Information Technology Policies

This policy defines the acceptable use of Franklin & Marshall (F&M) information and technology assets. Those users who violate this policy are subject to the range of sanctions set forth in the Student Code, Human Resources and College policies, as well as any applicable local, state, and federal laws. The College Infrastructure Committee reserves the right to modify this policy at any time.

II. Scope

This policy applies to all members of the F&M community, which includes employees, students, faculty, emeriti faculty, visitors, volunteers, third parties, alumni, contractors, consultants, clients, temporaries, and others (collectively known as "users"), who have access to, support, administer, manage, or maintain F&M information and technology assets.

III. Policy

Access to information and technology assets provided by the College is a privilege granted to the members of the College community. These assets are to be used for the activities for which they were designed. The College also recognizes that local, state, and federal laws relating to copyright, information security, and intellectual property are applicable to all members of the College community. The College reserves the right to limit or restrict computing privileges and access to its information and technology assets without notice. 

Privacy
While the College respects an individual's use of computing resources, it should be noted that there are no facilities provided for sending, receiving, storing, or otherwise manipulating private messages, information, or files, and there should be no expectation of privacy when using the College’s network or systems. It is not technically possible to ensure privacy. The College does not examine or disclose the contents of electronic communications and traffic data without the consent of the individual participating in the communication, except in certain cases such as responding to a cybersecurity event, phishing attack, or network issue, or as outlined elsewhere in this and other policies.

Personal use of F&M technology assets
Technology assets are provided by F&M for the ongoing business needs of the College.  Personal use of equipment assigned to an individual, such as a laptop or tablet, unrelated to the business needs of the College, is strongly discouraged, as many cybersecurity events are borne from such crossover usage. Any such personal usage is at your own risk with no expectation of confidentiality, integrity, or availability.  

Using personally owned computing equipment for College business
Employees are provided computing equipment by F&M for the purposes of performing their job functions. Using personally owned computers to directly access College administrative systems that are used for the ongoing business operations of the College, such as HR, payroll, and finance, is strongly discouraged. Employees are expected to use the equipment they have been provided for such access.

On occasion, situations arise and scenarios occur that may require access to information stored within College systems. This may be prompted, for example, by legal action, health or safety concerns, or by urgent College business needs. Access may be provided with the approval of the following College officer.

Constituency	College Officer
Students	Vice President for Student Affairs
Faculty	Provost
Senior Officers	President of the College
President	Chair, Board of Trustees
Staff	AVP for Human Resources

Internet Use
Users must observe the protections outlined in the College’s Data Classification Policy before using any Internet service to transmit, store, or process confidential or sensitive data.

Risks that users accept when accessing the Internet include:

• • Lack of confidentiality and/or integrity of information accessed, sent, or received.

  • No privacy protections.

  • Website operators and other third parties may collect, store, and share information about users who visit their sites or use their services.

Email accounts
All College email accounts

and all data transferred or stored using the College’s email system are considered College records. Ownership of intellectual property is retained by its respective creator(s). This policy is not intended to supersede the College’s Intellectual Property policies.

College email accounts:

• • are provided for College-related activities and business.

  • personal use with third-party services that have not been provisioned by the College (streaming services, social media, etc.) is discouraged. A personal email account should be used to limit the individual's and College’s security profile exposure.

Personal email accounts (i.e., email accounts not provided by the College):

• • are prohibited from being used for official College business.

  • are encouraged to be used with personal services such as social media or online shopping.

Inappropriate Use of Email
Sending inappropriate email that violates any College policy is prohibited. Users receiving inappropriate email should immediately contact the ITS Help Desk at 717-358-6789 or helpdesk@fandm.edu. In the case of serious risk or potential harm, users should contact the Office of Public Safety immediately at 717-358-3939. 

Selected examples of inappropriate use include:

• • harassing, obscene, or threatening messages

  • the unauthorized exchange of sensitive or confidential data

  • sending non-College-sanctioned advertisements, solicitations, or chain letters 

  • sending malware or a message that is intended to mislead the recipient into performing an action

  • misrepresenting the identity of the sender of a message

  • using or attempting to use the accounts of others without their permission

Network Access
The College reserves the right to determine the information security level of any non-College-owned or non-College-managed systems that connect to the College network or systems. Before granting access to the College network, the College will ensure that a baseline level of security has been met. Users are responsible for their personally owned devices while they are connected to College information resources.  The College also reserves the right to block software, applications, sites, or services that are determined to be malicious, that negatively impact network performance, or that are commonly used for copyright infringement.

Conflicting Network Services
Users may not connect systems to the College network that emulate, spoof, replicate, or interfere with existing information technology services provided by the College. Some contracted services, College network tenants, shared services organizations, etc., may inquire regarding an exemption to this “Conflicting Network Services” section by contacting the ITS department before installing any software, systems, or equipment and receiving written permission.

User Prohibitions
User accounts or user device access or services may be suspended for:

• • actions negatively impacting any College provided information or technology asset.

  • obstructing others from accessing College resources.

  • violating College licensing or contractual agreements.

Users are prohibited from:

• • distributing copyrighted material such as images, music, software, movies, electronic books, journals, or any other digital content for which the user does not have appropriate rights.

  • storing information for, or producing, physical items that could be considered weapons of any kind.

  • using College resources to offer goods or services of a commercial nature not sanctioned by the College.

User Agreement
I agree to the obligations described above and agree not to use F&M's information and technology assets in any way that diminishes the effectiveness of those assets or interferes with the reasonable and individual use of those systems by others. I acknowledge the right of Franklin & Marshall College and its designated staff, to inspect, when necessary as a function of responsible system management, all files stored in, or data transmitted through, the College’s information and technology assets.

I understand that upon violation of the terms of this agreement, the College retains the right to deny current and future computing privileges. I understand that I may also be subject to further disciplinary action by the College and/or legal action arising from the violation of any federal, state, or local laws.

Policy Maintenance
The College Infrastructure Committee will review this policy on an annual basis. All revisions will be presented to the Chief Information Officer (CIO) and Chief Information Security Officer (CISO) for approval.