2.10 Technology Use Policies

2.10 Technology Use Policies

2.10.1 All College Computer and Network Use Policy

Access to Ithaca College computer networks, systems, applications, and services is subject to College-issued requirements and restrictions, including but not limited to those stated herein. The Ithaca College All College Computer and Network Use Policy applies to all users of College computer networks, systems, applications, and services. Additional policies may also apply to specific systems, such as the Web policy. Questions about this policy should be addressed to the IT Service Desk (servicedesk@ithaca.edu).

1. Individual Use and Access

Ithaca College user accounts are for use by authorized individuals only. Individual user accounts are for the sole use of the individual they are assigned to. Designated multi-user accounts, such as certain departmental email and shared login accounts, are for the sole use of individuals designated by each account’s designated manager. Use by others is prohibited, as is sharing of authentication credentials for individual accounts or for multi-user accounts by anyone other than the account’s manager. These restrictions on user account access are not a prohibition against individuals delegating access to their email mailboxes or calendars using system features provided for that purpose.

Access to Ithaca College computer networks is for authorized individuals and devices only. Connecting Ithaca College networks to other networks or sharing network connectivity with other individuals or devices is prohibited unless approved by the Chief Information Officer or their designee. This includes providing local or remote access to College networks through unauthorized routers, switches, hubs, wireless access points, multi-homed computers, remote access solutions, tunneling solutions, or other means.

User account access is contingent on providing an accurate personal cell phone number and non-IC email address (not ending in ithaca.edu), which are used by the self-service password reset (SSPR) service to provide initial account access and to later restore account access if needed. Access is also contingent on enrolling in the College’s multi-factor authentication system using authentication methods approved by the Chief Information Officer or their designee.

You may be held responsible for any and all actions originating through your account or network connection. You must not impersonate others or misrepresent or conceal your identity in electronic messages and actions.

2. Respect the privacy and security of users and systems
Unless information is specifically made public or accessible to you, you should assume anything on the network is private. Just because you may have the ability, through a loophole, someone's carelessness, etc., to access files, directories, or information that does not belong to you, you do not have the right to do so. Any attempt to circumvent computer, network or file security or to take advantage of security lapses is prohibited.

3. Do not disturb other users or abuse computer resources
Disruptive and/or invasive actions using computer systems and networks are strictly prohibited. Examples of this include, but are not limited to, viruses, threatening or harassing messages, "spamming," packet sniffing, self-perpetuating programs, excessive volume of file transfers, network traffic or printing, and other programs, files, hardware, software, or actions that deliberately or unintentionally degrade or disrupt system or network performance, compromise or circumvent system or network security, or interfere with the work of others.

The use of network hubs, routers, wireless access points, or other devices designed to share your network connection with multiple computers or devices is expressly prohibited.

Individuals are required to take reasonable precautions to ensure that their systems are secure -- this includes maintaining current virus detections software at all times on their system(s).

4. Respect intellectual property
The use of campus computer resources, including ResNet, to share or distribute copyrighted material to others without the permission of the copyright holder is prohibited. This includes, but is not limited to, using peer-to-peer applications to share these files. The burden of proof of ownership or obtaining permission from the copyright owner is upon the account holder. Upon receiving proper notification, as defined by the Digital Millennium Copyright Act, of a potential infringing activity, we will where possible remove or block access to the material in question. Reports of repeated copyright infringements will lead to termination of computer/network services and/or other College/legal actions.

5. Access to computer accounts & networks / Non-commercial use only
Ithaca College will make reasonable efforts to have its computer systems and networks available at all times. However, as part of regular maintenance and other planned and unplanned activities, systems & networks may be unavailable at any particular time. Ithaca College reserves the right to restrict or terminate access to its computer and network resources as necessary. Ithaca College computer systems and networks are for non-commercial individual use related to the educational mission of the College by authorized account holders, and for approved College business activities.

6. Abide by the regulations; don't break the law
All users must abide by all college rules and policies, as well as local, state and federal laws. This includes, but is not limited to, other Information Technology Services' policies; the Ithaca College Student Conduct Code and other College policies; local, state and federal regulations.

7. Privacy
Ithaca College follows industry practices, including monitoring systems to ensure the security and proper functioning of the College's computing and network resources, Given the nature of computers and electronic communications, we cannot guarantee the absolute privacy of your files and information. You must take reasonable precautions and understand that there is a risk that in some circumstances others can, either intentionally or unintentionally, gain access to files and messages. Where it appears that the integrity, security or functionality of the College's computer or network resources are at risk or in instances of suspected abuse of College policies, codes, or local, state or federal laws, Ithaca College reserves the right to take whatever actions it deems necessary (including, but not limited to monitoring activity, scanning specific machines, and viewing files) to investigate and resolve the situation.

8. Restrictions
The College may impose restrictions on the use of its computer and network systems and/or take additional actions in response to complaints presenting evidence of violations of this or other College policies, codes, or state or federal laws.

9. Security

Security Updates: All devices (computers, phones, tablets, and other physical and virtual computing systems) used to access non-public IC systems, services, or apps or used to store or process non-public College data must use only currently-supported software, meaning software for which security updates remain available as vulnerabilities are discovered. Available security updates must be applied within 30 days of release, preferably within 14 days. This requirement applies to devices owned or managed by the college and those owned by individuals or other organizations. Non-public means anything that requires a login. Supported includes commercial, open-source, and in-house developed software for which security updates continue to be provided as new vulnerabilities are discovered. Software means all code, including operating systems, applications, drivers, firmware, etc.

Encryption of Laptops and Mobile Devices: All portable computing devices (laptops, phones, and tablets) used to store non-public College data or access non-public College systems, services, or apps (anything that requires a login) must use encryption and a passcode or other locking mechanism to protect that data in the event the device is lost, stolen, or otherwise physically accessible by those unauthorized to access the data. Guidance: For Android and iOS devices released in the past few years, enabling the screen-lock feature ensures encryption is enabled. Windows’ built-in BitLocker and macOS built-in FileVault disk encryption capabilities are sufficient for those platforms and are enabled by default on IC laptops.

10. Reporting Violations
If you believe that a violation of this policy has occurred, you should contact the Information Technology Services' Computer Abuse Administrator at computer_abuse@ithaca.edu or by calling 607-274-1000. In cases where you feel that an individual's health or safety appears to be in jeopardy you should immediately contact the Office of Public Safety at 607-274-3333.

This policy will be updated periodically. Updates will be posted here.

2.10.2 Ithaca College Web Policy

Note: This policy replaces the Campus-Wide Information Systems (CWIS) policy.

Table of Contents

Scope of Policy

Purpose of Ithaca College Websites

Oversight

Responsibility for Web Presence

Responsibility for Web Content

Responsibility for Web Infrastructure

Responsibility for Web Design

Policy on Content

Policy on Information Security

Website Protocol

WSG Membership:
Scope of Policy
This policy applies to websites and applications that are owned and operated by, or operated on behalf of, Ithaca College.

Purpose of Ithaca College Websites
Ithaca College websites are intended to facilitate the dissemination of accurate and timely information about and from Ithaca College to the community; to enhance the efficiency and expand the services of campus administrative, academic, and student support programs; to provide connection between and among campus constituents; and to support the College’s enrollment, marketing, and development initiatives.

Oversight
The Web Strategy Group (WSG) is responsible for providing executive oversight for the College’s web presence. The group reviews and approves web-related policies and guidelines, and it identifies strategic web-related resource needs.

The WSG is co-chaired by the Executive Director, Marketing Strategy, and the Executive Director, Applications and Infrastructure, and its membership includes senior leadership from the Division of Marketing and Enrollment Strategy, the Division of Finance and Administration, and the Division of Philanthropy and Engagement, including the offices of Information Technology, Admission, College Communications, and Creative Strategy and Development.


Responsibility for Web Presence
The Offices of Marketing Communications and Information Technology Services (ITS) jointly share day-to-day responsibility for managing the College’s web presence.

Members of the campus community maintain a significant proportion of the College’s web presence via the Web Profile Manager content management system.

Responsibility for Web Content
A primary content manager (PCM) must be designated for each website, page, or document. This individual is responsible for the creation, maintenance, and/or oversight of that content, and for ensuring that it is accurate, remains current, is appropriate for online use, and complies with the policies established by the WSG. The PCM may, where appropriate, delegate some or all of these responsibilities to others. However, the PCM is ultimately responsible for actions of their delegates and the integrity of their site. A PCM must be a current member of the campus community, a faculty retiree, or an alumnus. Information about creating and maintaining Web content can be found at https://www.ithaca.edu/its/services/web.


Responsibility for Web Infrastructure
ITS is responsible for building and maintaining the College’s web technical infrastructure, including maintaining the network, server hardware and software, content management services, web applications, and developing software tools to help automate document maintenance processes.

Wherever possible websites will be managed via the College’s web content management system, the Web Profile Manager.

Responsibility for Web Design
With oversight from the Web Strategy Group, the Office of Marketing Communications takes the lead on the responsibility for establishing, maintaining, and implementing the Ithaca College web brand, which is the overall look and feel of the College’s websites. They work in partnership with Information Technology Services to apply the visual standards to the College's web presence throughout our various web services.

The College reserves the right to enforce the use of design and navigation standards (including the use of specific design templates) throughout its web servers to ensure usability, accessibility, and brand consistency.

Policy on Content
Most material on the College’s web servers is produced by the Ithaca College community, but, except for designated pages, is neither approved nor verified by Ithaca College.

The College reserves the right to remove, without notice, any content that it determines, at its sole discretion, violates College policies, practices, or state or federal laws, or that it determines is otherwise inappropriate. The director of enterprise application services, in consultation with the appropriate vice president, is responsible for facilitating this process.

The PCM is responsible for ensuring that information on the College’s web servers complies with the following standards:

  1. Must be suitable for distribution to and interaction with both the campus community and the rest of the world.
  • Some examples of suitable material are 
    • Calendars or announcements of upcoming events
    • Descriptions of services and programs offered
    • News of achievements or programmatic changes
    • College policies specific to individual units
       
  • Some examples of material that would be considered inappropriate are
    • Commercial advertisements, endorsements, or logos except when used to recognize sponsorship, further the academic mission of the College, or promote a College business service offering
    • Material that is illegal
    • Private/compliant and protected information (i.e. confidential information). Examples include Social Security numbers, class lists, birth dates, credit card information.
    • Disclosing information about a student who has filed a request with the college to have his or her directory information withheld.
  1. Materials should be checked for accuracy and should be updated regularly.
     
  2. The use of copyrighted material must comply with the College’s Copyright Policy and Guidelines (https://www.ithaca.edu/policies/vol2/volume_2-232/).
     
  3. Pages should be designed to avoid confusion or duplication with official pages.
     
  4. Every department or other officially recognized College organization's home page must contain
  • A link to the Ithaca College home page
  • The words "Ithaca College" to help identify the page as part of the overall Ithaca College site

Policy on Information Security
Ithaca College web services are accessible via the global Internet. Private/compliant and protected (i.e. confidential) information should not be posted unless appropriate security restrictions are enabled.

To ensure the security of our systems and services, ITS may restrict the types of services and tools available to campus web developers. Where possible, the campus community will be required to utilize one of the content management systems to maintain their sites.

Only members of the campus community, faculty retirees, alumni, and third-party web developers approved by ITS will be given access to our systems for the purpose of content creation or management. The College reserves the right to remove, without notice, any programs, code, or sites that, at its sole discretion, may present security or performance risks.

Website Protocol
All College websites are for non-commercial individual use related to the educational mission of the College by the campus community, faculty retirees, and alumni and for approved College business activities. In addition, web content providers must abide by all College policies, including, but not limited to, the Ithaca College All-College Computer and Network Use Policy.

Individual Sites
Examples:

  • Faculty – Faculty Profile
  • Staff – Staff Profile
  • Student – ePortfolio
  • Alumni – Alumni ePortfolio

Individual sites will be removed as follows:

  • Faculty & Staff Profiles – upon last day of employment with the college. Faculty profiles for Ithaca College faculty retirees may remain indefinitely.
  • Student ePortfolios – 90 days after a student graduates. Upon graduation a student can choose to have their eportfolio converted to an alumni eportfolio.
  • Student Web Space – Upon graduation or departure from the College.
  • Alumni ePortfolio – May remain indefinitely, provided the individual renews it annually.

Note: In cases of involuntary separation, the College reserves the right to terminate accounts immediately.

Departmental / Organizational Sites
These sites are to be used to provide a web presence for an officially recognized Ithaca College department, organization, office, school, division, or program. The creation of these sites and designation of a primary content manager requires the approval of the head of the organization (e.g., director, dean, VP) being represented, and in the case of a student organization, the additional approval of the Office of Student Engagement and Multicultural Affairs (OSEMA). Accounts for student organizations must be renewed each academic year.

Examples:

  • Academic Department Profiles
  • Schools and Division Sites and Profiles
  • Administrative Office Sites and Profiles
  • Special Program Sites and Profiles
  • Student Organization Profiles

Course Sites
The College’s official learning management system is Sakai. Any instructor can create a course site in Sakai.

In addition, information providers must abide by all other Ithaca College policies and procedures.
 

2.10.3 Wireless Network Policy

1. Purpose
The purpose of this policy is to secure and protect the information assets owned by Ithaca College. Ithaca College provides computer devices, networks, and other electronic information systems to meet its mission, goals, and objectives. Ithaca College grants access to these resources according to an individual’s role and must manage them responsibly to maintain the confidentiality, integrity, and availability of all information assets.

This policy specifies the conditions that wireless infrastructure devices must satisfy in order to connect to the Ithaca College network. Only those wireless infrastructure devices that meet the standards specified in this policy or are granted an exception by Information Technology Services are approved for connection to the Ithaca College network.

2. Scope
This policy addresses the requirements of Wireless deployments, Wireless usage, and Wireless airspace usage. All employees, students, contractors, consultants, temporary workers, and others who use the Ithaca College network, including all personnel affiliated with third parties that maintain a wireless infrastructure device on behalf of Ithaca College, must adhere to this policy. This policy applies to all wireless infrastructure devices that connect to the Ithaca College network or reside at an Ithaca College owned, leased or rented site that provide wireless connectivity to endpoint devices including, but not limited to, laptops, desktops, cellular phones, and personal digital assistants (PDAs). This includes any form of wireless communication device capable of transmitting packet data.

3. Policy

  • Wireless Deployments

    Standards supported:

    • IEEE 802.11ac is the preferred wireless networking standard. 802.11ax, 802.11n, 802.11g, 802.11b, and 802.11a will be available, where necessary.
    • IEEE 802.1X is the authentication standard. Additional security procedures may be applied as needed.
    • WPA2 with AES encryption will be the only secure standard used.

    Service Set Identifier (SSID)

    There shall be three SSIDs broadcast by the wireless deployment.

    • IthacaCollege-Guest – For visitor Internet access and access to installation instructions and tools needed to access the IthacaCollege SSID (see below).
    • IthacaCollege – For roles-based access to the network. Only devices authenticated via Ithaca College account credentials may access this SSID.
    • eduroam – hotspot for educational institutions that have partnered with eduroam.org

    Wireless Service Considerations

    • Wireless networking has bandwidth limitations compared to the wired network. The wireless network should be viewed as augmenting the wired network, to provide more flexible network use. Applications that require large amounts of bandwidth, or are sensitive to changes in signal quality and strength may not be appropriate for wireless access.
    • Wireless technology is and will for the foreseeable future be a shared bandwidth technology. Some protocols and services will not effectively work in, or may be inappropriate for, a wireless environment.

    Wireless IP Addresses

    • DHCP is the standard addressing method for the IC wireless networks, and is expected to meet the majority of customer requirements.
    • Wireless is a dynamic service. Due to the dynamic nature of wireless, IP space serving the campus will change over time due to capacity re-engineering.

Restrictions

  • Ithaca College policy requires that all deployments of wireless infrastructure be installed and maintained by ITS. Installing departmental or do-it-yourself wireless access points is prohibited to avoid possible interference with the IC wireless network, unnecessary impact to the wired network and to minimize undue security risks to the College. Additionally, in areas where centrally-managed wireless networking is available any pre-existing locally managed access points must be removed.
  • Use of the wireless network is subject to the established policies for use of IC campus network services. (e.g. All College Computer and Network Use Policy)
  • Only devices authenticated via Ithaca College account credentials may access network resources on the IC network that are not Internet facing.
  • Unauthenticated visitors will be able to access only the Internet by accepting the policy restrictions on usage and providing their email address.

  • Wireless Usage

    Authenticated Access

    Role-based access to the network shall be established using the user’s Ithaca College account credentials. All data transactions shall be encrypted and secured by the protocols listed in the Supported Standards section above. Services allowed through the wireless network should be substantially identical to those for wired access. Role based users will be limited to those same services they are permitted to access via wired network controls.

    Visitors

    Visitors shall have free access to the Internet only. They shall be limited to only those TCP/IP protocols listed in Table 1. In general, standard Web access, Secure Shell access, Instant Messenger access, email access, sending email via secure methods, and Remote VPN access are permitted by these protocols.

Source  Destination Service Action
Guest Wireless VLAN All HTTP allow
Guest Wireless VLAN All HTTPS allow
Guest Wireless VLAN All SSH allow
Guest Wireless VLAN All AIM/5190/TCP allow
Guest Wireless VLAN All YAHOO/5050/TCP allow
Guest Wireless VLAN All MSN/1863/TCP allow
Guest Wireless VLAN All Google Chat/443/TCP allow
Guest Wireless VLAN All iChat/5190, 5298/TCP allow
Guest Wireless VLAN All POP allow
Guest Wireless VLAN All IMAPS allow
Guest Wireless VLAN All IMAP allow
Guest Wireless VLAN All SMTPS allow
Guest Wireless VLAN All All ports needed for PPTP allow
Guest Wireless VLAN All All ports needed for IPSEC allow
Guest Wireless VLAN All All drop

Table 1

Device support

All supported PDAs and Laptops shall be able to, at a minimum, access the Internet through the Visitor role.

  • Wireless Airspace

To provide wireless access, the radio frequency airspace of the campus serves as the transport medium for this technology. Wireless networks operate on the campus shared and finite airspace spectrum.

Therefore, Information Technology Services (ITS) will regulate and manage this airspace centrally to ensure its fair and efficient allocation and to prevent collision, interference, unauthorized intrusion and failure. In addition, central management will facilitate the adoption of new features. Persons using wireless devices to connect to the College network must be aware of this, and comply with this policy and any other related policies.

ITS will approach the shared use of the wireless radio frequencies in the same way that it manages the shared use of the wired network. Specific issues pertaining to wireless network devices are outlined below:

  • All access points will be installed and configured in such a way as to comply with all security features of the wireless network, including restrictions to provide connections only to those users who are entitled to access.
  • The College reserves the right to remove, disconnect or electronically limit any access point not installed and configured by ITS personnel or specifically covered by prior written agreement and/or arrangement with ITS.
  • Other devices such as portable phones, and wireless devices using "Bluetooth" (a competing wireless technology), that broadcast and receive information on the same frequency as wireless Ethernet devices may cause interference with wireless network operation. If disruptions in wireless service are reported, ITS will investigate and may remove any devices it deems to be interfering with proper network operation. In those cases where the use of other wireless devices in furtherance of the College mission are found to interfere with campus wireless network operation, ITS will take the lead in negotiating a solution that is mutually agreeable to all parties.
  • Only users affiliated with Ithaca College are authorized to use wireless networking on campus. To help protect these affiliated users from unauthorized access to their computer resources, ITS may implement data encryption and authentication security measures that must be followed by all users. These measures require the use of specific wireless LAN product types and are designed to meet emerging wireless encryption and security standards.

4. References

SANS (SysAdmin, Audit, Network, Security) Institute “Wireless Communication Policy” URL: http://www.sans.org/resources/policies/Wireless_Communication_Policy.pdf

Villanova University “Wireless Policy” URL: http://www.villanova.edu/unit/policies/wireless.htm

University of Massachusetts Amherst “Wireless Airspace Policy” URL: http://www.oit.umass.edu/policies/wireless.html

University of Washington “UW Wireless Policy“ URL: http://www.washington.edu/computing/wireless/policy.html

Cornell University “RedRover-Guest Wireless” URL: http://www.cit.cornell.edu/redrover/guest.html

2.10.4 Digital Accessibility Policy

1.  POLICY STATEMENT

Ithaca College has adopted the World Wide Web Consortium’s Web Content Accessibility Guidelines (WCAG) 2.0, Level AA as its standard for digital accessibility, hereinafter referred to as the “WCAG Standards”. All content and aspects of Ithaca College’s Websites that are created, published, or substantially added after July 1, 2020, shall conform to the WCAG Standards, except where the Web Strategy Group (WSG), in consultation with the Office of the General Counsel, determines that doing so would represent an Undue Burden or Fundamental Alteration. In such cases, the College will make reasonable efforts to provide Equally Effective Alternative Access.

2.  DEFINITIONS

Content: Content should be construed broadly to include anything on the Ithaca College Websites including, but not limited to, audio, video, images, tables, forms, documents (in any format, including .docx and .pdf), and html.

WCAG Standards: Ithaca College has adopted the World Wide Web Consortium’s Web Content Accessibility Guidelines (WCAG) 2.1, Level AA as its standard for digital accessibility.

Equally Effective Alternative Access: As used in this Policy, Equally Effective Alternative Access means an alternative format, medium, or other aid that timely and accurately communicates and/or provides access to the same content as does the original format or medium, and which is appropriate to an individual's disability.

Fundamental Alteration: A change to the College's services, programs, or activities that fundamentally alters the nature of the services, programs, or activities, including academic courses and technology. A determination of what constitutes a Fundamental Alteration may be made only by an individual or committee designated by the College President.

Ithaca College Websites: Any website providing content and functionality for the College's programs, services or activities, including all subordinate pages and intranet pages and sites and web-based interfaces to applications, including content and functionality developed by, maintained by, or offered through a third party vendor or open source through which the College (or one of its schools, global sites, portal campuses, or library) provides its programs, services or activities.

The Ithaca College Websites do not include sites that are independent of the College (including sites that are linked to from the Ithaca College Websites) and do not provide College programs, services or activities.  

Undue Burden: A proposed course of action that would result in a significant financial and administrative burden. A determination of what constitutes an Undue Burden may only be made by the Web Strategy Group, in consultation with the Office of the General Counsel.

3.  GUIDELINES

  1. Site Management.  Each Primary Content Manager is responsible for ensuring that information added to the Content under their management complies with this Digital Accessibility Policy. As a proactive measure, Ithaca College periodically conducts accessibility audits using industry standard testing tools, such as Monsido/SiteImprove, Wave, or Lighthouse.
  2. Site Development. All Primary Content Managers and other personnel who are involved in the procurement, preparation and maintenance of the Ithaca College Websites are expected to implement measures to advance this policy, including by incorporating accessibility into development roadmaps, planning for compliance in the project planning, design, and RFP stages, requiring that vendors’ services comply with this Digital Accessibility Policy, and testing for compliance before publication or launch. The accessibility audit results are reviewed by the Web Strategy Group and issues are corrected based on recommended best practices.
  3. Reporting Barriers to Access.  Content created or published prior to July 1, 2020, shall be made accessible in accordance with this Policy upon request. College Community members who encounter barriers to accessibility in Ithaca College Websites, whenever the Content was created or published, are encouraged to notify the site’s Primary Content Manager or the Web Strategy Group.  In addition, employees, students, and visitors to Ithaca College may bring any concerns regarding known or suspected instances of disability-based discrimination to the attention of the Office of Human Resources in accordance with the Institutional Policy on Disability.
  4. Third-Party Service Providers. Third-parties (non-College entities) developing or providing Content, including web pages, web functionality, websites and web applications, for Ithaca College are expected to provide Content that is in compliance with this policy and with the WCAG Standards, where appropriate.  For any area of non-compliance, External Entities are expected to identify those areas for the College and describe any planned remediation.  College personnel shall make reasonable efforts to incorporate these requirements when negotiating agreements with third-parties, subject to and in accordance with the Section 2.41 Contract Review and Approval Policy.

Last Updated: July 31, 2023