I. General Principles

a. This code governs the use of computers, network equipment, servers, accounts, printers, and any other device attached to the Ozarks network and not just those owned by the University of the Ozarks, hereafter referred to as “Information Technology" (I.T.) resources. The University owned I.T. resources are provided to University students, faculty, and staff in support of our mission.

b. While the University is committed to intellectual and academic freedom, individuals who use the University’s I. T. resources do so with the understanding that this use is a privilege and with it comes certain responsibilities. Use of I.T. resources must always be legal and ethical, reflect academic honesty, and show restraint in the consumption of shared resources. It should demonstrate respect for intellectual property, ownership of data, system security mechanisms, the right to personal privacy and the right of individuals to freedom from intimidation and harassment. Any use of I. T. resources in violation of the regulations set forth in this code will be treated as “misconduct” pursuant to University policies and procedures.

c. The use of University I.T. resources is subject to all existing federal and state laws, including but not limited to laws and regulations specific to computers and networks, and to those that apply generally to individual conduct.

II. Administration of I. T. Resources

a. The University of the Ozarks reserves the right to authorize, limit, deny and control access to its I.T. resources and has assigned the responsibility and the authority for administering those resources to the Department of Information Technology Systems Administrators.

b. A Systems Administrator is any person designated to maintain, manage, monitor and provide security for I.T. resources.

c. Persons not authorized to act in Systems Administrator capacity at the University are prohibited from collecting information or making configuration changes to any I.T. resource.

III. Education Records, Medical Records and Personnel Records

a. Records containing medical information or personnel information related to a student or employee are confidential and protected from public disclosure.

b. No person shall access any such record maintained in an electronic format or disclose or distribute its contents in a manner inconsistent with federal and state law or University regulations.

IV. Privacy of Electronic Files and Communications

a. While reasonable consideration will be given to privacy, all information and data, including but not limited to email messages, placed on any I.T. resource is University property.

b. No expectations of privacy exist under the following conditions:

1. University officials are presented a search warrant or court order by law enforcement officials.

2. There exists an emergency situation in which the physical safety or well being of a person may be affected or University property may be damaged or destroyed or authorized data may be lost or destroyed.

3. There exist reasonable grounds to believe that a violation of law or University policy is occurring or has occurred.

4. Access is necessary to maintain the University's I.T. resources;  to maintain the integrity of the University’s I.T. resources;  to protect the rights or property of the University;  to protect the rights or property of any I.T. resource user.

c. Responsibility for authorizing access hereunder rests with a Systems Administrator, the University President or the Director of Information Technology.

V. Acceptable Use of I. T. Resources

a. This section establishes rules for the benefit of all users and encourages responsible use of I.T. resources. The rules of conduct include, but are not limited to those listed below:

1. No one shall (a) connect with or otherwise use any University I.T. resource without proper authorization; (b) engage in, assist in, encourage, or fail to disclose or conceal any unauthorized use, or attempted unauthorized use, of any University I.T. resource; or (c) misrepresent his or her identity or relationship to the University to obtain access to or while using I. T. resources. Users are responsible for the use of their computer accounts and shall not allow others access to their accounts, through sharing passwords or otherwise. Users shall promptly report any unauthorized use of their account or password to a University Systems Administrator.

2. University I. T. resources shall not be used for personal gain or for the benefit of organizations not related to the University, without the prior written approval of the Director of Information Technology.

3. No one shall (a) knowingly endanger or compromise the security of any University I.T. resource or attempt to discover or break any security codes applicable to any University I.T. resource; (b) willfully interfere with another’s computer usage; (c) attempt to circumvent data protection schemes, uncover security loopholes, or decrypt secure data; (d) modify, reconfigure or attempt to modify or reconfigure any software or hardware of any University I.T. resource or network facility in any way, unless specific authorization has been obtained from the Director of Information Technology; (e) use University I.T. resources to attempt unauthorized access to or use of any computer or network facility, no matter where located, or (f) intentionally waste, overload or misuse I.T. resources.

4. No one shall knowingly or with recklessness create, run, install or distribute a computer virus, worm, Trojan Horse , a destructive or disruptive program, a destructive or disruptive email, or any other destructive or disruptive data via any University I.T. resource or knowingly permit anyone else to do so.

5. No one shall copy, install, use, store or distribute through any University I.T. resource any information in violation of U.S. copyright, trademark, or patent laws or applicable licensing agreements. It is the user’s responsibility to become familiar with the terms and requirements of any such laws or agreements. Illegal reproduction of software and other intellectual property may result in civil and criminal sanctions as well as disciplinary action by University officials.

6. No one shall use the University’s I.T. resources to (a) annoy, harass, threaten, intimidate, terrify, or offend another person; (b) repeatedly contact another person, whether or not any actual message is communicated, if the recipient has expressed a desire for the contact to cease; (c) repeatedly contact another person regarding a matter for which one does not have legal right to communicate (such as debt collection), once the recipient has provided reasonable notice that he or she desires such contact to cease; (d) disrupt or damage the academic, research, administrative, or related pursuits of another person; or (e) invade the privacy, academic or otherwise, of another person or threaten such an invasion.

7. Users shall adhere to all University policies regarding use of email and other electronic communications. Users assume full responsibility for messages they transmit through University I.T. resources, including, but not limited to, those they forward.

8. Unauthorized computer workgroups are prohibited.

9. Allowing access to the University I.T. resources to unauthorized people by any means is strictly prohibited.

10. All personal computers (and other devices, if applicable) must have up-to-date antivirus software installed and operational prior to using I.T. resources. Users must keep antivirus software currently updated at all times.  If a user becomes aware or is alerted to the possibility of the existence of a virus, worm, Trojan Horse or other destructive or disruptive program or data which is infecting or attempting to infect any University I.T. resource, the user shall immediately notify a Systems Administrator or the Director of Information Technology and shall take such steps as the user may be directed to prevent or minimize the impact of such virus, worm, Trojan Horse or other destructive or disruptive program or data to University I.T. resources.

11. University I.T. resources shall not be used to store, manipulate, calculate or analyze personal data or data for organizations not related to the University. The University and its agents, servants, and employees are not responsible for loss or corruption of data placed in the University I.T. system in violation of this policy.

12. It is a violation of University policy to forward data that violates this code using University I.T. resources, as well as to originate such data.

13. Unauthorized network devices are not permitted.

14. Users must, without exception, modification or deviation, always use University designated security procedures and approved software while using University I.T. resources.

VI. Enforcement and Sanctions

a. Individuals designated as University Systems Administrators are responsible for protecting the system and its users from abuses of this code. Therefore, Systems Administrators may take any or all of the following actions:

1. Discuss the matter with the offending party.

2. Revoke or modify user account or network privileges.

3. Where other disciplinary measures have failed, when there are repeated offenses of this policy, or when the seriousness of the offense warrants, a Systems Administrator may permanently revoke user or network access.

b. Because a Systems Administrator is tasked with maintaining the quality and integrity of the University network, he/she retains the right to disconnect any computer that is determined to be causing a detrimental effect on network operation. This includes, but is not limited to, computers found to be flooding the network with traffic, whether it be due to faulty hardware, software, etc., computers using more than their “fair-share” of bandwidth; computers using more than their “fair share” of access time for extended periods of time; computers containing materials determined to be in violation of federal or state laws; computers operating without proper antivirus software in violation of University security procedures; and computers operating with software not compatible with University software. Every effort will be made to notify the owner of the computer prior to action being taken, but a Systems Administrator has the right to take whatever means necessary to eliminate the threat to network integrity, up to and including entering the computer owner’s room and physically disconnecting the network cables without notice. In the event that such drastic measures become necessary, a Systems Administrator will make every effort to protect the privacy of all parties involved. A Systems Administrator will refer offenses to the Director of Information Technology.

c. In addition to the provision of Article VI(a) and (b), any violation of this code is misconduct for purpose of the student code of conduct and University personnel policies and offenders may be punished accordingly. Any offense that violates local, state, or federal laws may result in the immediate loss of all University computing and network privileges and will be referred to the appropriate University official and/or law enforcement agencies for disciplinary action.

d. Appeals for Sanctions

1. Students against whom action is taken for non-compliance with this code have the right to appeal to the Student Government Association, which will act as an impartial mediator. The decision of the SGA, when approved by the University President, will be considered final.

2. Faculty against whom action is taken for non-compliance with this code shall follow the grievance procedure outlined in the Faculty Handbook. Administrative, Professional and Support staff members against whom action is taken for non-compliance with policy code shall follow the grievance procedure set forth in the appropriate handbook.

VII. Amendments

a. The University reserves the right to amend this code at any time. Any such amendment shall be effective upon the posting of such amendment on the University’s website. Any person using University I.T. resources is deemed to have accepted all provisions contained in this code and any policies that the University may adopt to supplement or explain this code.

VIII. Effective Date

a. This code becomes effective August 18, 2003. (Revised Aug 2012)