Information
Technology Division
|
RUL #900. 90.###
Issued by
the Vice Provost for Information Technology
Audience: Campus
Service Type:
General
Service name:
Violations of Policy- ITD Procedures
Brief description:
Section V of NC State's Administrative Regulations-Computer Use provides a general outline of appropriate procedures for dealing with violations of computing and network policies. In keeping with these procedures, ITD Systems administrators may refer violations of University policy, regulations or rules to appropriate University officials for disciplinary procedures. Violations of policy by students are referred to the Office of Student Conduct. Violations of policy by faculty, EPA non-faculty, and SPA staff are referred to supervisors or department heads.
Systems administrators may also temporarily limit or deny account or machine access, as described in Administrative Regulations-Computer Use. Such cases will be referred to an appropriate University official to assure due process. More details are provided below.
Clients subject to these procedures:
All those using systems and services supported by NC State Information Technology Division
Type of use:
Either business or personal
Duration:
Ongoing
Rules of use:
All NC State computer and network resources are governed by Administrative Regulations - Computer Use
Levels of sanctions
Some violations of policy, regulations and rules are more serious or put University resources at greater risk than others. ITD Staff make every attempt to assure due process while responding in a manner appropriate to the severity of the violation and the degree of risk to University resources. Toward this end, violations and sanctions are divided into the following categories:
Level one
Low-risk violations: Violators are issued an e-mail warning, which includes reference to the published policy, regulation or rule governing the behavior and a request for a written response indicating the behavior will stopped. Examples include eating or drinking in computing labs, reports of offensive e-mail, minor incidents of misuse of login/remote access servers, minor incidents of chain letters.
Level two
Medium-risk violations or if user fails to response to a level-one e-mail warning: Violators are given the opportunity to discuss alleged violation with the investigator of offense. They are asked to sign a policy statement indicating they have read and will adhere to the rules and regulations. Examples include but are not limited to account sharing, spam, Ponzi (pyramid) schemes, minor cases of port scanning. If port scanning indicates a machine compromises network security, it will be removed from network until secured. Minor incidents of commercial use of Web pages may result in loss of access to Web pages until material is removed from the site and a policy statement signed.
Level three
High risk violations, violations of state or federal law, or if account user fails to meet with systems administrator or refuses to sign policy statement: The account user is referred to the appropriate University official (the Office of Student Conduct, in the case of student violations). Activities that result in denial of access for users and any activities which interfere with normal network services may also result in the offending machine being removed from the network. Examples include copyright infringements, attempts to break into a machine, most instances of forged e-mail.
Additional service procedures/restrictions:
Loss of access to account, service, machine, etc.
Section V of NC State's Administrative Regulations-Computer Use states that "a University system administrator (or designees) may suspend a user's access privileges or suspend services to a computer, for as long as necessary to protect the University's computing resources, to prevent an ongoing threat of harm to persons or property, or to prevent a threat of interference with normal University functions."
In such cases, ITD staff observe the following procedures, as stated in Administrative Regulations-Computer Use:
1. The user must be sent written or electronic notice of the suspension of access and the reasons for it, and notice of the time, date, and location at which the suspension may be discussed with the system administrator.
2. The user must be given an opportunity to meet with the system administrator at his or her earliest convenience to discuss the suspension and present any reasons the user has why the suspension should be lifted. The system administrator must reconsider his or her suspension decision in light of the information received at this meeting.
3. Following the meeting, the user must be sent a copy of the system administrator's decision upon reconsideration, and must be notified that the user may appeal to the system administrator's immediate supervisor if the user is dissatisfied with the outcome of the meeting. (Section V, "Violation of Policy")
Records
ITD staff maintain a restricted-access database of all violations that come to their attention. Although they are not publicly accessible, these records may be used by appropriate officials during disciplinary or legal proceedings.
For more information/documentation
www.fis.ncsu.edu/ncsulegal/compuse.htm
Last
modified: Oct. 10, 01 jd
Return
to ITD Rules and Regulations index page
Send questions to help@ncsu.edu
