5000P Acceptable Use of Bellevue College Computers (Procedures)
Original Date: 6/10/2003 * Last Revision Effective: 9/11/2012
Policy Contact: Vice President, Information Resources
The following procedures are established to meet the requirements for implementing policy #5000 – Acceptable Use of Bellevue College Computers.
These procedures apply to all Bellevue College employees, students and non-employees who may be authorized to use the Bellevue College computing resources, and describe the steps to be completed, and identify who is responsible for completing them. Compliance with these procedures will assure the integrity and reliability of these resources.
Employee and Non-Employee Permission for Use
- Before using any Bellevue College network resource, including computers, employees and non-employees must be authorized by the administrator for their assigned unit. The procedure for requesting login accounts is enumerated in the procedures section of Bellevue College policy #5150 – Acceptable Use of Bellevue College Networks and Systems. The required form for this request is available in the MyBC forms library.
- Some Bellevue College-owned computers may not be attached to the Bellevue College network. However, to protect these resources from misuse and/or accidental damage, these resources will still be set up by IR technical support personnel to require the use of login accounts. The same procedures for requesting network login accounts will be followed for this type of resource, despite their lack of actual network connectivity.
Student Permission for Use
- Before using any Bellevue College network resource, including computers, students must be authorized. The procedure for requesting login accounts is enumerated in the procedures section of Bellevue College policy #5150 – Acceptable Use of Bellevue College Networks and Systems.
- Some computers authorized for student use may not be attached to the Bellevue College network. These may either be set up with a generic login account or may require the use of an appropriate student login account, depending on a security analysis of the purpose of the computer. If individual login accounts are required to access these resources—to protect these resources from misuse and/or accidental damage—the same procedures for requesting network login accounts will be followed, despite their lack of actual network connectivity.
Issuance and/or use of non-computing technology resources will follow applicable Bellevue College policies and procedures and be authorized by unit administrators.
All software installations and/or upgrades to software on Bellevue College-owned computers will be done by an authorized information resources technical support staff member, or designee authorized by the vice president of information resources. The specific policies and procedures regarding software installations are detailed in the Bellevue College policy #5100 – Software Licensing Compliance and the Bellevue College IT security standard addressing software management.
Use of Personal Software for Work Purposes
Personally-owned software may be installed on Bellevue College-owned computers, provided the software is to be used for work purposes only. The specific policies and procedures regarding the use of personal software are detailed in Bellevue College policy #5100 – Software Licensing Compliance and the Bellevue College IT security standard addressing software management.
Use of Bellevue College-owned Software at Home
Under certain circumstances, Bellevue College-owned software may be authorized for installation on the personal home computers of Bellevue College employees. Employees are never licensed to use the software at home for personal purposes. The policies, procedures and requirements for this type of software use are identified in Bellevue College policy #5100 – Software Licensing Compliance and the Bellevue College IT security standard addressing the use of Bellevue College resources off-campus.
Use of Bellevue College-owned Computers at Home
- Under certain circumstances Bellevue College employees may be authorized to take Bellevue College-owned computer systems home for use in fulfilling their official duties. IR technical support staff, or designee authorized by the vice president of information resources, will perform the initial installation and configuration of the software on such computers. Employees will be required to have administrative approval for this type of use and will be required to fill out and have signed a portable equipment use agreement form (found in the MyBC forms library) before taking any equipment from campus.
- All provisions for the use of state-owned equipment identified in the Bellevue College policy #4400 – Acceptable Use of State Resources will apply. All provisions of this policy and Bellevue College policy #5150 – Acceptable Use of Bellevue College Networks and Systems will apply. The processes, procedures and requirements for this type of software and equipment use are specifically identified in the Bellevue College security standard addressing the use of Bellevue College resources off-campus.
Unattended Workstation Security
- All Bellevue College computer drives will be configured to automatically lock after fifteen (15) minutes of inactivity. This may be done by means of a password-protected screensaver. This configuration will be the responsibility of Bellevue College technical support personnel setting up the computer.
- If any user logged into any Bellevue College resource physically leaves the workstation they are using, they will lock the computer by a password-protected means. Compliance with this requirement is an individual responsibility.
- Bellevue College users are granted standard security privileges or access to the computing equipment assigned to them sufficient to perform their official duties. System administration, installation and removal of software (including plug-ins and system patches), and repair of Bellevue College systems is the principal responsibility of authorized Bellevue College IR support personnel and designees authorized by the vice president of information resources.
- In some circumstances—including physical distance of the system from Bellevue College, special technical needs, and research and development—it may become necessary for the user of a Bellevue College computer to perform some of these tasks for him/herself. In these cases, the Bellevue College employee may be granted local administrative privileges for the specific computing system assigned to him/her. The specific processes, procedures and requirements for requesting and granting these privileges are identified in the Bellevue College security standard addressing security privileges.
Connection of Personal Computer/Telecommunications Equipment
Bellevue College users may connect personal workstations to the Bellevue College network for short-term use in electronic classrooms, labs and campus meeting spaces. Personal equipment may also be connected to the Bellevue College network or to Bellevue College-owned computers for long-term use. The processes, procedures and requirements enumerated in the Bellevue College security standard addressing connecting non-Bellevue College equipment to the Bellevue College network must be fulfilled before this type of connection may be made.
Third-Party Access to Electronic Messages
Requests for third-party access to stored electronic messages will be handled through the college’s public record procedure (see also Bellevue College policy #1500 – Access to Public Records). Bellevue College may be required to provide third parties with access in order to honor valid legal discovery and public records requests. Both the sender and the recipient will be provided notice of such requests prior to disclosure to the extent deemed feasible by college administrators, depending upon the specific circumstance.
Right to Access
Given sufficient cause, the vice president of human resources (VPHR), or his/her authorized designee, has the right to obtain access to materials stored on the Bellevue College network or on computers which are under the control of Bellevue College employees in their administrative units or work areas. This access may take place under two different circumstances:
- When such access is necessary to conduct Bellevue College business, and/or
- When investigating a suspected illegal act or violation of Bellevue College policy.
- Business Purposes
- If the purpose is related to routine Bellevue College business, the VPHR, or his/her designee, will identify the specific materials required and the employee will be given sufficient opportunity to provide Bellevue College with the requested materials.
- In the case of an emergency, best efforts will be made to contact the employee prior to accessing the specific materials required. If such contact is not possible, the VPHR will notify the employee of the access as soon as practical.
- Any materials so accessed will generally be copied and not removed from the employee’s system, unless otherwise directed by the VPHR.
- After such access, the employee will be given the opportunity to change his/her password, if desired.
- If the purpose is related to an investigation of a suspected illegal act or violation of Bellevue College policy, the VPHR, or his/her designee, may gather the specific materials with or without notification to the employee.
- Materials so accessed may either be copied or removed from the employee’s system, as directed by the VPHR.
- Copies of all materials related to the investigation will be retained by the office of the VPHR.
- Any individual’s network use privileges may be suspended immediately upon the discovery of a possible violation of this policy. Every attempt will be made to notify the individual immediately of this suspension. These privileges may be temporarily restored at the discretion of the VPHR pending resolution of the situation.
- Such suspected violations will be confidentially reported to the appropriate supervisors and/or administrators.
- Appropriate disciplinary action will take place under the direction of the VPHR in situations where a violation is confirmed.
- If the employee is cleared of any wrong-doing at the conclusion of the investigation, the VPHR will notify the employee of the access and they will be given the opportunity to change their password, if desired.
Violation of any of the provisions of this, or any Bellevue College IT policy, standard or procedure will be dealt with immediately and may result in disciplinary review. In such a review, the full range of disciplinary sanctions is available, including:
- Permanent loss of computer use privileges;
- Denial of future access to Bellevue College IT resources;
- Disciplinary action – any disciplinary action will be taken in accordance with appropriate procedures as established by the vice president of human resources (for employees) or the associate dean of student success (for students);
- Dismissal from the college; and/or
- Legal action.
Those users who misuse or abuse any computing or network resource may have their login accounts closed and access to the systems immediately terminated. Some violations may also constitute a state, local or federal criminal offense.
RELEVANT LAWS AND OTHER RESOURCES
- Bellevue College Policy # 1500: Access to Public Records
- Bellevue College Policy # 4400: Acceptable Use of State Resources
- Bellevue College Policy # 5000: Acceptable Use of Bellevue College Computers
- Bellevue College Policy # 5100: Software Licensing Compliance
- Bellevue College Policy # 5150: Acceptable Use of Bellevue College Networks and Systems
- Bellevue College Policy # 5250: Information Technology (IT) Security
- Bellevue College IT Security Standard: Connecting Non-Bellevue College Equipment to the Bellevue Network
- Bellevue College IT Security Standard: Software Management
- Bellevue College IT Security Standard: Use of Bellevue Resources Off-Campus
- Bellevue College IT Security Standard: Portable Computer System Usage
- Bellevue College IT Security Standard: Security Privileges
Revision 5/21/2009; 9/11/2012