Original Date: 6/10/2003 * Last Revision Effective: 4/13/2021
Policy Contact: Vice President, Information Technology Services
Purpose
The following procedures are established to meet the requirements for implementing policy #5150 – Acceptable Use of Information Technology.
Procedures
To access Bellevue College (BC) information technology, faculty, staff, students, and guests must be issued a Net-ID login account by BC’s Information Technology Services (ITS). Faculty and staff receive instructions on how to set up an account as part of the onboarding process; students receive instruction on how to set up an account upon admission. College personnel will provide an appropriate form to college guests and submit it to ITS for guest access. Some college data requires additional permissions or authorization. Community members may also access the Internet through the public wireless network and kiosks without a login account.
College Networks
Bellevue College operates a private network with the following characteristics:
- Provided for the use of students, employees, guests, conference attendees and other authorized individuals directly involved in college business or on-campus events.
- Access only through campus facilities or through authorized user authentication and access codes, such as login accounts and passwords.
- Available through wired and wireless connections.
- May extend beyond the physical confines of the college, such as through wireless networking; off-campus use will be configured by ITS support personnel to require the registration of wireless devices by an authorized college user prior to granting access to the private network.
- Bellevue College also operates a public network to provide Internet access to community members, with the following characteristics:
- The college may limit network access at some public locations, as appropriate.
- Public access to wired college computers is generally only through on-campus facilities that provide public services, such as student affairs kiosks, library and media center, career center, and North campus public areas.
- To control and monitor public access, ITS personnel may configure and use automatic login accounts at some locations.
To ensure the security of the private network, ITS personnel will implement measures to keep public access technology separate from the private network.
Telephones and Electronic Messaging Systems
- Telephones are provided to employees for conducting state business. Employees are not permitted to make personal long-distance calls that would result in charges to the college.
- College-leased cellular phones may be provided to individual employees with a demonstrated business need; they should be used only to conduct college business and not used to relay confidential information.
- The provision of a cellular phone to an employee is at the discretion of the area vice president or associated vice president and is dependent on appropriate routing of the cellular device authorization and agreement form.
- Users of the Internet and electronic messaging systems should recognize that external resources may not be secure.
Prohibitions
Specifically prohibited uses of BC’s information technology include:
- Subverting, attempting to subvert, or assisting others to subvert, breach, or bypass the security of any college data, college network, or college information technology, or to facilitate any unauthorized access;
- Using any college information technology system to create, disseminate or execute self-replicating or destructive software programs (e.g., viruses, worms, Trojan horses);
- Unauthorized disclosing of information to a third party, or masquerading;
- Accessing college data for any purpose other than to perform official duties;
- Viewing, copying, altering or destroying data, software, documentation or communications records belonging to the college or to another individual without permission;
- Allowing another individual to use one’s own login account and password–whether that individual might otherwise be authorized to use the college information technology or not;
- Downloading of software or files solely for personal use unrelated to college business;
- Personal use of Bellevue College email distribution lists;
- Accessing, downloading, or disseminating any information that a reasonable person would deem inappropriate for the workplace, such as pornography or racist materials, except for materials being used for a specific academic purpose; and
- Using security privileges to elevate one’s own privileges, to elevate the privileges of another user, or provide access to information technology to unauthorized individuals without explicit permission.
Materials and Information Ownership
The state of Washington owns all BC information technology, including all systems, applications, files, and communications created using college-provided equipment or services, or stored on a college computer, network server, cloud service or external storage, with the exceptions noted below. Data files created while conducting official business at the college must not be altered, damaged, or erased without authorization.
Exceptions to college ownership of materials and information:
- Personal Software Exception. The college does not assume ownership of individually- owned, personal software licenses or applications that have been installed on college-owned computers or devices in compliance with college protocol (see Software Licensing and Management SOP). However, any saved files or data created while conducting college business, whether generated using college-owned or personally-owned software, may be college intellectual property as work for hire.
- Faculty Exception. Provisions for the ownership of files and any Internet or email communications made by faculty members using college-provided equipment or services or stored by a faculty member on a college computer or network server, are governed by the current Agreement between the Board of Trustees of Bellevue College District VIII and Bellevue College Association of Higher Education (faculty contract).
Non-networked Technology
Some college-owned computers are not attached to the college network by either wired or wireless means. These devices may either be set up with a generic login account or may require the use of an individual login account, depending on a security analysis of the purpose of the computer. If individual login accounts are required to access this type of resource to protect it from misuse and/or accidental damage, the same procedures for establishing network login accounts (User Management SOP) will be followed, regardless of the lack of network connectivity.
Software Installations
Additional information regarding software installations can be found in policy 5100, Software Licensing and Management, and its associated procedures.
Use of Bellevue College-owned Computers and Mobile Devices at Home
Employees may be authorized to take college-owned computers and mobile devices home for use in fulfilling official duties. ITS support staff, or designees authorized by the vice president, ITS, will perform the initial installation and configuration of such computers and devices.
Connection of Personal Information Technology Equipment
College users may not connect personally-owned computing devices to the wired college network in electronic classrooms, labs, and campus meeting spaces except under limited circumstances with ITS approval.
Wireless connections may be made to the college’s public wireless network at any time with no additional requirements.
Unattended Workstation Security
All college computers are configured to automatically lock after 15 minutes of inactivity. Users logged into a college computer or mobile computing device should lock the device, requiring authentication in order to resume, when stepping away for any length of time.
Expectations of Privacy
College employees should not expect privacy in their use of information technology, whether that use is for official business or for allowable, personal de minimis use.
Public access. The use of college technologies such as computers, mobile devices, networks, email, instant messaging, voice mail and the Internet creates electronic records that are reproducible and are considered not private by state law (WAC 292-110-010 [4]). All such records may be subject to disclosure at any time pursuant to the Washington State Public Records Act (42.56 RWC); under applicable rules of discovery in the event of a civil or criminal investigation; or for audit and other legitimate college operational or management purposes.
Internal access. BC retains the right to examine at any time material stored on, or transmitted through, its information technology resources. This access can be for legitimate business purposes, or if there is cause to believe that a user has either violated the expectations for acceptable use or has gained unauthorized access to college information technology.
The college automatically logs statistics and other data regarding all connections to college information technology, all accounts used to access that technology, all use of its computers, all data that passes through its network, and all data stored on its individual computers and network servers. While this information is readily available for examination at any time, individual technology support employees do not routinely monitor this content without authorization.
Retention of Electronic Records
All electronic records and messages generated through and/or stored on college systems must be retained and preserved according to state-approved retention schedules (40.41 RCW).
Sanctions
Violations of policy 5150 or its associated procedures, may result in disciplinary review. In such a review, a range of sanctions is available, including:
- Disciplinary action, including the loss of computer use privileges and denial of future access to college information technology resources. Disciplinary action will be taken in by the vice president of human resources (for employees) or the student conduct officer (for students).
- Dismissal from the college.
- Legal action.
Those users who misuse or abuse any computing or network resources may have their login accounts close and access to the systems immediately terminated by ITS. Some violations of this policy and its associated procerus may also constitute a state, local, or federal criminal offense.
Responsibilities
- Vice President of Human Resources (VP HR). The VP HR is responsible for addressing violations of BC Policy 5150, Acceptable Use of Information Technology, and its associated procedures when those violations involve employees.
- Student Conduct Officer. The student conduct officer is responsible for addressing violations of BC Policy 5150, Acceptable Use of Information Technology, and its associated procedures, when those violations involve students
Relevant Laws and Other Resources
- Family Education Rights and Privacy Act (FERPA)
- RCW 42.52- Washington State Ethics Law
- RCW 42.56 – Public Records Act
- WAC 292-110-010 – Use of State Resources
- Washington State OCIO Securing Information Technology Assets Policy [PDF]
- Washington State Department of Information Services IT Security Audit Standards
- Washington State Ethics Board Rules
- User Management SOP
- Authentication Management SOP
- Security Privileges SOP
- Software Licensing and Management SOP
- Connecting Non-college Equipment SOP
Revision History
Original 6/10/2003
Revisions 3/22/2005; 9/20/2005; 5/21/2009; 7/28/2012; 9/13/2012; 4/28/2015; 4/13/21
Approved By
President’s Cabinet
Last Updated October 30, 2023