Information Technology Services

Information derived from NDSU Policy 158

• Introduction and Purpose
• Guidelines for Incidental Personal Use
• Summary of Procedural Guidelines
• Policies and Laws

Computers and other electronic communication devices (ECDs) have become vital tools in accomplishing the University's mission. Most employees and students depend on these devices daily to accomplish their work, and the University invests in and supports a variety of equipment and information technology (IT) related items. These IT resources are not unlimited; however, it is important to assure that they are used appropriately.

In addition, the University has a responsibility to assure that they are used legally and in keeping with State Board of Higher Education and NDSU acceptable use policies (AUP) [see Policies and Laws section]. University IT users should be aware that, except where precluded by law, the University has the right to measure and monitor ECD usage, including but not limited to storing, accessing, and reviewing information received or sent through e-mail or over the Internet. Monitoring of an individual's Internet use is possible when requested by the appropriate official. In addition, Internet sites deemed by the University to be unrelated to the University's responsibilities may be blocked, and the University will cooperate with any law enforcement investigation.

If you have questions about appropriate use of electronic communications devices, be sure to discuss it with your supervisor. The NDSU IT Security Officer in ITS is also available to answer any questions and help supervisors facilitate a safe and productive work environment.

To top

Incidental personal use of University owned ECDs or personal use on University time is acceptable when the use:

• Does not interfere with the person's work performance;
• Is of nominal cost or value;
• Does not create the appearance of impropriety;
• Is not for a political or personal commercial purpose;
• Is reasonable in time, duration, and frequency;
• Makes minimal use of hardware, software and network resources.
• Some uses, however, are never acceptable. These include:
  • Use for harassment or similar inappropriate behavior;
  • Use for accessing or distributing sexually explicit, offensive or erotic material;
  • Violation of copyright rules that apply to most information on the Internet (approval for the use and distribution of such information must be obtained from the owner/author);
  • Use for probing or hacking;
  • Use of non-business peer-to-peer (P2P), data transfer, and streaming technologies which consume significant amounts of bandwidth (expecially when they act as "servers" for other clients on the Internet). Examples include but are not limited to Kazaa, Gnutella, BitTorrent, Abacast, etc. Users can avoid many problems by never installing personal software on NDSU devices;
  • Use of pirated software or data;
  • Knowingly distributing viruses or bypassing of state virus protection.

Inappropriate use may range widely in seriousness and impact on the other users. Often misuse can be addressed by the supervisor or administrator in the unit where it occurs. On some occasions, however, the misuse may represent a major violation of acceptable use. The University has established procedural guidelines for investigating an alleged major violation of acceptable use.

To top

Initial discovery of a potential AUP violation can result from a number of triggering events which include but are not limited to:

• Bandwidth and network monitoring
• Complaint by a supervisor, other employee or person
• Inadvertent discovery during routine service or maintenance
• DMCA (federal copyright law) complaint (includes copyrighted materials such as music, movies, software, etc.)
• Creation or distribution of SPAM or other network abuse
• Law enforcement query or subpoena; open records request
• Other sources.

The NDSU IT Security Officer will be notified if she/he is not already aware of the problem. The appropriate Dean(s) or Director(s) will be notified as soon as possible so that there can be an initial decision or meeting established with the Appropriate Use Review Committee* (AURC) to assess the situation and agree on an appropriate course of action. The alleged violator will not be notified until this discussion has taken place and a decision when to notify the alleged violator has been made. A course of action is determined that can include monitoring and/or seizure and examination of equipment and related IT items (for example: computers, communication devices, hardware, software, media).

Occasionally, emergency action might be necessary so that the NDSU IT Security Officer may not be able to contact all the above officials before an action is taken. If child pornography or other criminal violations are suspected, appropriate law enforcement will be notified. Outcomes of the investigation could include the following determinations: no violation, violation of law or policy, and/or possible criminal violations. Sanctions, if a violation is found, could include, but are not limited to: verbal caution; letter of warning; loss of computer and/or network access; referral to the Employee Assistance Program; referral for training and education; letter of reprimand; suspension with or without pay; and termination of employment. Any criminal process is separate but can also be considered when deciding on appropriate sanctions. The employee may use the normal employment appeals processes for any sanctions imposed.

*Members of the AURC include the Director of Human Resources, Director of Equal Opportunity, General Counsel and the Vice Provost and Chief Information Officer or their designees. Additional information on the acceptable use procedural guidelines for the AURC is available at www.ndsu.edu/ndsu/it/policy/aup.html.

To top

North Dakota State University

www.ndsu.edu/policy/158.htm

NDSU Policy 158: Acceptable Use of Electronic Communication Devices

North Dakota University System

SBHE Policy 1901.2 Computing Facilities

NDUS Procedure 1901.2 Computer and Network Usage

NDUS PROCEDURE 1901.2.1 Authorized use

NDUS PROCEDURE 1901.2.3 Freedom from harassment and undesired information

NDUS PROCEDURE 1901.4.2 Imposition of sanctions

NDUS PROCEDURE 1901.4.3 System administration access

NDUS PROCEDURE 1901.4.4 Monitoring of usage, inspection of electronic information

ND Century Code Title 12.1 Criminal Code

www.legis.nd.gov/cencode/t121.html

NDCC § 12.1-20-05.1: Luring Minors by Computer

NDCC § 12.1-06.1-08: Computer Fraud - Computer Crime

NDCC § 12.1-27.1-01. Obscenity - Definitions -Dissemination - Classification of offenses

NDCC § 12.1-27.2-04.1. Possession of certain materials prohibited

US Federal Law

uscode.house.gov/search/criteria.shtml

18 USC § 1462: Importation or Transportation of Obscene Matters

18 USC § 2252: Certain Activities Relating to Material Involving the Sexual Exploitation of Minors

18 USC 2422(b): Coercion and Enticement

To top