Acceptable Use Policy

This policy applies to all users of computing and technology resources owned, managed or otherwise provided by Earlham College and the Earlham School of Religion.

Earlham College’s technology infrastructure exists to support the organization and administrative activities needed to fulfill the organization’s mission. Access to these resources is a privilege that should be exercised responsibly, ethically and lawfully.

Activities related to Earlham College’s mission take precedence over computing pursuits of a more personal or recreational nature. Any use that disrupts the organization’s mission is prohibited.

Following the same standards of common sense, courtesy, and civility that govern the use of other shared facilities, acceptable use of information technology resources generally respects all individuals’ privacy, but subject to the right of individuals to be free from intimidation, harassment, and unwarranted annoyance. All users of Earlham College’s computing resources must adhere to the requirements enumerated below.

Use of Earlham’s information technology resources and data is contingent upon users of such resources abiding by the following standards of behavior:

1. Users must adhere to applicable federal and state laws and regulations, Earlham contractual agreements, licensing agreements, third-party copyrights, patents, trademarks, and software license agreements.
2. Users may only use those information technology resources and data that they have been authorized to use and may use them only to the extent authorized and in a manner that is consistent with the mission and values of Earlham College.
3. Users may not violate the rights of any individual or company through use of information protected by copyright, trade secret, patent or other intellectual property, or similar laws or regulations, including, but not limited to, the installation or distribution of pirated or other software products that are not appropriately licensed for use by Earlham College.
4. Users may not export software, technical information, encryption software, or technology in violation of international or regional export control laws.
5. Users may not issue statements about warranty, expressed or implied, unless it is a part of normal job duties, or make fraudulent offers of products, items, and/or services.
6. Users must adhere to Earlham codes of conduct, including Principles and Practices, nondiscrimination and anti-harassment policies, and all Earlham policies, standards, procedures, and guidelines governing information and data privacy and handling.
7. Users may not circumvent, bypass, or impede security measures, requirements, or any standard protocols in place to ensure the confidentiality, integrity, and availability of Earlham’s information technology resources and data.
8. Users may not perpetrate, cause, or in any way enable disruption of Earlham College’s information systems or network communications by denial-of-service
9. Users may not knowingly introduce malicious programs, such as viruses, worms, and Trojan horses, to any information system.
10. Users may not intentionally develop or use programs to infiltrate a computer, computing system, or network and/or damage or alter the software components of a computer, computing system or network.
11. Users may not perpetrate, cause, or in any way enable security breaches, including, but not limited to, accessing data of which the user is not an intended recipient or logging into a server or account that the user is not expressly authorized to access;
12. Users may not facilitate use or access by non-authorized users.
13. Users may not make copies of another user’s files without that user’s knowledge and consent.
14. Users may not withhold user passwords and/or encryption keys from Information Technology Services staff, if requested, in order to perform functions required by this policy.
15. Users may not circumvent the user authentication or security of any information system.
16. Users may not add, remove, or modify any identifying network header information (“spoofing”) or attempt to impersonate any person by using forged headers or other identifying information.
17. Users may not create and/or use a proxy server of any kind, other than those provided by Earlham College, or otherwise redirect network traffic outside of normal routing with authorization.
18. Users may not use any type of technology designed to mask, hide, or modify their identity or activities electronically.
19. Users may not use a port scanning tool targeting either Earlham College’s network or any other external network, unless this activity is a part of the user’s normal job functions, such as a member of Information Technology Services, conducting a vulnerability scan, and faculty or students utilizing tools in a controlled environment.
20. Users may not use a network monitoring tool or perform any kind of network monitoring that will intercept data not intended for the user, unless this activity is a part of the user’s normal job functions.

Earlham College has both an ethical and legal responsibility to protect confidential information in accordance with its Data Classification Policy. To that end, the College takes the following general positions:

1. Transmission of confidential information by end-user messaging technologies (for example, e-mail, instant messaging, SMS, chat, etc.) is prohibited.
2. The writing or storage of confidential information on mobile devices (phones, tablets, USB drives) and removable media is prohibited. Mobile devices that access confidential information will be physically secured when not in use and located to minimize the risk of unauthorized access.
3. All employees and service providers will use approved workstations or devices to access organization’s data, systems, or networks. Non-organization owned workstations that store, process, transmit, or access confidential information are prohibited. Accessing, storage, or processing confidential information on home computers is prohibited.
4. All company portable workstations will be securely maintained when in the possession of employees. Such workstations will be handled as carry-on (hand) baggage on public transport. They will be concealed and/or locked when in private transport (e.g., locked in the trunk of an automobile) when not in use.
5. Photographic, video, audio, or other recording equipment will not be utilized in secure areas.
6. All confidential information stored on workstations and mobile devices must be encrypted.
7. Employees who use organization-owned workstations will take all reasonable precautions to protect the confidentiality, integrity and availability of information contained on the workstation.
8. Employees and affiliates who move electronic media or information systems containing confidential information are responsible for the subsequent use of such items and will take all appropriate and reasonable actions to protect them against damage, theft and unauthorized use.
9. Employees will activate their workstation locking software whenever they leave their workstation unattended or will log off from or lock their workstation when their shift is complete.

1. All users who suspects or are aware of activity that violate the behavioral standards or security protocols described in this policy have a duty to report such activity. Reports should be made to an immediate supervisor, the Chief Information Officer, or Human Resources.
2. Failure to report prohibited conduct, or attempts to prevent another community member from reporting prohibited conduct is itself a violation of Earlham policy and may result in disciplinary action.
3. The loss, theft or inappropriate use of organization access credentials (e.g. passwords, key cards or security tokens), assets (e.g. laptops, cell phones), or other information must be reported to the Information Technology Help Desk.

Failure to comply with this and related policies may result in disciplinary action, up to and including suspension without pay, or termination of employment or expulsion, in accordance with applicable disciplinary procedures.

Earlham College makes no warranties of any kind, whether expressed or implied, concerning the information technology resources that it provides. Earlham College is not responsible for damages resulting from the use of information technology resources, including but not limited to loss of data resulting from delays, non-deliveries, missed deliveries, service interruptions caused by the negligence of an Earlham College employee, or by any user’s error or omission. Earlham College specifically denies any responsibility for the accuracy or quality of information obtained through information technology resources, except material that is presented as an official record of Earlham College.

This policy will be reviewed annually by the Chief Information Officer.

• The Gramm – Leach Bliley Act (GLBA)
• Family Educational Rights and Privacy Act (FERPA)
• NIST Special Publication 800-171
• Federal Information Processing Standard Publication 199 (FIPS-199)
• Code of Ethics of the American Library Association