Information Technology Policies
Acceptable Use Policy
In accordance with its mission and purpose, Dunwoody provides computing resources to Dunwoody students and employees. These resources are for instruction, study, academic research, and the official work of college organizations and offices. To maintain a safe and productive environment for all users of these computing resources you must:
- Comply with all federal, state, and local laws
- Comply with all Dunwoody rules, policies, and applicable contracts and licenses
- Use only those resources and information that they are authorized to use in the manner and extent to which access was authorized
- Respect the intellectual property, work, and privacy of other users and accounts
- Respect the capacity of these resources by limiting use to reasonable levels
- Protect your username, password, and IDs from unauthorized use
- Cooperate with administrators if presented with information regarding an issue with their account or systems
The following types of activities, although not an exclusive list, are specifically prohibited and may result in appropriate disciplinary action:
- View, damage, transfer, edit or delete other users’ files, or communications without authorization
- Use Dunwoody-owned/supplied account, credentials, computer, and/or network to gain unauthorized access into, or compromise the security of any computer system in any location
- Unauthorized and illegal processing, distribution, storage, and/or sharing of intellectual property and/or copyrighted material (i.e., music, movies, and software), including the use of unauthorized peer-to-peer file-sharing applications or services, may also be subject to civil and criminal liabilities including fines and/or imprisonment
- Engage in any activity that may be harmful to systems or data stored upon said systems, such as sharing your password or account with others, creating or propagating viruses, worms, or Trojans or disabling or circumventing anti-malware protections and/or protective systems
- Use Dunwoody-owned/supplied communications system, such as email or voicemail, to threaten, intimidate, or harass others
- Use Dunwoody-owned/supplied systems or content for the distribution of political campaign materials or for financial gain, whether personal or commercial, including spam, chain letters, solicitation of business or services, sales of property, etc.
- Abuse of email systems including spoofing sender addresses, forging the identity of a user or machine in an e-mail message, and/or sending unauthorized all-campus email messages
- Create, store, process, browse, or display any racially-offensive, gender-offensive or likewise obscene material including pornography
- Consume network or computer resources to the exclusion of another’s use; for example, overloading the network with legitimate (i.e., file backup, videos, etc.) or illegitimate (i.e., denial of service attack) activities
- Attach any device or computer not owned or supplied by Dunwoody to the campus network without prior authorization
- Post or transmit Dunwoody’s confidential materials, policies, or procedures on websites, electronic bulletin boards, chat rooms, and/or other publicly accessible digital media, which violate existing laws, regulations, or Dunwoody’s policies or codes of conduct
It is the policy of Dunwoody College of Technology to establish uniform procedures and guidelines pertaining to the backup of employee data/files on Dunwoody owned or issued computers. Employees are responsible for the data backup of their Dunwoody owned or issued computer. The IT Department provides each employee a limited amount of secure disk space on the network for storing work-related data. This secured area is included in the scheduled network backup process. Upon request, the IT Service Desk will provide you with a backup-process document and guidance. It is the responsibility of each employee to ensure that his or her data are stored in this secure disk space. The IT Department (at its discretion) will review requests for additional disk space should the minimum allowance be exceeded.
In addition to on premise network storage, Dunwoody provides everyone with an Office 365 account, which allows 1TB of storage in OneDrive and can be used as a secure backup location to store data.
Should a Dunwoody issued computer encounter a hard drive issue, which makes the hard drive inoperable, the IT Department will make its best effort to access the hard drive whereby the employee may be provided the opportunity to backup their data to the network.
As a benefit of a network account, every user has access to network storage for use, and no one else has the rights necessary to access this individual space. One of the uses of this space is to store any files that contain confidential information.
Electronic Communication Policy
It is the policy of Dunwoody College of Technology to establish uniform procedures and guidelines pertaining to the operation and utilization of the Company Electronic Communication System.
E-mail, Voice mail, Internet, and Other Electronic Communications
The e-mail, computer, Internet, telephone, facsimile, printer, College owned/provided pagers and cell phones, and voice systems are College property. These systems are in place to facilitate our employee’s ability to do their jobs efficiently and productively. To that end, these systems are provided for business purposes and use. While occasional use of these systems for personal, non-business use is acceptable, College employees must demonstrate a sense of responsibility and may not abuse system privileges.
All employees should be aware that the College has software systems in place that are capable of monitoring and recording all network traffic to and from any computer employees may use. The College reserves the right to access, review, copy, and delete any information, data or messages accessed through these systems with or without notice to the employee and/or in the employee’s absence. This includes, but is not limited to, all e-mail or voice-mail messages sent or received, all Internet or web sites visited, all chat sessions or electronic bulletin boards participated in, all news group activity (including groups visited, messages read and employee postings), and all file transfers into and out of the College’s internal networks. The College further reserves the right to retrieve previously deleted messages from e-mail or voice mail and monitor usage of the Internet, including web sites visited and any information employees have downloaded. In addition, the College may review Internet and technology systems activity and analyze usage patterns, and may choose to publicize this data to assure that technology systems are devoted to legitimate business purposes. Accordingly, employees should not have any expectation of privacy as to their Internet or technology systems usage and should not use these systems for information they wish to keep private.
Communications and use of e-mail, computers, and Internet, telephone and voice mail systems will be held to the same standard as all other business communications, including compliance with our anti-discrimination and anti-harassment policies. This means that the College does not allow these systems to be used in creating, receiving, sending or storing data that may reasonably be considered to be offensive, defamatory, obscene, or harassing. This data includes, but is not limited to, sexual images and comments, racial and gender based slurs, or anything that would reasonably be expected to offend someone based on their disability, age, religion, marital status, sexual orientation, political beliefs, national origin, culture or any other factor protected by law. Any such use would violate this policy and may violate other College policies. Additionally, e-mail must not be used to solicit others for commercial ventures, religious or political causes, outside organizations, or other non-business matters. Employees must not use the e-mail or voice mail systems in a way that causes congestion on the systems or that significantly interferes another employee’s ability to use the systems. The College expects its employees to use good judgment in the use of our College’s systems. Management should be notified of unsolicited, offensive materials received by an employee on any of these systems.
Employees must respect other people’s electronic communications. Employees may not obtain unauthorized access to another’s e-mail or voice mail messages, except pursuant to direction from the College’s executive management and Human Resources for the purposes specified above.
Employees consent to and acknowledge that, compliance with e-mail, computer, Internet, telephone, facsimile, printer, pager, cell phone and voice mail policies are a term and condition of employment. Failure to abide by these policies and rules, or failure to consent to any intercepting, monitoring, copying, reviewing or downloading of any communications or files is subject to disciplinary action up to and including termination of employment with the College. Employees should never, without an appropriate Dunwoody owned license and permission from the College, copy or distribute, including the College e-mail systems, copyrighted material. Copyrighted material includes, but is not limited to, College and third party software, database files, and documentation.
Employees must not disseminate, forward, copy or send e-mail correspondence or any other communication to anyone or any employee who has no reasonable need to receive such e-mail. Further, e-mail and other communications containing misleading, inaccurate or inappropriate information or references may constitute misconduct by an employee. Employees should always be mindful of the content of e-mail and other communications because such communications can be later construed against the employee and the College. E-mail and electronic communications regarding (i) College products, services or price quotations, and (ii) quotes for purchase by the College of outside parties’ products or services, are often later construed as binding contracts with the College. These situations may cause unintended and substantial damage and/or obligations for the College. It is very important to avoid these situations. It is College policy that all e-mail and electronic communications regarding the sale of College products or services and the purchase by the College of goods and services must always contain a clear statement that such communications are “for discussion purposes only and not binding on the College.” It is each employee’s responsibility to adhere to the College’s policies with regard to purchasing and sales contracts.
Dunwoody makes reasonable efforts to maintain data privacy and, as a rule, Dunwoody employees will not read your email or files; however, there is no guarantee of data privacy for files and email stored on, or transmitted across, the College systems or network. Furthermore, Dunwoody reserves the right for designated members of the College’s staff to log and examine traffic on the College’s network and to retrieve and examine files stored on the College’s systems whenever necessary, particularly – but not exclusively – in the following situations:
- If the College receives a subpoena in relation to a court proceeding, Dunwoody will comply with electronic discovery laws requiring the disclosure of digital data, including deleted information that has been restored from backup systems.
- If an individual is suspected of or investigated for an infraction of federal, state, or local laws, or Dunwoody policies, the Dunwoody IT Department will provide the appropriate data and assistance to the Office of the Dean of Students or Human Resources Department as part of an authorized investigation.
- If requested by a federal, state, or local law enforcement agency as part of an authorized investigation.
Email is the official communication method at Dunwoody. You should check your Dunwoody email account daily, and make sure you are maintaining your mailbox. If you allow your mailbox to increase in size over the allocated storage limit, the mailbox will no longer send and receive email. Forwarding emails to a personal email account is against policy at Dunwoody.
If you have any issues with or questions about their email account, such as receiving messages in error, not receiving expected messages, accessing email from off-campus, or inability to access your email account, contact the IT Service Desk.
Phishing and other Forms of Social Engineering
Beware of phishing email messages, attachments, links or phone calls. Phishing emails have dramatically increased in recent years and many of them are legitimate looking – often with a spoofed sender address and embedded company logo in the email, attached document or link. Phishing campaigns have evolved to incorporate installation of malware and ransomware as the second stage of the attack - all with the intent to gain an initial foothold into a computer or network. Education and proper backups are key to fighting these threats. See links below for example sand information on ransomware and phishing:
- Ransomware (https://www.microsoft.com/en-us/wdsi/threats/ransomware)
- Phishing (http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx)
Use caution when responding to emails, opening attachments or clicking links. If you are unsure of the authenticity of an email, please contact the IT Service Desk or forward the email to email@example.com so we can verify. In addition, remember, never enter your username and password unless you have verified authenticity of the email or website and never open an unsolicited attachment from your email.
Internet Filters and Blocked Websites
To comply with laws such as the Higher Education Opportunity Act (HEOA), secure confidential information, and guard against issues such as harassment and malware, Dunwoody actively filters traffic to and from the Internet. The leadership of Dunwoody approved these filters, and the filters exist to protect Dunwoody and its employees and students from individuals and organizations that intend to do harm. Employees and students should not attempt to circumvent these filters. If there is something on the Internet that you cannot do, discuss your needs with the IT Help Desk or the Dean of Students.
Everyone at Dunwoody receives a laptop, with the exception of programs that offer Bring Your Own Device (BYOD). You must sign a legally binding contract and return the laptop when the relationship with Dunwoody ends or when directed by the IT Department for replacement. Anyone may bring a personal laptop or tablet to campus and connect that device to the guest Wi-Fi network; however, all work or school related data must be saved securely on Dunwoody resources and not on personal laptops, tablets or storage devices. Dunwoody will not reimburse for the purchase or use of a personal laptop or tablet. If your laptop is stolen, you must file a police report, and provide a copy of the report to the IT Service Desk. Once the police report is verified by the IT Service Desk, they will prepare a new laptop for the user. Students are responsible for paying a stolen laptop fee up to $800, which is refundable only if the laptop is returned.
It is the policy of Dunwoody College of Technology to establish uniform procedures pertaining to Information Technology Policy Non-Compliance. It is the responsibility of every employee and student to be in compliance with the Information Technology Policies of Dunwoody College of Technology. In addition, it is the responsibility of every employee and student to report any Information Technology Policy Non-Compliance to the Information Technology Department for investigation and resolution. The Information Technology Department will document and process all non-compliance issues per the policy implementation steps above.
This policy applies to all employees and students.
- The Dunwoody College of Technology Information Technology Department will complete the “Information Technology Non-Compliance Form” when they encounter an employee or student whom they believe is not compliant with one or more of the Information Technology Policies.
- The “Information Technology Non-Compliance Form” will then be directed to the Information Technology Director/Manager for review and signature.
- The Information Technology Director/Manager will forward the signed form to either the Human Resources Director (employee) or the Dean of Learning (student).
- The Human Resources Director or Dean of Learning will review the non-compliance and take the appropriate actions per their guidelines.
- The Information Technology Non-Compliance form will be completed detailing the resolution and signed by the Human Resources Director or Dean of Learning who is responsible for the case.
- The completed Information Technology Non-Compliance form will be filed in the employee or student folder.
Personal Hardware & Software Policy
It is the policy of Dunwoody College of Technology to establish uniform procedures and guidelines pertaining to personal hardware and software. No personal hardware, peripherals or software are allowed on Dunwoody computers. All hardware, peripherals and software of any kind, including in-house developed programs are the sole property of Dunwoody College. Any hardware, peripheral or software must be purchased and installed by the Information Technology Department per the Procurement of Hardware, Peripherals and Software Policy. With respect to software and data files, personal digital images and music are considered non compliance to this policy. This policy is enforced to reduce problems with equipment, software failure, damage to data files and the introduction of viruses. To restrict access to Dunwoody College data and/or programs and to prevent virus transmission; disks, tapes and emails belonging to Dunwoody College are not to be used in personal home computers.
This policy applies to all employees.
- The Dunwoody College Information Technology department will periodically scan each desktop and laptop for personal software and hardware. Any personal hardware, peripheral and/or software that are found will be removed. Human Resources will be notified of the non-compliance.
- The Information Technology Department is not responsible for the backup or restoration of personal software before removal.
- Non-compliance with this policy will result in appropriate disciplinary action up to and including termination.
Peer to Peer (P2P) File Sharing Policy
Dunwoody College of Technology has established this policy to maintain student and employee compliance to the HEOA P2P File Sharing requirement.
Dunwoody College of Technology employs technical deterrents against P2P File Sharing within the Dunwoody network. The deterrents include blocking P2P network traffic, shaping bandwidth to some Internet sites, monitoring traffic to identify the largest users of Internet bandwidth, and the Dunwoody College Information Technology department will periodically scan each laptop for P2P File Sharing software.
If the scan finds P2P File Sharing software, the Dunwoody College Information Technology department will remove said software and notify the Office of the Dean of Students of its policy non-compliance.
Non-compliance with this policy will result in appropriate disciplinary action up to and including expulsion. Furthermore, Dunwoody reserves the right to initiate a legal investigation.
The College provides access to alternative legal sites for images and music, but does not provide pay-for-use subscriptions. Sites made available include, but are not limited to, iTunes, YouTube, and Hulu. Images and music obtained through documented legal procurement on Dunwoody computers for the purpose of entertainment are permissible within the scope of this policy.
Copyright infringement is the act of exercising, without permission or legal authority, one or more of the exclusive rights granted to the copyright owner under section 106 of the Copyright Act (Title 17 of the United States Code). These rights include the right to reproduce or distribute a copyrighted work. In the file-sharing context, downloading or uploading substantial parts of a copyrighted work without authority constitutes an infringement.
Penalties for copyright infringement include civil and criminal penalties. In general, anyone found liable for civil copyright infringement may be ordered to pay either actual damages or “statutory” damages affixed at not less than $750 and not more than $30,000 per work infringed. For “willful” infringement, a court may award up to $150,000 per work infringed. A court can, in its discretion, also assess costs and attorneys ‘fees. For details, see Title 17, United States Code, Sections 504, 505.
Willful copyright infringement can also result in criminal penalties, including imprisonment of up to five years and fines of up to $250,000 per offense.
The IT Department acquires all software used in the organization, whether purchase or donation. This policy ensures that these assets are properly booked and licensed and that IT has sufficient resources available for the software to run properly in our environment. Any need for additional software should be discussed with the IT Service Desk since we may already have a license for the specific application. You will not be reimbursed for software purchased through other means.
Dunwoody’s systems contain a large amount of confidential information. All Dunwoody employees have a responsibility to help keep that information private and restricted to only those people who need-to-know. Along with not sharing account credentials, employees should avoid storing files that contain confidential information on a laptop or in any Internet-accessible storage service such as Dropbox, OneDrive or Google Drive. Employees should not send confidential information via email or use a rule to automatically forward messages from your Dunwoody email account to a personal email account.
Document Retention Policy
The College records of Dunwoody College of Technology are important assets. College records include essentially all records you produce as an employee, whether paper or electronic. A record may be as obvious as a memorandum, an e‐mail, a contract or a case study, or something not as obvious, such as a computerized desk calendar, an appointment book or an expense record.
The law requires the College to maintain certain types of school records, usually for a specified period of time. Failure to retain those records for those minimum periods could subject you and the College to penalties and fines, cause the loss of rights, obstruct justice, spoil potential evidence in a lawsuit, place the College in contempt of court, or seriously disadvantage the College in litigation.
The College expects all employees to fully comply with any published records retention or destruction policies and schedules, provided that all employees should note the following general exception to any stated destruction schedule: If you believe, or the College informs you, that College records are relevant to litigation, or potential litigation (i.e., a dispute that could result in litigation), then you must preserve those records until the Legal Counsel determines the records are no longer needed. That exception supersedes any previously or subsequently established destruction schedule for those records. If you believe that exception may apply, or have any question regarding the possible applicability of that exception, please contact Human Resources.
From time to time, the College establishes retention or destruction policies or schedules for specific categories of records in order to ensure legal compliance, and to accomplish other objectives, such as preserving intellectual property and cost management. Several categories of documents that bear special consideration are identified below. While minimum retention periods are suggested, the retention of the documents identified below and of documents not included in the identified categories should be determined primarily by the application of the general guidelines affecting document retention identified above, as well as any other pertinent factors.
- Tax Records. Tax records include, but may not be limited to, documents concerning payroll, expenses, proof of deductions, business costs, accounting procedures, and other documents concerning the College's revenues. Tax records should be retained for at least six years from the date of filing the applicable return.
- Employment Records/Personnel Records. State and federal statutes require the College to keep certain recruitment, employment and personnel information. The College should also keep personnel files that reflect performance reviews and any complaints brought against the College or individual employees under applicable state and federal statutes. The College should also keep all final memoranda and correspondence reflecting performance reviews and actions taken by or against personnel in the employee's personnel file. Employment and personnel records should be retained for six years.
- College Board of Trustees and Board Committee Materials. Meeting minutes should be retained in perpetuity in the College’s minute book. A clean copy of all Board and Board Committee materials should be kept for no less than three years by the College.
- Press Releases/Public Filings. The College should retain permanent copies of all press releases and publicly filed documents under the theory that the College should have its own copy to test the accuracy of any document a member of the public can theoretically produce against that College.
- Legal Files. Legal counsel & Human Resources should be consulted to determine the retention period of particular documents, but legal documents should generally be maintained for a period of ten years.
- Marketing and Sales Documents. The College should keep final copies of marketing and sales documents for the same period of time it keeps other corporate files, generally three years. An exception to the three‐year policy may be sales invoices, contracts, leases, licenses and other legal documentation. These documents should be kept for at least three years beyond the life of the agreement.
- Development/Intellectual Property. Development documents are often subject to intellectual property protection in their final form (e.g., patents and copyrights). The documents detailing the development process are often also of value to the College and are protected as a trade secret where the College:
- derives independent economic value from the secrecy of the information; and
- the College has taken affirmative steps to keep the information confidential. The College should keep all documents designated as containing trade secret information for at least the life of the trade secret.
- Contracts. Final, execution copies of all contracts entered into by the College should be retained. The College should retain copies of the final contracts for at least three years beyond the life of the agreement, and longer in the case of publicly filed contracts.
- Electronic Mail. E‐mail that needs to be saved should be either:
- printed in hard copy and kept in the appropriate file; or
- downloaded to a computer file and kept electronically or on disk as a separate file. Electronic emails will also be saved internally through backup servers (tapes) periodically for e‐discovery purposes. The retention period depends upon the subject matter of the e‐mail, as covered elsewhere in this policy.
Failure to comply with this Document Retention Policy may result in punitive action against the employee, including suspension or termination. Questions about this policy should be referred to Human Resources.
This policy applies to all employees.
The Electronic Communications System is provided by the Company. This system includes:
- The internal e‐mail system,
- The external system which electronically connects employees' place of work with other locations of the Company;
- The equipment and/or software furnished by the Company which employees use to access the Electronic Communications System and to communicate with third parties;
- The equipment and/or software furnished by the Company which employees use to access the Company’s intranet; and
- The equipment and/or software furnished by the Company which employees use to access the internet.
- As with any of the Company’s method’s of communication, the Electronic Communications System and the messages and other information (collectively, “Communications”) transmitted, received, or stored on the Electronics System are intended for business purposes only. With the exceptions discussed in this Electronics Communications Policy, personal use of the Electronics System for transmission of personal Communications is prohibited. In particular, the following policy considerations apply to all use of the Electronics Communications System:
The Dunwoody College Information Technology department will periodically audit Dunwoody hardware and software for compliance. Human Resources will be notified of employee noncompliance.
Non‐compliance with this policy will result in appropriate disciplinary action up to and including termination.
Employees are responsible for safeguarding their passwords for access to the communication system. Individual passwords must not be printed, stored online, or given to others.
Employees are responsible for all transactions made using their passwords and must change their passwords every hundred twenty (120) days. The Dunwoody network is configured to prompt for the password change at the 120 day interval and will lock a user our of the network should they not change their password within this time limit. No employee shall access the computer system with another employee’s password or account.
Use of passwords to gain access to the communication system or to encode particular files or messages does not imply that employees have an expectation of privacy in the material they create or receive on the communication system. You should not expect any use of the College’s communication systems to be private and/or confidential.
Social Media Policy
“Social Media” means any online tool through which people communicate, including but not limited to:
- Blogs (web-based journals) and micro-blogs (e.g., Twitter);
- Social networking sites (e.g., Facebook, LinkedIn, social gaming sites, chat rooms);
- Message boards and electronic mailing lists (e.g., LISTSERVs);
- Wikis (collaborative web sites, e.g., Wikipedia);
- Video sharing (e.g., You Tube), picture sharing (e.g., Instagram), and music sharing;
- Comments on news or other sites; and
- Podcasts (multimedia files distributed over the internet).
Dunwoody College of Technology recognizes the importance of online conversations and engagement and is committed to utilizing social media platforms in a responsible, positive, and productive way.
When utilizing social media, employees should demonstrate:
- Transparency in every interaction when speaking about or on behalf of the College.
- Respect for other people, institutions and organizations as well as copyrights, trademarks and other legal protections.
- Protection of our students’ and employees’ data privacy.
- Responsibility in your actions and associations.
Employees must comply with all Dunwoody policies when using Social Media both in a professional capacity and in their personal postings, including, but not limited to, policies that address protecting Dunwoody’s confidential information, misuse of Dunwoody resources, non-discrimination, and harassment.
When speaking about the College on social media, you must identify yourself honestly, accurately, and completely. You should make clear that you are expressing only personal views, not those of Dunwoody or its other employees. No employee may speak on behalf of Dunwoody without authorization. You assume full responsibility for the content of any personal postings. In addition, if you make online statements in support of Dunwoody, you are required, for legal reasons, to disclose that you work for Dunwoody. Online statements made in support of Dunwoody should be professional in tone and a positive representation of Dunwoody.
Only designated spokespeople may speak “on behalf of the College” on social media, this includes responding to any negative or disparaging comments. When using social media in a professional capacity you must identify yourself honestly, accurately, and completely. No employee may speak on behalf of Dunwoody without authorization. If you make online statements in support of Dunwoody, you are required, for legal reasons, to disclose that you work for Dunwoody. Online statements made in support of Dunwoody should be professional in tone and a positive representation of Dunwoody.
In addition, Dunwoody encourages employees to keep their professional lives and personal lives separate on social media, especially when using platforms to connect and interact with students.