts and licenses
- Use only those resources and information that they are authorized to use in the manner and extent to which access was authorized
- Respect the intellectual property, work, and privacy of other users and accounts
- Respect the capacity of these resources by limiting use to reasonable levels
- Protect your username, password, and IDs from unauthorized use
- Cooperate with administrators if presented with information regarding an issue with their account or systems
The following types of activities, although not an exclusive list, are specifically prohibited and may result in appropriate disciplinary action:
- View, damage, transfer, edit or delete other users’ files, or communications without authorization
- Use Dunwoody-owned/supplied account, credentials, computer, and/or network to gain unauthorized access into, or compromise the security of any computer system in any location
- Unauthorized and illegal processing, distribution, storage, and/or sharing of intellectual property and/or copyrighted material (i.e., music, movies, and software), including the use of unauthorized peer-to-peer file-sharing applications or services, may also be subject to civil and criminal liabilities including fines and/or imprisonment
- Engage in any activity that may be harmful to systems or data stored upon said systems, such as sharing your password or account with others, creating or propagating viruses, worms, or Trojans or disabling or circumventing anti-malware protections and/or protective systems
- Use Dunwoody-owned/supplied communications system, such as email or voicemail, to threaten, intimidate, or harass others
- Use Dunwoody-owned/supplied systems or content for the distribution of political campaign materials or for financial gain, whether personal or commercial, including spam, chain letters, solicitation of business or services, sales of property, etc.
- Abuse of email systems including spoofing sender addresses, forging the identity of a user or machine in an e-mail message, and/or sending unauthorized all-campus email messages
- Create, store, process, browse, or display any racially-offensive, gender-offensive or likewise obscene material including pornography
- Consume network or computer resources to the exclusion of another’s use; for example, overloading the network with legitimate (i.e., file backup, videos, etc.) or illegitimate (i.e., denial of service attack) activities
- Attach any device or computer not owned or supplied by Dunwoody to the campus network without prior authorization
- Post or transmit Dunwoody’s confidential materials, policies, or procedures on websites, electronic bulletin boards, chat rooms, and/or other publicly accessible digital media, which violate existing laws, regulations, or Dunwoody’s policies or codes of conduct
It is the policy of Dunwoody College of Technology to establish uniform procedures and guidelines pertaining to the backup of employee data/files on Dunwoody owned or issued computers. Employees are responsible for the data backup of their Dunwoody owned or issued computer. The IT Department provides each employee a limited amount of secure disk space on the network for storing work-related data. This secured area is included in the scheduled network backup process. Upon request, the IT Service Desk will provide you with a backup-process document and guidance. It is the responsibility of each employee to ensure that his or her data are stored in this secure disk space. The IT Department (at its discretion) will review requests for additional disk space should the minimum allowance be exceeded.
In addition to on premise network storage, Dunwoody provides everyone with an Office 365 account, which allows 1TB of storage in OneDrive and can be used as a secure backup location to store data.
Should a Dunwoody issued computer encounter a hard drive issue, which makes the hard drive inoperable, the IT Department will make its best effort to access the hard drive whereby the employee may be provided the opportunity to backup their data to the network.
As a benefit of a network account, every user has access to network storage for use, and no one else has the rights necessary to access this individual space. One of the uses of this space is to store any files that contain confidential information.
Electronic Communication Policy
It is the policy of Dunwoody College of Technology to establish uniform procedures and guidelines pertaining to the operation and utilization of the Company Electronic Communication System.
E-mail, Voice mail, Internet, and Other Electronic Communications
The e-mail, computer, Internet, telephone, facsimile, printer, College owned/provided pagers and cell phones, and voice systems are College property. These systems are in place to facilitate our employee’s ability to do their jobs efficiently and productively. To that end, these systems are provided for business purposes and use. While occasional use of these systems for personal, non-business use is acceptable, College employees must demonstrate a sense of responsibility and may not abuse system privileges.
All employees should be aware that the College has software systems in place that are capable of monitoring and recording all network traffic to and from any computer employees may use. The College reserves the right to access, review, copy, and delete any information, data or messages accessed through these systems with or without notice to the employee and/or in the employee’s absence. This includes, but is not limited to, all e-mail or voice-mail messages sent or received, all Internet or web sites visited, all chat sessions or electronic bulletin boards participated in, all news group activity (including groups visited, messages read and employee postings), and all file transfers into and out of the College’s internal networks. The College further reserves the right to retrieve previously deleted messages from e-mail or voice mail and monitor usage of the Internet, including web sites visited and any information employees have downloaded. In addition, the College may review Internet and technology systems activity and analyze usage patterns, and may choose to publicize this data to assure that technology systems are devoted to legitimate business purposes. Accordingly, employees should not have any expectation of privacy as to their Internet or technology systems usage and should not use these systems for information they wish to keep private.
Communications and use of e-mail, computers, and Internet, telephone and voice mail systems will be held to the same standard as all other business communications, including compliance with our anti-discrimination and anti-harassment policies. This means that the College does not allow these systems to be used in creating, receiving, sending or storing data that may reasonably be considered to be offensive, defamatory, obscene, or harassing. This data includes, but is not limited to, sexual images and comments, racial and gender based slurs, or anything that would reasonably be expected to offend someone based on their disability, age, religion, marital status, sexual orientation, political beliefs, national origin, culture or any other factor protected by law. Any such use would violate this policy and may violate other College policies. Additionally, e-mail must not be used to solicit others for commercial ventures, religious or political causes, outside organizations, or other non-business matters. Employees must not use the e-mail or voice mail systems in a way that causes congestion on the systems or that significantly interferes another employee’s ability to use the systems. The College expects its employees to use good judgment in the use of our College’s systems. Management should be notified of unsolicited, offensive materials received by an employee on any of these systems.
Employees must respect other people’s electronic communications. Employees may not obtain unauthorized access to another’s e-mail or voice mail messages, except pursuant to direction from the College’s executive management and Human Resources for the purposes specified above.
Employees consent to and acknowledge that, compliance with e-mail, computer, Internet, telephone, facsimile, printer, pager, cell phone and voice mail policies are a term and condition of employment. Failure to abide by these policies and rules, or failure to consent to any intercepting, monitoring, copying, reviewing or downloading of any communications or files is subject to disciplinary action up to and including termination of employment with the College. Employees should never, without an appropriate Dunwoody owned license and permission from the College, copy or distribute, including the College e-mail systems, copyrighted material. Copyrighted material includes, but is not limited to, College and third party software, database files, and documentation.
Employees must not disseminate, forward, copy or send e-mail correspondence or any other communication to anyone or any employee who has no reasonable need to receive such e-mail. Further, e-mail and other communications containing misleading, inaccurate or inappropriate information or references may constitute misconduct by an employee. Employees should always be mindful of the content of e-mail and other communications because such communications can be later construed against the employee and the College. E-mail and electronic communications regarding (i) College products, services or price quotations, and (ii) quotes for purchase by the College of outside parties’ products or services, are often later construed as binding contracts with the College. These situations may cause unintended and substantial damage and/or obligations for the College. It is very important to avoid these situations. It is College policy that all e-mail and electronic communications regarding the sale of College products or services and the purchase by the College of goods and services must always contain a clear statement that such communications are “for discussion purposes only and not binding on the College.” It is each employee’s responsibility to adhere to the College’s policies with regard to purchasing and sales contracts.
Dunwoody makes reasonable efforts to maintain data privacy and, as a rule, Dunwoody employees will not read your email or files; however, there is no guarantee of data privacy for files and email stored on, or transmitted across, the College systems or network. Furthermore, Dunwoody reserves the right for designated members of the College’s staff to log and examine traffic on the College’s network and to retrieve and examine files stored on the College’s systems whenever necessary, particularly – but not exclusively – in the following situations:
- If the College receives a subpoena in relation to a court proceeding, Dunwoody will comply with electronic discovery laws requiring the disclosure of digital data, including deleted information that has been restored from backup systems.
- If an individual is suspected of or investigated for an infraction of federal, state, or local laws, or Dunwoody policies, the Dunwoody IT Department will provide the appropriate data and assistance to the Office of the Dean of Students or Human Resources Department as part of an authorized investigation.
- If requested by a federal, state, or local law enforcement agency as part of an authorized investigation.
Email is the official communication method at Dunwoody. You should check your Dunwoody email account daily, and make sure you are maintaining your mailbox. If you allow your mailbox to increase in size over the allocated storage limit, the mailbox will no longer send and receive email. Forwarding emails to a personal email account is against policy at Dunwoody.
If you have any issues with or questions about their email account, such as receiving messages in error, not receiving expected messages, accessing email from off-campus, or inability to access your email account, contact the IT Service Desk.
Phishing and other Forms of Social Engineering
Beware of phishing email messages, attachments, links or phone calls. Phishing emails have dramatically increased in recent years and many of them are legitimate looking – often with a spoofed sender address and embedded company logo in the email, attached document or link. Phishing campaigns have evolved to incorporate installation of malware and ransomware as the second stage of the attack - all with the intent to gain an initial foothold into a computer or network. Education and proper backups are key to fighting these threats. See links below for example sand information on ransomware and phishing:
- Ransomware (https://www.microsoft.com/en-us/wdsi/threats/ransomware)
- Phishing (http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx)
Use caution when responding to emails, opening attachments or clicking links. If you are unsure of the authenticity of an email, please contact the IT Service Desk or forward the email to email@example.com so we can verify. In addition, remember, never enter your username and password unless you have verified authenticity of the email or website and never open an unsolicited attachment from your email.
Internet Filters and Blocked Websites
To comply with laws such as the Higher Education Opportunity Act (HEOA), secure confidential information, and guard against issues such as harassment and malware, Dunwoody actively filters traffic to and from the Internet. The leadership of Dunwoody approved these filters, and the filters exist to protect Dunwoody and its employees and students from individuals and organizations that intend to do harm. Employees and students should not attempt to circumvent these filters. If there is something on the Internet that you cannot do, discuss your needs with the IT Help Desk or the Dean of Students.
Everyone at Dunwoody receives a laptop, with the exception of programs that offer Bring Your Own Device (BYOD). You must sign a legally binding contract and return the laptop when the relationship with Dunwoody ends or when directed by the IT Department for replacement. Anyone may bring a personal laptop or tablet to campus and connect that device to the guest Wi-Fi network; however, all work or school related data must be saved securely on Dunwoody resources and not on personal laptops, tablets or storage devices. Dunwoody will not reimburse for the purchase or use of a personal laptop or tablet. If your laptop is stolen, you must file a police report, and provide a copy of the report to the IT Service Desk. Once the police report is verified by the IT Service Desk, they will prepare a new laptop for the user. Students are responsible for paying a stolen laptop fee up to $800, which is refundable only if the laptop is returned.
It is the policy of Dunwoody College of Technology to establish uniform procedures pertaining to Information Technology Policy Non-Compliance. It is the responsibility of every employee and student to be in compliance with the Information Technology Policies of Dunwoody College of Technology. In addition, it is the responsibility of every employee and student to report any Information Technology Policy Non-Compliance to the Information Technology Department for investigation and resolution. The Information Technology Department will document and process all non-compliance issues per the policy implementation steps above.
This policy applies to all employees and students.
- The Dunwoody College of Technology Information Technology Department will complete the “Information Technology Non-Compliance Form” when they encounter an employee or student whom they believe is not compliant with one or more of the Information Technology Policies.
- The “Information Technology Non-Compliance Form” will then be directed to the Information Technology Director/Manager for review and signature.
- The Information Technology Director/Manager will forward the signed form to either the Human Resources Director (employee) or the Dean of Learning (student).
- The Human Resources Director or Dean of Learning will review the non-compliance and take the appropriate actions per their guidelines.
- The Information Technology Non-Compliance form will be completed detailing the resolution and signed by the Human Resources Director or Dean of Learning who is responsible for the case.
- The completed Information Technology Non-Compliance form will be filed in the employee or student folder.
The security of Dunwoody College of Technology user accounts has become critically important with the increasing growth of on-line information, services, and resources that rely on centrally issued accounts for authentication and authorization. It is the responsibility of both the institution and the individual user to safeguard the security and integrity of each person's identity and guard against unauthorized access and use of their account.
The password for an individual's account is the sole key for protecting that account and the Dunwoody resources that the account can access. It proves their identity, authorizes them to access and control important personal and institutional information, grants rights to licensed resources, and allows others to trust the identity of the person linked to their assigned user account. Therefore, the strength and privacy of that password is of paramount importance.
Reason for This Policy
This policy specifies certain minimum components for a strong password, and requirements for maintaining the privacy of a user account password. As part of this policy, BCIT will create and maintain information for users on recommendations and resources for password strength and management best practices.
Who Is Responsible for This Policy
Dunwoody's Vice President for Administration or her designee is responsible for the maintenance of this policy and for responding to questions regarding this policy. The College reserves the right to amend this policy and to limit or restrict the use of its electronic information resources at its sole discretion.
Who Is Governed by This Policy
This policy applies to all individuals who access, use, or control College electronic resources. Those individuals include, but are not limited to faculty, staff, students, those working on behalf of the College, and individuals authorized by affiliated institutions and organizations.
All user accounts require a password that meets the following requirements:
- Length: The password must be at least 8 characters long
- Complexity: Must contain at least 3 of the following four categories:
- An English uppercase characters (A - Z)
- An English lowercase characters (a – z)
- A Number
- A Non-alphanumeric (e.g., !@#$^*)(_=<>&%+)
- Name: Passwords cannot contain 3 or more consecutive characters from the user’s first name, last name or username.
- Expiration: Passwords should be changed by Employees and IT Administrators at least every 4 months due to their access to sensitive information.
- Lockout: 30 or more unsuccessful logins must lockout the account for at least 25 hours.
- History: Passwords cannot be the same as the last 12 passwords used
- Inactivity Timeout: Sessions should be disabled after 60 minutes of inactivity
How to Create Strong Passwords:
A strong password can be memorable to you but is nearly impossible for someone else to guess. Learn what makes a good password, and then follow these tips to create your own:
- Make your password unique. Use a different password for each of your personal accounts.
- Make your password longer and more memorable. Spaces are allowed, so feel free to use a phrase such as a lyric from a song or quote from a movie or speech.
- Use letters, numbers, and symbols. Learn to incorporate letters, numbers, and symbols into your phrase, so it is not so easily guessed.
- Good example: “4Score a&nd 7yrsAgo.”
- Bad example: “four score and seven years ago.”
- Avoid personal information and common words. Avoid creating passwords from info that others might know or could easily find out.
The sharing of passwords is prohibited. If there is a need to share a password, i.e., an administrator or superuser account, compensating controls approved by Dunwoody IT must be used to ensure that every authentication can be associated with a uniquely responsible user.
Personal Hardware & Software Policy
It is the policy of Dunwoody College of Technology to establish uniform procedures and guidelines pertaining to personal hardware and software. No personal hardware, peripherals or software are allowed on Dunwoody computers. All hardware, peripherals and software of any kind, including in-house developed programs are the sole property of Dunwoody College. Any hardware, peripheral or software must be purchased and installed by the Information Technology Department per the Procurement of Hardware, Peripherals and Software Policy. With respect to software and data files, personal digital images and music are considered non compliance to this policy. This policy is enforced to reduce problems with equipment, software failure, damage to data files and the introduction of viruses. To restrict access to Dunwoody College data and/or programs and to prevent virus transmission; disks, tapes and emails belonging to Dunwoody College are not to be used in personal home computers.
This policy applies to all employees.
- The Dunwoody College Information Technology department will periodically scan each desktop and laptop for personal software and hardware. Any personal hardware, peripheral and/or software that are found will be removed. Human Resources will be notified of the non-compliance.
- The Information Technology Department is not responsible for the backup or restoration of personal software before removal.
- Non-compliance with this policy will result in appropriate disciplinary action up to and including termination.
Peer to Peer (P2P) File Sharing Policy
Dunwoody College of Technology has established this policy to maintain student and employee compliance to the HEOA P2P File Sharing requirement.
Dunwoody College of Technology employs technical deterrents against P2P File Sharing within the Dunwoody network. The deterrents include blocking P2P network traffic, shaping bandwidth to some Internet sites, monitoring traffic to identify the largest users of Internet bandwidth, and the Dunwoody College Information Technology department will periodically scan each laptop for P2P File Sharing software.
If the scan finds P2P File Sharing software, the Dunwoody College Information Technology department will remove said software and notify the Office of the Dean of Students of its policy non-compliance.
Non-compliance with this policy will result in appropriate disciplinary action up to and including expulsion. Furthermore, Dunwoody reserves the right to initiate a legal investigation.
The College provides access to alternative legal sites for images and music, but does not provide pay-for-use subscriptions. Sites made available include, but are not limited to, iTunes, YouTube, and Hulu. Images and music obtained through documented legal procurement on Dunwoody computers for the purpose of entertainment are permissible within the scope of this policy.
Copyright infringement is the act of exercising, without permission or legal authority, one or more of the exclusive rights granted to the copyright owner under section 106 of the Copyright Act (Title 17 of the United States Code). These rights include the right to reproduce or distribute a copyrighted work. In the file-sharing context, downloading or uploading substantial parts of a copyrighted work without authority constitutes an infringement.
Penalties for copyright infringement include civil and criminal penalties. In general, anyone found liable for civil copyright infringement may be ordered to pay either actual damages or “statutory” damages affixed at not less than $750 and not more than $30,000 per work infringed. For “willful” infringement, a court may award up to $150,000 per work infringed. A court can, in its discretion, also assess costs and attorneys ‘fees. For details, see Title 17, United States Code, Sections 504, 505.
Willful copyright infringement can also result in criminal penalties, including imprisonment of up to five years and fines of up to $250,000 per offense.
The IT Department acquires all software used in the organization, whether purchase or donation. This policy ensures that these assets are properly booked and licensed and that IT has sufficient resources available for the software to run properly in our environment. Any need for additional software should be discussed with the IT Service Desk since we may already have a license for the specific application. You will not be reimbursed for software purchased through other means.