10 minute read
Appendix E Information Technology Services
Password & Username Information
Password and username access to all computing equipment on Brunswick Community College campus is provided for all students, faculty, and staff by the Information Technology department. Student usernames are generated by combining the first four letters of the student’s first name and the last five digits of the student’s Colleague ID. Passwords are auto-generated using the first 2 letters of the last name, first letter uppercase and the second lowercase, followed by the person’s birthdate in DDMMYY format. All passwords expire every 90 calendar days. These can be reset using the password reset tool on the brunswickcc.edu website on the MyBCC landing page. The password reset tool is also available on the Moodle homepage via the BCC Sites, Password Management menu. Faculty and Staff usernames and passwords are created following the same format as students for new employees. For name changes, contact the IT Help Desk support staff located on the first floor of Building A.
Internet Use Disclaimers
Users of BCC computing resources are advised that the range of content in information available via the
Internet is broad and is uncensored. The availability of such information does not imply that BCC approves of, condones, endorses, or accepts responsibility for any content not under its control. BCC makes no guarantee as to the validity or reliability of information accessed via the Internet. Information obtained from Internet sources should be properly cited based on Instructor or course requirements. Users of BCC computer equipment are NOT guaranteed personal identification security during online payment using credit cards, nor is guarantee implied. Improper or questionable Internet use may be treated as misconduct and may result in disciplinary action. Computing privileges may be terminated, and violators may be subject to the judicial procedures of the College.
Computer Software Policy
In support of and compliance with federal copyright law, Brunswick Community College requires that all computer software located within any facility of the College be purchased and used only by the College according to current licensing agreements with respective software manufacturers. Infringements of this policy include the making or use of unauthorized software by copying, sharing, lending, giving, transferring, and/or installing software in ways not covered by the licensing agreement for particular software purchased by the College. All software requisitions must be approved by the Chief Information Officer prior to purchase. Software not purchased by the College will be considered unauthorized. Such infringements constitute grounds for disciplinary action by the College and/or prosecution by software manufacturer(s) and the College. Compliance will be monitored through procedures adopted by the College. Periodic audits of software will be conducted by the Chief Information Officer. Any unauthorized software may be erased by the Chief Information Officer without notification or permission of the user. Approved by Brunswick Community College Board of Trustees March 17, 1993: and Amended June 28, 2013.
Electronic Records Retention Policy
Purpose
In today’s College environment, employees create and maintain an increasing portion of their records using computers. Electronic records must be managed alongside traditional records to ensure compliance with state and federal regulations and to preserve institutional history. The purpose of this policy is to inform College employees and departmental management of the requirements and responsibilities for management and disposition of electronic records.
Scope
The electronic records retention policy set forth herein applies to all employees of the College and applies to all electronic records that are made or received in the transaction of College or public business.
Definitions
A. The term “electronic record” means any record that is created, received, maintained or stored on College local workstations or central servers. Examples include, but are not limited to: a. electronic mail (e-mail) b. word processing documents, spreadsheets, and databases B. The term “legal custodian” shall mean the originator of an e- mail message or the creator of an electronic document if that person is a College employee; otherwise it is the College employee to whom the message is addressed or to whom the electronic document is sent. If the record is transferred, by agreement or policy, to another person for archival purposes, then that person becomes the legal custodian C. “Official” records retention and disposition schedules are the general and departmental program schedules that have been approved by the state and the College (NCDCR 2-19-99).
Policy Statement
A. General Requirements
Maintenance and disposal of electronic records, as determined by the content, is the responsibility of the legal custodian and must be in accordance with guidelines established by the Department of Cultural
Resources (G.S. §121-5) and also in compliance with State and College approved records retention and disposition schedules (NCD of Cultural Resources 2-19-99). Failure to properly maintain electronic records may expose the College and individuals to legal risks.
The department head of an office having public records is responsible for ensuring compliance with this
Policy and with the Public Records Act. When an employee leaves a department or the College, the department head is responsible for designating a new custodian and ensuring that any public records in the separating employee’s possession are properly transferred to the new custodian. The department head is responsible for contacting Information Technology Services to arrange for the transfer of the electronic records to the new custodian before the accounts are scheduled to be deleted. B. Electronic Mail
Work-related e-mail is a College record, and must be treated as such. Each e-mail user must take responsibility for sorting out personal messages from work-related messages and retaining College records as directed in official records retention and disposition schedules. E-mail that does not meet the definition of a public record, e.g., personal e-mail, or junk e-mail, should be deleted immediately from the system.
Email accounts are provided by BCC to students using gmail (user@student.brunswickcc.edu) and to employees using Office 365 (user@brunswickcc.edu). These two (2) account domains will be the primary, preferred contact addresses used by BCC for communication purposes. It is important that you maintain your access and use these accounts for all College communication.
BCC e-mail servers are NOT intended for long-term record retention. BCC does follow the 7 year retention policy as forth by the State of North Carolina Community Colleges through the use of E-mail archiving. E-mail messages of major importance and any associated attachment(s) with retention periods greater than three (3) years are to be printed and filed in similar fashion to paper records. It is important to note that the e-mail messages should be kept with the attachment(s). The printed copy of the e-mail must contain the following header information:
1. Who sent message 2. Who message was sent to 3. Date and time message was sent 4. Subject When an e-mail is used as a transport mechanism for other record types, it is possible, based on the content, for the retention and disposition periods of the e-mail and the transported record(s) to differ. In this case, the longest retention period shall apply.
Instant Messaging
The College does not support the use of Instant Messaging (IM) for College business.
ITS Backup Files
Information Technology Services performs backups on a regular schedule of the e-mail and electronic files stored on central servers for disaster recovery. These backups are to be used for system restoration purposes only. The IT system administrator is not the legal custodian of messages or records which may be included in such backups.
Litigation Holds
When litigation against the College or its employees is filed or threatened, the law imposes a duty upon the College to preserve all documents and records that pertain to the issues. As soon as the College is made aware of pending or threatened litigation, a litigation hold directive will be issued to the legal custodians. The litigation hold directive overrides any records retention schedule that may have otherwise called for the transfer, disposal or destruction of the relevant documents, until the hold has been cleared by the College. Email and computer accounts of separated employees that have been placed on a litigation hold by the College will be maintained by Information Technology Services until the hold is released. No employee who has been notified by the College of a litigation hold may alter or delete an electronic record that falls within the scope of that hold. Violation of the hold may subject the individual to disciplinary action, up to and including dismissal, as well as personal liability for civil and/or criminal sanctions by the courts or law enforcement agencies.
Enforcement
Failure to comply with the Electronic Records Retention Policy and associated guidelines and procedures can result in disciplinary action and penalties applicable by law.
Review
The Chief Information Officer submitted the Electronic Records Retention Policy to the Board of Trustees. The policy will be reviewed periodically and recommendations presented to the Board of Trustees and the College President. Approved by Brunswick Community College Board of Trustees June 9, 2010; Amended June 28, 2013
Wireless Communication Policy
Purpose
The Brunswick Community College's (hereinafter “College”) computing and telecommunication networks, computing equipment and computing resources are owned by the College and are provided to support the academic and administrative functions of the College. Federal and state law, and College policies and procedures govern the use of this equipment and technologies. Any additional requirements must be in compliance with applicable federal and state laws, and this policy. Wireless communications networks use radio waves as a transport medium in lieu of copper cables to transmit voice and data signals. As such, they permit wireless-equipped communications devices to have mobile access to the College (wired) network wherever wireless communications access points are installed. The purpose of this policy is to set the standard for network operation and security, specifically in the context of wireless network access. The configuration, installation, and maintenance of wireless communication network access point devices, if unmanaged, could result in severe interference with other network users and serious security risks. Information Technology Services (ITS) defines the standards for the use of networks, including the wireless communications spectrum on campus.
Scope
This policy applies to all faculty, staff, students, and others who use the wireless communications spectrum. Adherence to the policy will help protect the integrity of the campus wireless network and mitigate security risks.
Procedures
A. The Wireless Spectrum 1. BCC regulates and manages all unlicensed radio frequencies on campus. 2. Wireless equipment installed by ITS uses either the FCC unlicensed 2.4 GHz Industrial/Scientific/ Medical (ISM) band or the FCC 5.0 GHz Unlicensed National Information Infrastructure (U-NII) band. 3. Wireless equipment transmissions within the 2.4 GHz and 5.0 GHz bands conform to current IEEE 802.11 wireless LAN specifications. 4. ITS may restrict the use of any potentially interfering wireless radio device in College- owned buildings and all outdoor spaces on the BCC campus. 5. Faculty who believe they have special wireless needs should contact ITS. B. Wireless Network Operation and Security 1. ITS will provide spectrum tuning, and general device management per access area according to wireless access device management standards. 2. Wireless networks will be segmented and treated as a “foreign/untrusted network” from a security standpoint. A firewall, router/switch VLAN technology, or similar technology will be employed to provide this segmentation. 3. Wireless users must be authenticated with unique user credentials. 4. Wireless traffic involving data classified as Restricted under the Data Classification Policy must be used only during registration periods and under the regulations of ITS. 5. Only authorized access points will be permitted. Unauthorized access points will be disabled. 6. Unauthorized traffic interception and/or bridging between the wired and wireless network is prohibited. 7. Applications supported over the wireless network will be limited, as long as this is necessary to provide an acceptable quality of service for all users. 8. No wireless spectrum interference or disruption of other authorized communications is permitted.
Enforcement
ITS will enforce the Wireless Communications Policy and establish standards, procedures, and protocols in support of the policy. ITS has the authority to disconnect network service or modify/enhance network security without notification in the event of law violation, systems compromise involving Restricted data as defined by the Data Classification Policy, or negative network communications impact affecting service for other users.
Review
The CIO for Information Technology Services has submitted the Wireless Communications Policy to the Board of Trustees for approval and will periodically review the policy. Approved by Brunswick Community College Board of Trustees June 9, 2010; and Amended June 28, 2013.
