Main Content

College Wide Policies - Information Technology Ethics

Catalog and Student Handbook

Users of the Virginia Community College System’s local and wide area computer systems must abide by the following terms. These terms govern access to and use of the information technology applications, services and resources of the VCCS and the information they generate.

The College grants access as a necessary privilege in order to perform authorized functions at the College. Users must not knowingly permit use of entrusted access control mechanisms for any purposes other than those required to perform authorized functions. These include log-on identification, password, workstation identification, user identification, file protection keys, or production read or write keys.

Users will not disclose information concerning any access control mechanism unless properly authorized to do so by the College. Users will not use any access mechanism that the VCCS has not expressly assigned to them.

Users will treat all information maintained on the VCCS computer systems as strictly confidential and will not release information to any unauthorized person. Users agree to abide by all applicable State, federal, VCCS, and College computer security and ethics guidelines. Users will follow all the VCCS computer ethics guidelines and protect the data contained therein. If users observe any incidents of noncompliance with the terms set forth herein, they are responsible for reporting them to the Technical Services Manager.

Users acknowledge that the VCCS’s network administration or appropriate, designated College officials reserve the right, without notice, to limit or restrict any individual’s access and to inspect, remove or otherwise alter any data, file, or system resource that may undermine the authorized use of any network computing facilities.

Users are responsible for adhering to the terms and provisions of this policy. Any user found to be in violation of these terms and provisions will be subject to disciplinary action.

VCCS Computer Ethics Guideline

Thousands of users share VCCS computing resources. Every user must use these resources responsibly since misuse by even a few individuals has the potential to disrupt VCCS business or the work of others. Therefore, users must exercise ethical behavior when using VCCS computing resources.

State Law classifies damage to computer hardware or software, unauthorized examination, or unauthorized use of computer systems as misdemeanor crimes. Computer fraud and use of a computer as an instrument of forgery can be felonies. The VCCS’s internal procedures for enforcement of its policy are independent of possible prosecution under the law.

Definition: VCCS computing resources include mainframe computers, minicomputers, microcomputers, networks, software, data, facilities and related computer peripherals.

Guidelines: The following guidelines shall govern the use of all VCCS computing resources:

Users must use only those computer resources that they have the authority to operate.

Users must not provide false or misleading information to gain access to computing resources. The VCCS may regard these actions as criminal acts and may treat them accordingly. Users must not use VCCS computing resources to gain unauthorized access to computing resources of other institutions, organizations or individuals.

Users must not authorize anyone to use their computer accounts for any reason. Users are responsible for all use of their accounts. Users must take all reasonable precautions, including password maintenance and file protection measures, to prevent use of their accounts by unauthorized persons. Users must not, for example, share their password with anyone.

Users must use their computer resources only for authorized purposes. Students or staff, for example, may not use their accounts for private consulting. Users must not use their computer resources for unlawful purposes, such as the installation of fraudulently or illegally obtained software.

Use of external networks connected to the VCCS computing network must comply with the policies of acceptable use promulgated by the organizations responsible for those networks.

Other than material known to be in the public domain, users must not access, alter, copy, move or remove information, proprietary software or other files (including programs, members of subroutine libraries, data and electronic mail) without prior authorization. The College or VCCS computer network data trustee, security officer, appropriate College official or other responsible party may grant authorization to use electronically stored materials in accordance with policies, copyright laws and procedures. Users must not install proprietary software on systems not properly licensed for its use.

Users must not use any computing facility irresponsibly or needlessly affect the work of others. This includes transmitting or making accessible offensive, annoying or harassing material. This includes intentionally, recklessly, or negligently damaging systems, intentionally damaging or violating the privacy of information not belonging to the user. This includes the intentional misuse of resources or allowing misuse of resources by others. This includes loading software or data from untrustworthy sources, such as free-ware, onto official systems without prior approval from the Technical Services Manager (TSM).

Users should report any violation of these regulations by another individual and any information relating to a flaw or bypass of computing facility security to the Information Security Officer or the Internal Audit department.

Enforcement Procedure: Faculty, staff and students at the College or VCCS computing network facility should immediately report violations of information security policies to the TSM.

If the accused is an employee, the TSM will collect the facts of the case and identify the offender. If, in the opinion of the TSM, the alleged violation is of a serious nature, the TSM will notify the offender’s supervisor. The supervisor, in conjunction with the College or System Office Human Resources Office and the TSM, will determine the appropriate disciplinary action. Disciplinary actions may include but are not limited to:

  • Temporary restriction of the violator’s computing resource access for a fixed period of time, generally not more than six months.
  • Restitution for damages, materials consumed, machine time, etc., on an actual cost basis. Such restitution may include the costs associated with determining the case facts.

Disciplinary action for faculty and classified staff in accordance with the guidelines established in the State Standards of Conduct Policy. In the event that a student is the offender, the accuser should notify the Dean of Student Services. The Dean, in cooperation with the TSM, will determine the appropriate disciplinary actions which may include but are not limited to:

  • Temporary restrictions of the violator’s computing resource access for a fixed period of time, generally not more than six months.
  • Restitution for damages, materials consumed, machine time, etc., on an actual cost basis. Such restitution may include the costs associated with determining the case facts.
  • Disciplinary action for student offenders shall be in accordance with the College’s Student Standards of Conduct. The College President will report any violations of State and federal law to the appropriate authorities. All formal disciplinary actions taken under this policy are grievable and the accused may pursue findings through the appropriate grievance procedure.