Information Technology Resources Responsible Use Policy
Overview and Summary

A polytechnic university must excel in helping its users understand and conduct their teaching, learning and administrative efforts so as to be leaders in the responsible uses of such powerful and increasingly pervasive technologies.  Cal Poly has established, posted and communicated a detailed Responsible Use Policy (RUP) outlining the respective responsibilities and required actions by members of the campus community regarding responsible use of the University’s information technology (IT) resources. 

The intent is to be clear and current in identifying the critical issues that impact the use of these resources and to offer specific policy and procedural guidance that expands understanding of campus requirements while encouraging compliance. The full policy describes the legal and policy requirements with which the University must comply in order to function effectively in today’s complex information rich teaching and learning environment, providing definitions, examples and context where appropriate.

This document summarizes the key policy requirements and includes a brief overview of its guidelines to encourage users to understand how and why they should wisely and efficiently use campus IT resources and become aware of the important laws and practices in place to ensure they comply with the policy and its requirements.  While this summary provides a good starting point, each user is responsible for being fully aware of the RUP and its implications to personal conduct. Please take time as soon as possible to read and review the RUP in its entirety at http://security.calpoly.edu/policies/.  For more information, contact it-policy@calpoly.edu

The Acceptable Use Policy Committee (AUPC) will continue to solicit user feedback to insure that the policy is clear, well understood and communicated, and kept current to the issues and factors that underlie the role and uses of IT throughout the University.

Preface

As a public institution of higher education, Cal Poly is committed to fostering an educational climate in which students, faculty and staff can approach their respective roles with a sense of high purpose and in which they may study and work free from harassment and intimidation. The University's Responsible Use Policy for Information Technologies (RUP) recognizes that personal viewing or transmittal of potentially offensive digital materials (for example, sexually explicit materials) may result in excessive use of campus computer and network resources inconsistent with professional responsibilities and ethical standards. Such practices may also result in educational and work environments that are hostile or are perceived to be hostile. In consequence, all members of the campus community are advised that the University does not condone and will not tolerate any such actions that are proven to constitute excessive use, to create a hostile work environment, or to have the effect of harassing or intimidating members of the campus community. In addition, any viewing or transmitting of illegal materials (for example, child pornography or obscene materials) is explicitly prohibited. The University also emphasizes that its policies are not aimed to impair free expression and open inquiry or unduly to restrict access to any lawful digital materials by those who would do so within the guidelines of the RUP.

Paul J. Zingg, Provost and Vice President for Academic Affairs, April 11, 2003

Applicability

The RUP applies to all users and all IT resources provided by the University and its direct affiliated partners, such as 4CNet, in support of Cal Poly’s core academic mission and to enable users to access, communicate, store, retrieve, and transmit messages, digital files, and images.  The RUP also relates to the impact and consequences such actions of individuals or groups may have on the IT infrastructure and identifies suitable conduct where such conduct is known or described as part of law or acceptable practice.

Additional use policies and terms and conditions may be in place for specific resources provided by Information Technology Services (ITS) or other Cal Poly units.  Users must become familiar with any policies when agreeing to use campus resources.  Commercial services also require compliance with their use policies and users should be aware of them as well to the extent they could be different and in some cases more restrictive.

Rights and Responsibilities

Computers and networks can provide access to resources on and off campus, as well as the ability to communicate with other users worldwide.  Such open access is a privilege, in much the same way as a driver’s license is granted and requires that the individual user know what is expected of them and that they act responsibly.

The principal concern of the RUP is the effective and efficient use of IT resources to insure that the resources are used in a manner that does not impair or impede the use of these resources by others in their pursuit of the mission of the University.  Users must respect the rights of other users, respect the integrity of the systems and related physical resources, and observe all relevant laws, regulations, and contractual obligations.

Users are responsible for staying informed of applicable laws and regulations governing the use of IT resources and, when unsure, to seek advice and guidance from the full RUP as posted and issued and from the appropriate University officials assigned to advise on such matters.

Existing Legal Context

All existing laws (federal and state) and University regulations and policies apply, including not only those laws and regulations that are specific to computers and networks, but also those that apply generally to personal conduct.

Critical issues that impact the conduct of users with respect to IT resources

• IT resources are provided to support the University’s core mission of education, research and service and such use has priority over all other uses.
• Electronic mail and computer files are considered private to the full extent of the law.
• The scrutiny of content will not be the normal practice of officials in determining how IT resources are used; however, the University will act on alleged violations that concern content or specific uses and will investigate such claims as appropriate.
• The University reserves the right to limit access and use appropriate means to safeguard its resources, preserve network/system integrity and ensure continued service delivery at all times, including routine monitoring of IT resources.
• All members of the University are responsible for ensuring that their handling of information about individuals is consistent with university policies and federal/state laws on the privacy of such information.
• Certain activities will not be considered misuse when clearly authorized by appropriate university officials for designated educational or administrative purposes, including security or performance testing, provided they do not interfere with other uses of campus resources.
• Responsible use will be given priority over the current or potential design, capability or functionality of specific technologies and resources.
• Access to IT resources implies a degree of risk that users may encounter “offensive” materials.  As a matter of policy, the University protects expression by members of its community. However, in exceptional cases, such materials may present a hostile environment under the law and warrant certain restrictive actions.
• The impact of a single user or group of users (e.g., residence halls) on campus IT resources will be of direct interest and primary concern in determining how the RUP is applied.

Compliance and Enforcement

Users may be held accountable for their conduct under any applicable University policies, procedures, or collective bargaining agreements.  Enforcement will be based upon receipt of one or more formal complaints about a specific incident or through discovery of a possible violation in the normal course of administering IT resources. 

Complaints alleging serious misuse will be directed to those responsible for taking appropriate disciplinary action.  Appeals of university actions resulting from enforcement of this policy will be handled through existing disciplinary/grievance processes. First offenses and minor infractions are generally resolved informally by the entity responsible for the resource.  Repeat offenses and serious incidents may lead to formal disciplinary action up to and including dismissal or termination.  Misuse may result in the loss of computing privileges and prosecution under applicable civil and criminal statutes.

Reporting Irresponsible or Inappropriate Use

Suspected infractions of this policy should be reported to ITS at abuse@calpoly.edu or complaints@calpoly.edu in accordance with Appendix D, Policy Implementation and Practices.

Some examples of misuse include, but are not limited to, the following activities:

• Reproducing, distributing or displaying copyrighted materials without prior permission of the owner, including text, images, photographs, music files, sound effects, etc.
• Using a computer account, IP address, computer name or port you are not assigned or authorized to use.
• Sharing a password for your computer/network account with others.
• Deliberately or inadvertently wasting computing resources.
• Using electronic mail to harass others, send chain and junk mail (spam), disseminate mass mail without permission, or mail "bombs."
• Using the campus network to gain unauthorized access to any computer systems.
• Running a port scan on a computer system without prior permission of the owner.
• Performing an act that interferes with the normal operation of any IT resources.
• Knowingly running or installing, or giving to another user, a program intended to damage or to place files on another users' account/system without their knowledge.
• Using applications that inhibit or interfere with the use of the network by others.
• Attempting to circumvent data protection schemes or uncover security loopholes.
• Violating terms of applicable software licensing agreements or copyright laws.
• Masking the identity of an account or machine.
• Attempting to monitor or tamper with another user's electronic communications, or reading, copying, changing, or deleting another user's files or software without the explicit permission of the owner.
• Using campus IT resources for personal gain, including running a business for profit or non-profit purposes, promoting and selling products and services, etc.
• Providing services or accounts from your computer to anyone but yourself, e.g., web servers, FTP servers. Providing a pass-through site to other campus hosts. Providing remote log in (e.g. telnet access) on your computer for anyone other than yourself.
• Registering a Cal Poly IP address with any other domain name.
• Capturing passwords or data on the network not meant for you.
• Posting materials that violate existing laws or the University's codes of conduct.
• Modifying or extending Cal Poly network services and wiring beyond the area of intended use. This applies to all network wiring, hardware and in-room jacks.
• To minimize destructive hacking, do not provide information about the networks to Newsfeeds, Anonymous FTP site, BBS, UUCP site, etc

Policy Development History

View the complete Responsible Use Policy

Return to the Information Technology Policies Website

Updated 6/30/03 - Updated policy development history