Administrative Procedures for Physical Resources
To view text in a larger font, please increase the zoom percentage option at the bottom right corner of your browser.
BOT Policy V.1 Information Security (9/10)
Information Technology Procedure
Reference: Board of Trustees Policy 3.34
AUDIENCE AND SCOPE
Mohawk Valley Community College is committed to providing its employees, students and partners with current technology and computing resources and to protect them from illegal or damaging actions committed, either knowingly or unknowingly, by individuals who use these resources. Therefore, to protect themselves and others, all MVCC employees, students, alumni, contractors, consultants, temporary employees, tenants and guests of MVCC are required to adhere to the established procedure related to all College Information Systems, including:
- MVCC owned and supported desktop and laptop computers
- Non-MVCC computers used to access MVCC network resources.
- Voice and data networks, wired and wireless, that are owned and operated by MVCC, and any equipment directly attached to them (such as personally owned laptops, computers, networking devices, etc.)
TERMS OF COMPUTING & NETWORK USAGE
- It is expected that primary use is restricted to any activity that supports the Mission, Vision and Purpose of the College. Employees are responsible for exercising good judgment regarding the reasonableness of personal use. If there is any uncertainty, employees should consult their direct supervisor, the Director of Human Resources, or the Executive Director of Information Technology. MVCC desires to provide reasonable levels of privacy; however, users should be aware that all material and data they create on the College's systems may be requested and possibly disclosed under the Freedom of Information Law (FOIL).
- MVCC aspires to provide, but cannot guarantee, a reasonable expectation of electronic privacy in use of its computing and networking systems. However, all best practice and reasonable anti-intrusion systems and software will be maintained.
- All information stored, processed, or transmitted by computer users may be monitored or legally disclosed to appropriate personnel, or law enforcement agencies. Any such monitoring or disclosure shall be conducted for a stated purpose, and will expose confidential information as minimally as possible and only as needed for the stated purpose. The MVCC Director of Human Resources must approve, in writing, the monitoring and/or dissemination of any individual’s e-mail communications or stored data.
- Any information that is considered Personally Identifiable Information (PII) that college procedure indicates is sensitive or confidential must be appropriately protected as described within this procedure.
- MVCC will implement anti-intrusion, anti-virus, anti-SPAM and other appropriate systems in order to provide a secure and private computing environment.
- MVCC reserves the right to block all Internet communications from sites, hosts or devices that are involved in disruptive or damaging practices, or that provide services that may expose the College to legal liability, or that are deemed to not meet the Mission, Vision or Purpose of the College.
- MVCC reserves the right to prioritize the allocation of network resources in times of peak resource demand.
- MVCC makes no warranties of any kind for the access being provided, and assumes no responsibility for the quality, availability, accuracy, nature, or reliability of the material accessed from the internet.
- MVCC will not be responsible for any damages suffered by a user resulting from the use of the Internet. MVCC will not be responsible for any unauthorized financial obligations resulting from the use of the Internet.
- Authorized users are responsible for the security of their passwords and accounts and are responsible for any violation that may originate from their computer or account.
- Personally Identifiable Information (PII) or other sensitive data must not be stored on local hard drives or removable media (including but not limited to floppy disks, PDAs, flash/thumb drives, writable CDs, DVDs or portable hard drives).
- All devices connected to MVCC networks, whether owned by the employee or MVCC, shall have current anti-virus and operating system security patches installed.
- It is the responsibility of employees to physically secure their mobile devices. Any instances of theft of MVCC equipment must be reported to the MVCC Director of Campus Safety and Security for on-campus incidents. For off-campus incidents, it is the responsibility of the employee to report the theft to the appropriate police agency, with a copy of the report filed with the Director of Campus Safety and Security.
- MVCC reserves the right to audit networks and systems to ensure compliance with these procedures.
The following is expressly prohibited:
- Activity that is illegal under local, state, federal or international law while utilizing MVCC-owned computers or networks.
- Violations of the rights of any person or company protected by copyright, trade secret, patent or other intellectual property.
- The installation or distribution of "pirated" software products that are not appropriately licensed for use by MVCC.
- The installation of “Bootable Devices” on any PC or Laptop.
- Unauthorized copying of copyrighted material including, but not limited to, digitized and distributed photographs from magazines, books or other copyrighted sources, copyrighted music or videos, and any copyrighted software for which MVCC or the end user does not have an active license.
- Misrepresenting one's identity or relationship to the College when obtaining or using College computers or networks.
- Exporting software, technical information, encryption software or technology, in violation of international or regional export control laws.
- Introduction of malicious programs into the network or servers (e.g., viruses, worms, Trojan horses, e-mail bombs, etc.).
- Using an MVCC computing asset to actively engage in procuring or transmitting material that is in violation of anti-pornography, sexual harassment, libel, slander or hostile workplace laws in the user's local jurisdiction.
- Using an MVCC computing asset for private commercial purposes or making fraudulent offers of products, items, or services originating from any MVCC account.
- Effecting security breaches or disruptions of network communication. Security breaches include, but are not limited to, accessing data of which the employee is not an intended recipient or logging into a server or account that the employee is not expressly authorized to access, unless within the scope of regular duties. For purposes of this section, "disruption" includes, but is not limited to, network sniffing, pinged floods, packet spoofing, denial of service, and forged routing information for malicious purposes.
- Port scanning or security scanning.
- Executing any form of network monitoring which will intercept data not intended for the employee's host device, unless this activity is a part of the employee's normal job/duty.
- Circumventing user authentication or security of any device, network or account.
- Interfering with or denying service to any user (for example, denial of service attack).
- Using any program/script/command, or sending messages of any kind with the intent to interfere with or disable a user's terminal session, via any means, locally or via the network
- Providing information about, or lists of, MVCC employees to parties outside MVCC, unless within the scope of one’s job or due to FOIL requests, and with appropriate approval.
- Using the College's email system (outside of MVCC Today) to solicit or advertise personal products, productions or other items or events not related to the College's stated mission, vision and purpose unless the user has obtained prior approval from his or her direct supervisor.
- Any form of harassment via email, telephone, instant messaging, or other electronic means, whether through content, frequency, or size of messages.
- Unauthorized use or forging of email header information.
- Solicitation of email for any other email address, other than that of the poster's account, with the intent to harass or to collect replies.
- Creating or forwarding "chain letters", "Ponzi" or other "pyramid" schemes of any type.
- Posting the same or similar non-business-related messages to large numbers of Usenet newsgroups (newsgroup spam).
- Use of College equipment and communication systems by employees or other authorized users to attempt to influence legislation or in any other way lobby elected officials, except on behalf of SUNY or the College.
- Blogging that does not fall within the Mission, Vision or Purpose of the College.
Open Lab Computers: Computers in Open Labs are available for use by all current MVCC students, staff, Board of Trustees members and emeriti. Restrictions may apply if there are no lab supervisors available at the time access is requested. A valid MVCC ID Card may be requested for verification. Student, faculty and staff computer access is gained by one’s username and password.
Teaching Lab Computers: Teaching Lab Computers are accessible to all MVCC students and faculty during a class period.
Office computers: Only active MVCC employees (excluding students), who hold a Network Account for access to the MVCC Domain are authorized to access faculty and administrative office computers, unless otherwise authorized by the area Dean/Supervisor or the Executive Director of Information Technology.
Employee Wireless: Pre-configured MVCC equipment and/or employees’ personal computers are provided with wireless technology if all provisions of antivirus and operating systems security patches are met. WiFi access to PDAs is not supported.
Classroom Ports: Active network ports in classrooms may only be used by faculty or staff if arrangements are made in advance with the Information Technology Department. Under no conditions should a preexisting network connection be unplugged without the approval of the Information Technology Department.
Operating Systems and Anti-Virus Updates: MVCC owned computers, upon connection to one of the network domains, will have patches and updates automatically downloaded and installed.
Banner Forms (‘INB’) - All employees who hold a Network Account, with Banner Supervisor approval, are authorized to access those areas of Banner INB in which they have a legitimate business interest. Banner Supervisors are defined as follows:
- Banner Student – Registrar
- Banner Admissions – Director of Admissions
- Banner Finance – Controller
- Banner Payroll – Senior Financial Analyst
- Banner Student Accounts Receivable - Bursar
- Banner Human Resources – Director of Human Resources
- Banner Advancement – Executive Director of Institutional Advancement
- Banner Financial Aid – Director of Financial Aid
- Banner Advisement (DegreeWorks) – Asst. Dean of Student Enrollment and Advisement
- Banner General – Executive Director of Information Technology
Users should not log onto Banner for the purpose of providing someone else access to the system.
Periodic Review – Periodically, a report of all individuals who have access to forms within Banner INB will be provided to the Banner supervisor. Any irregularities in access rights must be reported to Information Technology Department for corrective action.
Self- Service Banner (“SIRS”) - All MVCC employees, past and present, have access to Banner Online. Former employees' access is limited to viewing appropriate information such as historical tax-related income forms (i.e. W-2 tax forms). It is the responsibility of the employee to protect his/her Personal Identification Number (PIN).
Argos Accounts - All active employees who hold a Network Account, with Argos Supervisor approval, are authorized to access those areas of Argos in which they have a legitimate business interest. Argos Supervisors follow the same protocol as Banner Supervisors defined under Banner Forms access.
A user should not log onto Argos for the purpose of providing someone else access to the system.
Network and Email Accounts
The following individuals are authorized to hold active Network Accounts and Email Accounts:
- Current employees and students of MVCC
- Former students who have not been unregistered for three (3) consecutive academic terms
- Members of the MVCC Board of Trustees
- Faculty/Staff Emeriti of MVCC
- Retirees, for a period of three years from retirement (and beyond, contingent upon active use)
- Others as approved by the appropriate area Dean/Supervisor and/or the Executive Director of Information Technology
Employee accounts are generally allocated 3GB of email storage and 3GB of file storage. Student accounts are allocated 250MB of email storage and 750MB of file storage.
Employee Email Address Format
The standard email address format is: firstname.lastname@example.org (all lower case) as determined by the employee name on file for HR/Payroll purposes. At the discretion of the appropriate area Dean/Supervisor and/or the Executive Director of Information Technology, employees may request a modified firstname in order to provide an alternate email address. The standard email address will still function.
Upon notification to the Information Technology Department by a Dean, Director, or the Director of Human Resources or designee, an individual's account will be restricted or disabled due to separation of employment or end of affiliation with the College.
All passwords must meet the following standards to be considered valid:
- A minimum of 8 characters
- Can not contain User/Login Name
- Must contain the following two characteristics:
- At least one upper case character
- At least one number
Existing user passwords will automatically expire at least twice per calendar year, typically after 180 days. A newly chosen password must not be the same as the previously used two passwords.
A user has five opportunities to enter his or her password. If s/he does not enter the correct password after five tries the account will be locked and s/he will be prompted to contact the Information Technology Help Desk for a reset.
Sharing account information
A user should not share his/her account password with others or allow use of his/her account by others, with the exception of the Information Technology Department for the purpose of software troubleshooting or installation.
Creation of Generic Accounts is a rare exception to security best practice and will only be done with the approval of the Executive Director of Information Technology.
Users should “lock” their computers when they leave their work stations, for security of data.
Connecting personal equipment to the network
Personal equipment is not allowed to be connected to the MVCC network with the following exceptions:
Virtual Private Network (VPN) - Computers that connect to the MVCC networks from offsite using a Virtual Private Network must have virus protection installed and be current with all patches or updates for the operating system. By using a VPN, users agree that their computers may be remotely inspected to verify the presence of virus protection and patches or updates. Computers may be denied access via a VPN should the virus protection be deemed to be inadequate or it is discovered that patches or updates are missing.
Periodically, the Executive Director of Information Technology will provide to the President’s Cabinet a list of individuals authorized to utilize computing resources via VPN.
Change of Job Duties
In the event that an employee changes jobs within the College, access to computer network resources related to their old job will be discontinued. If access from their former job is still required, written authorization must be obtained from the supervisor for the former job.
If an employee changes jobs, and the new job requires access to any new forms/reports within the Banner System, changes in access must be approved by the appropriate Banner Supervisor(s).
DATA ACCESS PRIVILEGES
Individuals will be granted access to a Department's or Center’s Shared Folder upon approval from that Academic Center’s Dean.
Periodic Review – Periodically, a report of all individuals who have access to a department's network resources will be provided to the Academic Center’s Dean or Department’s Director. Any irregularities in access rights should be reported to the Information Technology Department for corrective action.
Domain Administrator Access
Domain Administrator level access to computer and network systems shall be granted only to specific Information Technology Department personnel as authorized by the Executive Director of Information Technology.
Sensitive data is defined as any data that could provide access to personal information of an individual or institution. Such data includes, but is not limited to, documents and files that may contain Personally Identifiable Information such as financial, human resources, payroll and student information documents and files.
Personally Identifiable Information (“PII”) is defined as any of the following:
- Social Security Number
- Passport Number
- Employee or Student Identification Number
- State or Federally Issued ID numbers (e.g., driver’s licenses).
- Date of Birth
- Maiden Name
- Mother’s Maiden Name
- Credit Card or Financial Account Information
- Results of background or criminal history checks
- Payroll and salary information
- Medical Information
- Accommodation requests and related information
- Biometric data (such as fingerprint, voice print, retina or iris images)
- Digital or other electronic signature files.
Storage of sensitive data
Sensitive data must not be stored on desktop or laptop computer hard drives. Such data must be stored on network servers only. Storing sensitive data on removable media, such as USB flash drives, CD-ROMS and CDRWs is prohibited.
External transmission of sensitive data
Sensitive data must never be transmitted outside of the College system via insecure means, including email and File Transfer Protocol (FTP) unless the data is first encrypted.
FACULTY/STAFF STANDARD SOFTWARE
- MS-Windows XP (Service Pack 2)
- MS-Windows7 (Teaching Faculty Computers, Effective 8/15/10)
- MS-Office 2007
- MS-Outlook 2007
- Internet Explorer7 (IE8 for Windows7 Computers)
Employees should contact the Information Technology Help Desk to arrange for custom software installations. Installation of specialized software is at the discretion of the appropriate supervisor and the Executive Director of Information Technology. Employees are not permitted to perform their own installations without the authorization of the Information Technology Department.
ACADEMIC LABS SOFTWARE
- MS-Windows7 (Effective 8/15/10)
- OSX (Mac Labs)
- MS-Office 2007
- MS-Outlook 2007
- Internet Explorer7 (IE8 for Windows7 Computers)
Customized software installations in Academic Labs will be configured to meet the particular curriculum needs of each individual lab.
Modifications to customized software in Academic Labs will not be performed after the start of each semester’s classes unless authorized by the Executive Director of Information Technology.
COMPUTER ENERGY MANANGEMENT – BEST PRACTICES
- All employee computers should be “shutdown” at the end of the workday.
- When two (2) hours or more of inactivity is expected, the computer should be shutdown; an alternative is to place it in hibernation or standby mode.
- Hard drives should be configured to turn off after 30 minutes of inactivity.
- Computer monitors should be configured to enter power-saving mode after 20 minutes of inactivity.
- Screen savers waste energy and should not be configured.
Telecommuting is defined as the “ability to work at home (or other remote location) using a computer or PDA connected to the MVCC Data Network, servers and its software”. All telecommuting requests must be approved by the appropriate supervisor and the Executive Director of Information Technology. All reasonable software, hardware and security considerations will be provided upon approval of such requests under the assumption that telecommuting is considered a courtesy and not a mandated employee right.
COLLEGE ISSUED LAPTOPS
Fulltime faculty members may choose to be issued either a desktop computer or a laptop. Part time employees may request a loaner laptop from the MVCC Media Center (pending availability).
Upon termination of employment from the College, College-issued laptops must be returned to the Information Technology Help Desk as part of the overall College checkout procedure.
If a fulltime faculty member (who was previously issued a laptop) reverts to part-time employment status, that employee must turn in the laptop to the Information Technology Help Desk. The employee may then request a loaner laptop from the MVCC Media Center.
CELL PHONES AND PDAs
Personal cell phones may connect to the MVCC Email System(s). The Information Technology Department will provide the needed credentials for the connection. The selection, purchase and configuration of personal cell phones are the responsibility of the end-user. End-users should be aware that optimal configurations of cell phones will occur if the phone is compatible with MS-Exchange Server. The Information Technology Department will provide reasonable levels of assistance for personal cell phones, but assumes no liability for their ability to connect and function with MVCC Systems.
Damage to College-issued equipment (laptops, desktop computers, etc) must be reported to the Information Technology Department Helpdesk. Attempts will be made to repair the equipment; as required, equipment will be replaced. In the case of damage due to negligence, replacement will not occur until the Executive Director of Information Technology has documented the damage with the appropriate supervisor. Any repayment of replacement costs or other corrective action is at the discretion of the supervisor and the Director of Human Resources.
MICROSOFT OFFICE SOFTWARE FOR HOME USAGE
Full-time employees may request a licensed version of MS-Office for working at home and will be loaned a CD-ROM with the software. Software installation and all potential risk to personally owned systems is the responsibility of the requesting employee. Before the software is issued, the requesting employee must sign an affidavit that the issued software (to be installed on non-MVCC equipment) will be used for MVCC-related business needs; this form must also be signed by the appropriate supervisor, indicating approval.
DISPOSAL OF SURPLUS COMPUTER EQUIPMENT
- At periodic intervals or due to computer obsolescence, campus computers (in offices and academic labs) will be removed and/or replaced by the Information Technology Department. In the case of bulk removals, the Physical Plant will offer appropriate assistance.
- IT will evaluate all equipment to see if it can be used for another College application.
- IT will arrange for the removal of any and all data from the machine using a hard drive wiping application or degaussing prior to final disposition.
- If appropriate, the Business Office will coordinate the sale or public auction of surplus computers/equipment.
- If old computers are deemed no longer usable, operational or not fit for public sale or auction (by the Information Technology Department), the Environmental Health and Safety Officer will coordinate with a NYSDEC authorized recycling vendor for removal from the College physical inventory and proper disposal.
- Items to be disposed will be recorded with item description, College decal number and item serial number.
- A summary list of equipment to be disposed will be approved by the Executive Director of Information Technology and the Vice President for Administrative Services prior to disposal. Appropriate updates to the Fixed Assets Module in Banner will be maintained.
- Per requirements of the New York State Office of the State Comptroller, the Environmental Health and Safety Officer will retain all certificates and detailed disposal invoices.
- Equipment will be stored in a secure area prior to its disposal.
- A yearly report of Computer Assets will be submitted to the Vice President for Administrative Services for insurance purposes.
DATA PRIVACY AND SOFTWARE USE
Anyone having data representation in a college database has the right to data privacy. There are specific federal and state legal rights involving personal data access, manipulation and dissemination that are afforded to everyone. They address:
- Right of access - "legitimate interest" required in the normal conduct of business
- Manipulation - being accomplished with full knowledge and consent of the file or account owner
- Dissemination of data - only to persons or agencies having a "need to know"
In addition, students have specific rights under the Family Educational Rights and Privacy Act of 1974 including access to their data by themselves and their families. College procedure governing the implementation of the provisions of this Act is detailed in the Student Handbook (“Release of Student Information"). In general, student educational records should be accessible to College faculty and staff when they have a "legitimate educational interest in the data". Personally identifiable information can only be released to other persons or agencies within the limitations described in the procedure.
Data privacy restrictions also apply to the creation and release of student data in response to special external requests outside normal college operations. They specify that:
- Release of student data must conform to the provisions of the Family Educational Rights and Privacy Act. If there is doubt regarding this, please contact the Registrar.
- Use of the data must have a legitimate educational basis. If in doubt, please contact the Vice President for Learning and Academic Affairs.
- Creation of special lists or reports must not unduly interfere with college operations
- Data requests are handled by the Information Officer, the Vice President for Administrative Services.
- There may be a charge for creation of special lists and reports. The current College charge is $50 per hour for computer personnel and computer time to produce the material plus 10 cents per page for the printout. The rates may be changed by the Vice President for Administrative Services.
Individual users are responsible for any violation of any of these procedures that may originate from their computer(s) or account(s). Violations of these procedures may result in disciplinary action, including suspension of privileges, termination of employment, and civil liability. Violations of some portions of this policy may constitute a criminal offense, and may result in the engagement of appropriate law enforcement authorities.
These procedures shall be reviewed by the Executive Director of Information Technology and the President’s Cabinet at least once per calendar year.
The goal of MVCC’s use of social media is to foster an online community for various MVCC constituents, reflecting the mission, vision, and values of the institution. Although these sites are outside the direct control of the institution, MVCC maintains an interest in how it is portrayed by them. Social media should be used to enhance communications, providing value to the College’s target audiences.
This regulation does not apply to an individual’s private use of social media on private resources. Instead, this administrative regulation establishes standards for employees and students who create, administer or post to social media pages on behalf of MVCC and the use of public resources. They should be seen as supplementing, and not in lieu of, existing Board policies and regulations, official public stewardship responsibilities, technology resource standards, marketing and communications guidelines, and other applicable laws and administrative standards. It is important to remember and respect the privacy of others when using social media in the context of the educational setting. When posting photographs, videos, quotes or recorded statements of individuals on MVCC social media pages, forms that authorize MVCC may be required for their use; for instance, when interviewing or photographing an individual for a story that will be posted online.
Nothing contained in this regulation shall be construed as denying the civil and political liberties of any person as guaranteed by the United States Constitution, nor does it seek to impede upon the tenants of academic freedom that are extended to faculty.
Social media can be defined as media based on the use of web and mobile technologies that allow for user-generated exchanges of information. Social media are powerful communication tools, enabling collaboration and communication as an interactive dialogue, enhancing the value of conversations across a global audience. Social media includes, but is not limited to, social networking sites, collaborative projects such as wikis, blogs and micro-blogs, content communities, virtual game worlds, and virtual communities.
Institutional Social Media Guidelines and Procedures
Institutional Social Media includes various sites, pages, profiles, projects, and virtual communities that are created specifically on behalf of MVCC, and that exist to serve as official MVCC communications. Creation and use of social media sites on behalf of MVCC is for business use, such as for educational, research, service, operational, marketing, and management purposes. Likewise, data, voice, images, videos and links posted or transmitted via MVCC’s technology resources are limited to the same purposes.
Authorization to create and administer social media sites on behalf of MVCC must be coordinated through the Marketing and Communications Office. Before you start, send an email request with the following information to the Media Content Coordinator:
• The purpose of the profile. What are the goals of having a social media page or profile for your department or organization?
• Who will be responsible for updating the page? Keeping the page up-to-date may seem like a daunting task, but it is important to keep your followers engaged.
• A rough outline of what content you will post throughout the year. Having a basic plan for what you will post to your page for the next three months, six months and year will be helpful in making sure you have enough content to warrant a profile. Remember that information an always be posted via the College’s main channels, just email your posts to the Media Content Coordinator.
If having a social media profile makes sense for your department or office, Marketing will work with you to create a page that is branded consistently with MVCC’s social community.
• Remember the mission of MVCC: Any official MVCC social media profile must provide a link to the official MVCC website. You don’t have to link to the homepage. For example, CCED may link to the CCED subpage on the site. Links can be placed on the Info section of the page profile.
• Disclaimer: Every social media site must make an effort to display or link to the following disclaimer (or some version of it) in a conspicuous manner: The statements, comments, or opinions expressed by users through use of MVCC’s social media platforms are those of their respective authors, who are solely responsible for them, and do not necessarily represent the views of MVCC.
• MVCC identity: Use of any MVCC logos, marks or likeness on personal social media sites is forbidden. Social media sites established for conducting MVCC business must adhere to established brand identity standards.
• Add a Marketing Admin: The Marketing & Communications Office should be given access to all MVCC social media accounts to ensure backup in case of absence or employee turnover.
• Keep it real: Make sure to communicate in an authentic voice. Talk to your followers like you would talk to real people in real life. Avoid language that is too formal or technical.
• Post smart: As a representative of MVCC, you have more responsibility than the average user about what you post on social networks. Realize that there are real-world consequences for things that you communicate online, just as there are real-world consequences for how you conduct yourself on the job. Also, familiarize yourself with Family Educational Rights and Privacy Act (FERPA). For information on this, email Kate Barefoot at email@example.com.
• Post frequently: If your page isn’t active, followers won’t have a reason to return. Pages should be updated at least once per month. Some pages will be updated more often, perhaps several times a day. If your page doesn’t have enough content to post at least one update a month, consider posting to the main MVCC profile instead of having a separate one. Inactive sites will not be supported by the College and will be deactivated.
• Exercise good judgment: You are communicating with many people who all have varied opinions. Think twice about everything you post.
• Consider accessibility: Remember that not all students have the same abilities. Facebook has an Accessibility and Assistive Technology page that outlines its resources. If you have specific questions about your page and accessibility, email Tamara Mariotti in Disabilities Services at firstname.lastname@example.org.
• Respect copyrights: Always give people proper credit for their work, and make sure you have the right to use something before you share it. Never post copyrighted photos, music, text or video content without permission of the copyright owner.
• Consider College policies: Refer to the Board of Trustees policies, Information Technology Policy, Student Handbook Code of Conduct, and the Employee Handbook for policies that cover social media usage.
Guidelines for Employees
Employees should remember that students and the community might judge them and MVCC by their posts. Employees should be honest and transparent about their identity and role at MVCC. Maintain accuracy by verifying facts before posting information via social media. Exercise restraint and show respect for the opinions of others. Do not use MVCC-related social media to promote services, products or organizations that are unrelated to MVCC or its business. Use good judgment in connecting with others via social media sites.
Employees will keep their personal social media sites separate from MVCC social media. In personal posts, employees may identify themselves as an MVCC faculty or staff member. MVCC telephone numbers, email addresses, and images are not to be posted by employees on personal social media sites. Employees need to be clear that they are sharing their views as a member of the higher education community, not as a formal representative of MVCC or its member institutions.
Guidelines for Students
Students are not restricted from using social media. However, they must understand that any content made public via MVCC social media sites is expected to follow acceptable social behaviors and comply with the law, Student Handbook, the Student Code of Conduct and Commitment to Civility, Information Technology Policy, and other MVCC policies and procedures.
A student who feels that he/she has been treated unfairly or unjustly by a fellow student or faculty member (full-time or part-time) with regard to communications conducted via MVCC social media sites should contact the Office of Civic Responsibilities.
The malicious use of MVCC social media, including derogatory language about any member of the MVCC community; threats to any third party; incriminating photos or statements depicting hazing, sexual harassment, vandalism, stalking, underage drinking, illegal drug use, or any other inappropriate behavior, will be subject to disciplinary action.
Employees should be advised against perpetuating negative media from official MVCC social media sites or damaging the MVCC brands in any way. This type of negative social media engagement from official MVCC sites can result in a loss of privileges to use social media in any official capacity.
The following list includes, but is not limited to, inappropriate content posting to social media sites:
• Conducting MVCC business using social media sites that are not authorized as an official means of communication per marketing standards and processes.
• Posting confidential or propriety information about MVCC students, alumni and employees that is in violation of MVCC policies or FERPA.
• Violating any provision of MVCC’s Information Technology Policy.
• Violating any provision of the Student Code of Conduct and Commitment to Civility.
• Posting comments to MVCC-authorized social media sites that are not directly related to MVCC business or accomplishing work-related goals.
• Posting any text, images or links to content that violate copyright law.
• Violating MVCC’s Harassment Policy.
• SPAM comments. All platforms that enable comments should be reviewed regularly for SPAM, removing SPAM comments as quickly as possible.
Complaints or allegations of a violation of these standards will be processed through MVCC’s articulated grievance procedures, Student Code of Conduct and Commitment to Civility or resolution of controversy.
Upon determination of a violation of these standards, MVCC may unilaterally delete any violating content, and terminate the user's access. It is the user's responsibility to demonstrate and/or establish the relevance of content in the event that a content complaint is made official.