Table of Contents
Anderson University’s computer resources and information network are vital for the fulfillment of the academic, research and business needs of our community. Use is provided as a privilege. In order to ensure a reasonable and dependable level of service, it is essential that each individual student, faculty and staff member exercise responsible, ethical behavior when using these resources. Misuse, even by a few individuals, has the potential to disrupt legitimate academic work of students and faculty, as well as the business processes of the institution.
The policies that follow outline the principles that govern our academic community in the appropriate use of computer resources and its information network. Unless otherwise stated, these policies apply to all members of the University community and to all University owned or managed computers and network equipment, as well as all information contained therein. Users must abide by all applicable restrictions, whether or not they are built into the operating system or network and whether or not they can be circumvented by technical means. These policies do not override any existing Anderson University policies as outlined in the Student, Faculty or Staff Handbook and are intended to be congruent with all applicable local, state and federal laws.
Anderson University will take reasonable precautions to maintain privacy and security within our electronic systems. The University cannot guarantee that these efforts will always be successful and, therefore, users must assume the possibility of a breach of University privacy and security systems. The University does not intend to sell, swap, rent, or otherwise disclose for purposes outside the scope of ordinary University functions user’s name, mailing address, telephone number, e-mail address, or other information. While the University makes reasonable efforts to protect information provided to us, we cannot guarantee this information will remain secure and are not responsible for any loss or theft.
No administrator or user will view, use, or otherwise access personal user data unless:
All technology and information resources will be managed within FERPA guidelines. Under the Family Educational Rights and Privacy Act of 1974, as Amended (FERPA), the following directory information may be made public unless the student desires to withhold any or all of this information. The student's name; Student Identification Number; local address; permanent address; e-mail address; local telephone number; permanent telephone number; dates of attendance; program of study (college, major, and campus); classification; previous educational agencies/institutions attended; degrees, honors and awards received; and participation in officially recognized activities and sports.
Currently enrolled students wishing to withhold any or all directory information items may do so by contacting the Registrar’s Office. For more information about Anderson University’s FERPA policies, go to: http://www.anderson.edu/registrar/ferpa.html
As an institution dedicated to pursuits of the mind, Anderson University recognizes and respects intellectual property rights. Our commitment is to provide an environment that supports the teaching and learning activities of our faculty, staff and students. To that end, all members of the community are expected to comply with applicable laws regarding copyright and intellectual property and to exercise in good faith the principles of “fair use” in education. The respect of copyright includes all media: print, audio, video and digital. The University does not condone nor support the illegal use or reproduction of copyrighted materials in any form.
Additionally, Anderson University intends to fully comply with all software licenses and their provisions and will take reasonable and prudent steps to assure these intellectual property rights are respected.
Recognizing the complexity and ever-changing environment within which copyrighted works exist, the University will strive to educate all members of our community on the laws as well as the practices of copyright and fair use.
Acceptable and responsible use of the University computer and network resources requires that all users follow these guidelines:
University prohibits unauthorized or misuse of University email addresses for
any purpose, including unauthorized or misuse of campus electronic mail lists.
All users should respect and preserve the privacy of personal and institutional data to which they may have access by:
5. Unauthorized or Inappropriate Uses
Unauthorized use of technology resources is prohibited and, in many cases, may be violations of the law. We are guided by the law in noting that unauthorized use includes, BUT IS NOT LIMITED TO, the following types of activities:
It is the user’s responsibility to promptly report any suspected unauthorized or inappropriate use, or misuse of Anderson University technology resources to their supervisor or to the Director of Information Technology Services. Anderson University has the right to investigate such uses, including the inspection of data stored or transmitted on the network or stored on any University-owned desktop computer. If a use is determined to be in violation of this or any other University policy, appropriate measures will be taken which may include, but are not limited to verbal or written warning, permanent or temporary suspension of user privileges, deletion of files, disconnection from the AU network, referral to the appropriate disciplinary process, and cooperation with appropriate law enforcement officials or agencies.
Faculty and Staff
Computers purchased by Anderson University have a standard hardware and software configuration which has been chosen for functionality and “supportability” within our institution. Computers owned by the institution will be supported, within those standards, to the full extent of our abilities. If we are unable to repair a computer, a substitute will be found. All users are encouraged to practice responsible computing practices such as regular backup of files from the local hard drive to the user’s network drive, assuring virus and OS/Windows updates or patches occur, and promptly reporting computer problems to the ITS HelpDesk (x4300 or email email@example.com).
Personal faculty and staff computers will not be supported by ITS. We encourage all users to install and regularly update virus protection software, download and regularly run spyware and ad removal programs and perform updates of Windows (if applicable) or Mac OS.
If personal computers are attached to the University network, they will be required to comply with Anderson University’s Computer Security policy, including updated Windows patches and updated antivirus software.
The support we provide to students is for the purpose of maintaining a safe and fully functional network. For this reason, IT support for student-owned computers is limited to network connectivity. Through enforcement appliances, we will insure all computers have virus software installed and updated, and that OS/Windows patches are up-to-date before allowing a connection to the network. We also recommend anti-spyware software be installed since malware routinely interferes with computer performance. Students must provide their original, licensed copy of Windows and other essential software if those are needed to resolve identified problems.
Assistance beyond virus protection and OS/Windows patches is outside the scope of ITS support for students.
Neither Anderson University nor ITS shall be liable to any user or other person for loss or damage of any kind related to the operation or reconfiguration of that user's computer equipment including, but no limited to: out-of pocket expenses; consequential damages, inconvenience; loss of data, profits, or use; emotional stress; physical injury; or damage to software or hardware. ITS will endeavor to perform requested assistance in a timely manner, but will not be liable for failure to do so. ITS makes no warranty, expressed or implied, that computers will be able to be configured or repaired.
For a statement of User Support Procedures, see Appendix C. [needs review/update]
All users of Anderson University computing and network resources are bound to abide by Statement of User Responsibility (http://its.anderson.edu/newtoAU]. There are no exceptions to this policy.
Electronic mail user accounts are extended to Staff, active or emeritus Faculty and students. A Network Account Request Form must be completed by new faculty and staff before accounts are created. Student accounts are provisioned upon matriculation (admitted and registered).
Network accounts are extended to active students, Faculty and Staff members.
Guest accounts are extended only to selected external users with department sponsors. A written request for guest accounts should be submitted at least 2 weeks prior to guests’ arrival to campus to the Director of Information Technology Services.
Student accounts will be maintained indefinitely. This includes RavenMail accounts and directory accounts. (A directory account includes access to AccessAU for grades, financials, 1098T, online unofficial transcript, etc.) While directory accounts will be maintained indefinitely, personal files stored on AU systems will be deleted upon leaving the University for any reasons (withdrawal, transfer or graduation). A schedule for file deletion will be announced via email. Responsibility for the backup/transfer of all personal files on AU systems will lie with the graduate, transfer student or other. AU is not responsible for lost personal files after accounts are deleted.
Students on temporary leave may maintain their file space for approximately one (1) year. Students on leave planning to return should notify ITS via email at firstname.lastname@example.org. Absences longer than 1 year will be considered on a case-by-case basis. In all other cases, the Registrar will be consulted about the status of the student and, based on information received the decision to delete or maintain the account will be made.
When a faculty or staff member leaves:
Faculty or staff members who retire in good standing may keep their Anderson University email as long as they desire to do so. Additionally, they may maintain membership in Facultystaff and Classifieds distribution lists. The email account or membership in distribution lists will be removed upon request.
Access to student records will be removed as soon as grades are released for the last semester in which they taught. AccessAU logins will be disabled at the end of the last month of pay. Other AccessAU access will be removed immediately. Users should watch email for notification of W2 retrieval.
Moodle classes will be archived according to the standard schedule and available for the standard period (two years). Individual logins may be disabled, but class data will be maintained.
Files stored on a network drive will be removed by the first week of October following their retirement. Users are responsible for copying any files they wish to keep. Any files that are related to their position should be transferred to their supervisor or replacement. (Contact ITS for assistance.)
Leaving institution (i.e. to new schools or company)
Email accounts will be disabled and removed as soon as is practical, usually within 3 to 6 weeks after notification of departure. Those needing to keep this email active longer should contact ITS for an exception.
Access to student records will be removed as soon as grades are released for the last semester in which they taught. AccessAU logins for paystub retrieval will be disabled at the end of the last month of pay. Other AccessAU access will be removed immediately. Users should watch email for notification of W2 retrieval.
Moodle classes will be archived according to the standard schedule and available for the standard period (two years). Individual logins may be disabled, but class data will be maintained.
Files stored on a network drive will be removed within two weeks of departure. Users are responsible for copying any files they wish to keep. Any files that are related to their position should be transferred to their supervisor or replacement. (Contact ITS for assistance.)
Released (i.e. faculty not invited to stay on)
Same as Leaving Institution.
Dismissed with cause
All access will be immediately disabled. Access to emails, network files, etc. must be arranged through Human Resources. There is no expectation that full access will be returned for any service.
Students wishing to change their user name should initiate the process through the Registrar’s Office. The Registrar’s Office will notify ITS and changes will be implemented in a timely fashion. Account names may be changed only for legal reasons (marriage, legal name change) or if the username that results from the standard process is offensive.
Faculty or staff needing to change their user name should contact Human Resources to begin the process.
Administrative Systems represents the information processing of the major administrative offices: Admissions, Student Financial Services, Registrar, Student Life, Alumni/Development, Human Resources, and the Business Office.
Administrative Systems also includes interfaces with various internal and external systems, such as Library, Dining, State of Indiana Aid, Student Loans and Pell Grants, Tuition Payments, web services and many more. Additionally, there are special purpose applications like Room Scheduling, PPD work orders, ID cards, Chapel attendance tracking, web services, etc. Administrative Systems policies and procedures apply to all of the above.
Anderson University uses a partnership approach to system management. Each individual functional area of the University is responsible for researching and developing their functional needs, policies and goals. They also perform routine data processing and reporting. The Director and Technical Liaison work with the Programmer/Analyst (P/A) to implement robust systems supporting their goals. Information Technology Service P/A provides technical, procedural, evaluation, design and support throughout the process. The underlying principle is co-operation and participation so that maximum benefit is achieved.
Define responsibilities for access, accuracy and validity of data (to be written)
9. Course Management (or Learning Management) Systems (CMS/LMS)
A learning management system (commonly abbreviated as LMS) is a software application for the administration, documentation, tracking, and reporting of training programs, classroom and online events, e-learning programs, and training content. The LMS currently in use at Anderson University is Moodle.
The Moodle application runs on hardware in and is overseen by personnel in the IT department. An Academic Technology Specialist, located in the CET, is responsible for configuring the client interface and for client support. Moodle “courses” are created upon the receipt of a Moodle Course Request Form. Generally the person requesting the course is assigned as the “instructor” and has rights to and the responsibility for editing the content of the course. “Students” enroll in the course by logging onto the Moodle server and entering an “enrollment key” given them by their instructor.
At the end of each term, all courses are archived complete with all their data, including student records. They remain available to the instructor, but not to the students. New versions of these previous courses can be created through the “backup and restore” process and contain all course materials, but not the student records, from the previous version of the course.
Any computing device attached to the Anderson University network must comply with the University’s security policies, including current OS/Windows patches and updated antivirus software.
Since most University computer systems are connected to the Internet, it is essential for each user to recognize his/her responsibility in using these services and systems. The "Internet" is not a single network; rather, it is a group of thousands of individual networks that have chosen to allow traffic to pass among them. The traffic sent out to the Internet may actually traverse several different networks before it reaches its destination. Therefore, users involved in use of the Internet must be sensitive to loads placed on other systems and participating networks.
Each network or system has its own set of policies and procedures. Actions that are routinely allowed on one network or system may be controlled, or even forbidden, on other networks. It is the user's responsibility to abide by the policies and procedures of these other networks/systems.
Free access to the network is a privilege that may be revoked at any time, with or without warning, for abusive conduct. Such abusive conduct includes, but is not limited to:
Network access may be disabled if malicious activity is detected whether known or unknown to the user. An attempt will be made to contact the user regarding resolution of the issue.
For further information and procedures, see Appendix B Network Systems Procedures and Responsibilities.
11. Storage and Backup Storage
Network storage at Anderson University is intended for the use of staff and faculty members as an information technology resource. Storage for individually created, departmental and shared data is available through different drives accessible to all employees.
Common drives are: P: for an individual’s drive, T: for team or departmental group drive, S: for shared drives between departments and or groups, and J: special drives created by requests.
Network drive space is provided for the purpose of storing current work-related programs, materials and files. Due to the nature of our current storage configuration and availability, it is important to recognize our system's limitations so that we can allow fair and equal us for all AU faculty and staff members.
Employees are responsible for managing their allotted space, which includes:
ITS will be monitoring network drive space usage and a notification will be sent to individuals and departments when they have reached their limit. If an individual or department requests a quota increase ITS will then review the request and additional space may be allocated based upon need and availability of resources. Excessive use of network storage is not permitted. Storing of personal data on network storage is prohibited.
Backups are run daily during the business week to provide for recovery of files/data due to human error or equipment failure, and to work toward a Business Continuity plan. We do not provide a full-scale Disaster Recovery backup or provide a failover system.
In general, backup is completed for institutional data stored on centralized servers, and files stored on network drives for students, staff and faculty. We do not backup applications software or operating systems because those can be reinstalled if necessary. Backup requirements beyond these basic groups (institutional data and files) should be brought to the attention of ITS and decisions will be made on a case-by-case basis.
File backups are archived weekly, combined monthly, and retained for 13 months from the date of deletion before being overwritten. Institutional data is retained for the period prescribed by law or institutional policy, or for archival purposes.
The backup system is located in Anderson Universities data center (basement of Decker.) Files are backed up first to disk, then copied to tape on a prescribed rotation. Tapes are stored outside the data center whenever possible. The volume of tapes needed to retain data for these periods is significant and prohibits off-site storage.
Recovery of deleted files can usually be accomplished with a request to ITS as soon as the missing file is noticed. We are dependent on both the software and hardware of our backup system to be functioning properly. Backup logs are reviewed daily to uncover failures, but failure cannot be completely ruled out. Failure of either backup system hardware or software may result in our inability to recover your files.
Individual users need to understand risk of backup failure and their personal responsibility for file backup. Each user should consider the criticality of a particular file to determine an appropriate backup approach. The more difficult an item is to recreate, the more diverse the backup of that file should be. If the primary instance of a file is on a network drive, then that file will exist (assuming no failures) one time on the backup server. A prudent user should provide backup redundancy on their local (C:) drive and/or on a “cloud” drive (Google docs or some other commercial backup provider.) The likelihood of three instances missing at the same time is low. On the other hand, if a file is not important at all, consider deleting it when its value has passed, or count on the network backup to suffice.
We perform incremental backups during the week and a full backup beginning Friday night through Monday. For the weekend backup, a file or database must be closed in order for it to backup. Open files or databases are not backed up. Data storage quotas are under consideration to control our growing need for network storage space. Regular culling of data files is important. Please consider deleting or moving to cloud storage outdated or infrequently used files to improve our ability to provide security to current or frequently used files.
The Residence Hall network is (ResNet) provided to support the academic mission of Anderson University and is not made available for unrestricted use for other purposes. The network connection supplied by ResNet is solely for the use of the individual subscriber assigned to that connection. Users cannot use any mechanisms (either hardware or software) to provide network connectivity to anyone outside the University.
The use of personal switches, wireless access points, and similar devices is prohibited to prevent interference with University network operation.
Network users may not manually assign an IP address to their computers. Doing so may disrupt connectivity for other users. Network services and wiring may not be modified or extended beyond their intended use. This policy applies to all University network infrastructure and services.
Computer names, computer descriptions, computer desktops, messages broadcast, and other content should not be defamatory, lewd, or obscene.
Network users are responsible for any network activity linked to their data ports. For this reason, passwords should be secure and not shared with anyone (including family members, roommates, and friends). Users who believe that another person is using their account should notify Anderson University IT Services immediately and change their password.
Users are prohibited from attempting to circumvent the authentication systems. In addition, users should not attempt to hide their identity or impersonate the identity of another user on the University network.
Anderson University has implemented basic security and privacy measures as part of routine operations to help protect from service degradation and the effects of illegal activity, such as computer attacks. Each individual also take reasonable security and privacy precautions to protect against computer viruses and other computer attacks which may result in loss of data, unintentional release of personal information, or negative impact on Anderson University's network performance.
In order to access the AU network, users must pass through a policy-enforcement gateway which requires up-to-date OS/Windows patches and an up-to-date antivirus program installed. Failure to comply with these requirements will prevent the user from accessing the University network.
Federal law prohibits the transmission (sharing) of copyrighted materials without express written permission from the copyright holder. Copyrighted works (including original writings, software, movies and music) may not be shared on the local network.
Anderson University reserves the right to restrict access to any service detrimental to the Anderson University's information resources. Attempts to bypass these restrictions (such as the use of tunneling protocols) will be considered a violation of this policy.
Audio, video and game servers are permitted, but due to bandwidth concerns, may be disconnected without notice. In addition, all use must comply with existing copyright laws.
The use of defective or malfunctioning equipment on the network will result in the offending ports or logins being disabled without prior notification.
Hardware and/or software designed to detect and exploit network vulnerabilities is forbidden on Anderson University networks.
Forgery or other misrepresentation of one's identity via electronic or any other form of communication is prohibited regardless of intent.
Violation of these policies will result in loss of service for a period of time based on the severity of the violation and the recommendations of ITS personnel. Violators may also be referred to the Dean of Students for further action.
13. Network Extension Devices (including Wireless Access Points)
Any and all network technologies are subject to University policies and Anderson University’s Statement of Responsibilities for Computer Network Users.
It is the responsibility of the Anderson University’s Information Technology Services to provide reasonable security, enforce appropriate use, and allocate access to network resources and bandwidth in an equitable manner to our community.
Only those network extension devices (including devices such as hubs, switches, routers, and wireless access points) installed and managed by Anderson University will be allowed for use on the Anderson University. Neither University faculty, staff nor students are permitted to install their own network extension equipment. Departments wishing to extend their network connectivity or implement wireless or additional connectivity should contact the Information Technology Services.
One network port per student is provided in residence hall rooms. This is sufficient for connecting to the network one computer or network device at a time.
Some students on Anderson University’s ResNet may wish to extend the network in their room and have more than one computer in their residence hall room, or may want to have other network devices, such as printers or game consoles, in addition to their primary computer. If more than one network port is desired, ITS may provide an additional switch in some cases. Students may contact ITS for more information.
Anderson University reserves the right to remove any network extension devices at any time for any reason.
The following statements apply to our standard campus email system, RavenMail. All members of our campus community are expected to have and regularly check their RavenMail accounts. RavenMail is an official channel of communication between administration, faculty and students.
While widely used as a primary method of communication between members of our campus community, all users should keep in mind that electronic mail is not a secure nor private means of communication. No system connected to the Internet is completely safe from attack or infiltration. Anderson University encourages all members of the community to be cautious in email communications and not send information over email that is highly private, sensitive, or potentially offensive to some members of the community.
The University does not intend to monitor the contents of e-mail sent to or from University servers, except to identify and correct problems with e-mail delivery or receipt, to work with email system problems, or to deal with misconduct or security issues. There are no backups of email servers. Lost or deleted email cannot be recovered.
Users should regular monitor their email storage volume and cull those messages, keeping only those of lasting value or importance.
Anderson University has provided all faculty/staff and students a place to store and make available a website through Google sites. All members of the Anderson University community are expected NOT to display material or information deemed offensive. Offensive material is described as any substance or activity prohibited by the Faculty/Staff and the Student Handbook. Any persons who are found to be in breech will have their website removed. Websites branded as Anderson University are not allowed to be of a business or commercial nature or contain any illegal material posted on the site.
Any person wishing to include a link to a website not hosted by Anderson University should obtain prior permission to link to the outside website before including this link on their webpage hosted by Anderson University. If the owner of the linked page at any time objects to linking, the webpage will be taken down. ITS recommends a Site page on every web page giving credit to the author, or creator of text and pictures and the permission granted for each link on the website.
No website may infringe upon another person’s rights or violate Anderson University community standards. A website found to be in violation will be taken down without notice.
16. Allocation of Technology Resources
Institutional resources will be directed into technology that improves learning, expands and enhances the academic process, and increases the effectiveness and efficiency of the management of this institution. Priority will also be placed on improving student access to technology resources, including web-based learning resources, academic records and access to the library and Internet.
Anderson University provides the following resources and services to members of our community (students, staff and faculty):
Desktop computers are primarily configured with the Windows platform. Macintosh purchases will be approved only where there is a demonstrated professional need.
Desktop computer hardware will be configured in line with current technology standards.
Faculty on sabbatical should make individual arrangements for access to computer desktop resources during their sabbatical leave.
Laptops are an option for persons whose jobs require regular off-campus work or whose jobs require mobility within the campus environment (i.e. ITS staff doing network support). Laptop purchases beyond these categories will be decided on a case-by-case basis. Requests should be made through the normal budget process. As a general practice, users are not permitted to have two University-owned computers assigned to them personally. Exceptions will be rare and made on a case-by-case basis.
Laptop Purchase Priority:
In general, users must choose either a laptop or a desktop. Laptops may be connected to a monitor, keyboard, and other peripherals (docking station or port replicators are to be provided by the department or office of the laptop caretaker). Faculty or staffs who are assigned laptops are required to keep them on campus while at work. Because of the need for specialized equipment or software, laptops may not be adequate or cost effective for some users. In these instances, users will continue to be assigned desktops.
Networked printers are provided in many department locations and are intended for use by workgroups of 2 to 20 users. The features made available on the printers (i.e. duplexing, multiple paper trays) will be determined at the time of purchase and are dependent on cost versus demonstrated need.
ITS will supervise a maintenance contract for repair of printers, but this contract does not include regular preventative maintenance. When network printers reach the end of their lifespan, they will be removed from the University maintenance contract and users will be directed to other printing resources. Departmental printers are intended to print one to five copies of any computer-generated document. Printers are not intended to serve as copiers. Such a use of networked printers is considered an abuse of resources and may negate the contracted repair agreement.
Multifunction digital copier/printers are available in many locations on campus. These devices are intended to serve as primary printers in some locations. Some have the ability to print and copy in color. Departmentally-based accounts are established and maintained through Information Technology Services. These devices are appropriate for 5 to 100 copies of digitally prepared documents. Connection to these devices is readily available by going to http://printers.anderson.edu, locating your device of choice, and installing the drivers.
Printing more than 100 or more copies should be directed to the high-speed printer in Printing Services. Contact the Manager of Printing Services for instructions and assistance.
Determining the appropriate device to direct print jobs to is the responsibility of each individual user. Reports exist that enable a department to review monthly print volumes by device. The institution makes multiple types of devices available and recommends printing levels based on cost per copy. Users are requested to think institutionally and assist in keeping printing/copying costs under control by selecting the most cost-effective device for each print job.
Users needing to create oversize posters or banners may direct their files for printing to the Center for Educational Technology. A large-format ink-jet printer is managed by CET staff, and supplies are available there for trimming and mounting large display graphics.
Individual ink-jet printers (color or black-and-white) are not supported by ITS. Individuals who purchase them are responsible for their installation, maintenance and supplies. If these printers interfere with networked printer installation, they will be uninstalled.
Campus software falls into four general categories, each with its own level of support and funding:
Universal software: those programs typically installed on every institutional computer. Support for this category of software includes installation, orientation for new users, and assistance in resolution of problems. This software is purchased and maintained with institutional funds.
Special software: those programs used for a specialized, usually academic, purposes and made widely available for use in computer labs. Support is limited to installation and basic functionality. Faculty requesting the installation of this software in labs should be prepared to instruct students on its use. Decisions on the funding of this software (departmental, institutional or shared) will be made prior to the time of purchase. Consideration must also be given to on-going (maintenance) costs.
Software for course preparation: The CET has limited funding for purchase of software to prepare and present digital content for academic use. Initial purchase is provided through CET funds; upgrades must be funded through departmental funds. These software titles are generally not be available in computer labs; the focus is to provide appropriate training and tools for instructors to create digital course materials. Software purchase is generally available only for full-time faculty members. Installation, training and support will be managed through CET.
Departmental/individual software: programs that are used specifically in one department or by an individual to perform a specific function or process that is unavailable within the standard software configuration. Such software may be installed on one computer only, or may be hosted on network applications servers. Support is limited to installation only. Users should be prepared to support themselves in the functionality of the software. Purchase of this software will be from departmental funds; oversight of software licenses or maintenance fees may be managed by ITS when departmental funds are allocated and transferred to ITS for that purpose. Otherwise, the department or individual will be responsible for proper maintenance of licenses.
Before the purchase of non-standard software, ITS staff will assess the capabilities of the computers upon which the software will be installed, the compatibility of the software with our core network, or other technical requirements imposed by the software. Consideration must also be given to on-going (maintenance) costs.
Installation of personally-owned software on office computers MUST be congruent with copyright laws and/or licensing agreements implied by installation. Individuals are responsible for installation and must keep evidence of the software’s legality in their office in case of a software audit. If the software interferes with the intended functioning of that individual’s computer, ITS will return the computer to its original configuration and advise against reinstallation of the software. Repeated infractions will be reported to the Vice-President Academic Affairs for executive action.
With rapid technological advances, regular replacement of computer resources is critical. Our goal is to replace all desktop computers for those in full-time positions every three to four years. In many cases, the newest machines will be placed in high-use locations such as student computer labs, or on the desks of those campus users requiring higher functionality, with a cascading of older equipment to less demanding situations. Each department should review annually (during the budgeting process) their replacement or upgrade needs. Technology requests should come through the regular budgeting process (see below).
University employees requiring special accommodations due to physical limitations or health concerns should make those needs known to their supervisor. Accommodations will be made as necessary to allow the user to adequately perform tasks that are part of their written job description. Funding of these accommodations will be shared by the affected department and institutional computer funding.
Technology Request Process
Technology enhancements are funded through the
normal budget process. At the time budget forms are submitted, department
heads should submit a survey of their current computer needs and make requests
for additions, enhancements and improvements – both hardware and software – for
the coming year. ITS may also recommend changes in desktop computers
based on the maintenance record of individual pieces of equipment or other
Individuals who bring personal computer equipment to campus for their own use should consult with ITS prior to bringing it to campus to assure that it will work within our standard environment. We will provide assistance to the best of our ability and available time; however we cannot guarantee that all equipment can be made to function within our environment. Before any personal computer equipment is allowed to be used on campus, it MUST have antivirus software installed and automatic OS/Windows updating.
Departments that purchase computer equipment or software outside the process defined in these policies will receive no support for that equipment.
17. Lab Use
Anderson University student computer labs are equipped with computers and software primarily to support the academic work of our students.
Classes being held in a lab have first priority of use; students doing academic work have second priority; students using lab computers for optional or recreational reasons have the lowest priority. Students using a computer for recreational use (games, correspondence, social E-mail, etc...) are expected to relinquish their computer promptly in response to a request from a lab assistant or another student. Recreational computer use is not allowed at times when students with academic work are waiting.
Students must be able to produce their Anderson University ID card when asked to do so by lab assistants or ITS staff. Failure to do so may result in immediate expulsion from the labs.
Loud, disruptive, intimidating or vulgar behavior will not be tolerated in the student computer labs. Threatening, intimidating or vulgar behavior toward lab assistants or other students or failure to leave the labs when requested by lab assistants or staff will result in the revocation of the privilege to use student computer labs.
18. Technology Classroom Use
Technology-equipped classrooms are a resource made available by the University to faculty who wish to use these resources as a part of their teaching and learning environment. Technology Classrooms are supported and maintained cooperatively by the Center for Educational Technology and Information Technology Services. Problems with Tech Classroom equipment should be reported to the CET at 4291 or 4292.
19. Center for Educational Technology Services
Portable Equipment Available for Short-Term Use: The Center for Educational Technology maintains a collection of computer and audiovisual equipment available for use in classrooms, as well as available for personal checkout for short-term use. Patrons are encouraged to reserve equipment in advance of the use by contacting the CET at x-4291 or 4292, or by emailing email@example.com. The CET reserves the right to require a minimum 4 business hours advance notice for setups prior to use.
Media Production Services: The Center for Educational Technology assists in preparing digital and analog media for use in the academic program or for institutional purposes. Patrons may contact the CET at x-4292 or by emailing firstname.lastname@example.org to plan a production task. Patrons may request assistance for personal or non-campus production tasks. However, such requests will have lower priority for completion, involve a different cost structure, and potentially include labor charges.
20. Mobile Devices and Smartphones
These devices provide portability of information, including email, contacts and calendars and can also serve as cell phones. They take many forms. Check http://www.google.com/apps/intl/en/business/mobile.html for currently supported devices for Google Apps.
These devices are primarily personally owned and will not be maintained or supported by ITS.
Mobile devices present a significant risk to the University’s data security, depending on what information is stored on them and what resources they are configured to synchronize. Mobile device users should take reasonable and prudent steps to password protect information stored on their device in the event of loss or breach of control.
If University information security is compromised by a lost or stolen device, the user of that device may be personally liable for any outcomes that result from that breach of security.
21. Lines of authority/accountability/enforcement
Any breach or violation in the policies contained in this document should first be reported to the appropriate supervisor or to the Director of Information Technology Services where applicable. The supervisor or the Director of Information Technology Services will investigate and take appropriate action; or refer the situation to the Vice-President for Academic Affairs or the Director of Human Resources, as appropriate.
Anderson University’s Information Security Plan describes Anderson University’s safeguards to protect covered data and information. These safeguards are provided to ensure the security and confidentiality of covered data and information; protect against anticipated threats or hazards to the security or integrity of such information; and protect against unauthorized access to or use of covered data and information that could result in substantial harm or inconvenience to any customer. See Appendix D Information Security Plan for further details.
Users who need access to University data to work at home must use a VPN (Virtual Private Network) connection for security purposes. Users should request to be included in the VPN group and instructions will be provided.
Laptop computers provide important functionality, allowing University faculty and staff to have computing resources available in meetings or classes, during travel on University business, and for those who occasionally work from home. With this convenience comes additional responsibility. Laptops present an increased level of risk to both the user and to the institution. In requesting and accepting a laptop from the University, users are acknowledging their acceptance of this risk and agree to make every attempt to follow the steps outlined below to reduce it.
This policy applies to all faculty and staff who use a University-owned laptop. These individuals are hereinafter referred to as "caretakers." Each caretaker of a University-owned laptop is responsible for the security of that laptop and the data contained therein, regardless of whether the laptop is used in an office, at one's place of residence, or in any other location such as a hotel, conference room, car or airport.
All laptops should be protected with multiple “hard” passwords. Confidential or “covered” information (see Appendix D) stored in files on the laptop should be individually pass-worded with secure “hard” passwords that are different from the laptop access passwords. Users who do not follow these guidelines are putting the institution at risk and may also be personally liable for any disclosure of covered information.
When you receive a laptop, you accept responsibility for safeguarding it and the data it contains.
Please observe the following guidelines:
If laptops are lost, stolen, or otherwise damaged such that they cannot be restored to normal working order, they will be replaced with desktops from the pool of available cascaded computers. These computers will subsequently be upgraded according to the University’s lifecycle refresh plan for desktops. At that time, users may be request for consideration for another laptop. Caretakers are responsible for reporting a loss or theft to appropriate law-enforcement agencies, as well as reporting the loss to ITS and campus police as soon as the loss occurs.
Users are encouraged to check their home insurance policies regarding coverage. The University will evaluate the circumstances of the theft or loss on a case-by-case basis to determine if reimbursement should be required.
ITS support of University-owned laptops will be equivalent to that provided for University-owned desktop computers. Direct support will only be provided while laptops are on campus.
Users who will be accessing private, covered information (see Covered Data Security Policy) must use a VPN client to connect to University computer resources.
Because laptops are provided for University-related work, personal software should be installed very cautiously. If personal software is installed and the laptop comes to ITS for servicing, the laptop will be returned to its original configuration. Personal software or data will not be recovered.
Due to a variety of issues, including the safety and privacy of Anderson University students, faculty and staff, it is imperative that a reporting and response policy be followed when potential security incidents are identified.
These policies and procedures are intended for Anderson University faculty, staff and students to report any potential security incidents, and will also outline the anticipated response by ITS.
Procedure for Reporting a Security Incident
ITS should be notified immediately of any suspected or confirmed security incident involving a University Information Technology Asset. If it is unclear as to whether a situation should be considered a security incident, ITS should be contacted to evaluate the situation.
When faced with a potential situation, faculty and staff should do the following:
Document any information known while waiting for ITS response. This may include date, time, and the nature of the incident. Any information provided will aid in responding in an appropriate manner.
The Director of Information Technology services will notify the Vice-President for Academic Affairs who will determine others who need to be notified regarding the incident.
Conclusion of Incident
Each security incident should be documented in such a manner that the University can learn and act proactively to prevent future instances. This documentation will also provide a reference to be used in case of other similar incidents. Documentation may include system and network log files, network message traffic, user files, results produced by intrusion detection tools, analysis results, system administrator console logs and notes. Backup tapes that capture the before-intrusion and after-intrusion states of the affected system must be carefully collected, labeled, cataloged, and securely stored until the analysis of the incident is complete.
Documentation may include:
Of course, depending on the seriousness of the attack, all of the objectives above may not necessarily have to be instigated. A tiered response and escalation procedure for detected potential security breaches is implemented as part of Anderson University's incident response.
23. Password Policy
Password administration is necessary to combat the forces that can compromise valuable electronic resources.
Passwords should be a minimum of 8 alphanumeric characters in combination. All passwords should contain at least one number or one letter and one change of case (upper/lower). Passwords must be changed every 180 days (approximately once each semester).
The ideal password is a nonsensical or random string of characters and numbers known only to the individual who will be using them. Passwords should never be:
Failure to comply with this password policy could result in curtailed or restricted access to University information systems. Users may also incur individual liability if any University-owned or managed information system is compromised due to their negligence in the management of passwords.
24. Glossary and Definition of Terms
Our University community consists of:
Students—individuals currently enrolled in classes at Anderson University.
Faculty—current full or part time employees with faculty status.
Retired faculty—former full time faculty who have retired from teaching but who maintain a connection to the University.
Staff—those employed by the University on a full or part time basis as salaried or hourly personnel.
Alumni—anyone who has attended Anderson University and earned great than 23 credit hours
Ability given to individual or groups of users to use information stored on or via University resources. This includes but is not limited to the ability to read, write, view, create, alter, store, retrieve, and disseminate information.
The familiar or common name given to Anderson University’s ERP system, including student, financial, and human resource data. Our ERP product is PeopleSoft by Oracle.
That combination of user name and password that provides an individual with access to a computer system or computer network
An individual responsible for administering and managing a computer system.
Authorized University Officials
Administrators or designees with the authority to make decisions about or approve a specific action, activity, service or use of a specific resource
Applies to individuals without the authority or permission, as defined by the University, to initiate or approve an activity or service and/or to access or use a specific resource
Method for sending a uniform message to an entire set of users qualified by membership in a definable group such as faculty, staff, students, music majors, etc.
Campus-wide Shared IT Resources
Information technology resources implemented and managed by Information Technology Services. Examples include the Anderson University network, servers, storage, computing labs, network, etc.
An e-mail message asking the recipient to indiscriminately forward or pass it along; may involve money-making pyramid schemes or be disguised as innocent (e.g., collecting post cards for a dying child) or helpful (e.g., warnings about computer virus hoaxes)
An activity conducted for commercial/private profit or gain or non-profit fundraising. This includes but is not limited to soliciting sales or funds, marketing or advertising a product or service, posting an advertisement to a newsgroup, and reselling University resources. University authorized commercial activities are excepted, e.g., Bookstore, Development, sports Booster clubs, etc.
Any computing resource, service, or network system, including workstations, servers, networks, storage devices, peripheral equipment, input/output and connecting devices, data processing functions, and related records, programs, software and documentation.
Copying, distributing, publicly performing, publicly displaying a copyrighted work, or creating a derivative work, without the permission of, or a license from, the copyright owner
A mission-critical server or switch that many other resources connect to and depend on to provide their services. Example: core switch in ITS which connects campus to outside world (Internet).
Any electronic method used to communicate, including but not limited to electronic mail, the Internet/World Wide Web, video recordings, facsimiles, pagers, telephones, etc. Electronic communications has the same meaning as the term defined in Subsection 12 of Section 2510 of Title 18 of the United States Code.
Electronic method of sending and receiving messages from and to electronic addresses associated with specific owners
The automated or otherwise forwarding of an e-mail message to multiple recipients triggered by the content of the mail message being forwarded
Enterprise Resource Planning. Acronym is used today to refer to any software system that runs the organization’s core business applications.
Family Educational Rights and Privacy Act (FERPA)
Federal law protecting students (and former students) from the release of educational related records retained by the University
Small (capable of being held in one hand) electronic information devices. For example Palm, Handspring, etc.
Activities that interfere with the primary intended use of supporting instructional activities, e.g., excessive game playing
Information Technology Resources
Any data or information stored in digital form and the computer systems or other means used to access that information.
Information Technology Asset
A system or systems comprised of computer hardware, software, networking equipment, as well as any data on these systems. Such assets include but are not necessarily limited to desktop computers, servers, printers, telephones, network lines, email and web-based services.
Information Technology Services
The administrative entity charged with implementing and managing campus-wide information technology resources under the direction of the Vice President for Academic Affairs.
Information about individuals and departments that is recorded, maintained, administered and retained by the University, e.g. information in student records and employee files, financial data, etc.
Inventions, discoveries, innovations, and literary and artistic works that may be patented, copyrighted, trademarked or licensed for commercial purposes
The practice of bombarding someone with a large volume of unsolicited mail in an attempt to disrupt them or their site
Those applications and the data generated which are essential to the daily functioning of the University. Without these, the business of the institution would soon come to a halt.
A standard practice by information technology resource administrators of reviewing transaction activity and other similar logs generated by the system/network, analyzing performance anomalies and traffic patterns, and/or running programs designed to identify the source of a specific problem, alarm or pattern potentially indicative of illegal or inappropriate use.
Acronym for Modular Object-Oriented Dynamic Learning Environment. Moodle is software that coordinates e-learning and course management. It is a LMS (learning management system) or CMS (course management system) class of software.
A group of computers and the associated equipment and transmission media used for the purpose of sending and receiving data, voice or video signals
Network/System Integrity and Reliability
Maintaining optimum performance and availability of information technology resources in support of the University mission
Oracle Corporation, provider of Peoplesoft Enterprise Applications.
Peoplesoft Enterprise applications suite, consisting of Peoplesoft Enterprise Campus Solutions, Human Capital Management, Financial Management, and Supply Chain Management. Peoplesoft is Anderson University’s ERP solution.
Receiving money or other goods or services as a result of soliciting, promoting, selling, marketing or advertising products or services
Promoting, advocating or supporting a specific candidate, political party or issue
Using software to access or query all known TCP ports on a system to try to identify which services and levels of security are associated with those ports. A method for determining if a network or system can be compromised.
An incident meeting one or more of the following conditions:
· Any potential violation of Federal law, Indiana law or Anderson University policy involving a University Information Technology Asset.
· A breach, attempted breach or other unauthorized access of a Anderson University Information Technology Asset. The incident may originate from the Anderson University network or an outside entity.
· Any Internet worms or viruses.
· Any conduct using in whole or in part a Anderson Information Technology Asset which could be construed as harassing, or in violation of Anderson University policies.
Indiscriminate mailing or forwarding of unsolicited e-mail to a larger group of users
Person responsible for administering the hardware, operating system, and software that constitutes a computer system or network
See "Computer System"
A name, symbol, or other device identifying a product, legally restricted to the use of the owner or manufacturer
A malicious, security-breaking program that is disguised as something benign, e.g., a directory lister, archiver, or game
Any action or attempt to utilize, alter or degrade a University owned or operated Information Technology Resource in a manner inconsistent with university policies.
University / Anderson University
The institution as a whole or the collective authority of the institution represented by established policies and designated officials responsible for enforcing them
Any resource belonging to or employed by the University, including equipment, facilities, data and staff
Anyone who has been provided access to Anderson University’s information technology resources
A program that searches out other programs and "infects" them by embedding a copy of itself in them. When these programs are executed, the embedded virus is executed too, thus propagating the "infection." A virus may write messages on the terminal, or play strange tricks with the display or cause irreversible damage such as deleting all of a user's files. Unlike a worm, a virus cannot infect other computers without assistance.
Web page files (beginning with an initial home page) located on a server owned or leased by the University and which is managed through a computer account of University faculty, staff, students, administrative units, organizations, clubs and auxiliaries
A program that propagates itself over a network, reproducing itself as it goes
Policy Version 4.0
This group is responsible for the design, maintenance and management of all campus server systems and network infrastructure, and core systems and services for the campus.
Notification of Outages (planned and unplanned)
Notifications for planned outage will be given whenever possible and shall contain the following information:
Subject: Planned Maintenance <date and time>
Body of message should include:
· date and time of planned outage
· length of outage and approximate time of system up
· an explanation of system outage, if possible
· contact person on IT staff for outage questions
Systems and Networks staff will need to do recurring maintenance. Reminders will be sent to campus users on the day of the maintenance activity. Every attempt will be made to schedule non-critical maintenance at the least disruptive time, within the constraints of staff and support availability.
Notification for unplanned outages will be announced (as possible) during the outage/problem.
If the outage affects students, they will be sent a separate message.
It is possible that, given abnormal conditions, systems may need to be rebooted/repaired without the prior notification time. Information Technology will make every attempt to notify as many users as possible when systems must be brought down due to abnormal conditions.
All outages will be communicated to the HelpDesk and other IT staff immediately as well as system up notifications with a brief explanation and (if possible) an expected recovery time. IT staff may have functional service groups that they will wish to notify of an outage or problems.
When messages are sent via email to faculty and staff regarding an outage, it is the responsibility of the Manager of Student Information Services to decide if these messages need to be forwarded to student users. The Manager of Student Information Services is the point of contact for all system and networking inquiries from students. These will either be answered by the Manager of Student Information Services or forwarded to the Director of ITS.
The AU network will be monitored either by individuals or software to ensure optimal service. In the event of an outage during non-business hours, users should contact 4300 and leave a message as to the nature of the outage.
Only authorized University students, faculty or staff are allowed access to Anderson University systems and networks. Access should be secure by encryption, VPN, gateway authentication and/or other necessary means as dictated by the Director of ITS. Computer-to-computer dial-in access is prohibited.
All outages or problems with systems and/or networks should be immediately reported to the HelpDesk. HelpDesk staff will distribute that information to appropriate staff in order to begin resolution of the problem.
Access to network and systems operation areas is restricted to authorized personnel only. Access to these areas is authorized by the Director of Information Technology.
The network security policy for Anderson University will be developed by the Director of Information Technology and the senior IT personnel. The Director of ITS will develop and maintain this policy as an ongoing document based on the changing needs of the campus. All changes to this policy will be communicated to the IT staff where necessary to their work. The Director must review any major policy changes before they are implemented.
The campus network is a resource for the entire University community. Academic use of the campus network is paramount to its existence. As much bandwidth as necessary and financially possible will be given to faculty and students for academic use. Recreational use is low priority as it relates to the purpose of the campus network and systems. A certain amount of bandwidth is necessary for University operations. The University will reserve whatever bandwidth necessary for ongoing operations. Policies on bandwidth and restrictions will be made by the Director of Information Technology and IT senior staff. These policies will be communicated to the campus community through this document in its web-based form in an ongoing manner.
AU reserves the right to restrict some or all network traffic related to the following Internet services or other activities that could interfere with academic Internet use for campus users.
Some examples could be:
· MP3 music downloads
· selected types of video/audio streaming related to some personal webcam devices and associated software
selected types of
Departmental use of web servers and “personal server” software
Currently, AU does not officially support the use of “personal server” software on faculty, staff, or student computers.
Members of the campus community requiring a new data network connection should make a request in writing to the Director of ITS. Please be thorough in your request including building, room number, location in room, your name, organization/department name and number of connections needed. Approval of network connections will be based on need, feasibility and budget issues.
Students in residence halls are provided with one network connection per room resident. Students in campus apartments are provided with one network connection per apartment and a 100 Mb 4 or 8 port switch (available for loan through ITS D47). Additional connections will not be provided.
All departments and students must adhere to network equipment quality standards. All devices should be approved by ITS before being connected to the campus network to ensure quality of service for the user and the avoidance of problems for other users of the campus network. ITS is not responsible for network equipment that has not been approved by ITS staff and reserves the right to disconnect any equipment that is found to impede the performance of the campus network or user service.
It is the responsibility of the Director of ITS to ensure that server-based systems software is legally licensed and available to the appropriate number of users by those licenses.
The Director of Information Technology is responsible for administrator-level passwords and access to administrator-level accounts. No non-University personnel shall have access to administrator-level accounts without prior approval of the Director of ITS.
Any access to the systems for functional/operational reasons shall be given only with prior written approval of a departmental-level director or appropriate University sponsor. This written approval should include all details about needed access including reasoning and information on outside entity(ies) that will be accessing University systems. All final approval for access to systems to outside users lies with the Director of Information Technology to ensure the security and integrity of University systems and network services.
Access to service management agents and facilities is given as needed by the Director of ITS to empower the agent to do their work in the best way possible.
Any unauthorized access can result in disciplinary action, dismissal from the University and/or legal action.
ITS maintains Groupwise Distribution Lists for Faculty, Staff, FacutlyStaff, Forum and Classifieds. Access to the Students distribution list is through Dean of Students.
For definition of each list and its appropriate use, see: http://its.anderson.edu/newtoAU/distributionlists
To request a distribution list, please contact the Director of ITS.
Examples of service prioritization;
Requests with no priority (will be handled when ALL other work is done or not at all)
Information Technology Services employs a number of students to assist in our daily work. These students bring a variety of skills and talents to our office and play a major role in our ability to complete our mission. As such, they should be accorded same respect and courtesy given to full-time staff members.
At the same time, their primary reason for being at Anderson University is academic. Matters concerning academics are placed above all other tasks. Students are expected to perform to a high standard in the classroom. If this standard is not met, a student’s hours may be reduced in order to assure academic success.
ITS views the employment of student workers as an extension of their educational process. We provide an environment in which students put into practice what is learned in the classroom. We expect the highest level of workmanship from all student employees, both related to the tasks they are assigned and in their dress, personal hygiene, and work habits.
Appendix DAnderson University Information Security Plan
This Information Security Plan describes Anderson University’s safeguards to protect covered data and information. These safeguards are provided to:
Ensure the security and confidentiality of covered data and information;
This Information Security Plan also provides for mechanisms to:
Assessment of Risks to Customer Information
Employee Management and Training
Anderson University has addressed the physical security of covered data and information by limiting access to only those employees who have a business reason to know such information. For example, personal customer information, accounts, balances and transactional information are available only to Anderson University employees with an appropriate business need for such information.
Loan files, account information and other paper documents are kept in file cabinets, rooms or vaults that are locked each night. Only authorized employees know combinations and the location of keys. Paper documents that contain covered data and information are shredded at time of disposal.
Access to covered data and information via Anderson University’s computer information system is limited to those employees who have a business reason to know such information. Each employee is assigned a user name and password. Databases containing personal covered data and information, including, but not limited to, accounts, balances, and transactional information, are available only to Anderson University employees in appropriate departments and positions.
Anderson University will take reasonable and appropriate steps consistent with current technological developments to make sure that all covered data and information is secure and to safeguard the integrity of records in storage and transmission. ITS requires that all servers must be registered before being allowed through Anderson University’s firewall, thereby allowing ITS to verify that the system meets necessary security requirements as defined by ITS policies. These requirements include maintaining the operating system and applications, including application of appropriate patches and updates in a timely fashion. User and system passwords are also required to comply with the Anderson University Password Policy. In addition, an intrusion detection system has been implemented to detect and stop certain external threats, along with an Incident Response Policy for occasions where intrusions do occur.
When commercially reasonable, encryption technology will be utilized for both storage and transmission. All covered data and information will be maintained on servers that are behind Anderson University’s firewall. All firewall software and hardware maintained by ITS will be kept current. ITS has a number of policies and procedures in place to provide security to Anderson University’s information systems. These policies are available upon request from the Director of Information Technology Services.
Anderson University collects SSNs for the purpose of processing student loans and to meet other legal obligations, such as the reporting of income for tax purposes. The Social Security Number is considered personal information and its dissemination must comply with FERPA guidelines. SSNs will not be used as primary identification numbers within the Anderson University system. They will, however, be considered as one point of data when attempting to match or authenticate users.
ITS will develop written plans and procedures to detect any actual or attempted attacks on Anderson University systems and will develop an Incident Response Policy which outlines procedures for responding to an actual or attempted unauthorized access to covered data and information. This policy is available upon request from the Director of Information Technology Services.
Due to the specialized expertise needed to design, implement, and service new technologies, vendors may be needed to provide resources that Anderson University determines not to provide on its own. In the process of choosing a service provider that will maintain or regularly access covered data and information, the evaluation process shall include the ability of the service provider to safeguard confidential financial information. Contracts with service providers may include the following provisions:
Continuing Evaluation and Adjustment
This Information Security Plan will be subject to periodic review and adjustment. The most frequent of these reviews will occur within ITS, where constantly changing technology and evolving risks mandate increased vigilance. Continued administration of the development, implementation and maintenance of the program will be the responsibility of the designated Information Security Plan Coordinator who will assign specific responsibility for ITS implementation and administration as appropriate. The Coordinators, in consultation with the University Counsel, will review the standards set forth in this policy and recommend updates and revisions as necessary. It may be necessary to adjust the plan to reflect changes in technology, the sensitivity of student/customer data and internal or external threats to information security.
About ITS >