VCCS Computer Ethics Guideline

Thousands of users share VCCNet computing resources. Everyone must use these resources responsibly since misuse by even a few individuals has the potential to disrupt VCCS business or the work of others. Therefore you must exercise ethical behavior when using VCCNet resources.

State Law (Article 7.1 of Title 18.2 of the Code of Virginia) classifies damage to computer hardware or software (18.2-152.4), unauthorized examination (18.2-152.5), or unauthorized use (18.2-152.6) of computer systems as (misdemeanor) crimes. Computer fraud (18.2-152.3) and use of a computer as an instrument of forgery (18.2-152.14) can be felonies. The VCCS's internal procedures for enforcement of its policy are independent of possible prosecution under the law.

Definition

VCCNet resources include mainframe computers, minicomputers, microcomputers, networks, software, data, facilities and related supplies.

Guidelines

The following guidelines shall govern the use of all VCCNet resources:

You must use only those computer resources that you have the authority to use. You must not provide false or misleading information to gain access to computing resources. The VCCS may regard these actions as criminal acts and may treat them accordingly. You must not use VCCNet resources to gain unauthorized access to computing resources of other institutions, organizations or individuals.

You must not authorize anyone to use your computer accounts for any reason. You are responsible for all use of your accounts. You must take all reasonable precautions, including password maintenance and file protection measures, to prevent use of your account by unauthorized persons. You must not, for example, share your password with anyone.

You must use your computer resources only for authorized purposes. Students or staff, for example, may not use their accounts for private consulting. You must not use your computer resources for unlawful purposes, such as the installation of fraudulently or illegally obtained software. Use of external networks connected to the VCCNet must comply with the policies of acceptable use promulgated by the organizations responsible for those networks.

Other than material known to be in the public domain, you must not access, alter, copy, move or remove information, proprietary software or other files (including programs, members of subroutine libraries, data and electronic mail) without prior authorization. The college or VCCNet data trustee, security officer, appropriate college official or other responsible party may grant authorization to use electronically stored materials in accordance with policies, copyright laws and procedures. You must not copy, distribute or disclose third party proprietary software without prior authorization from the licenser. You must not install proprietary software on systems not properly licensed for its use.

You must not use any computing facility irresponsibly or needlessly affect the work of others. This includes transmitting or making accessible offensive, annoying or harassing material. This includes intentionally, recklessly, or negligently damaging systems, intentionally damaging or violating the privacy of information not belonging to you. This includes the intentional misuse of resources or allowing misuse of resources by others. This includes loading software or data from untrustworthy sources, such as free-ware, onto official systems without prior approval.

You should report any violation of these regulations by another individual and any information relating to a flaw or bypass of computing facility security to the Information Security Officer or the Internal Audit department.
Enforcement Procedure
Faculty, staff and students at the college or VCCNet faculty should immediately report violations of information security policies to the local Chief Information Officer (CIO).

If the accused is an employee, the CIO will collect the facts of the case and identify the offender. If, in the opinion of the CIO, the alleged violation is of a serious nature, the CIO will notify the offender's supervisor. The supervisor, in conjunction with the College or System Human Resources Office and the CIO, will determine the appropriate disciplinary action. Disciplinary actions may include but are not limited to:

Temporary restriction of the violator's computing resource access for a fixed period of time, generally not more than six months.

Restitution for damages, materials consumed, machine time, etc. on an actual cost basis. Such restitution may include the cost associated with determining the case facts.

Disciplinary action for faculty and classified staff in accordance with the guidelines established in the State Standards of Conduct Policy.

In the event that a student is the offender, the accuser should notify the Dean of Student Services. The Dean, in cooperation with the CIO, will determine the appropriate disciplinary actions which may include but are not limited to:

Temporary restriction of the violator's computing resource access for a fixed period of time, generally not more than six months.

Restitution for damages, materials consumed, machine time, etc. on an actual cost basis. Such restitution may include the cost associated with determining the case facts.

Disciplinary action for student offenders shall be in accordance with the college student standards of conduct.
The College President will report any violations of state and federal law to the appropriate authorities.

All formal disciplinary actions taken under this policy are grievable and the accused may pursue findings through the appropriate grievance procedure.

Approval

This guideline shall remain in effect from March 31,1995, until superseded or suspended.
Last changed May 4, 1998.