The University provides and maintains computing and telecommunications technologies to support the education, research and work of its faculty, staff and students. To preserve the security, availability and integrity of ADZU computing resources, and to protect users’ rights to an open exchange of ideas and information, this policy sets forth the responsibilities of each member of the ADZU community in the use of these resources.
This document presents specific guidelines and privileges to responsible and ethical use of computing equipment in the University.
Aim and Scope of this Policy
These guidelines apply to all users of computing and electronic communication resources, and computing equipment owned and/or managed by the Ateneo de Zamboanga University. This includes all students, faculty, visiting faculty, staff, contractors and visitors.
User: A user is defined to include all people making use of the University’s computing facilities, and is not just limited to staff, faculty and students of the University. Users are deemed to have read, understood and agreed to abide with the requirements in this policy if they make use of any University computing facility.
System Administrator: A system administrator is an employee of the University who has responsibilities to maintain, configure, operate, or repair computing resources. System administrators have special privileges and special responsibility granted by the University under this policy.
ADZU Computing Resources: Computing equipment includes all computers, systems, networking equipment, peripheral devices, servers and any other property attached to the ADZU network.
The University accepts no responsibility for any damage or loss of data arising directly or indirectly from the use of these facilities or for any consequential loss or damage from the failure of hardware or software, or from human error.
The University makes backups of the file server machines in order to protect data in the event of a hardware or software failure. The University makes no warranty that all data can or will be restored from the backups. Users who have critical data should ensure that they have made their own backups of their work. Users are ultimately responsible for their own data.
The University takes no responsibility for those facilities over which it has no control. The policies apply for those facilities the University has control of.
Users are expected to follow normal standards of responsible, ethical and polite conduct in their use of the computing resources, even in the absence of reminders or enforcement.
Rule 1: Use ADZU Computing Resources Consistently with the Stated Priorities. These priorities are set on the use of ADZU computing resources.
HIGH: All educational, research and administrative purposes of the University
LOW: Other uses indirectly related to University purposes that have an educational or research benefit, including news reading, Web browsing, chat sessions, entertainments and personal communications.
FORBIDDEN: Selling ADZU computing resources to outside users; intentionally denying or interfering with any network resources (e.g. spamming, jamming and crashing any computer); using or accessing ADZU computing resource without proper authorization; using the technology to misrepresent or impersonate someone else; sending chain letters; violating republic law or University law.
The low priority uses of ADZU Computing Resources should be avoided during the times of peak demand, typically the mid-morning to mid-afternoon hours. During peak periods, other users may be prevented from doing their high priority work if someone is doing something of low priority.
Rule 2: Use your network accounts properly. Accounts must be used for legitimate purposes.
Users are only permitted to use those accounts that have been authorized for their use. You may not authorize anyone else to use your account(s) for any reason. Users are responsible for all activity initiated from their accounts.
- If unauthorized use of any account is detected, the password of that account must be changed immediately and the intrusion reported to the Center of IT Services.
- Users must set a password that will protect their account from unauthorized use and which will not be easily guessed. Passwords should never be given to others. Passwords should be changed on a regular basis to assure the continued security of accounts.
The University’s computing disk storage is a resource with costs attached and should be used with care and discretion. It is not meant to be use for archiving programs and data not currently being used or for storage of files that are publicly available elsewhere. It is meant for current class work, research and development projects and temporary storage of other files related to work. Users should attempt to keep disk usage minimized and refrain from maintaining duplicate and large copies of files in the system.
Rule 3: Users are prohibited from interfering with or altering the integrity of the systems.
Users are explicitly prohibited from developing or using programs that attempt to
- bypass system security mechanisms;
- capture network traffic;
- capture or decode passwords;
- break encryption protocols;
- replicate themselves or attach themselves to other programs;
- evade software licensing or copying restrictions.
Users may not conduct experiments that demonstrate system vulnerabilities. Without the explicit permission of the Center of IT Services, users are not allowed to run any of the following protocols or services:
- Port scanners, network monitors or other types of utilities on any part of the University’s network.
- Routing or network serving protocols such as RIP, IGRP, BOOTP or DHCP on the network.
- Daemons, processes or programs that accept incoming connections that only a server would do.
Rule 4: Know and understand the limitations in electronic communications
Users must not create and send, or forward:
- electronic chain letters;
- unsolicited information that contains obscene, indecent material or other material which explicitly or implicitly refers to sexual conduct;
- unsolicited information which contains profane language or panders to prejudice, sexism, or other forms of discrimination.
ADZU computing network, services and wiring may not be modified or extended beyond the areas of their intended use. Network connections may not be used to provide network access to anyone outside the University community or for any purposes other than those that are in direct support of the academic mission of the University.
Bandwidth both within campus and connecting to the Internet is a shared, finite resource. Users of ADZU computing resources must make reasonable efforts to use this resource in ways that do not negatively affect others.
Rule 5: Be aware of your IT responsibilities—know the policies
The University may establish specific policies to address short-term problems or situations. Users are obligated to follow those short-term directives and/or policies as if they were part of this policy. Users are also obliged to follow any specific personal instructions from office areas with regard to the use of their facilities. Users are responsible for obeying all official notices posted in computer laboratories, computer workstations and offices.
Users should exercise caution when storing any confidential information in electronic format, because the University cannot guarantee complete privacy. Data (including e-mail) may, due to software or hardware failure, be accessible to those who are not explicitly authorized to view it. System Administrator in the Center of IT Services may, on occasion, have access to such data while performing routine operations or in pursuing apparent systems problems or user problems. These include: system backups, software upgrades, diagnostic and troubleshooting activities.
The University has an obligation to maintain the privacy of a user's files and electronic mail to the best of its ability.
With reasonable cause for suspicion, the System Administrator has the right to monitor any and all aspects of a system, including individual login sessions, to determine if a user is acting in violation of the policies set forth in this document.
To protect the integrity of the computer systems and network against unauthorized or improper use, and to protect authorized users from the effects of improper use of the system, the Systems Administrator reserves the right to: limit or restrict any account usage, and to inspect, copy, remove or otherwise alter any data, file or system resources without notice to the user.
The System Administrator has the right to terminate or alter the priority of any process that is consuming excessive system resources or objectionably degrading system response, with or without prior notification.
The System Administrator has the right to terminate login sessions that have been idle or unused for long periods of time in order to free resources. This applies particularly to limited resources, such as dial-in connections.
The System Administrator has the responsibility to provide as much notice as possible of system shutdowns, maintenance, upgrades or changes so that users may plan around the periods when system is not available. In the event of an emergency, the System Administrator has the right to shut down a system with little or no advance notification. An effort will be made to give users a chance to save their work before the system is taken out of service.
The University reserves the right to take disciplinary and/or legal action in the case of violation of this policy. Penalties for violation of any of the policies set forth in this document, depending upon the nature of the infraction, may be imposed under University regulations.
Minor violation of this policy, such as poorly chosen passwords, overloading systems, excessive disk space consumption, and so on are typically handled in an informal professional manner between the Center of IT Services and the offender.
More serious offense like impersonation, system attacks, or repeated violations will be reported to the Human Resource, Administration and Development Office as a case of misconduct. In the case of students this may result in a complaint being referred to the Dean of Student Affairs.
Some conduct may result in civil or criminal legal action being taken.
Much of the material in this policy is derived from materials contained in policy documents published by other institutions and universities abroad.