11:01:01:00 Information Technology Policy

Purpose:

Dyersburg State Community College has invested a significant amount of funds and effort in its Information Technology (IT) resources. This policy documents the management and utilization of the Information Technology environment and devices.

Scope:

This policy applies to all DSCC faculty, staff, and students as well as all DSCC-affiliated external stakeholders (such as vendors, contractors, and visitors) with access to DSCC IT resources.

Policy:

The Vice President for Information Technology is responsible to the President for the IT and telecommunications services of the College. The utilization of these technologies must assist the College in achieving its institutional goals and should not be regarded as a means unto itself. The IT resources and environment exists to provide, in a cost-effective manner, state-of-the-art technology, telecommunications and computing services to the College in support of instructional and approved research activities, student resources and tools, and the administrative and business functions of the institution.

The Information Technology department serves a large number and wide variety of users including students, faculty, staff, and appropriately authorized external stakeholders. The institution reserves the right to limit the privileges of users to only those that they need to perform their tasks (this is called the principle of least privilege). The institution also has the right to establish and maintain a prioritization schedule based on institutional needs, current project load, and direction from Cabinet and the President. In addition, all users have the responsibility to use all technology services in an effective, efficient, ethical, and legal manner.

Services Provided

The Information Technology department has the responsibility of providing a variety of information technology services for its users within the college. The major types of services that are most often required include the following:

1. Development of new IT systems/services
2. Modification of existing IT systems/services
3. Responding to special requests for data, information, or reports
4. Maintenance of existing IT systems/services
5. Evaluation of cost requirements for proposed projects
6. Consultation on areas related to IT systems, communications, procedures, and specialized  technology needs.
7. Coordination of the selection and implementation of software or hardware used at all TBR institutions with the TBR Office of Information Systems.

Requests for Information Technology Services

Authorization for the use of IT resources is the responsibility of the Vice President for Information Technology, working in conjunction with the Office of the President, the Cabinet, and the Information Technology Committee. Authorization is granted in keeping with the idea that one’s interest ceases when it invades the right of personal and/or institutional privacy, results in the destruction of personal and/or institutional property, demonstrates a potential for loss, embarrassment, or litigation to the individual and/or institution, or is an otherwise irresponsible use of scarce resources. All requests (other than emergency requests) should be submitted in a support ticket through the DSCC IssueTrak system. Requests for accounts should be submitted on the proper form as detailed in the Information Technology Standards and Procedures Manual. All incoming requests are reviewed and handled based on urgency as time permits and are prioritized while giving priority to state, federal and TBR mandated items. Institutional priority is determined by the President and the Cabinet. Major projects are presented to the President, the Cabinet and the DSCC Information Technology Committee for approval as needed.

User Responsibilities

DSCC users of information technology resources will have the following responsibilities:

1. To be knowledgeable of the code for Information Technology Resource Use
2. To be responsible for the accuracy of data entered by the user and/or his or her employees
3. To be responsible for testing the software installed or developed for the user and/or his or her employees
4. To report malfunctioning equipment to the Information Technology staff
5. To make backup copies of data stored on local disk drives and removable media
6. To coordinate all IT-related hardware and software purchases with the Vice President for Information Technology
7. To promptly report any suspected or known cyber security incident or data breach as defined in the Cyber Incident Reporting and Response Policy
   
   

Code for Information Technology Resource Use

Information Technology resources at Dyersburg State Community College are available to authorized students, faculty, staff and off-campus constituents. Access to these resources is obtained from the Vice President for Information Technology and is granted with the understanding that the resources will be used as stated in the request and in keeping with the idea that one’s interest ceases when it invades the rights of personal and/or institutional privacy, results in the destruction of personal and/or institutional property, demonstrates a potential for loss, creates the possibility for the embarrassment of litigation to the individual and/or institution, or because of an otherwise irresponsible use of an IT resource. It is the institution’s policy to make these resources available to as many users as possible and, to the extent possible, keep the number of restraints and restrictions on the individuals to a minimum, consistent with the ability to provide service to all who request use.

Faculty members that teach in computer labs or in technology-equipped smart classrooms may use remote control software at instructor stations to monitor and control the activity of the other devices in the classroom. Computers located in Dyersburg State laboratories and libraries are public-supported resources established for instructional purposes, and, thus, anyone using the resource does not have a legal right to privacy. The institution reserves the right to monitor and restrict as appropriate the usage of available IT resources to protect the institution and its data.

Additionally, it is essential that users observe and practice responsible and ethical behavior in the use of IT resources. In an effort to assist the user community in the effective use of these resources, it seems reasonable to highlight some specific responsibilities and types of behavior that represent abuse of a user’s privilege. The examples do not constitute a complete list but are intended to convey the intent of the code.

1. Users should not damage or attempt to damage equipment or to modify or attempt to modify equipment so that it does not function as originally intended. It is equally wrong to damage or modify or attempt to damage or modify software components including operating systems, application software, utility routines, etc.
2. Users should not use or attempt to use an account without authorization from the owner of that account. Users have the responsibility of protecting their accounts through the proper use of passwords and multi-factor tokens, but the fact that an account is unprotected does not imply permission for an unauthorized person to use it. Further, accounts are to be used only for the purpose for which they have been established. Additionally, users should not use a college-provided account for funded research, personal business, or consulting activities.
3. Users should not use private files without authorization. Owners of such files should take precautions and use the security mechanisms available. However, the fact that a file is not protected does not make it right for anyone to access it, unless it is specifically designated as a public access file. It is equally wrong for anyone without authorization to change or delete a file that belongs to anyone else. Violation of property rights and copyrights covering data, computer programs and documentation are also wrong. In the event of accidental access of private files, the confidentiality of those files must be maintained.
4. Use of email at DSCC should be consistent with the goals, purposes, and mission of the institution. Since computers owned by Dyersburg State are a public supported resource, anyone using the resource does not have a legal right to privacy. Refer to the DSCC e-mail policy 11:01:04:00 for additional information.
5. Any deliberate wasteful use of resources is irresponsible; it encroaches on other people’s use of facilities and deprives them of resources. The printing of large unnecessary listings and use of the Internet solely for entertainment are examples of such abuse. Users are expected to be aware of the resources they are using and to make reasonable efforts to use these resources efficiently. Employees may also power off equipment at the end of the day when feasible to minimize electrical power consumption.
6. Users should adhere to operating procedures and their intent as established by their supervisor, department or the Office of Vice President for Information Technology.
7. Administrators, faculty, staff, and others in positions of trust within the Dyersburg State Community College community have a professional responsibility to ensure that the equipment, software and services are used to help the college fulfill its mission and are used in an ethical and responsible manner. Persons in positions of trust should not misuse computing resources or take advantage of their positions to access data or systems not required in the performance of their duties.
8. Users should minimize or eliminate the usage of bandwidth intensive software, websites and services (such as video and audio streaming services) that are not required by the individual to perform an assigned institutional function.  This helps to ensure that sufficient bandwidth is available for mission-critical academic, instructional, and business services required for the college to function.
   
   

The unauthorized use or distribution or replication of computer software, music, videos, movies, or other copyrighted material violates federal laws and the State Computer Crimes Act. Violation of such laws may result in disciplinary sanctions, including dismissal, civil lawsuit and criminal prosecution.  Any use of the computing resources without authorization is prohibited.

Failure to comply with the above code will subject the violator to appropriate disciplinary action. It is the responsibility of all users to report to the Office of Vice President for Information Technology any violation of the Code of Information Technology Resource Use. Whenever there is an indication of abuse of the user’s privilege which interferes with the intended functions of the system, or impinges on another user’s rights, or any other irresponsible or unauthorized use of an IT resource, the Office of Vice President for Information Technology reserves the right to investigate and implement those actions deemed necessary to protect the system, data and/or other users. Such an investigation will require prior authorization from the appropriate Dyersburg State Community College offices in consultation with the President and the Cabinet.

Compliance:

All faculty, staff, students and external stakeholders utilizing DSCC’s Information Technology Resources must comply with this policy. Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment or suspension. Any student found to have violated this policy may be subject to disciplinary action, up to and including suspension. External stakeholders found to have violated this policy may be subject to suspension of access rights.

Definitions:

Term	Definition
IT	Abbreviation for “Information Technology”
User	Faculty, staff, student or external stakeholder who is using the information technology resources of the college
TBR	Abbreviation for “Tennessee Board of Regents”
Technology resource	Any type of computing, telecommunications, or instructional technological resource in classrooms, offices or open areas. This includes computers, tablets, projector, wireless presenters, printers, monitors, phones, etc.

Revision History:

Originally policy number 08:12:00 prior to policy reformatting project. Approved by Admin Council April 29, 2016. Revised November 2022; Approved by Admin Council 11/30/2022.