Acceptable use of computer systems other electronic devices should operate within the guidelines of the policy. This procedure in addition to Data Classification and Protection and the Office of Information Technology (OIT) internal procedures provides details to assist with understanding the policy and employees' role in compliance.
College information technology resources are for college business use. This does not preclude occasional incidental use of resources provided that they are limited and do not interfere with business activities of Information Technology resource availability. Greenville Technical College (GTC) allows computer users to make reasonable personal use of its electronic mail and other computer and communication systems. All such personal use must be consistent with conventional standards of ethical and polite conduct. For example, electronic mail must not be used to distribute or display messages or graphics which may be considered by some to be disruptive or offensive.
One exception is the storage of personally identifiable information (PII) or any sensitive personal data is not a reasonable personal use of college systems.
Users must not leave their personal computer or workstation unattended without logging out, locking or invoking a password-protected screen saver.
Unique User ID and Passwords along with specific access rights will be assigned to users based on their job duties and responsibilities. Users are responsible for all activity performed with their personal user IDs. Users must never share their personal login credentials with any other person, including their supervisors. They must not permit others to perform any activity with their user IDs, and they must not perform any activity with IDs belonging to other users.
GTC computer account, user IDs, network passwords, voice mail box personal identification numbers and other access codes must not be used by anyone other than the person to whom they were originally issued.
Regardless of the circumstances, individual passwords must never be shared or revealed to anyone besides the authorized user. The only exception to this is the use of shared passwords in open labs to provide open access to students. The OIT staff must never ask users to reveal their passwords.
Passwords must follow OIT requirements based on industry standards and best practices for the following:
Employees should avoid typing their passwords at a keyboard or a telephone keypad if others are known to be watching their actions. Care must be taken to position keyboards so that unauthorized persons cannot readily see employees enter passwords, encryption keys, and other security-related parameters.
Users must never write down or otherwise record a readable password and store it near the device to which it pertains.
Users must not store fixed passwords in internet browsers, or related data communication software at any time.
Each user must immediately change his or her password if the password is suspected of being disclosed, or known to have been disclosed to an unauthorized party. Users should notify OIT immediately if they believe their GTC login credentials have been compromised.
Employees must not misrepresent, obscure, suppress, or replace their own or another person's identity on any GTC electronic communications. The only exception would be official college electronic messages sent from mass communication systems on behalf of the college or responsible areas or individuals.
GTC cannot guarantee that electronic communications will be private. Employees must be aware that electronic communication can, depending on the technology, be forwarded, intercepted, printed, and stored by others. Employees must accordingly be careful about the topics covered in GTC electronic communications, and should not send a message discussing anything that they would not be comfortable reading about on the front page of their local newspaper.
GTC employees must never respond to electronic mail messages that request personal or sensitive college information, even from internal sources. GTC's OIT department will never request that you perform security duties, such as changing your password, via electronic mail. Any such request will be confirmed with separate communication from management.
GTC confidential information must not be forwarded to any party outside of the college without prior approval from management. If approved all sensitive data sent outside of the college should always be encrypted. Any standard automatic forwarding of emails or other electronic messages should not be used for any college electronic messaging.
All PII, FERPA, HIPAA or other sensitive data that is transmitted must be encrypted. Note: This applies to GTC's internal Outlook Email / Exchange Server and faculty/staff/student GTC Gmail accounts. These are NOT encrypted.
Text messaging is an additional method of communication that GTC may utilize to reach out to the college community. Mass texting is used by authorized college officials to send important and time sensitive information such as emergency notifications, campus closures, academic deadlines, and notices critical to student academic success.
Students are prompted to enter and verify their contact information for emergency alerts and other time sensitive communication. The opt-in / opt-out contact information can be updated on the student area of the internal website and uses the primary communication tool for the college. This will include information on phone number for texting and any alternative email addresses as well as land line information that can be used for automated calls. Any other systems outside of the primary communication tool for current students will need to be integrated within this opt-in / opt-out process.
Employees must not post unencrypted sensitive GTC material on any publicly-accessible internet system that supports anonymous FTP or similar public-accessible services.
GTC is not responsible for the content that employees may encounter when they use the internet. When and if users make a connection with web sites containing objectionable content they must promptly move to another site or terminate their session.
The ability to connect with a specific web site does not in itself imply that users of GTC systems are permitted to visit that site. The college may, at its discretion, restrict or block the downloading of certain file types that are likely to cause network service degradation.
Request for the addition, deletion, or modification of computer, desk phones, and related equipment must be submitted via the Computer Access Form. For new employees, this form must be submitted to Human Resources by the supervisor or manager prior to the new employee's arrival. For existing employees, this form should be submitted via the OIT ticketing system by the employee's supervisor or manager. For projects requiring installation of more than one system, please use the project request form.
Request for the addition, deletion, and modification of all user ID's (e.g. credentials) on GTC computers and communication systems or access to specific applications, must be submitted and authorized by the employee's immediate supervisor, manager or data owner using the Computer Access Form found on GTC4me.
Users are not authorized to install GTC licensed, approved software on their college-issued computer, network server, or other machines without advanced written authorization from the Office of Information Technology.
Sharing GTC issued equipment with unauthorized users is prohibited. Employees must not share their college-issued equipment with any other person outside of GTC.
GTC employees are prohibited from connecting any devices to the colleges' computer network with the exception of connecting to the college's public Wi-Fi network. Employees should never connect any personally owned computer peripherals or device to GTC computers.
Employees should never disassemble, attempt to repair, or modify, college owned equipment. The Office of Information Technology should be contacted for all repairs.
Employees should never move or relocate college owned computer equipment without guidance from the Office of Information Technology.
Employees must not record, or leave recorded messages containing sensitive information on answering machines or voice mail systems.
The display screen for all personal computers used to handle sensitive or valuable data must be positioned such the information cannot be readily viewed through a window, by persons walking in a hallway, or by persons waiting in reception and related areas.
When not being used by authorized employees, or when not clearly visible in an area where authorized persons are working, all hardcopy sensitive information must be locked in file cabinets, desks, safes, or other furniture. When not being used, or when not in a clearly visible and attended area, all computer storage media containing sensitive information must be locked in similar enclosures.
The primary user of a personal computer is considered a Custodian for the equipment. If the equipment has been damaged, lost, stolen, borrowed, or is otherwise unavailable for normal business activities, a Custodian must promptly inform the involved department manager. With the exception of portable machines, personal computer equipment must not be moved or relocated without knowledge and approval of the OIT department.
College-issued computers and related information systems equipment must not leave GTC offices unless properly authorized.
All personal computers in GTC offices must use surge suppressors. Users must not place personal computers in areas likely to be damaged by water or other substances.
Any suspected events that may compromise information security or are known to violate an existing security policy must be immediately reported to the Information Technology area. Examples of these events may include but are not limited to: