Acceptable Use Policy
Acceptable Use Policy
Modified on: Wednesday, November 20, 2024
This policy replaces the previous Network Usage Policy: https://currycollege.freshservice.com/support/solutions/articles/19000062618-Network-Usage-Policy
Purpose and Scope
Curry College’s data and information systems are valuable assets that must be protected. Proper and acceptable use of information technology (IT) assets and data will mitigate risks associated with malware attacks, network and system compromises, and data breaches. This Acceptable Use Policy (AUP) applies to the use of Curry College’s IT assets, including applications, networks, devices, and business systems, whether owned or leased by Curry, the user, or a third party. All faculty, staff, contractors, consultants, temporary employees, undergraduate and graduate students, and guests (“users”) of Curry’s devices, networks, and systems must act in a responsible and ethical manner to protect Curry’s systems, information, and reputation. It is expected that all users be familiar with and stay current with this policy.
General Requirements
Curry College has critical technology and data dependencies for day-to-day operations and strategic goals. General obligations related to the acceptable use of IT assets are as follows:
- At all times, users must protect Curry IT assets and data (regardless of where it is stored or how it is accessed) consistent with the requirements set forth in Curry College policies and procedures.
- Users must always protect their credentials (username/password); see the password section below for more details.
- Users must not download College data to unauthorized locations (e.g., non-Curry cloud or non- Curry laptop/desktop, USB devices or portable media) or disclose to unauthorized individuals, systems, or entities (e.g., highly confidential, financial, personally identifiable information, personal health information). See a supervisor if you have questions.
- Independent businesses may not be developed or run using College computing/networking resources unless it is a sanctioned campus organization and/or part of academic programs (e.g., service-learning, scholarship fund raising). Curry College reserves the right to remove, without warning, unapproved commercial activities.
- Faculty, staff, and students are expected to maintain accurate data (e.g., date of birth, address, Social Security number) when updating personal information on any of Curry's administrative and instructional databases.
Users are expected to report potential information security incidents to the Help Desk support@Curry.edu.
The following are examples of activities that are strictly prohibited while utilizing Curry information assets and technology, which list includes but is not limited to:
- Promoting and/or facilitating illegal activities; including but not limited to identity theft, hacking, fraud, child pornography, and/or copyright violation.
- Unauthorized access, duplication, alteration, modification, or destruction of Curry data, systems, configurations, and resources.
- Devices may not be used at any time to harass, retaliate towards others, or discriminate based on race, national origin, sex, sexual orientation, gender identity, gender expression, age, disability, religious beliefs, or any other characteristic protected by law. This includes any behaviors that violate the College’s Code of Ethics, Online Misconduct policy, Code of Conduct, and/or other harassment policies.
- Tampering with or changing anti-virus, firewall, or other security-related computer settings.
- Installing prohibited software.
- Deliberate introduction of malicious programs onto Curry systems (e.g., virus; worm; keystroke logger).
- Causing or contributing to security breaches or disruptions of network communication. Examples include excessive use of systems or network capacity for personal gain/benefit, accessing data without authorization, and logging into a server or account without authorization.
- Interfering with or denying service to any other user, host, or Curry system.
- Using a program, script, or command, or sending messages with the intent to interfere with or disable a user’s session locally or via the Curry College network.
- Violations of academic integrity and/or the rights of the College or any person. This includes, but is not limited to selling papers, unauthorized copying of copyrighted material, use of Artificial Intelligence/Large Language Model generated content without prior approval, and installation or distribution of pirated and/or software products that are not properly licensed for use by the user and/or Curry College.
- Use of technology resources (e.g., a smartphone) to record conversations, lectures, or classroom interactions without the express consent of those individuals being recorded.
- Making fraudulent offers of products, items, or services originating from any Curry College account and/or making statements about warranty, express or implied.
- Exporting software, technical information, encryption software, or technology that may violate International or regional export control laws. (Consult legal counsel if you have questions on this topic.)
Note: The above list is not comprehensive, but rather a means to provide a framework for activities in the category of unacceptable use. Certain users may be exempted from specific restrictions during legitimate job responsibilities (e.g., systems administration staff may be required to disable the network access of a host).
Phishing and Email Use
All users must be cautious when opening email. A valid-looking email may be a phish. A phish is a fake email that looks real. Users should beware of emails that engender feelings of urgency, fear, strong curiosity, and exceptional opportunity. Users should report suspicious phishing emails by forwarding the email to support@curry.edu
Note: Curry will never ask users for their Curry credentials.
The following are requirements related to emails and phishing which users should follow:
- When conducting College business, users are to use College-provided email accounts, rather than personal email accounts.
- Incidental/personal use of email should not interfere with Curry’s email system.
- Email distribution lists are College property. Distribution lists may only be provided to external third parties in conjunction with legitimate academic or administrative initiatives and only after obtaining approval from a division head.
- Under no circumstances may College distribution lists be sold to an external party, nor may the lists be used for individual gain (e.g., marketing a product or service).
- Employee use of distribution lists for surveys is allowed for legitimate academic or administrative purpose.
Internet Use
Users accessing the internet through Curry’s network and/or on a Curry device should do so in a manner that supports business operations and does not interfere with Curry’s business or infringe on the rights of others. The following are examples of inappropriate internet use:
- Any illegal activities, including illegal gambling, or viewing of illegal content.
- Copyright infringement when downloading or file-sharing/swapping.
- Hacking or unauthorized access.
- Accessing pornographic/adult services sites.
- Running a sideline internet business without an approved exception to this policy (conflict of interest)
Access and Privacy
The College has the legal right to access, preserve and review all information stored on or transmitted through its electronic services, equipment, and systems (collectively, “IT Systems"). The College endeavors to afford reasonable privacy for individual users and does not access information created and/or stored by individual users on its IT Systems except when it determines that it has a legitimate operational need to do so.
Enforcement
Curry information technology and assets may be audited and/or monitored for unauthorized activity and usage. Certain kinds of data and IT fraud are illegal and punishable by civil sanctions, criminal fines, and/or imprisonment. The College is obligated to report instances of illegal activities to the authorities and will cooperate with authorities in the investigation of illegal activities.
Curry reserves the right to require the registration of all technology-related devices used on campus, regardless of whether the device is owned by the institution or an individual. Curry may identify and quarantine, block, and or disable accounts and or devices suspected of adversely affecting the network; violating this acceptable use policy, employ tools to monitor network-related activity; and may restrict or eliminate bandwidth allocation to specific devices. Curry also reserves the right to block access to internet websites and protocols that are deemed malicious or contrary to the mission of the College.
Employee violations will be handled by the employee's supervisor, in conjunction with Human Resources. Student violations will be referred to the Student Affairs judicial process or Curry’s academic integrity process, or both.
Curry College reserves the right to change provisions of this and other College policies periodically. Curry College may take disciplinary action up to and including termination of access, ending of contracts, legal action and/or dismissal of individuals not in compliance with this policy.
Related Policies and Procedures
The Acceptable Use Policy is one of several College policies and procedures.
Curry’s Chief Information Officer (CIO) maintains authority over, and enforcement of, the AUP and related policies. Related policies include the Curry College Password Policy and Written Information Security Program. A full list of ITS Policies can be found at: https://www.curry.edu/ITSPolicies
Policy Compliance
All members of the Curry College community are expected to review and understand this policy. By using the Curry College network, users acknowledge their agreement to comply with this policy. The college reserves the right to amend this policy as necessary.
No Warranties or Assurances
Curry College makes no warranties of any kind, whether express or implied, with respect to the Network Resources it provides. Curry College is not responsible for any damage resulting from use of Network Resources, including service interruptions, loss of data or damage to hardware or software on your personal systems at home, in the residence halls or public access computer labs on campus. Computer and network availability is subject to periodic system updates, security patches, ISP maintenance, system protocol improvements and changes.
Contact Information
For questions or concerns regarding network usage or this policy, please contact the Curry College IT Help Desk by calling 617-333-2911 during business hours or by emailing Support@curry.edu. For status on open tickets, submission of new tickets, and to browse our knowledge articles, please visit https://support.curry.edu (https://support.curry.edu/).
This policy is designed to create a safe, secure, and productive digital environment for all members of the Curry College community. Your cooperation and adherence to these guidelines contribute to a positive network experience for everyone.
https://support.curry.edu/support/solutions/articles/19000062618 2/2