Acceptable Use Guidelines for Computing and Technology Resources
Tarrant County College reserves the right to amend or otherwise revise this document as may be necessary to reflect future changes made to the Information Technology environment. You are responsible for reviewing this policy periodically to ensure your continued compliance with all TCC policies and guidelines.
Revision: 1.5 on November 3, 2022
Effective Date: November 19, 2008
0.0 Definitions and Terms
- Guidelines: This document.
- P&R Manual: The TCC Policy and Regulation Manual.
- Users: Students, faculty, staff, partners, contractors, consultants, temporaries, library patrons, visitors, guests, and other workers at TCC, including all personnel affiliated with third parties using Resources.
- Resources: All computing and technology systems that are owned, leased, or operated by TCC.
- Multi-Factor Authentication (MFA): Security technology that requires you to use at least two pieces of information (known as factors) to log into a website or application. These factors include SMS text messages, push notifications, use of a Fob or Dongle, etc.
- Virtual Desktop Infrastructure (VDI): Allows you to log on to a virtual desktop from anywhere you have internet access.
- Spam: (noun) Unsolicited (usually commercial) e-mail sent to a large number of addresses; (verb) To send unsolicited e-mail to numerous addresses.
- Peer-to-Peer File Sharing (P2P): Method of file sharing in which individual computers using the same networking program are linked via the Internet to directly access shared programs/files. Examples include, but are not limited to, BitTorrent and Gnutella.
- Pirated Software: Unauthorized copied computer software.
- Viruses, Worms, Trojan Horses: A variety of hostile, intrusive, or annoying software or program code usually causing harm.
- E-mail Bombs: Sending large volumes of e-mail to an address in an attempt to overflow the mailbox or overwhelm the server where the email address is serviced.
- Ransomware: (scareware, screen lockers, encrypting ransomware) A type of malware that prevents users from accessing their system or personal files and demands ransom payment in order to regain access.
- Phishing: (spear phishing, whale phishing) a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker.
- Social Engineering: Threat actors may use social engineering in order to trick people into opening attachments or clicking on links by appearing as legitimate—either by seeming to be from a trusted institution or a friend.
Tarrant County College's (TCC) intentions for publishing Acceptable Use Guidelines are not to impose restrictions that are contrary to TCC's established culture of openness, trust, and integrity. The purpose of these Guidelines is to ensure the TCC networked Resources will be used to support the College's mission. TCC is committed to protecting authorized Users and itself from illegal or damaging actions by individuals, either knowingly or unknowingly.
All systems and people using TCC Resources, whether on campus or remotely, are using the property of TCC. TCC Resources are to be used for business purposes in serving the interests of the college, and our students in the course of normal operations. Review the TCC Board Policy Manual for further information.
Prior to purchase, all technologies (hardware or software) and/or any contract with a third-party vendor, regardless of the funding source, must be submitted to the Chief Technology Officer (CTO) for review. Technologies/contracts are reviewed by the Chief Technology Officer and forwarded to the appropriate committee for technical commentary on the ramifications of the technologies/contracts on the TCC infrastructure, support systems, and technical staff. All SaaS (cloud-based) products are now required by state law to have a security review before we purchase or renew. The process to request a Security Review starts with a TCC Service Center request. The Director of Information Security and/or their assignee will conduct the security review. Texas law says that any system(s) containing sensitive information or having a major impact to the operations of the College must be certified for security and privacy compliance.
Note: All technologies (hardware or software) and/or any contract with a third-party vendor that require changes to firewalls or other security resources to allow outside access to TCC must be submitted to the Chief Technology Officer for approval prior to purchase.
Access to Tarrant County College's network and its computer resources is a privilege, not a right. Effective security is a team effort involving the participation and support of every TCC employee and student who deals with information and/or information systems. It is the responsibility of all computer Users to know these Guidelines, and to conduct their activities accordingly.
College-wide departments are encouraged to add, with the approval of the appropriate authority, individual guidelines that supplement, but do not lessen the intent of the Acceptable Use Guidelines.
The purpose of these Guidelines is to outline the acceptable use of computing and technology resources at TCC. These Guidelines protect the students, employees, and the College. Inappropriate use exposes TCC to risks including virus attacks, compromise of network systems and services, and legal issues. Anything that degrades or compromises the ability of staff, faculty, or students to perform or meet the mission of TCC constitutes unacceptable use.
These Guidelines apply to students, faculty, staff, partners, contractors, consultants, temporaries, library patrons, visitors, guests, and other workers at TCC, including all personnel affiliated with third parties. These Guidelines apply to all systems, equipment, and resources that are owned, leased, or operated by TCC.
People utilizing these Resources agree to follow all applicable policies of the college, as well as federal, state, and local laws. TCC reserves the right to limit, restrict or deny access to its computer resources, as well as to take disciplinary and/or legal action against anyone in violation of these policies and/or laws. Users should have no expectation of privacy while using College-owned or leased equipment. Information passing through or stored on the College's equipment can and will be monitored.
All Users of TCC computing systems must read and comply with the Guidelines outlined in this document, as well as any additional guidelines established by the administrators of each department and/or campus or College unit. By using any of these systems, users agree that they will comply with these guidelines.
4.1 General Use, Privacy and Data Ownership
- TCC's network administration desires to provide a reasonable level of privacy, however data created on TCC systems remains the property of the College. Because of the need to protect TCC's network, management cannot guarantee the confidentiality of information stored on any network resource belonging to TCC beyond that required by law or TCC policy.
- Employees are responsible for exercising good judgment regarding the reasonableness of personal use. All departmental guidelines regarding personal use must supplement and support the TCC P&R Manual and the Acceptable Use Guidelines. For security and network maintenance purposes, authorized individuals within TCC monitor equipment, systems, and network traffic. Networks and systems will be audited on a periodic basis to ensure Guideline compliance.
- Computer use is subject to:
- review or disclosure in accordance with the Texas Public Information Act and other laws
- administrative review of computer usage for security purposes or in regard to a policy or legal compliance concern
- computer system maintenance
- audits to protect the reasonable interests of TCC and other computer system users
Anyone using TCC's computer systems expressly consents to monitoring on the part of TCC for these purposes and is advised that if such monitoring reveals possible evidence of criminal activity, TCC administration may provide that evidence to law enforcement officials. TCC is unable to guarantee the privacy of electronic files, data, or e-mails except as mandated by Law.
4.1.2 Remote Locations, Multi-Factor Identification, and VDI
- TCC policy has been established that allows for a flex schedule and a remote work opportunity for District Employees. Prior manager approval and mandatory remote training is required to access this benefit. Connection to the TCC network for work purposes will be with TCC-issued equipment. Remote access will require the use of MFA and VDI.
- Multi-Factor Authentication (MFA) is the established norm for accessing TCC resources whether on premises or from a remote location. Security technology that requires you to use at least two pieces of information (known as factors) to log into a website or application. These factors include SMS text messages, push notifications, use of a Fob or Dongle, etc.
- Virtual Desktop Infrastructure (VDI) allows you to log on to a virtual desktop from anywhere you have internet access. VDI is TCC's tool to access TCC's network or shared drives when not physically on campus or connected to the TCC network. VDI provides you virtual access to many campus applications and programs. You can access VDI by visiting cloud.tccd.edu.
4.2 Security and Proprietary Information
- Intellectual property laws apply to the electronic environment. Data communicated through the TCC network or on TCC Resources are subject to copyright laws, unless specifically stated otherwise.
- Users are responsible for the security of their passwords and accounts. Passwords are not to be shared.
- Antivirus software will be installed on all devices if such software exists. All devices operated by the user that are connected to the TCC Internet/Intranet/Extranet, whether owned by the user or TCC, shall be continually executing approved virus scanning software with a current virus database.
- All servers must be approved by the Chief Technology Officer or designated representatives before being attached to the network.
- All network access at TCC must be engineered, registered, operated, or authorized by Network Communication Services, as detailed in the TCC Network Guidelines.
- Any modification to the TCC network must be approved by Network Communication Services.
- Removable data storage devices or media (e.g., data disks, USB devices, external hard drives, etc.) can only be used to connect to TCC Resources where expressly allowed.
4.3 Unacceptable Use
Under no circumstances is a TCC employee authorized to engage in any activity that is illegal under local, state, federal or international law while utilizing TCC-owned or leased resources. See TCC Board Policy Manual.
The lists below are by no means exhaustive, but an attempt to provide a framework for activities which fall into the category of unacceptable use.
4.3.1 Unacceptable System and Network Activities
The following activities are strictly prohibited, with no exceptions. Users shall not:
- Connect any device to the network (outside designated wireless access areas) without prior authorization, this includes but is not limited to personal computers, hubs, and wireless equipment.
- Load or allowed to be loaded onto any TCC device or any device attached to the TCC network, Peer-to-Peer file sharing applications. Peer-to-Peer file sharing is not supported or allowed on the TCC network. Devices transferring Peer-to-Peer traffic will be removed and cleaned. Based on content of files being shared, disciplinary actions may be taken.
- Violate the rights of any person or company protected by copyright, trade secret, patent or other intellectual property, or similar laws or regulations, including, but not limited to, the installation or distribution of Pirated Software or other software products that are not appropriately licensed for use by TCC.
- Copy or distribute without authorization copyrighted material including, but not limited to, digitization and distribution of photographs from magazines, books or other copyrighted sources, copyrighted music, and the installation of any copyrighted software for which TCC or the end user does not have an active license.
- Export software, technical information, encryption software or technology, in violation of international or regional export control laws. The appropriate authority shall be consulted prior to export of any material that is in question.
- Introduce malicious programs (e.g., Viruses, Worms, Trojan Horses, E-mail Bombs, etc.) into the TCC network or on TCC Resources.
- Reveal your account password to others or allow use of your account by others. This includes family and other household members when work is being done at home.
- Engage in procuring or transmitting material that is in violation of sexual harassment or hostile workplace laws.
- Make fraudulent offers of products, items, or services originating from any TCC account.
- Effect security breaches or disruptions of network communication. Security breaches include, but are not limited to, accessing data of which the employee is not an intended recipient or logging into a server or account that the employee is not expressly authorized to access. For purposes of this section, "disruption" includes, but is not limited to, network monitoring or sniffing, “Ping Floods”, packet spoofing, denial of service, and forged routing information for malicious purposes.
- Perform port scanning or security scanning. This activity is expressly prohibited.
- Execute any form of network monitoring which will intercept data not intended for the user's host, except as performed by authorized network personnel.
- Circumvent user authentication, security, or administrative access control of any host, network, or account.
- Interfere with or deny service to any User (for example, “Denial of Service Attack”).
- Use any program/script/command, or sending messages of any kind, with the intent to interfere with, or disable, an individual's use of TCC Resources, via any means, locally or via the Internet/Intranet/Extranet.
- Provide information about, or lists of, TCC employees to parties outside TCC. This information will only be provided in accordance with TCC policy by the appropriate authority.
- Use TCC Resources for personal financial gain or personal commercial purpose.
- Access or read without authorization any electronic file, program, network, or system.
- Duplicate and distribute without authorization commercial software and other copyrighted digital materials. All commercial software and many other digital materials are covered by a copyright of some form. The unauthorized duplication and distribution of software and other copyrighted materials (including copyrighted music, graphics etc.) is a violation of copyright law and these Guidelines.
- Use TCC's Resources for the transmission of commercial or personal advertisements, solicitations, promotions, or transmission of political material that is prohibited by the TCC Board Policy Manual except as may be approved by the appropriate authority.
4.3.2 Unacceptable Email and Communications Activities
The following activities are strictly prohibited, with no exceptions. Users shall not:
- Send unsolicited email messages, including the sending of Spam, "junk mail" or other advertising material to individuals who did not specifically request such material.
- Transmit any form of harassment via electronic communications, whether through language, frequency, or size of messages. Violations of electronic communications use include, but are not limited to, accessing, downloading, uploading, saving, receiving, or sending material that includes sexually explicit content or other material using vulgar, sexist, racist, threatening, violent, or defamatory language. See the TCC Board Policy Manual.
- Create or forward "chain letters", "Ponzi" or other "pyramid" schemes of any type.
- Use unsolicited email originating from within TCC's networks or other Internet/Intranet/Extranet service providers on behalf of, or to advertise, any service hosted by TCC or connected via TCC's network.
- Post the same or similar non-business-related messages to large numbers of email addresses or newsgroups (email and newsgroup Spam).
5.1 Responsibilities of Users
- Use TCC's computer resources responsibly, respecting the needs of other computer Users.
- Be responsible for any usage of one's computer account. Users should maintain the secrecy of their passwords.
- Report any misuse of computer resources or violations of these Guidelines to their department head or to the appropriate authority.
- Comply with requests and instructions from TCC computer systems support personnel.
- Ensure that communications reflect high ethical standards, mutual respect, and civility. See the TCC Board Policy Manual.
5.1.2 Responsibilities of Deans, Department Heads and Supervisors
Deans, Department Heads, Supervisors shall:
- Ensure that employees within a department receive opportunities to attend training courses that enable them to comply with these Guidelines and other applicable guidelines.
- Promptly inform appropriate network and system administrators when employees have been terminated so that the terminated employee's access to TCC's networked resources may be disabled.
- Promptly report ongoing or serious problems regarding computer use to the appropriate authorities.
- Violators of these Guidelines are subject to a full range of sanctions, including but not limited to the loss of computer or network access privileges.
- Violators may be subject to disciplinary action as outlined in TCC's P&R Manual. See the TCC Board Policy Manual.
- Some violations may constitute criminal offenses, as outlined in the Texas Statutes relating to computer crimes and other local, state, and federal laws; TCC will carry out its responsibility to report such violations to the appropriate authorities. See the TCC Board Policy Manual.
|1.2||Layout and formatting change|
|1.3||Added more Definitions and Terms|
|1.4||Added links for Policies and Regulations webpages|
|1.4.1||Changed "Policies and Regulations manual" references to "Board Policy Manual" and updated the associated links|
|1.5||Added more definitions and terms. Added remote work, MFA, VDI. Added links, updated titles|
Updated January 20, 2023