2.10.1 Technology Use Policy

2.10.1.1 Appropriate Use and Access

Access to Ithaca College information, data, and IT Resources is for authorized individuals and purposes only. Use must be limited to College purposes, including faculty scholarship, research, and teaching activities; facilitating College business and operations; providing access to College services; and supporting the student experience.

Non-commercial incidental personal use of IT Resources by faculty, staff, and students is generally tolerated, provided that such use does not violate any College policy or applicable law or regulation. The College accepts no responsibility to store, maintain, or secure any data associated with personal use.

Individuals are prohibited from accessing College data unless they are authorized to access it and have a legitimate College purpose to do so. Authorization for an individual to access College data comes from their supervisor or from other College officials who are authorized to delegate access to such data. For avoidance of doubt, an individual’s ability to access specific data does not constitute valid authorization for the individual to access it.

2.10.1.2 Privacy Expectations

The normal operation and maintenance of IT Resources requires storage of data and communications and logging and monitoring of system and user account activities.

Where it appears the functionality, integrity, or security of the College's computer or network resources are at risk, or in instances of suspected violation of applicable laws, regulations, or College policies, Ithaca College reserves the right to take whatever actions it deems necessary to investigate and resolve the situation, including but not limited to monitoring activity, scanning or inspecting systems, and reading files.

The CIO may authorize individuals to monitor and investigate the activity of systems and user accounts for purposes including but not limited to ensuring system performance and protecting from disruptions of service and security threats. This may include monitoring or investigating activity involving College user accounts or systems, communications to or from College systems or over College networks, and the contents of files on College systems. It may also involve investigating security concerns related to non-College systems that access, store, or process College data. Any such monitoring and investigation activity is governed by applicable College policies and the strict confidentiality agreement signed by all IT&A staff.

Considering the above, the use of Ithaca College IT Resources, including but not limited to computers, networks, software, and services, is not completely private, and users should have no expectation of privacy in connection with their use.

2.10.1.3 Incident Response

User access may be restricted, suspended, or terminated, and IT Resources may be shut down, disconnected, or otherwise isolated without notice when the CIO or those they authorize to make such decisions deem it necessary for the benefit of the college, including but not limited to troubleshooting or in response to excessive resource usage, security concerns, or suspected policy violations.

2.10.1.4 Prohibited Uses

Use that violates any College policy or any applicable law or regulation is prohibited. Other actions prohibited unless explicitly authorized by the CIO or their designee include but are not limited to the following:

  1. Circumvention or disabling of information security measures.
  2. Intentional use or distribution of malicious software or exploit tools, including but not limited to viruses, worms, backdoors, and keyloggers.
  3. Activity that leads to an excessive volume of network traffic, data storage, printing, compute, or electrical power consumption, including but not limited to activity that deliberately or unintentionally degrades or disrupts system or network performance, compromises security, interferes with the work of others, or constitutes an unauthorized expense or risk for the College.
  4. Crypto mining.
  5. Commercial use of IT Resources.
  6. Connecting Ithaca College computer networks to other networks, forwarding traffic between networks, enabling remote access, or sharing network connectivity is prohibited unless explicitly authorized by the CIO or their designee.
  7. Use that is malicious, harassing, or defamatory.

2.10.1.5 User Account Sharing

Ithaca College information systems, services, networks, and user accounts are for use by assigned individuals only.

User accounts are for the sole use of the individual they are assigned to by the designated authority for the system or service. Sharing of authentication credentials for individual accounts is prohibited. (This is not a prohibition against delegating access to email mailboxes or calendars by authorized individuals using system features provided for that purpose.)

Designated multi-user accounts, such as departmental email and shared login accounts, or College social media accounts are for use only by individuals authorized by the assigned manager for each account. Credentials for designated multi-user accounts may only be shared by the account’s manager.

2.10.1.6 User Account Requirements and Purposes

Access to user accounts is contingent on enrolling in and maintaining self-service password reset settings and complying with the College’s Passwords and Authentication Standard.

User accounts of various types are to be used only for their intended purposes and must not be repurposed without authorization. For example, an individual’s regular College user account must not be used as a service account to run automated processes on servers.

2.10.1.7 Repurposing, Reassignment, and Disposal of IT Resources

Computers, mobile devices, and network equipment owned or leased by the College may only be repurposed, reassigned, or disposed of by IT&A in accordance with IT&A procedures.

2.10.1.8 Service, Repair, and Disposal

Only service providers approved by the CIO are authorized to service or repair College computers or other IT systems. Service and repair by other service providers is prohibited.

To ensure the data does not become accessible by unauthorized individuals, computers, mobile devices, and storage devices containing internal or sensitive College data (as defined in the IT Security Classification Standard) must be disposed of in compliance with the College’s Data Destruction Standard. This includes College and non-College devices.

2.10.1.9 Control over IT Resources

Individuals managing 3rd party systems, services, or user accounts (such as College social media accounts) on behalf of the College must ensure that the College retains control over those resources following organizational or personnel changes. This includes but is not limited to associating such accounts and services with ithaca.edu email addresses and other Ithaca College contact information. Employees leaving the College must provide all associated logon credentials and other information needed by the College to ensure continuity.

2.10.1.10 Adoption of Software and Cloud Services

Software and cloud services used on College systems or to access, store, or process College data are subject to oversight by the CIO or their designee. They are also subject to the College’s contract review process and IT&A standards and procedures. Software and services covered include but are not limited to locally installed operating systems, software, browser extensions, and other plugins, as well as cloud services and add-ons.

2.10.1.11 Email

Current students, faculty, and staff are prohibited from using non ithaca.edu email accounts for communication in their role at the College. This is to ensure that College data remains protected, to ensure compliance with FERPA and other requirements, and to help members of our community detect phishing attacks from external addresses impersonating students, faculty, or staff.

Faculty and staff are prohibited from automatically forwarding or redirecting messages received at College email addresses to non-College email accounts unless explicitly authorized to do so by the CIO or their designee.

2.10.1.12 Artificial Intelligence

Use of Artificial Intelligence (AI) should follow the Ithaca College Guiding Principles for AI and must comply with College policies and all applicable laws and regulations, including FERPA requirements that limit uses of student education records. Users of AI tools are responsible for taking reasonable precautions against unauthorized data exposure, bias, and other vulnerabilities.

Last Updated: January 22, 2026