TO: All Members of the University Community 96:07
DATE: April 26, 1996

1. SCOPE

   This policy applies to anyone who uses the University's Information Resources, Information Technology and/or Networks (hereinafter collectively referred to as the University's "Information Resources"), whether at the University or elsewhere. For purposes of this policy, the term "Information Resources" means any information in electronic or audiovisual format, or any hardware or software that makes possible the storage and use of such information, whether individually controlled or shared, stand-alone or networked. Illustrative examples of Information Resources include, but are not limited to, electronic mail, local databases, externally accessed databases, CD-ROM, motion picture films, recorded magnetic media, photographs, and digitized information. For purposes of this policy, the phrases "member [s] of the University Community" and/or "University Community member [s]" mean anyone who uses the University's Information Resources.

2. POLICY

   The University's Information Resources are owned, leased, or rented by the University, supported by public funds, student tuition and fees, and/or private donations and are intended to be used only for educational purposes and to carry out the legitimate business of the University. Proper use of the University's Information Resources is limited to studies; instruction; the discharge of employment duties; and the official work of University offices, departments, recognized student and campus organizations, and agencies of the University. The use of the University's Information Resources for commercial purposes and/or financial gain, without prior authorization, is prohibited. You must avoid tying up information resources for trivial applications.

   It is the policy of the University to maintain access for the University Community to local, national and international sources of information and to provide an atmosphere that encourages access to knowledge and sharing of information.

   It is the policy of the University that Information Resources will be used by University Community members in accordance with policies and regulations established from time-to-time by the University and its operating units (hereinafter referred to on occasion as the "University's policies in this area"), and with respect for the public trust through which they have been provided.

   In accordance with the above policies, the University works to create an intellectual environment in which students, staff, and faculty may feel free to create and to collaborate with colleagues both at Ferris State University and at other institutions.

   Access to the networks and to the Information Resources environment at Ferris State University is a privilege and must be treated as such by all users of these systems. Access to the Information Resources infrastructure, both within the University and beyond the campus, sharing of information, and security of the intellectual products of the University Community, all require that each and every user accept responsibility to protect the rights of the University Community. Any member of the University Community who, without authorization, accesses, uses, destroys, alters, dismantles or disfigures the University information technologies, properties, or facilities, including those owned by third parties, thereby threatens the atmosphere of increased access and sharing of information, threatens the security within which members of the University Community may create intellectual products and maintain records, and in light of the University's policies in this area, has engaged in unprofessional, unethical and/or unacceptable conduct.

   To ensure the existence of this Information Resources environment, members of the University Community will take actions, in concert with State and Federal agencies and other interested parties, to identify and to set up technical and procedural mechanisms to make the Information Resources environment at Ferris State University and its internal and external networks resistant to disruption.

   In the final analysis, the health and well-being of this resource is the responsibility of its users who must all guard against abuses that disrupt and/or threaten the long-term viability of the systems at Ferris State University and those beyond the University. Members of the University Community shall act in accordance with these responsibilities, this policy, relevant laws and contractual obligations, and the highest standard of ethics.

3. REGULATIONS

   Though not exhaustive, the following material defines the University's position regarding several general issues in this area.

   The University characterizes as unacceptable, unprofessional, unethical, and violative of University policy and/or criminal law any activity through which an individual:

   1. Violates such matters as University or third-party copyright or patent protection and authorizations, as well as license agreements and other contracts.
   2. Interferes with the intended use of the Information Resources.
   3. Seeks to gain or gains unauthorized access to Information Resources.
   4. Without authorization, destroys, alters, dismantles, disfigures, prevents rightful access to or otherwise interferes with the integrity of computer-based information and/or Information Resources.
   5. Without authorization invades the privacy of individuals or entities that are creators, authors, users, or subjects of the information resources.
   6. Uses the University's information resources for commercial purposes and/or financial gain.

   In accordance with established University practices, policies, and procedures, such misuse of Ferris State University Information Resources may result in termination of access, disciplinary review, suspension, dismissal, termination of employment, legal action, or other disciplinary action.

   Individual units within the University may define "conditions of use" for facilities under their control. These "conditions of use" must be consistent with this overall policy but may provide additional detail, guidelines and/or restrictions. Where such "conditions of use" exist, enforcement mechanisms defined therein shall apply; provided, however, that disciplinary action, if any, shall be consistent with applicable University practices, policies, procedures, and/or collective bargaining agreements. Where use of external networks is involved, policies governing such use also are applicable and must be adhered to.

Guidelines for the Administration of the Proper Use Policy of Ferris State University: Responsible Use of Information Resources, Information Technology, and Networks

Ferris State University provides Information Resources to a large number and variety of University Community members--faculty, staff, students, alumni, and outside clients. As members of the Ferris State University Community, and in accordance with the Proper Use policy, all users have the responsibility to use those services in an effective, efficient, ethical, and legal manner.

Ethical and legal standards that apply to Information Resources derive directly from standards of common sense and common decency that apply to the use of any shared resource. The University Community depends first upon the spirit of mutual respect and cooperation that has been fostered at Ferris State University to resolve differences and ameliorates problems that arise from time to time.

These guidelines are published in that spirit. Their purpose is to specify user responsibilities in accordance with the Proper Use policy and to promote the ethical, legal, and secure use of Information Resources for the protection of all members of the Ferris State University Community. The University extends membership in this Community to its students and employees with the stipulation that they contribute to creating and maintaining an open community of responsible users.

1. Appropriate and Responsible Use

   Central to appropriate and responsible use is the stipulation that, in general, computing resources shall be used only for educational purposes and to carry out the legitimate business of the University. Use should be consistent with the specific objectives of the project or task for which such use was authorized. All uses inconsistent with these objectives are considered to be inappropriate use and may jeopardize further access to services.

   You should be aware that although service providers provide and preserve security of files, account numbers, authorization codes, and passwords, security could be breached through actions or causes beyond their reasonable control. You are urged, therefore, to safeguard your data, personal information, passwords and authorization codes, and confidential data; to take full advantage of file security mechanisms built into the computing systems; to choose your passwords wisely and to change them periodically; and to follow the security policies and procedures established to control access to and use of administrative data.

2. User Responsibilities

   When you use Ferris State University's computing services, you accept the following specific responsibilities:

   1. To respect the privacy of other users; for example, you shall not intentionally seek information on, obtain copies of, or modify files, tapes, or passwords belonging to other users of the University; shall not represent others, unless authorized to do so explicitly by those users; nor shall you divulge sensitive and/or confidential personal data concerning faculty, staff, students, alumni, or donors without explicit authorization to do so.
   2. To respect the rights of other users; for example, you shall comply with all University policies regarding sexual, racial, and other forms of harassment. Ferris State University is committed to being a racially, ethnically, and religiously heterogeneous community.
   3. To respect the legal protection provided by copyright and licensing of programs and data; for example, you shall not make copies of a licensed computer program to avoid paying additional license fees or to share it with other users.
   4. To respect the intended usage of resources; for example, you shall use only the user ID and password, funds, transactions, data, and processes assigned to you by service providers, faculty, unit heads, or project directors for the purposes specified, and shall not access or use other user IDs and passwords, funds, transactions, data, or processes unless explicitly authorized to do so by the appropriate authority.
   5. To respect the intended usage of systems for electronic exchange (such as e-mail, World Wide Web, etc.); for example, you shall not send forged electronic mail; mail that will intimidate or harass other users; mail that involves the use of obscene, bigoted, or abusive language or images; chain messages that can interfere with the efficiency of the system; or promotional mail for profit-making purposes. Also, you shall not enter into another user's electronic mailbox or read someone else's electronic mail without his/her permission.
   6. To respect the integrity of the system or network; for example, you shall not intentionally develop or use programs, transactions, data, or processes that harass other users or infiltrate the system or damage or alter the software or data components of a system. Alterations to any system or network software or data component shall be made only under specific instructions from authorized faculty, unit heads, project directors, or management staff.
   7. To respect the financial structure of a computing or networking system; for example, you shall not intentionally develop or use any unauthorized mechanisms to alter or avoid charges levied by the University for computing, network, and data processing services.
   8. To adhere to all FSU policies, guidelines and procedures including, but not limited to, proper use of Information Resources, information technology, and networks; acquisition, use, and disposal of University-owned computer equipment; use of telecommunications equipment; ethical and legal use of software; and ethical and legal use of administrative data.

3. Service Provider Responsibilities

   1. All service providers have the responsibility to offer service in the most efficient manner while considering the needs of the total University Community. At certain times, the process of carrying out these responsibilities may require special actions or intervention by service provider staff. At all other times, staff members have no special rights above and beyond those of other members of the University Community; they are required to follow the same policies and conditions of use that other users must follow. Every effort shall be made to ensure that persons in positions of trust do not misuse computing resources or data or take advantage of their positions to access information not required in the performance of their duties.
   2. Service providers are not responsible for policing user activity. However, when they become aware of violations, either through the normal course of duty or by a complaint, it is their responsibility to initiate an investigation. At the same time, to forestall an immediate threat to the security of a system or its users, service providers may suspend access to the user ID(s) involved in the violation while the incident is being investigated. They may also take other actions to preserve the state of files and other information relevant to an investigation.
   3. Service providers will act in accordance with existing policy governing privacy of user information by seeking permission to examine the content of e-mail and other private files. In instances where user permission cannot be obtained and files or electronic mail may jeopardize the security of systems, safety of users, or ability of the University or its constituent parts to conduct necessary business, service providers must obtain authorization from a supervisor/program director level or above, to examine content.

4. Violations of Guidelines

   Violations of any of the above guidelines are certainly unethical and may be violations of University policy or criminal offenses. You are expected to report information you may have concerning instances in which the above guidelines have been or are being violated.

   In accordance with established University practices, policies, and procedures, confirmation of inappropriate use of Ferris State University technology resources may result in termination of access, disciplinary review, suspension, dismissal, termination of employment, legal action, or other disciplinary action. Service providers will, when necessary, work with other University offices such as Judicial Services, the Department of Public Safety, the colleges, the Office of the General Counsel, and others in the resolution of problems.

5. Other Responsible Use Guidelines for Specific Services

   Other external networks to which Ferris State University maintains connections (e.g., Merit) have established acceptable use standards. It is your responsibility to adhere to the standards of such networks. The University cannot and will not extend any protection to you should you violate the policies of an external network.

6. Reporting Incidents

   In general, reports about violations of these guidelines should be directed to the college dean or unit head for the system involved.

7. Further Information

   These guidelines and the University's Proper Use policy are available on-line through the World Wide Web. Use the URL http://www.ferris.edu and then refer to "Net Policy."

This policy was adapted with permission from a policy prepared by:
The Office of Information Technology Policy Studies
Information Technology Division
University of Michigan
Ann Arbor, MI 48104