The University believes that establishing and maintaining adequate computer hardware and software for both academic and administrative purposes is foundational to the University’s goal of becoming a premier Christian academic university. Houston Christian University (HCU) makes its computing facilities available for use by undergraduate students, graduate students, faculty, and staff. The use of university computing facilities or network is considered a privilege afforded members of the HCU community. Although this policy sets forth the general parameters of appropriate use of IT Systems, students, faculty, and staff should consult school or departmental governing policies for more detailed statements on permitted use for their various roles within the HCU community. In the event of conflict between IT policies, this Computer Use Policy will prevail.
A. Appropriate Use
IT Systems may be used only for their authorized purposes – that is, to support the research, education, clinical, administrative, and other functions of Houston Christian University. The particular purposes of any IT System as well as the nature and scope of authorized, incidental personal use may vary according to the duties and responsibilities of the User. Appropriate use0 restrictions extend to Users connecting to HCU IT Systems with devices not owned by HCU.
Users are entitled to access only those elements of IT Systems that are consistent with their Specific Authorization. Upon request by a Systems Administrator or other University authority, Users must produce valid University identification.
C. Specific Proscriptions on Use
The following categories of use are inappropriate and prohibited:
- Use that impedes, interferes with, impairs, or otherwise causes harm to the activities of others.
Users must not deny or interfere with or attempt to deny or interfere with service to other users in any way. Knowing or reckless distribution of unwanted mail or other unwanted messages is prohibited. Other behavior that may cause excessive network traffic or computing load is also prohibited.
- Use that is inconsistent with HCU’s non-profit status.
The University is a non-profit, tax-exempt organization and, as such, is subject to specific federal, state, and local laws regarding sources of income, political activities, use of property, and similar matters. As a result, commercial use of IT Systems for non-HCU purposes is generally prohibited, except if specifically authorized and permitted under University conflict-of-interest, outside employment, and other related policies. Prohibited commercial use does not include communications and exchange of data that furthers the University’s educational, administrative, research, clinical, and other roles, regardless of whether it has an incidental financial or other benefit to an external organization.
- Use that suggests University endorsement of any political candidate or ballot initiative.
Users must refrain from using IT Systems for the purpose of lobbying that connotes University involvement, except for authorized lobbying through or in consultation with the University’s Office of the General Counsel.
- Harassing or threatening use. This category includes, for example, display of offensive, sexual material in the workplace, computer labs, or any public computing facilities and repeated unwelcome contacts with another.
- Use damaging the integrity of University IT Systems or non-HCU systems. This category includes, but is not limited to, the following activities:
- Attempts to defeat system security.
- Unauthorized access or use. The University recognizes the importance of preserving the privacy of Users and data stored in IT systems. Users must honor this principle by neither seeking to obtain unauthorized access to IT Systems, nor permitting or assisting any others in doing the same. For example, a non-HCU organization or individual may not use non-public IT Systems without specific authorization; Users are prohibited from accessing or attempting to access data on IT Systems that they are not authorized to access; Users must not make or attempt to make any deliberate, unauthorized changes to data on an IT System; and Users must not intercept or attempt to intercept or access data communications not intended for them.
- Disguised or impersonated use.
- Distributing computer viruses or malicious code.
- Unauthorized modification or removal of data or equipment.
- Use in violation of law. Illegal use of IT Systems – that is, use in violation of civil or criminal law at the federal, state, or local levels – is prohibited. Examples of such uses are: promoting a pyramid scheme; distributing illegal obscenity; receiving, transmitting, or possessing child pornography; infringing copyrights; and making bomb threat
- Use in violation of law. With respect to copyright infringement, Users should be aware that copyright law governs (among other activities) the copying, display, and use of software and other works in digital form (text, sound, images, and other multimedia). The law permits use of copyrighted material without authorization from the copyright holder for some educational purposes (protecting certain classroom practices and “fair use,” for example), but an educational purpose does not automatically mean that the use is permitted without authorization.
- Use in violation of University contracts.
All use of IT Systems must be consistent with the University’s contractual obligations, including limitations defined in software and other licensing agreements;
- Use in violation of University policy
- Use in violation of external data network policies
D. Personal Account Responsibility
Users are responsible for maintaining the security of their own IT Systems accounts and passwords and may not share passwords. Passwords must conform with published guidelines at HCU Password Procedures. Users are presumed to be responsible for any activity carried out under their IT Systems accounts or posted on their personal web pages.
E. Responsibility for Content
Official University information may be published in a variety of electronic forms. The Certifying Authority under whose auspices the information is published is responsible for the content of the published document.
Users also are able to publish information on IT Systems or over HCU’s networks. Neither HCU nor individual Systems Administrators can screen such privately published material nor can they ensure its accuracy or assume any responsibility for its content. The University will treat any electronic publication provided on or over IT Systems that lacks a Certifying Authority as the private speech of an individual User.
Conditions for University Access
The University places a high value on privacy and recognizes its critical importance in an academic setting. There are nonetheless circumstances in which, following carefully prescribed processes, the University may determine that other considerations outweigh the value of a User’s expectation of privacy and warrant University access to relevant IT Systems without the consent of the User. Those circumstances are discussed below, together with the procedural safeguards established to ensure access is gained only when appropriate.
In accordance with state and federal law, the University may access all aspects of HCU IT Systems (including devices not owned by HCU but connected to HCU IT Systems) without the consent of the User, in the following circumstances:
- When necessary to identify or diagnose systems or security vulnerabilities and problems, or otherwise preserve the integrity of the IT Systems; or
- When required by federal, state, or local law or administrative rules; or
- When such access to IT Systems is required to carry out essential business functions of the University; or
- When required to preserve public health and safety; or
- When there are reasonable grounds to believe that a violation of law or a significant breach of University policy may have taken place and access and inspection or monitoring may produce evidence related to the misconduct; or
- For Users who were members of the HCU faculty or staff: When the User’s employment at HCU has ended and there is a legitimate business reason to access the User’s IT Systems
Consistent with the privacy interests of Users, University access without the consent of the User pursuant to A (1) through (5) will occur only with the approval of the Provost and cognizant Dean (for faculty users), the Vice President Financial Operations and Administration (for staff users), the Dean of HCU College or of one of the graduate or professional schools, as appropriate (for student users), or their respective delegates, except when emergency access is necessary to preserve the integrity of facilities or to preserve public health and safety. The University, through the Systems Administrators, will log all instances of access without consent pursuant to A (1) through (5). Systems Administrators will also log any emergency access within their control for subsequent review by the Provost, Vice President of Financial Operations and Administration, dean, or other appropriate University authority. A User will be notified of University access to relevant IT Systems without consent pursuant to A (1) through (4). Depending on the circumstances, such notification will occur before, during, or after the access, at the University’s discretion. In the case of a former staff member, access without consent pursuant to A (6) must be approved by one of the former staff member’s supervisors or their successors and no logging or notice is required. In the case of a former faculty member, access without consent pursuant to A (6) must be approved by the department chair or cognizant dean and no logging or notice is required.
C. User access deactivations
In addition to accessing IT Systems, the University, through the appropriate Systems Administrator, may deactivate a User’s IT privileges, whether or not the User is suspected of any violation of this Policy, when necessary to preserve the integrity of facilities, user services, or data. The Systems Administrator will attempt to notify the User of any such action.
D. Use of security scanning systems
By attaching privately owned personal computers or other IT resources to the University’s network, Users consent to University use of scanning programs for security purposes on those resources while attached to the network.
Most IT systems routinely log user actions in order to facilitate recovery from system malfunctions and for other management purposes. All Systems Administrators are required to establish and post policies and procedures concerning logging of User actions, including the extent of individually-identifiable data collection, data security, and data retention.