Acceptable Use Policy

Acceptable Use Policy

13.1.0  Appropriate Use Policy of Information Technology

13.1.1 Authorized Access & Conditions of Use
13.1.2 Privacy – User Responsibilities
13.1.3 Copyright – User Responsibilities
13.1.4 Network Integrity – User Responsibilities
13.1.5 Harassment, Libel & Slander – User Responsibilities
13.1.6 Limitations on Users’ Rights & Expectations
13.1.7 Sanctions
13.1.8 Reporting Abuse or Complaint

13.2 Access to Computer and Network Systems

13.2.1 Availability of Systems & Networks
13.2.2 Requesting Accounts for Using Technology Resources
13.2.3 Termination of Access
13.2.4 Account Retention Policy
13.2.5 Faculty, Staff and Student Username and Passwords
-13.2.5.1 Password Requirements
-13.2.5.2 Password Selection
-13.2.5.3 Password Management
-13.2.5.4 Initial Password
-13.2.5.5 Enforcement of Password Requirements
-13.2.5.6 Notification of Expiring Password
-13.2.5.7 Password Reset Procedures
-13.2.5.8 Additional Recommendations
13.2.6 Use of Mary Baldwin Owned Computer Equipment & Software
-13.2.6.1 General Use of Mary Baldwin Issued Equipment
-13.2.6.2 Off-Premise Use of Mary Baldwin Owned Computer Equipment
-13.2.6.3 Home Use of Mary Baldwin Licensed Software
13.2.7 Laptop Use and Protection of Sensitive Data
-13.2.7.1 Introduction
-13.2.7.2 Eligibility
-13.2.7.3 Acceptable Use for Laptops
–13.2.7.3.a  Loss, Theft and Data Security
–13.2.7.3.b  Damage to Laptops
–13.2.7.3.c  Virus, Hacking, and Security Protection
-13.2.7.4 Software on Laptops
-13.2.7.5 Laptop Equipment Return
-13.2.7.6 Support
13.2.8 Connecting Personally Owned Computer Equipment to the Network
13.2.9 Off-Campus Access to Computing & Network Resources
13.2.10 Requesting Off Campus VPN MBCNet Access

13.3 Privacy and Monitoring

13.3.1 Network Monitoring, Logging and Data Retention
13.3.2 Requesting Private Network User Activity Information

13.4 User Support – Computers & Telephony

13.4.1 Getting Help
13.4.2 Help Desk Hours
13.4.3 Help Desk Support Scope and Limitations
13.4.4 Problem Classification
13.4.5 Call Priority
13.4.6 Response Times
13.4.7 Faculty and Staff Hardware Problems
13.4.8 Obtaining or Procuring New Computer Equipment & Peripherals
13.4.9 Recommended Workstation Standards
13.4.10 Support NOT Provided by the Mary Baldwin Help Desk
13.4.11 Classroom Presentation Equipment
13.4.13 Software Training
13.4.15 Support of Faculty Taught Software
13.4.16 Student Owned Computer Problems

13.5 Campus Messaging & Telephony Systems

13.5.1 Email Guidelines
13.5.2 Email Security
13.5.3 Retention of Email
13.5.4 SMTP Policy (Running Your own Mail Server)
13.5.6 Office Telephone Policy
13.5.8 Cell Phone Policy
13.5.10 Voice Mail messaging System

13.6 Reproduction of Copyrighted Material

Information about copyright considerations is located on the Grafton Library Site.

13.7 Archival Policy

13.8 Accountability for Data Resources

13.9 Software Licensing Property

 

13.1.0  Appropriate Use Policy of Information Technology

13.1.1  Authorized Access & Conditions of Use

Access to modern information technology is essential to the Mary Baldwin mission of providing the students, faculty and staff of Mary Baldwin with educational services of the highest quality. The pursuit and achievement of the mission of education, research, and public service require that the privilege of the use of telephony communications systems, computing systems and software, internal and external data networks, as well as access to the World Wide Web, be made generally available to all those of the Mary Baldwin community. The preservation of that privilege by the full community requires that each faculty member, staff member, student, and other authorized user comply with institutional and external  standards for appropriate use.

The privilege of using the telephony, computer and network resources provided by Mary Baldwin is not transferable or extendable by members of the community to people or groups outside Mary Baldwin without the explicit approval of the Director of Computing and Information Services. The telephony, computer and network resources of Mary Baldwin may not be used by members of the community for commercial purposes without the explicit approval of the Director of Computing and Information Services or the Vice-President of Business and Finance.

To assist and ensure such compliance, Mary Baldwin establishes the following policy which supplements all  applicable policies, including sexual harassment, patent and copyright, and student and employee disciplinary policies, the Academic Honor Code, as well as applicable federal and state laws. By using any of the telephony, computer and network resources of  Mary Baldwin, the user agrees to abide by these policies.

13.1.2 Privacy – User Responsibilities

No user should view, copy, alter or destroy another’s personal electronic files without permission (unless authorized or required to do so by law or regulation). Telephony, computing and network resources are designed to protect user privacy; users shall not attempt to circumvent these protections.

Examples of violations are:

  • gaining or attempting to gain unauthorized access to other users’ accounts or restricted information
  • gaining or attempting to gain unauthorized access to restricted resources
  • using another’s computer account ID for fraudulent purposes
  • tampering with other user’s files or passwords
  • attempting to defeat the computer’s security system
  • any action that would intentionally jeopardize the availability or integrity of the system

Return to Top

13.1.3 Copyright – User Responsibilities

Written permission from the copyright holder is required to duplicate any copyrighted material. This includes, but is not limited to, duplication of music files, audiotapes, videotapes, movie files, photographs, illustrations, computer software,  data and all other information for educational use or any other purpose. Most software and databases that reside on Mary Baldwin computing and network resources are owned by Mary Baldwin or third parties, and are protected by copyright and
other laws, together with licenses and other contractual agreements.

Users are required to respect and abide by the terms and conditions of software use and redistribution licenses.  Examples of violations are:

  • downloading unlicensed music or movie files
  • stealing, damaging, or tampering with Mary Baldwin owned or licensed software and/or hardware
  • willful and continuous installation of unapproved software on Mary Baldwin computers
  • obtaining, storing, or using pirated software
  • unauthorized copying or distribution of copyrighted or licensed software or data
  • altering or copying software licensed to Mary Baldwin without authorization

13.1.4 Network Integrity – User Responsibilities

Certain activities may put the entire network and all users at risk. For this reason users should respect the shared nature of the computer resources. Examples of violations are:

  • attempting to extend the network by installing hubs, switches, routers, wireless access points, or other network devices to user jacks.
  • running scanning or sniffing software, password crackers, or other software tools used to log or trap network information.
  • running software expressly designed to anonymize the user, hense hiding the user’s activities on the network.
  • intentionally developing or using programs that harass other users or infiltrate a computer system and/or damage or alter in any manner the software components of a computer system.
  • running Trojan horses, worms, or other programs that inhibit network activity
  • deliberately wasteful practices such as initiating large amounts of unnecessary printouts
  • unnecessarily holding public workstations for long periods when others are waiting for these devices
  • denying service to other users by participating in activities that slow network response, such as using Peer 2 Peer applications.

13.1.5 Harassment, Libel and Slander – User Responsibilities

No user may use Mary Baldwin’s computing and network resources to libel, slander or harass any other person
Examples of violations are:

  • forging or sending anonymous email
  • transmitting or displaying harassing, threatening, or abusive material.
  • harassment of other users
  • online behavior that intimidates or offends
  • engaging in behavior that disrupts the study-like atmosphere required in all computing labs

13.1.6 Limitations on Users’ Rights and Expectation

The issuance of a password or other means of access is to assure appropriate confidentiality of Mary Baldwin files and information and does not guarantee privacy for personal or improper use of Mary Baldwin telephony, computer or network equipment or facilities.

Mary Baldwin provides reasonable security against intrusion and damage to files stored on the central facilities. However, Mary Baldwin is not responsible for unauthorized access by other users or for loss due to power failure, fire, floods, etc. Mary Baldwin makes no  warranties with respect to Internet services, and it specifically assumes no responsibilities for the content of any advice, data or information received by a user through the use of Mary Baldwin telephony, computing and network resources.

Users should be aware that Mary Baldwin telephony, computing and network resources may be subject to unauthorized access or
tampering. In addition, computer records, including e-mail, are considered “records” which may be accessible to the public under the provisions of the Virginia Freedom of Information Law.

Return to Top

13.1.7 Sanctions

Violators of this policy will be subject to the existing student or employee disciplinary procedures of Mary Baldwin. Sanctions may include the loss of computing privileges. Illegal acts involving Mary Baldwin telephony, computing and network resources may also subject users to investigation by campus, local state and federal legal authorities. Mary Baldwin reserves the right to investigate any suspicious activity.

13.1.8 Reporting Abuse or Complaint

To file a complaint or report a violation of this policy, Create a Help Request, or call the Help Desk of Computing & Information Services at 540-887-4000.

When possible violations of these conditions of use are reported or discovered, facility administrators reserve the right to commence an investigation of possible abuse. In this connection, the facility administrator, with due regard for the rights of privacy and other rights of users, may be given the authority to examine files, passwords, accounting information, printouts, tapes, or other material that may aid the investigation. The Director of Computer and Information Services or a designate, in conjunction with the Director of Safety and Security, must authorize the examination of user files.

Users, when requested, are expected to cooperate in such investigations. Failure to do so may be grounds for cancellation of access privileges. While an investigation is in progress, in order to prevent further possible unauthorized activity, the facility administrator may suspend the authorization of computing services to the individual or account in question.

When possible unauthorized use of computing resources is encountered, the facility administrator shall notify the user. The user is expected to take remedial action or to indicate that such use should be permitted.

Should unauthorized use continue after notification of the user or should differences of opinion persist, these shall be brought to the attention of the Director of OIT for recommendations on further action. Upon the recommendation of the Director of OIT, the facility administrator may impose limitations on continued use of computing resources. In accordance with established Mary Baldwin practices, confirmation of unauthorized use of the computing facilities may also result in disciplinary review that could lead to expulsion from Mary Baldwin, termination of employment, and/or legal action for employees.

Students who violate these restrictions, disregard approved procedures, or permit unauthorized access are subject to disciplinary action, as stated in the Mary Baldwin Honor Code or Code of Conduct. The Honor Council or Judicial Board will decide the nature of the action and the seriousness of the violation and its consequences.

Return to Top

13.2.0  Access to Computer and Network Systems

13.2.1  Availability of Systems & Networks

There is an Ethernet network serving the entire campus. There are multiple servers attached to this network supplying services such as Email, web pages, file storage, and application serving. There is also a midrange system and an integrated software package used primarily for administrative information. Most offices are connected to this system. This software supports operations for the Business Office, Registration, Admissions, Institutional Advancement, Financial Aid, and Housing.

These systems are generally available 24 hours a day 7 days a week excepting times for scheduled and non-scheduled maintenance and repair. Mary Baldwin supports computer usage by employees during normal working hours, Monday through Friday, 8:30 am to 4:30 pm. Weekend work requires clearance from OIT.

Deviations from normal hours must be cleared by your supervisors. The supervisor will notify both Security and OIT.

13.2.2  Requesting Accounts for Using Technology Resources

Mary Baldwin owns all computer facilities and these facilities will be used for Mary Baldwin related activities only. Neighbors, relatives, friends, alumni, donors, and potential students do not have the right or privilege to use the computer resources except under very unusual circumstances. Requests for special permission to use Mary Baldwin computer resources must be made to Office of Information Technology.
All access to computer resources, including the issuing of account Usernames and Passwords, will be approved and processed by Office of Information Technology. All access to departmental computers will be approved by the department or authorized representative.

Hiring Supervisors must request in writing the appropriate accounts for their employees. That includes MBCNet accounts, Mary Baldwin Mail accounts, and Jenzabar TE-AS400 accounts.  No account will be set up until the employee has completed their processing by the Business Office.  Identification information records must be complete before any access to resources will be granted.

Users may access only computing resources for which they have authorization and only for the purposes specified when authorized. These resources may be accessed or used only for functions directly related to the operation of Mary Baldwin, as defined by your job and supervisor.13.2.2.1  Contractor and Sub-Contractor access of Mary Baldwin IT systems.

Occasionally there is a requirement for someone who is not directly affiliated with Mary Baldwin, typically a contractor or subcontractor, to have access to Mary Baldwin technology systems. Access privileges will be granted by OIT on a case by case basis. Never allow others to sign on to systems using your credentials. When such a need arises, contact the Office of Information Technology as early as possible. In all cases, an approved service agreement or scope of work statement will be required describing the functions this user will perform on Mary Baldwin systems. If credentials are granted the user must agree to and sign the Mary Baldwin Appropriate Use Agreement before beginning work. Accounts will be active for a 90 day period, at which time they will be closed automatically. You may request an extension if necessary.

Example: A faculty member wishes to hire a contractor to help them with Blackboard course creation and management. The Faculty member emails help@mbc.edu with the request and the following information:

  • Contractor’s Name, Address, Telephone Number and Email Address
  • Scope of Work approved by the Dean (description of what functions are necessary for the contractor’s work, for  example, grading, reviewing content, posting content, etc. and for which specific courses)
  • Date for contractor’s work to begin

This information is verified and confidentially maintained as a contractor/vendor record in the Mary Baldwin administrative database.  The Blackboard administrator or designate creates a Blackboard User account for the contractor, registers the user with permissions appropriate to the stated scope of work and notifies the faculty member that the account is ready. If the contractor completes the work in question in less than 90 days, the faculty member notifies OIT through help@mbc.edu when the contractor no longer requires access to Blackboard.

13.2.3  Termination of Access

When you cease being a member of the campus community (e.g., withdraw, graduate, terminate employment, retire, or otherwise leave Mary Baldwin), or if you are assigned a new position and/or responsibilities within the Mary Baldwin system, your access authorization may be reviewed and terminated. You must not use facilities, accounts, access codes, privileges or information for which you are not authorized in your new  circumstances.

Return to Top

13.2.4  Account Retention Policy

When you cease being a member of the campus community your access authorization is terminated on your exit date. Staff, faculty and adjunct accounts will be terminated, with all data removed, effective immediately upon their departure.

In some special cases, it may be desirable to temporarily have an exiting employee’s email delivered to another Mary Baldwin user, or to setup an auto responder message indicating the employee is no longer with Mary Baldwin.  These special email requests must be made in advance by the exiting employee’s hiring supervisor, and are not available for student accounts.  Such setups are not to exceed 30 days beyond the employee’s exit interview date.

Emeritus Faculty (see Mary Baldwin Faculty Handbook, Emeritus Status, Section 2.10.1.3) may retain their Mary Baldwin email account. Users of these accounts are expected to abide by applicable Mary Baldwin Appropriate Use Policies.

Graduating students receive a 90-day grace period from their walk date. After that  period their network, email and Online Registrar accounts are removed from Mary Baldwin’s server systems.  All other exiting student accounts will be terminated, with all data removed, effective immediately upon the departure of the student.
Accounts whose passwords exceed 90 days in age will be locked out, while accounts whose passwords exceed 180 days will be automatically removed from the system including all personally stored information residing on Mary Baldwin servers.

13.2.5  Faculty, Staff and Student Username and Passwords

Account Usernames and Passwords are assigned to an employee or student. For any computer account, you are responsible for the use made of that account. Only you are authorized to use your account.  You should never allow anyone else to use your Username and Password. You should not log on to a system using your Username and Password and allow others to then use the system.

You should set a Password which will protect your account from unauthorized use, and which will not be guessed easily. If you discover that someone has made unauthorized use of your account, you should change the Password and report the intrusion to the manager of that system or the Director of the Office of Information Technology. You will be required to change your Password on a regular basis, to assure continued security of your account.

13.2.5.1  Password Requirements

For a variety of reasons, it is necessary to restrict access to certain services and to certain types of information. This may be in order to prevent modification of student grades, to restrict access to software or services that are licensed on a per-user basis, or just to make sure that one user does not accidentally delete files owned by someone else.  These protections may even be required in order to meet legal requirements, particularly with regard to privacy rights.

Mary Baldwin computing systems use the combination of a Username and Password to identify authorized users. You allege your identity by entering a Username. You prove that identity by providing a Password.  Because Usernames may be easily guessed, Passwords may be the only thing preventing an imposter from tampering with sensitive information.

You must keep your Password secret. Do not share it with anyone. Allowing anyone to use your Password violates our policy on system user accountability and may result in disciplinary action. Do not attempt to use any Username or Password that has not been assigned to you. State and federal law may make your use of someone else’s Password a crime.

USERS ARE RESPONSIBLE FOR ANY AND ALL ACTIONS TAKEN USING THEIR USERNAME AND PASSWORD.

Passwords must conform to requirements established by the Mary Baldwin Auditors and good industry standards. The requirements indicated below apply to all Mary Baldwin computing systems. These requirements fall into two basic categories: password selection and password management.

Return to Top

13.2.5.2  Password Selection:

When choosing a new Password, the following requirements must be met. Passwords must…

  • be at least 7 characters in length
  • not contain the Username
  • may not have been used as one of your previous six passwords
  • not match a dictionary of commonly (ab)used passwords
  • contain at least three of the following conditions:
    – uppercase letter
    -Lowercase letter
    -Number
    -“Special character” (anything other than a letter or number)

13.2.5.3  Password Management:

Proper management of passwords also requires that certain steps be taken to protect passwords once they have been chosen:

  • Never tell anyone your Password.
  • Never allow anyone else to use your Password.
  • Passwords must be changed every 90 days.
  • Passwords must not be written down where they can be seen.
  • Do not allow anyone to see your Password as you type it.
  • Any online Password changes will require encryption (e.g. SSL).

13.2.5.4  Initial Passwords:

Users may be assigned an initial, or “default” Password when their accounts are first created. These Passwords are valid for a maximum of 15 days and should be changed upon first use.  Initial Passwords may or may not provide access to all services; additional steps may be required to fully activate a user’s account.

13.2.5.5  Enforcement of Password Requirements:

At the time any password is changed, the new password will be automatically checked to verify that it meets the stated requirements. Passwords that do not comply with this standard will not be accepted by the system.

Password auditing procedures may be used periodically. This policy serves as prior notification; typically no further advance warning will be given. Auditing procedures may include, but are not limited to, the use of password ‘cracking’ programs and other utilities. Should a user’s Password be revealed in this manner, the user will be contacted and required to choose a new Password.

Users may also be required to view a brief security awareness program as part of the Password change process and/or as part of initial account activation.

Users may be required to change their Passwords immediately if they have not followed the guidelines listed under “Password Management”.  Accounts that have not had their Passwords changed in over 90 days will be automatically deactivated. After an additional 90 days have passed, the account will be removed from the system.

13.2.5.6  Notification of Expiring Passwords

Where systems permit, users will be given notification 14 days before their Passwords expire. Daily reminders will be sent beginning 7 days before the Password expires. Some notifications will be sent via email to Mary Baldwin email addresses only.  Users of non Mary Baldwin email systems should configure email forwarding from their Mary Baldwin account in order to receive these messages.

13.2.5.7  Password Reset Procedures

Should you need to reset your Password, call the Mary Baldwin Help Desk.  Passwords will not be reset or reactivated under any circumstances without first verifying the identity of the person making the request.  The user will be required to provide his or her full social security number and Mary Baldwin ID number as proof of identity. Additional information may also be required.

In the event of a personal visit to the Help Desk, a Mary Baldwin photo ID will be considered valid proof of identity.

13.2.5.8  Additional Recommendations

Lock Your Computer When You Walk Away – If you are using a password-protected resource, don’t leave the workstation unattended.

Use the MS Window Lock Out feature. Also, when you are finished using a password protected resource, be sure to exit the system (logout or shutdown the computer).  Most incidents of computer “hacking” or other forms of uninvited intrusions are the result of poor password selection or protection.  Don’t be a victim of this by being careless in your handling of passwords.

Use Power-On Passwords – We highly recommend that you use a Power-On Password.  This password is used to keep others from even booting up your computer.  If you choose to use a POP, you must write the password on a piece of paper, seal it in an envelope and send it to OIT for archive storage in the safe.  Without this step, OIT will be unable to assist you if you forget your POP or if service on your machine is necessary and you are unavailable.

Log Out Before Letting Someone Else Use Your Computer – If someone else uses your computer for any reason, log out and require that person to log in with his or her own name and password.

REMINDER: The person to whom an account Username and Password is issued is responsible for all activity on that account.  You are not allowed to let anyone else use your account.  Proper Password security helps ensure that others do not misuse an account for which you are responsible.  If at any time you feel that your Password has been compromised, change it IMMEDIATELY.  Any misuse of your account should be reported to the Office of Information Technology at extension 7075.

Return to Top

13.2.6  Use of Mary Baldwin Owned Computer Equipment & Software

13.2.6.1  General Use of Mary Baldwin Issued Equipment

You are responsible for the care of equipment issued to you by Mary Baldwin. It is expected that you will use it properly and not intentionally damage it in any way. All equipment is considered an asset of Mary Baldwin and is inventoried.

Should you be asked for inventorying purposes, you must be able to physically produce the equipment. If you cannot produce it, you will be personally responsible for replacing the equipment.

13.2.6.2  Off-Premise Use of Mary Baldwin Owned Computer Equipment

Removal of Mary Baldwin computer equipment must be authorized by the Office of Information Technology and by your supervisor or department head. A record of serial numbers and equipment types will be submitted to the Office of Information Technology where the inventory log is kept. This inventory must be completed before the actual movement of computer assets. All Mary Baldwin equipment removed from Mary Baldwin premises shall remain the property of Mary Baldwin.

Reasonable care shall be taken by the employee to preserve the equipment in working order. Mary Baldwin will assume no liability for consequential damages resulting from the malfunction or failure of Mary Baldwin equipment. The person removing equipment is responsible for insuring the equipment while in their possession either through homeowners or renters insurance. Equipment will be returned within one day of a request made by the Office of Information Technology or your supervisor.

13.2.6.3  Home Use of Mary Baldwin Licensed Software

Current software licensing does not permit Mary Baldwin faculty, staff, or students to take Mary Baldwin licensed software home for use on their personal computers – even if that home use is business/school related.

Under no circumstances will users copy software made available to her/him without the written authorization of the Director of the Office of Information Technology or the appropriate departmental head. Users will not remove any diskettes or software provided by Mary Baldwin from the labs or workplace without the proper authorization.

Return to Top

13.2.7  Laptop – Use and protection of

13.2.7.1  Introduction

Mary Baldwin has a lifecycle replacement fund for computer technology. Currently, the replacement fund is not fully funded. Thus, the exact planning of replacing equipment remains more an art than a science. Currently, Mary Baldwin owns approximately 700 desktop and laptop computers, numerous printers, much classroom display equipment, many servers, etc. Much of the funding for the larger items must still come from special “one-time” funding allotments.  Because of funding limitations lifecycle replacement plan is conditional, since the funds available must be used not only for personal computers but also for lab and classroom computers.

Mary Baldwin makes a commitment to provide an appropriate (and upto-date) desktop computer for each faculty and staff member. In some cases this may not be a brand-new computer. Recognizing the value in a portable computer, this policy aims to provide an opportunity for faculty to have a laptop computer instead of a desktop computer.

The following represents the laptop purchase policy for faculty/staff in academic departments and for staff in administrative departments.

13.2.7.2  Eligibility

In general, the following groups of faculty will be considered first:

  1. Online faculty who regularly teach two or more online courses each semester.
  2. Web-enhanced classes – Faculty who regularly teach 50% or more of their course load either as web-enhanced, hybrid, or online.
  3. Faculty teaching computer intensive courses or those who heavily utilize computers in the teaching of their classes.

Mary Baldwin will consider purchasing a laptop computer under the following conditions:

  1. Only full-time, permanent members of the Mary Baldwin community are eligible for consideration for laptops. Efforts will be made to allocate laptops to users based upon job responsibilities and need.
  2.  If the faculty member chooses a laptop computer, it will be purchased in lieu of a desktop computer, not in addition to a desktop computer. Only one or the other will be issued to each person.
  3.  During the lifecycle replacement process Mary Baldwin will subsidize the purchase of the laptop up to the amount currently being spent for a desktop computer.
  4.  If the laptop costs more than the price of the current office desktop configuration, the faculty member or department must pay the difference.
  5.  If a department wishes to purchase the laptop outside of the lifecycle replacement process, the department may do so with approval from their Vice-President. That department will be required to pay the full cost of the computer.
  6.  The laptop must be one supported by OIT and must meet minimum specifications. Currently, Mary Baldwin is purchasing and supporting Dell Latitude E-series and Apple Mac Powerbook laptop computers.
  7.  Mary Baldwin will assume ownership and include it in the Mary Baldwin Asset Inventory Database. Licensing for software installed and supported by Mary Baldwin requires that the laptops be considered the legal property of the university. However, if an individual takes ownership of the laptop computer, most software licensed by Mary Baldwin (for example Microsoft Office) must be removed.
  8.  The faculty member or department is responsible for the purchase of additional office accessories such as a monitor, keyboard, mouse, docking station or a desktop computer, if needed. Any additional items purchased with Mary Baldwin money remain the property of Mary Baldwin.
  9.  The faculty member or department is responsible for the purchase of additional batteries or other consumables.
  10.  Support for laptops purchased under this program is equivalent to standard support for desktops supported by Mary Baldwin
  11.  When the faculty member is eligible for an upgrade in the lifecycle replacement process, the laptop will be returned to OIT. If the device is not needed, the faculty member or department will be given the opportunity to purchase it for a mutually agreed upon fair market value.

13.2.7.3  Acceptable Use for Laptops

The use of laptops, including off-campus use, is strictly regulated by the Mary Baldwin’s Acceptable Use Policy.

13.2.7.3.a  Loss, Theft and Data Security

Laptops provide the convenience of portability. However, these devices are especially susceptible to loss, theft, and the distribution of malicious software because they are easily portable and can be used in a variety of environments.

Misplaced or unsecured laptops may expose sensitive information to the public. Examples may include personal identifiable data which may be protected by federal law or the process utilized to connect to the Mary Baldwin network. Given the difficulty in determining what information contained on a computer system has the potential to damage Mary Baldwin, all information must be protected until specifically determined otherwise. The inherent vulnerability of portable computers makes it mandatory that all Mary Baldwin-owned portable computers employ encryption and laptop tracking software. All personnel-assigned Mary Baldwin-owned laptop or other portable computers are required to comply with this policy. When portable computers are decommissioned the encryption license will be removed and made available for use on another system.

It is important that the laptop user understand that they must protect and remember any encryption keys. The whole point of encryption is so that others cannot get into your data. OIT may not be able to recover or restore encrypted data should you loose your key. Therefore it is also important that you backup your data regularly either to CDs or to network drive space.

Requests for a variance to this policy must be submitted by the Director of OIT. Variances must be re-submitted on an annual basis. The following information must be included in the variance request:

  •  The Mary Baldwin Asset Tag# for the laptop.
  •  Description of the laptop computer and its use.
  •  Rationale or business case for not encrypting the laptop computer.
  •  Rationale or business case for other variances to this policy such as, not receiving current security fixes, patches or anti-virus updates.
  •  Benefits or costs associated with this request.

All Mary Baldwin laptop users shall:

  • Report lost or stolen portable computers to the appropriate authorities including the department director, the OIT director and the Mary Baldwin Safety office.
  •  Assure portable computers are available to receive license synchronization at least once every 30 days. This is also recommended to facilitate current security fixes, patches, and anti-virus updates.

OIT Staff Members shall:

  • Deploy the encryption software in accordance with the manufacturer’s recommendations and Mary Baldwin’’s information technology deployment procedures.
  • Educate users on the need to avoid leaving portable computers unsecured. If they must be left in a vehicle, they should be locked in the trunk.
  • Educate all users on the importance of data security; especially those utilizing a mobile computing environment.

Return to Top

13.2.7.3.b  Damage to Laptops

Laptops are more susceptible to damage, both due to their portable nature and their relatively fragile construction. Users are expected to take precautions to ensure that laptops are not stolen, lost, or damaged. If laptops are lost, stolen, or otherwise damaged such that they cannot be restored to normal working order, the employee may be responsible for the prorated cost of the laptop (first year: 100%; second year, 75%; third year, 50%; fourth year, 25%).

In case of theft or loss, the user must file a report with the Director of OIT and Mary Baldwin’s Department of Safety and Security. Users are encouraged to check their home insurance policies regarding coverage.

Mary Baldwin will evaluate the circumstances of the theft or loss to determine if the required reimbursement should be waived.

Insurance. Anyone choosing a laptop computer is strongly advised to check to see if they are covered under a homeowners or other insurance policy. Laptops supported by Mary Baldwin are insured up to the base value (currently $1,600 – March 2009).

In the case of a stolen or damaged laptop, a deductible amount of $200 will be applied to every claim; in general, it is the responsibility of the faculty/staff member to cover this deductible. Mary Baldwin assumes no other responsibilities or liabilities than those listed here or required by applicable law.

Repair of laptop computers. Mary Baldwin purchases 3-year, on-site, next-day service for Dell Latitude laptops. Most repairs are performed by a certified Dell repair technician. In some cases a laptop computer can only be serviced by sending it back to the manufacturer. Users of laptops should be aware that this may cause inconvenience, since they may be without any computer during the time the laptop has been returned for service. OIT does not have loaners available for these repair periods.

In general, lost, stolen, or damaged laptops will be replaced with desktops from the pool of available cascaded computers. These computers will subsequently be upgraded according to the lifecycle refresh plan for desktops. At that time, users may be eligible for consideration for a laptop.

13.2.7.3.c  Virus, Hacking, and Security Protection

To ensure that virus protection and other security patches are current, laptops must be docked and connected to Mary Baldwin’s network over night at least once every two weeks. Users who are offcampus for more than two weeks must contact the Help Desk before docking and reconnecting  heir laptops to the Mary Baldwin network. In the case of a significant security alert, users may be contacted by e-mail and/or voicemail, to bring in their laptops to the helpdesk to ensure proper security is enabled on the laptop. Further, in the case of a low security threat level, OIT may choose to waive or extend the two week requirement.

13.2.7.4  Software on Laptops

To the extent possible, OIT will install the same software (Office Suite, MBC400 client, etc.) on laptops as installed on Mary Balwin desktops.

Course specific software will be evaluated on a case-by-case basis, and may need departmental approval and license funding. OIT will only install supported software, and no unlicensed software will be installed under any conditions. Because laptops are provided for Mary Baldwin related work, no personal software may be installed.

13.2.7.5  Laptop Equipment Return

Laptops must be returned to OIT if requested or if employment ends. No laptop will be upgraded or replaced unless the original equipment is returned in proper working order.

Return to Top

13.2.7.6  Support

OIT support of Mary Baldwin owned laptops will be equivalent to that provided for Mary Baldwin owned desktop computers. Direct support will only be provided while laptops are on campus, and laptops requiring support must be docked.

Users will need their own ISP accounts if they wish to connect to the Internet from home, and may install any drivers or other software required by their ISP for remote connectivity. Specific questions regarding connecting remotely must be referred to the users’ ISPs.

13.2.7.7  Signature Page

Before you are issued a laptop, you must sign a copy of the Mary Baldwin Laptop Usage Policy and return it to OIT. The signed copy of the policy will be kept in OIT until the laptop is returned or replaced. A link to the policy will also be posted on the Mary Baldwin web page.

 

13.2.8  Off-Campus Access to Computing & Network Resources

Mary Baldwin does not have provisions and does not provide direct off campus dial-in access to MBCNet to faculty, staff, or students.

Under extreme and unusual circumstances, a special VPN connection can be configured on Mary Baldwin owned computers for use by Mary Baldwin employees from off campus. In those situations the department requesting the off campus connection must

  1. supply the ISP connection for their employee using service guaranteeing a static IP address
  2. supply or designate the Mary Baldwin owned computer,
  3. pay for any additional hardware components, such as modems or routers;
  4. pay for the VPN client software and license,
  5. pay for the Certificate Authentication client software and license.

Permission for off campus access is the sole discretion of the Director of OIT. Mary Baldwin discourages such connections. Please carefully evaluate the value of having your staff working from their homes. Supervision and support can be handled much better when staff is working on campus.

13.2.9  Requesting Off Campus VPN MBCNet Access

The Supervisor must make a formal written request to the OIT office care of the Director indicating:

  1.  who you wish to be authorized for off-campus connection.
  2.  a brief description of what type of work they will be doing (for hard copy documentation).
  3.  the specific start and stop dates for access to the system (cannot exceed a 30-day period of time.)
  4.  the Mary Baldwin owned device that is to be configured.
  5.  an account number to be used for all department charges.

You must allow 5 working days for setup of the off campus account access.

13.2.10 Support for Off Campus Dial-in Access

Mary Baldwin will not supply equipment to the employee for home access. OIT will not support employee’s personal equipment used for temporary off-campus in access.

Return to Top

 13.3 Privacy and Monitoring

13.3.1 Network Monitoring, Logging and Data Retention

Purpose: to establish policy for legal procedure without precedence.

Mary Baldwin does not routinely monitor or log network activity. However, users should also be aware that their uses of university computing resources are not completely private. The normal operation and maintenance of Mary Baldwin’s computing resources require the temporary backup and caching of data and communications, the logging of activity, the monitoring of general usage patterns, and other such activities that are necessary for the rendering of service.

Due to the nature of modern attacks against persons and equipment, Mary Baldwinreserves the right to capture and log individual data, including but not limited to the contents of the data packets from individual’s PCs and all electronic devices used on campus.

Additionally,Mary Baldwin does not monitor or restrict material residing on any computer system, whether or not such computers are attached to campus networks. However, computers that are connected to the campus network and violate Mary Baldwin policies are subject to investigation and disconnection without notice. All computers are assigned Dynamic IP addresses which are subject to change at any time.

If the system administrator, in the performance of duties, uncovers information that an individual is acting inconsistent with this policy, or discovers evidence of criminal activity, the system administrator must report such findings to the appropriate authority. Mary Baldwin does not have the resources and capacity to log network data indefinitely. At no time will logging data be stored for longer than 30 days, and is subject to purge at any time per OIT discretion. Mary Baldwin reserves the right to amend and/or append this policy at any point, without prior notification.

13.3.2 Requesting Private Network User Activity Information

What We Can Release:
Mary Baldwin will not release personal user network and communication activity to anyone as we deem this information to be private information. However there may be times when log information may be requested as a part of a legal investigation. The following procedures are in keeping with similar procedures designed to protect private information of students, faculty and staff.

What We Do When We Get A Formal Request:
Should such information be requested for the investigation of possible illegal activity, the request must be made through the Mary Baldwin Security Office. The Security Office will determine if the request is a part of a legal investigation. If so, Security should request a formal written request (subpoena, court order, or other legal document) from the originating investigator. The request from the investigator must be specific in outlining the data wanted. The request, through the Mary Baldwin Security Office, should then be submitted to the Director of Computer and Information Services who will consult with Mary Baldwin’s attorneys and determine if the request can be complied with. If so, the Director will instruct the appropriate technicians to gather the requested information. The information will then be turned over to the Security Office, who will then turn over the information to the requesting party

Return to Top

13.4 User Support – Computer and Telephony

13.4.1 Getting Help

OIT has created a single Help Desk phone number for you to call. If you have any problems relating to your computer, phones or the Mary Baldwin network you can call 540-887-7075, or 7075 from on campus.

The Help Desk Analyst will create a work order for tracking every request for help. That way your problem can be tracked and a follow up ensured. Of course the Analyst will attempt to resolve your problem right then on the phone. Each analyst will have basic knowledge of the supported Mary Baldwin software packages, basic hardware and basic network problems. If the question can’t be answered or the problem can’t be resolved on the phone, the Help Desk Analyst will assign the problem to another appropriate OIT staff member.

13.4.2 Hours

Mary Baldwin supports computer usage by employees during normal working hours, Monday through Friday, 8:00 am to 4:30 pm. Weekend and evening work requiring support must be approved by the Director of OIT in Advance. Deviations from normal hours must be cleared by a vice president. The supervisor will notify both Security and OIT.

ANY non employee using the Administrative Computer Systems must have Mary Baldwin OIT clearance in writing in advance of use. The Help Desk will provide support via telephone. The Help Desk will be staffed to provide support from 8:00 am to 4:30 pm EST, Monday through Friday with the exception of school holidays, and energy saving summer 4 day work weeks.

OIT does not provide weekend support or after-hours support, except in legitimate emergencies or on a pre-scheduled basis. Requests for support received after 4:30 p.m. EST weekdays or anytime on the weekend are deferred until the next business day. At other times you may submit an online help request. You can also get help through e-mail via help@mbc.edu. Be sure to include as much detail about the problem as possible in your email message; and include your name and phone number so we can contact you.

13.4.3 Help Desk Support

The goal of Help Desk is to assist Mary Baldwin faculty and staff with the use of Mary Baldwin supported software (see Mary Baldwin Supported Software) by answering questions and resolving problems specifically related to these items. The underlying assumption is that the faculty and staff members are generally knowledgeable about the software but have additional questions or problems not answered in the documentation or covered during training.

The Help Desk cannot provide individual on-phone software training (see Software Training).

The Help Desk will not provide software or hardware support for students’ personal computers. Limited support for students working in Labs is discussed in the section on Lab Support.

Help Desk Analysts strive to answer all calls promptly. All call requests are dated and time-stamped upon receipt. Requests for support are processed on a first come/first serve basis relative to software and priority. When you place an initial call, a Help Desk Analyst will give you a specific incident number.

13.4.4 Problem Classification

As the first line of assistance for solving technology related problems, the Help Desk will try to determine the problem or likely source, and classify the situation as:

  • Track 1 (Help Desk)
  • Track 2 (Network Support group)
  • Track 3 (Administrative Software Support group).

If Track 1, the Analyst will use all available resources to best resolve the reported problem over the phone and close the Work Order. In cases where a call cannot be resolved over the phone, the Help Desk Analyst will classify the nature of the problem or request as Priority 1, Priority 2, or Priority 3 and will dispatch a Mary Baldwin Desktop Support Technician to perform on-site actions to resolve the issue.

If Track 2, the Analyst will report the problem or request to Mary Baldwin Network Support group for classification and monitor progress.

If Track 3, the Analyst will report the problem or request to Mary Baldwin Administrative Software Support group for classification and monitor progress.

Return to Top

13.4.5 Call Priority

Calls are prioritized using the following definitions:

Priority 1– We specify this status for critical issues that require immediate help. These are problems that may prevent the performance of a time bound institutional task that effects a lot of people. Use this priority for mission critical applications only. Examples of issues classified as Priority 1 are:

  • Critical Server or system outages
  • Faculty led classroom teaching
  • Registration
  • Billing or Payroll problems
  • Constant system crashes
  • PCs that won’t boot
  • Essential applications that won’t start

Priority 2– We specify this status for issues that are not urgent in nature, but do require a resolution within a reasonable amount of time. These are problems that inhibit an individual from performing their job, but there are other tasks that can be accomplished while their system is down. Examples of issues classified as Priority 2 are:

  • Application re-installs
  • E-mail problems

Priority 3 – We specify this status for general issues where there is no immediacy and that can be handled as time permits and does not require a resolution within 24 hours. Examples of issues classified as Priority 3 are:

  • Software upgrades
  • Computer installs
  • Printer installs

13.4.6 Response Times

During daytime hours a Help Desk Analyst should be available to answer your call immediately. During off hours only emergency calls are directed to Security. Security will contact the OIT Support Technician.

For calls classified as Priority 1, the Mary Baldwin Support Technician will return a call within a one-day period and attempt to close the call within three working days.

For calls classified as Priority 2, the Mary Baldwin Support Technician will return a call within a two-day period and attempt to close the call within five working days.

For calls classified as Priority 3, the Mary Baldwin Support Technician will return a call within a two working day period and determine a suitable timeframe for completion of the task.

13.4.7 Faculty and Staff Hardware Problems

Problems with hardware should go to the Help Desk for resolution or work order assignment. OIT does not have sufficient resources to guarantee loaner CPUs or monitors. Remember that you are responsible for your own data backups for files and documents stored on the equipment assigned to you. OIT cannot guarantee that data that has not been backed up can be recovered if lost due to hardware failure.

13.4.8 Obtaining or Procuring New Computer Equipment & Peripherals

All computer equipment and peripherals, regardless of funding source, must be purchased through OIT. This includes printers, additional RAM, hard drive storage, Zip drive devices, CD-ROM devices, scanners, etc. You may not purchase equipment such as printers from local office supply stores unless approved. This ensures proper asset inventorying, equipment compatibility and warranty coverage.

If upgrades of hardware and components are approved they will be charge to your operating budget. Most computers on campus are updated on a rotational cycle approximately every 4-5 years. Some users are updated more frequently.

If your department has funding for new computers, you can request an update at anytime. Your request will be reviewed and submitted for approval with the Business Office. Simply submit a help request along with the details of the computer setup you need, along with your account number.

Return to Top

13.4.9 Mary Baldwin Hardware Specification Standards

See https://www.mbc.edu/oit/recommended-workstation-standards/ for the most up-to-date listing.

13.4.10 Support NOT Provided by the Mary Baldwin Help

Desk Examples of situations that are not covered by the Help Desk include:

  • Support for a software product not purchased by Mary Baldwin.
  • Support for faculty and staff home computers and personal software, even if being used on campus.
  • Support for faculty taught applications. The faculty member teaching those packages is responsible for support. OIT will support the faculty in getting the application running.

13.4.11 Classroom Presentation Equipment

Presentation equipment is limited so proper and early scheduling is a must. All scheduling of presentation equipment is handled by the Help Desk (x7075).  Multimedia Services will determine if the equipment is available and confirm your reservation. They will also set it up in your classroom, time permitting. Software installed on mobile units is limited by licensing. You should check the device to be sure the software you need is installed. If the software is not loaded, you should contact OIT at least three days in advance of your scheduled use. If a license is available, then the software can be installed. If an additional license is required then it will have to be ordered and that may take time. Be advised that payment for an additional license may need to be charged to your department or discipline.

 

13.4.13 Software Training

The Help Desk cannot provide software training over the telephone. It is neither an effective or efficient training method. We make every effort to devote Help Desk time for the exclusive purpose of addressing problem issues and answering specific application questions. Help Desk is not a substitute for Teams 2000 module training. You should request Teams 2000/AS400 module training from your supervisor. Mary Baldwin provides free limited training workshops as funding permits. Faculty and staff who are unfamiliar with basic software concepts and who need software training will be referred to other training providers.

13.4.14 Fee-based Software Support

There are a few approved vendors who can supply you or your office fee based software support. Usually the base rates are $20.00 to $30.00 per hour, billable in 15-minute increments, with a 15-minute minimum. Please contact OIT for more information.

Return to Top

13.4.15 Support of Faculty Taught Software

Faculty taught applications are not supported on the Help Desk. These include SPSS, Systat, Minitab, Derive, Quark X-Press, Adobe PageMaker, Adobe Illustrator, System Architect, CTI training packages, Adobe PhotoShop, ArchiCAD, and other faculty taught applications.

The faculty member teaching those packages is responsible for all instruction and support. It is the responsibility of the faculty member to ensure that the software they wish to use in a class will function properly on the currently deployed hardware platform and operating system. Before purchasing any software the faculty member must be sure to get certification from the software publisher that the software will operate with current operating systems.

The ultimate responsibility to make software function rests with the faculty member and the publisher. While OIT will do everything possible to assist faculty in this effort, we cannot be responsible for software that won’t run in the currently supported operating system. Because of the impact on a faculty member’s planned curriculum that non-functioning software can create, as much lead time as possible should be scheduled to test the software before deployment in the labs.

To ensure successful implementation of new software a minimum of ninety days is required from the time the software is delivered to faculty member and OIT for testing until the time of implementation. It is common for released software to fail to operate properly or not at all. Educational software vendors seldom have the support necessary to assist in resolving such serious problems, which may leave a faculty member with a planned course but no operable software. It is the responsibility of the faculty member using the class software to support the students using it in the course.

It should be made clear to students that they are to contact the faculty member with questions and problems. OIT cannot support software programs other than Mary Baldwin supported packages. You may not install personal software on Mary Baldwin equipment. All software loaded on Mary Baldwin equipment must be licensed to Mary Baldwin.

13.4.16 Student Owned Computer Problems

Support for students’ personal computers is limited to support and advise via the telephone or informative documentation. The Computer Center will not work on individual student owned computers, either in the dorm room or in the Computer Center. To request advise on your particular problem you may:

  • Call the Help Desk at extension 7075 The Help Desk is staffed each business day from 8:00 am until 4:30 PM.
  • Request help via the online help request form from the MBC/OIT web page.

Most problems are the result of downloaded programs, music, videos and screen savers. Many of these downloads also include viruses and various malware. Mary Baldwin requires all students to have updated Antivirus software running on their personal computers and expects students to keep their virus definitions and operating systems up to date. The computer center may not be able to assist students with computers that are infected or have corrupted operating systems. Mary Baldwin reserves the right to disconnect infected or vulnerable computers if they pose a threat to other computers on the network. It is imperative that you have the original software for your PC available, in case you have to reload your system. Some problems may be too complex to be resolved over the telephone. The Student Support Team are NOT certified service technicians and, therefore, will not make any hardware repairs nor install or remove any software. If your computer or printer is actually broken, the consultant will tell you how to reach a private vendor for fee-based service.

Fee-based Student Support: The responsibility of maintaining your computer is yours alone. Although the Student Support Team can help you with typical software problems and questions, more serious trouble may require outside help. The following local vendors offer fee-based support. Fees and charges vary. Be sure to get an estimate before committing to any service. The following is not a complete list of local vendors, nor are they recommended by Mary Baldwin, they are listed for your convenience. Please check the local phone book for a complete list.

DDPP.O. Box 17, Churchville, VA 24421540-337-7777dave@ddpsystems.com Morse Computer Service (MCS)885-8695BEM@rica.net
John’s Computer Service2236 Shutterlee Mill Road Staunton, VA 24401john@johnscomputerservice.net Staunton Computer1411West Beverley St Staunton, VA 24401540-885-2361

Return to Top

13.5 Campus Messaging & Telephony Systems

Use of Mary Baldwin resources such as electronic mail (email), telephone,and voice mail is a privilege and must be treated as such. Misuse of these messaging systems can result in the loss of access to e mail and/or other resources.

13.5.1 Email Guidelines

Fraudulent, racist, harassing or obscene messages and/or materials are not to be sent, printed, requested or stored. Any use of email that would deprive others of resources is prohibited (such as, but not limited to, purposely congesting email systems with multiple messages).

Chain letters and other forms of mass mailings are not allowed.

Commercial use of email is not allowed. This includes using email as a classified ad service.

Any communication that violates Mary Baldwin policies and/or local, state or federal laws and regulations is prohibited.

The content and maintenance of an electronic mailbox is the responsibility of the person to whom the email account is assigned.

The system administrator will delete email messages that have been left on the server, have been read and are older than the limit set by the email system administrator. (Currently this limit is 90 days.)

Check your email often and remove messages that are no longer needed. Messages needed beyond the time limits stated above should be downloaded to personal disks or printed for future reference.

Email messages are considered private unless they have been explicitly made available to others. Every attempt is made to assure the security of Mary Baldwin’s email systems so that there is a reasonable expectation that mail cannot be read by unauthorized individuals.

However, this is not a guarantee of the privacy of messages. Be aware of the potential for forged email. If a person has acquired another individual’s password, that person can pretend to be the other individual and send forged email. (This would be a policy violation but it can happen if someone is careless with his or her password.) Also, email that originates from outside Mary Baldwin may not be subject to strict security. If a message appears out of character for the sender, it may be a forgery and you should contact the sender by other means for verification.

Software for accessing email systems has been licensed by Mary Baldwin for use on Mary Baldwin owned computers only. Individuals who own their own computers are responsible for acquiring (purchasing) the appropriate software licenses and hardware if they wish to access email from their own computers. There is no guarantee of available software for individually owned computers.

13.5.2 Email Security

Email is not a secure medium. The messages are merely text files that can be read by almost any text editor. When you ask for your email from a mail server the files are downloaded to the computer you are working on. Even after you delete the file after reading it a copy usually remains on the computer you are using (usually in a special folder for deleted mail). To completely remove the mail files from the computer you must delete them from that folder as well.

Since email is such an open medium it is wise not to use email for any confidential information. There is a chance that your message will be delivered to the wrong mailbox. You may accidentally send the message to the wrong address. You may forget to remove the message from the computer you are working on. If the information you wish to relay is in any way sensitive or confidential use an alternative method of delivery.

Return to Top

13.5.3 Retention of Email

Mary Baldwin has a Zero day retention of email. That is once the mail has been delivered to the User (POP3) a copy of the message is not stored on the mail server. Users can archive and keep email on their hard drives for as long as they need.

Email stored in User mailboxes on the server (IMAP) are only retained for a period of as a part of the normal backup cycle.

Overview of backup procedures:

OIT backs up files on its systems for the purpose of ensuring its ability to recover from computer or network failures or disturbances.

The OIT backup system is not designed or intended to be a means for members of the community to have access to long-term storage of files.

Backups of the user files on the systems are run on a weekly basis. The schedule usually runs during the weekend but may be run at any time if events warrant.

Each daily backup saves the contents of files and directories at the time the backup was performed. Therefore the backups do not record all activities or contents of users’ files throughout the day or week. A backup is simply a snapshot in time of the data present on the system at the time the backup ran. Therefore it is completely possible for a user to create and delete a file during the course of a day which will never appear on a backup. This is also true of email messages; a user may receive, read and delete an email message without the daily backup of the email storage ever recording that message (although there would normally be a record of who sent and received an email message — without the contents — in the system mail server logs).

Backups of user files are retained only for 30 days. Therefore OIT can retrieve daily backups for up to 30 consecutive days before the date of request. Users are urged to back up any critical information themselves for archival purposes or long-term storage off-line.

13.5.4 SMTP Policy (or running your own mail server)

Part 1

Connections originating outside the Mary Baldwin network to the SMTP port (port 25) of hosts on the Mary Baldwin network will be blocked. System administrators who need to operate independent mail systems should contact OIT to request an exception to Part 1.

Part 2

Connections originating on the Mary Baldwin network to the SMTP port of hosts outside the Mary Baldwin network will be blocked. All mail destined for hosts outside the Mary Baldwin network must be directed through the Mary Baldwin SMTP server, that is: mail.mbc.edu.

OIT will grant exceptions to Part 2 based solely on issues of Message size limit. The OIT-run SMTP service currently limits the size of a message to 6 MB. If Mary Baldwin business cannot be conducted under this limit, mail system administrators should contact OIT to request exceptions.

Rationale

The implementation of this policy has several benefits:

Fewer problems with open mail relays. An open mail relay is a host which indiscriminately accepts and forwards email. They are often a result of poor configuration and maintenance by a mail server’s administrator. Malicious people on the Internet use various means to identify open relays. They then direct malicious, annoyance or advertisement email spam through the open relay to other people.

By using the relay, the spammer makes his actions more difficult for security personnel (including civic law enforcement) to track down. By blocking SMTP traffic as described in the policy, spammers’ ability to identify and exploit open relays on the Case network is severely curtailed.

Fewer email virus problems. Email is a common means for computer viruses and other malware to spread on a network.

Fewer instances of blacklisting. When other organizations on the Internet receive unwanted email from Mary Baldwin, they sometimes choose to reject all mail from us, an action known as “blacklisting.” In addition, there are Internet blacklisting services to which organizations may subscribe, so that all subscribers will know to begin rejecting mail from a perceived offender. OIT cannot allow communications to be disrupted in this way.

Improved mail auditing. It is sometimes necessary to track down the source or ultimate disposition of an email message. This process requires OIT to review the cumulative delivery information the message contains. In messages sent by viruses, this information is often falsified. In addition, because a message may traverse multiple, varied mail systems in order to be delivered, the delivery information is incompletely reliable. By requiring all mail leaving Mary Baldwin to pass through the OIT-run mail system, we can guarantee a reliable and consistent point of audit, logging, troubleshooting, etc.

Improved mail system management. As a result of this policy, OIT will have an authoritative list of the mail servers operating on the Mary Baldwin network. This knowledge makes vulnerability assessment, system administrator education, and remediation practical.

Return to Top

13.5.6 Office Telephone Policy

General

The Mary Baldwin telephone and fax systems must be kept open for Mary Baldwin business and emergency use.

Acquisition Guidelines

Mary Baldwin faculty and staff needing telephone service must complete the request form found on the Offices of Information Technology homepage under Telephones, Voicemail and Cable TV or submit an email request to OIT (help@mbc.edu). Requests should be authorized by the major Department VP and must include the Mary Baldwin account code to which the service will be billed.

Billing

Monthly billing for telephone services will be processed centrally.OIT will review the detailed usage statements. Statements will be emailed to Department heads. Charges will be posted by the Business office. Any discrepancies should be communicated to OIT for follow up.

From time to time, Business and Finance and/or OIT may review individual usage to assure that the most appropriate rate plan is in use and to screen for possible abuse. This information will then be forwarded to the user’s department for administrative review.

Personal Calls

Personal calls from Mary Baldwin telephones should be limited. Staff members are encouraged to bill personal calls to their personal telephones or credit cards.

If a personal long-distance call is made on Mary Baldwin’s account, it is the responsibility of the individual to identify the call when the telephone bill is circulated among the staff and to reimburse Mary Baldwin promptly by making payment to the Business Office.

Repairs and Moves, Adds & Changes

Contact OIT regarding requests for a change in service, telephone instruments, cords, repair, etc.

13.5.8 Cell Phone Policy

General

Mobile (cellular) telephones are an effective resource for Mary Baldwin because they enable communication in areas or situations where conventional telephony is not available or is impractical. However, the cost incurred by mobile telephony must be weighed carefully against any benefits.

In general, mobile telephones (i.e., telephones connected to a commercial cellular telephone service (such as CellONE or Verizon) may be assigned to employees for whom the nature of their work requires wide mobility and simultaneous access to the public telephone network (i.e., senior staff, directors, deans, technicians).

Acquisition Guidelines

All mobile phone acquisitions will be coordinated by OIT through established purchasing procedures. Individuals and/or departments are not permitted to contract for cellular services on their own.

Mary Baldwin faculty and staff needing mobile communications service must complete the request form found on the Office of Information Technology homepage under Telephones, Voicemail and Cable TV or submit an email request to OIT (help@mbc.edu). Requests should be authorized by the major Department VP and must include the Mary Baldwin account code to which the service will be billed. The justification for mobile telephony should demonstrate a clear connection to the user’s job responsibilities.

Mobile telephones should not be issued to student workers, contract employees, part-time, temporary personnel, adjunct faculty, or others not having a compelling use for the technology, unless specifically requested by the department head. Security of these phones is the responsibility of the department.

All costs associated with mobile telephones will be borne by the department ordering the equipment. Such costs include, but are not limited to, the following: equipment acquisition; service initiation; monthly fees for mobile service; per-minute cost of calls in excess of the calling plan allocation; maintenance and repair of equipment; and replacement of lost or stolen equipment.

LOST PHONES and REPAIRS

If the mobile telephone is stolen or otherwise misplaced, the holder MUST contact OIT (540-887-7075) immediately for temporary suspension. If after hours, OIT must be notified on the next business day. User departments will be responsible for coordinating repair of mobile communications equipment with OIT.

Short-term rental of mobile telephones

A small supply of mobile telephones may be available for shortterm rental. Requests are filled on a first-come, first-serve basis. The department is charged a fee for use of the mobile telephone. In addition, all airtime usage charges for the appropriate days are the responsibility of the requesting department.

Billing

Monthly billing for cellular services will be processed centrally. OIT will review the detailed usage statements. Statements will be emailed to Department heads. Charges will be posted by the Business office. Any discrepancies should be communicated to OIT for follow up. From time to time, Business and Finance and/or OIT may review individual usage to assure that the most appropriate rate plan is in use and to screen for possible abuse. This information will then be forwarded to the user’s department for administrative review.

Personal Calls

Use of a Mary Baldwin-owned mobile telephone and mobile telephone airtime service is intended for official Mary Baldwin business. However, Mary Baldwin recognizes that personal calls are sometimes necessary.

Personal calls should be kept to an absolute minimum.

Usage-Rate airtime plans – If the mobile telephone is used for a personal call, the individual is responsible for the cost of that call. The telephone user should make note of personal calls and write a check to Mary Baldwin after review of the monthly call detail. The personal check should be submitted to the Business Office for deposit to the account number billed for the cost of the call.

Flat rate airtime plans – If the mobile telephone has a flat rate airtime plan, the customer is responsible for reimbursing Mary Baldwin when personal calls cause the plan threshold to be exceeded. In this case, personal calls must be reimbursed up to the amount over threshold.

Return to Top

13.5.10 Voice Mail Messaging System

Introduction

Voice mail service is provided to all members of the Staunton campus community. It is powerful and flexible tool to help us meet the communications needs of Mary Baldwin. To ensure our ability to effectively manage the system, this policy has been created to help users understand the capabilities and limitations of the voice mail system and establish guidelines for its proper use.

Definitions

Terms used in this document are explained below:

Broadcast voice mail message. A system-wide message heard by all voice mail users. It plays immediately after a user dials into the system and enters their password. Unlike other types of messages, it cannot be skipped, interrupted, or saved; the message must be heard in its entirety and deleted before a user can access their mailbox. A Broadcast message is provided from the server instead of being sent to a user’s mailbox. Because of this, it does not trigger messagewaiting indicator lights or stutter tones.

System distribution List message. Created and maintained by the System Administrator, it is similar to the personal-group list but can contain up to 300 mailbox numbers. System lists can be linked together into a master list to simplify mass message distribution. At present, there are two System Distribution Lists, one containing all faculty and staff voice mailbox numbers, and the other containing all student voicemail box numbers. Unlike a Broadcast message, System Distribution List messages are sent to individual boxes and thus trigger message-waiting lights and tones.

Personal Distribution List message. A message sent to a pre-defined group of voice mailboxes. This type of message is recorded once and copied by the system to all the mailboxes in the list. Faculty, staff, and selected student leaders can create their own personal group distribution lists through their voice mailbox. Up to five lists can be created, each with up to 25 mailbox numbers.

Extension and Destination Voice Mailboxes. There are several types of voice mailboxes available in our system. The box type assigned to most faculty and staff is known as an “extension” box, and is linked directly to the telephone number. The mailbox number for an extension box is the same as the telephone number. Most students are assigned a “destination” box, used when 2 or more people share the same telephone extension. Destination mail box numbers are not the same as the telephone number. When creating a distribution list that includes students, remember that it is the destination box number you will need for your list, not the telephone number.

Explanation of Use

Because of the limitations of student voice mail service, this section applies primarily to faculty and staff users.

The voice mail system is intended for official use in support of academic and administrative communications needs. Because it is possible to send information to all members of the Mary Baldwin community using the Broadcast or System Distribution Lists voice mail message, this policy has been established. In doing so, these points were considered:

Unlike an email message or traditional flyer, those receiving voice mail messages cannot scan a subject line and delete or ignore those items that do not pertain to or interest them. They must be listened to, at least partially, to determine what they contain. Only then can they be skipped and deleted. In the case of a Broadcast Message, they cannot  be skipped at all and must be listened to in its entirety.

An email message to “allmbc” can be composed and sent by anyone from his or her computer without assistance or intervention by the email system administrator. Sending a Broadcast voice mail message, however, requires assistance by the System Administrator. For security reasons, however, we must restrict access to this part of our system to the Administrator. Voice mail messages are stored on the server’s hard drive, consuming space until listened to and deleted. Broadcast and System Distribution List messages are roughly equivalent to sending 1,000 messages. It would not take many such messages (combined with regular message traffic) to use up our capacity and cause system problems.

Because voice mail is by its nature more intrusive, it requires more time to deal with than other forms of available communication, such as e-mail and flyers.

Conditions of Use Guidelines

Use of the Broadcast Message is strictly limited to communicating information about events that are of significant impact to the entire Mary Baldwin community. All requests for the use of Broadcast messaging must be directed to the Voice-Mail System Administrator. Exceptions to this policy require Executive Staff approval.

Examples of situations that warrant the use of a broadcast message include:

  • System Administration purposes, such as scheduling mass password changes
  • Notification of Voice Mail system shutdown for maintenance.

Access to System Distribution Lists will be made available to the Executive Staff and to offices they designate. Such messages should be of significant importance to the recipients on the list used.

Examples:

  • Notice of interruption of utility service affecting major portions of the campus.
  • Notice of campus-wide class cancellation or campus closing.
  • Change in hours of the Dining Hall (i.e., closing early due to adverse weather)
  • Cancellation/change concerning a campus- or university-wide event (Founder’s Day, graduation, etc.)

Personal Distribution Lists are available to all faculty, staff, and selected student leaders. Responsibility for obtaining appropriate extension and destination box numbers and the creation of the lists themselves rests with the user. Instructions on creating and using lists is contained in the user’s phone directory.

Voice Mail Etiquette

Individual messages or those sent using personal-group distribution lists must conform to certain general rules:

  • Courtesy and professionalism is expected at all times.
  • Messages should pertain to official, Mary Baldwin-related business.
  • Messages should be brief and to the point.

Return to Top

13.6 Copyright Policy

Copyright information is located on the Grafton Library site:

13.6.1 What is copyright?

13.6.2 What is “Fair Use”?

13.6.3 Digital Milliennium Copyright Act?

13.6.4 What materials may be used without first obtaining the owner’s permission and/or paying a royalty?

13.6.5 How does Copyright Law affect Distance Learning?

13.6.6 What Guidelines apply to placing materials in the library on Reserve?

13.6.7 What Guidelines apply to Coursepacks?

13.6.8 What Guidelines apply to the use of Films and Video Recordings?

13.6.9 What Guidelines apply to Off-Air Recording of Broadcast?

13.6.10 What Guidelines apply to the copying of Sound Recording?

13.6.11 What Guidelines apply to the copying of Computer Software?

13.6.12 What Guidelines apply to the conversion of other Analog Materials to Digital Materials?

13.6.13 What guidelines apply to the downloading and sharing of Audio, Video, Software, and other files?

13.6.14 How do I obtain permission to show/broadcast video materials that do not currently have public performance rights?

13.6.15 Who assumes responsibility for copyright infringements?

13.6.16 Additional Sources of Copyright Information

13.8 Accountability for Data Resources

Computer Systems. Mary Baldwin, represented by its President and Board of Trustees, is the sole owner of its institutional information. Certain managers and/or department heads are designated custodians or caretakers of specific portions of this information. These people have sole and primary responsibility for the acquisition, maintenance, integrity, accuracy, and security of data within their jurisdiction, but not proprietary rights to it. In a shared database environment, like the one at Mary Baldwin, they are accountable to all other campus offices that may require the use of this information. No one is permitted to use, transmit in any form, sell, or otherwise disclose any information contained in Mary Baldwin’s computer systems, micro or mainframe, without advance written authorization of the responsible department head.

The major objectives of physical security are to prevent unauthorized use of equipment, software, and information; and to prevent the theft or damage of equipment, software, and information. The primary user, to whom the equipment is assigned, has the responsibility of ensuring that physical security measures are maintained. Keeping the systems in rooms that have controlled access that can be locked can prevent the unauthorized use of microcomputer systems and preferably security patrolled during non business hours.

The use of System Power on Passwords is strongly encouraged.  Contact the Office of Information Technology for help in setting up a POP.

Backup diskettes should be locked up in a desk, filing cabinet, or similar lockable apparatus when not in use. This is the best way to secure sensitive or critical information. Copies of sensitive data can be brought to the Office of Information Technology for secure off-site storage.

Minimizing environmental hazards is accomplished through the use of surge protectors and humidifiers.

Microcomputers processing sensitive data should never be left unattended. This includes recalculating spreadsheets, printing reports, writing letters with confidential information or processing a database. This prevents the unauthorized individual from stopping the application processing, reading or changing the information and restarting the application
without detection.

Saves should be performed frequently to minimize data loss, and always before leaving the microcomputer for any reason. Backups of sensitive or hard to replace data should be performed regularly by the user. If the information changes frequently, it should be backed up daily; otherwise a weekly backup will suffice.

the Office of Information Technology has the responsibility of backing up pertinent information stored on the Domain Controller servers, the Administrative server, the Library server, the Academic servers, and the Web server. A full system backup is performed weekly for these servers and a copy is stored off-site.

13.9 Software Licensing Policy

Mary Baldwin is committed to abiding by Federal Copyright Law governing computer software. According to the U.S. Copyright law, illegal reproduction of software can be subject to civil damages of as much as $100,000 and criminal penalties including fines and imprisonment. Mary Baldwin employees who make, acquire or use unauthorized copies of computer software shall be disciplined as appropriate under the circumstances. Such circumstances may include termination. Mary Baldwin does not condone the illegal duplication of software.

Mary Baldwin licenses the use of computer software from a variety of outside companies. Mary Baldwin does not own this software or its related documentation and, unless authorized by the software developer, does not have the right to reproduce it. Any duplication of licensed software, except for backup purposes, is a violation of the Federal Copyright Law. The software that is loaded on Mary Baldwin owned computers might not be duplicated for use on any other personal computer. Many products are serial numbered and no two personal computers may have software with the same serial number.

If a department has ten computers with a word processing program installed on each machine, then that department should also have either ten separate site licenses for the software or ten sets of original diskettes and documentation for that program.

Any employee giving software to any outside third party, including students shall also be disciplined as appropriate under the circumstances. Such discipline may include termination. If you need to use company software at home, you must first consult with Mary Baldwin Computer and Information Services before removing the software from the premises to be sure that the license for that piece of software permits home use.

Software Licensing Filing for Department Purchased Software.
All software should be purchased through the Office of Information Technology even if the funding source is the department itself. In all purchases, a copy of the software license agreement must be filed with OIT so that it will be available in the event that a publisher’s audit of the licensing occurs.

Software Audit Policy.

Annually, OIT will inventory the software on only those Mary Baldwin owned computers where the appropriate user
has given current written permission. The appropriate user would be the Mary Baldwin employee designated as the primary user of a given computer as listed on the computer database or the employee designated as being responsible for the security and maintenance of a given computer as listed on the computer database.

In those instances where written permission to inventory is denied, the appropriate person will provide an inventory of the Mary Baldwin owned software in his/her possession and affirm in writing the accuracy of the inventory. OIT will develop and provide a software audit tally form for this purpose.  In order to bring Mary Baldwin into compliance, unlicensed
software that is discovered in the inventory process will either be removed/reclaimed or purchased with the appropriate budget account being charged. The appropriate account would be the account associated with the employee using the unlicensed software.

Return to Top