You might be interested reading the IT Policy for Employees
¶ Preface
"Respect for intellectual labor and creativity is vital to academic discourse and enterprise. This principle applies to works of all authors and publishers in all media. It encompasses respect for the right to acknowledgment, the right to privacy, and the right to determine the form, manner, and terms of publication and distribution. Because electronic information is volatile and easily reproduced, respect for the work and personal expression of others is especially critical in computer environments. Violations of authorial integrity, including plagiarism, invasion of privacy, unauthorized access, and trade secret and copyright violations, may be grounds for sanctions against members of the academic community." The EDUCOM Code, 1987 http://www.educause.edu/
¶ 1. Background and purpose
AIIAS educates its students for generous service to the church and society in keeping with a faithful witness of Christ and to the world wide mission of the Seventh-day Adventist Church. AIIAS recognizes Information Technology as a tool to assist faculty and students in reaching a higher standard of excellence. As such, it should be used to glorify God.
Connecting to and using the AIIAS network is a privilege, not a right. There are rules and regulations guiding the use of the network. Everyone is expected to abide by them so as not to bring reproach to anyone. Individual departments (Computer Lab, Library, IMRC, etc.) may develop specific additional policies for IT usage, as long as they do not contradict this policy.
¶ 2. Definitions
¶ 2.1 Authorized use
AIIAS owns and operates computing and network resources as a Christian educational institution. Authorized use of its facilities should be consistent with the educational, research and service mission of AIIAS, as well as with AIIAS policy.
¶ 2.2 Authorized users
Authorized users are (a) current faculty, staff and students of AIIAS, and (b) others whose access furthers the mission of AIIAS and whose usage does not interfere with other authorized users' access to resources.
¶ 2.3 Types of Accounts
2.3.1 E-mail accounts
All faculty, staff and students receive AIIAS computing accounts, which provide access to the resources in the campus-wide academic computing realm. Full-time faculty and staff may request a courtesy account for their dependents (children and/or spouse).
¶ 2.4 E-mail Account Expiration
2.4.1 Dependents’ accounts will be terminated whenever any of the following conditions are met:
- a) the dependent leaves campus,
- b) the faculty or staff no longer is employed at AIIAS, or
- c) the faculty or staff requests that the courtesy account be terminated.
When an authorized user changes status (e.g., terminates employment, graduates, retires, changes positions or responsibilities within AIIAS, etc.), the unit responsible for initiating that change in status must coordinate with the user to ensure that access authorization to all AIIAS resources is appropriate. An individual may not use facilities, accounts, access codes, privileges, or information for which he/she is not authorized.
- 2.4.2 Students' e-mail accounts shall be terminated at the conclusion of registration of any term where the student has not registered.
- 2.4.3 Former faculty, staff and student e-mail accounts may remain active if requested and as long as it is used and they update their personal information on a yearly basis.
- 2.4.4 Graduating students will be notified before graduation that they have 30 days to renew their e-mail account if they would like to keep it otherwise it will be terminated.
¶ 3. Expected Use
The following guidelines currently exist at AIIAS and empower all members of AIIAS community to be productive members of that community. It must be understood that privileges are conditioned upon acceptance of the accompanying responsibilities within the guidelines of the AIIAS Network Usage Policy.
¶ 3.1 E-mail User
All faculty, staff and students are expected to monitor their e-mail accounts regularly. Any message delivered to the e-mail account has the same validity as a message delivered by other means. Individuals may choose to forward their e-mail from AIIAS to another e-mail provider. In this case, AIIAS cannot be responsible for messages not successfully forwarded.
¶ 3.2 Use of intellectual Property
Authorized users should always use intellectual property in accordance with the high ethical standards of the AIIAS community. Academic dishonesty or misappropriation of someone else’s work is a violation of those standards.
Intellectual Property shall be deemed to refer to patentable materials, copyrighted materials, trademarks, software, and trade secrets, whether or not formal protection is sought.
The patentable materials and copyrighted materials shall be deemed to refer to items other than software which reasonably appear to qualify for protection under the patent laws and copyright laws of the Philippines or other protective statutes, whether or not patentable there under.
Trademarks shall include all trademarks, service marks, trade names, seals, symbols, designs, slogans, or logotypes developed by or associated with AIIAS.
Trade Secrets means information including, but not limited to, technical or nontechnical data, a formula, a pattern, a compilation, a program, a device, a method, a technique, a drawing, a process, financial data, financial plans, product plans, or a list of actual or potential customers or suppliers which: (i) derives economic value, actual or potential, from not being generally known to, and not being readily ascertainable by proper means by, other persons who can obtain economic value from its disclosure or use; and (ii) is the subject of efforts that are reasonable under the circumstances to maintain its secrecy.
Software shall include one or more computer programs existing in any form, or any associated operational procedures, manuals or other documentation, whether or not protectable or protected by patent or copyright. The term “computer program” shall mean a set of instructions, statements, or related data that, in actual or modified form, is capable of causing a computer or computer system to perform specified functions.
¶ 4. User responsibilities
Just as each member of the AIIAS community enjoys certain privileges, so too is each member of the community responsible for his or her actions. In order to act responsibly, users must seek to be knowledgeable about information and the technology used to process, store, and transmit it.
¶ 4.1 Responsible use of resources
Widely accepted etiquette for the internet and web should be observed. For example, e-mail should not be sent to users, lists, or newsgroups where the subject is not appropriate, where the e-mail is not welcome, or the document size or number of destinations is excessive.
Information transmitted over the network or made available to others (e.g. through Web pages or bulletin boards) should be representative of a Christian institution. For example, materials -- text or graphics -- should not contain: materials characterized by profanity or obscene language; defamation of any individual or group; materials promoting hatred of cultural, ethnic, or religious groups; advocacy of lifestyles contrary to AIIAS policy; pornography and other sexually-oriented material. Illegal materials such as child pornography should not be accessed by or stored on any computer while connected with AIIAS, whether private or AIIAS owned.
¶ 4.2 Individual responsibilities
Computer users must ensure that their work does not interfere with others or waste computer resources. AIIAS reserves the right to monitor and block unnecessary traffic as deemed appropriate.
The campus network and computers will only be used to view or propagate information that supports the vision, mission, and values of AIIAS. ADCOM has the authority to require that any material which is deemed inappropriate be removed, or to delegate this authority to whomever they should appoint.
Examples of activities that would not support the vision, mission, and values of AIIAS are:
- Engaging in any activity that is prohibited by law (slander, hate literature, child pornography, illicit drug literature, obscene material, harassment, copyright infringements, etc.)
- Participating in gambling activities.
- Viewing, reading or transmitting any material that is sexually explicit or graphic in nature.
- Viewing, reading or transmitting any material that tends to deprive any person of their rights, or exposes any person to hatred or to affront their human dignity.
- Participating in role-playing games that have occult themes.
Computer users will not introduce worms or virus programs into the AIIAS computer systems.
All members of the campus community have the right not to be harassed by computer or network usage by others. No member of the community may, under any circumstances, use AIIAS computers or networks to harass any other person.
The following constitutes computer harassment:
-
Intentionally using the computer to annoy, harass, terrify, intimidate, threaten, offend, or bother another person by conveying obscene language, pictures, or other materials or threats of bodily harm to the recipient or the recipient’s immediate family
-
Intentionally using the computer to contact another person repeatedly with the intent to annoy, harass, or bother, whether or not an actual message is communicated, and/or the purpose of legitimate communication exists, and where the recipient has expressed a desire for the communication to cease
-
Intentionally using the computer to contact another person repeatedly regarding a matter for which one does not have a legal right to communicate, once the recipient has provided reasonable notice that he or she desires such communication to cease (such as debt collection)
-
Intentionally using the computer to disrupt or damage the academic, research, administrative, or related pursuits of another;
-
Intentionally using the computer to invade the privacy, academic or otherwise, of another or the threatened invasion of the privacy of another.
¶ 4.3 Request for New Services
Any new service that is provided by networked AIIAS computers to the AIIAS community, to the outside public, or to an outside special interest group, requires approval as outlined below:
-
A written request must be submitted to the IT Committee for evaluation. Concerns include the load the service will place on available bandwidth, any added pressures to existing AIIAS computing resources, and the cost of the service in relation to the expected benefits.
-
When a new service has the potential to impact the image of AIIAS, it shall be referred to the PR committee for consideration.
-
If approved, ADCOM will be informed of the new service before its implementation.
¶ 4.4 Information integrity
Each individual is responsible for being aware of the potential for and possible effects of manipulating information, especially in electronic form. Each individual is responsible for understanding the changeable nature of electronically stored information, and to verify the integrity and completeness of information compiled or used. No one should depend on information or communications to be correct when they appear contrary to expectations. It is important to verify that information with the source.
Users are responsible for the security of data on their personal computers. Where sensitive information is stored on a personal computer, access to internal storage should be limited by a password. Centralized backup may be implemented for some personal computers; for all other machines, the user should carry out regular backups onto removable disks or tapes. Storage media containing sensitive information (backup or otherwise) should be kept in a locked space. A personal computer connected to sensitive information (local or through the network) should not be left unattended. AIIAS cannot guarantee the confidentiality or privacy of electronic mail messages and other documents stored on AIIAS computers, and AIIAS makes no promises regarding their security. Such messages should be written with this in mind. The ease of saving, forwarding, and printing electronic mail messages and documents makes them more akin to formal letters and memoranda than to verbal communications.
¶ 4.5 Physical Security
Every effort should be made to preserve the physical security of personal computers. For example, a physical locking device and locking access doors (where applicable) should be maintained. AIIAS computers assigned to specific physical locations should not be removed without permission from AITS. Portable computers should be under personal supervision, in a locked space, or secured with a locking device at all times – especially when traveling.
¶ 4.6 Use of personally managed systems
Personally managed systems are not limited to computers physically located on the campus, but include any type of device that can be used to access AIIAS computing and networking resources from any location.
Authorized users have a responsibility to ensure the security and integrity of system(s) accessing other computing and network resources of AIIAS, whether a student, employee, or other authorized user. AIIAS information electronically stored therein must be protected.
Appropriate precautions for personally owned or managed systems include performing regular backups, controlling physical and network access, using virus protection software, and keeping any software installed (especially anti-virus and operating system software) up to date with respect to security patches.
By connection to campus network the user agrees to allow the IT department to scan their system for vulnerabilities and hardware/software information and to take appropriate actions based on the results of the scanning to ensure the security of AIIAS network.
AIIAS reserves the right to approve or deny connection and/or installation of any appliance/s or external internet services that may compromise the security, the reliability, quality and safety of the AIIAS network.
¶ 4.7 Access to facilities and information
4.7.1 Sharing of access:
Computer accounts, passwords, and other types of authorization are assigned to individual users and must not be shared with others. Computer users may log in only to their own computer accounts. Accounts and passwords may not, under any circumstances, be shared with, or used by, persons other than those to whom they have been assigned by AIIAS. Passwords should be changed regularly.
Personal user files—whether stored on disk or backup tape—are considered private and will not be scanned or read by computer services staff except as specifically authorized in section 5. If System Managers discover private information as an incidental result of performing their duties, they are obligated to keep this information confidential. However, such information, if evidence of policy violations, will be made available to administration and may be used in disciplinary proceedings.
Office computers designated by AIIAS administration for use by one individual or department are not to be shared with other individuals or department. If there is need for equipment reassignment, this should be done through the director of AITS.
4.7.2 Permitting unauthorized access
Authorized users may not run or otherwise configure software or hardware to intentionally allow access by unauthorized users.
4.7.3 Use of privileged access
Access to information should be provided within the context of an authorized user’s official capacity with AIIAS. Authorized users have a responsibility to ensure the appropriate level of protection over that information.
¶ 4.8 Attempts to circumvent security
Users are prohibited from attempting to circumvent or subvert any system’s security measures. This section does not prohibit use of security tools by personnel authorized by AITS.
¶ 4.9 Use of licensed software
All software on AIIAS or personal computers, whether on campus or connected to the campus network, must be legally licensed by the owners of the software or copyrights. Users must observe license and copyright restrictions of all software and documentation.
¶ 4.10 Software Installation on Institutional Computers
Users who wish to have personal software installed on an institutional computer need to provide the Computer Department with proof of ownership. Any software without such proof will be deleted. AIIAS computer users must submit a written request to AITS for all new installations of personal software. Software can only be installed by personnel authorized by the AITS. Installation will only take place once proof of ownership is established.
Users may desire to install software which can be freely downloaded from the Internet. Care must be taken to meet the licensing requirements of such software. Before installing such software, users should check with AITS regarding the suitability of the software for their application.
Users are encouraged to ensure that the antivirus software and the operating system on their machine is updated regularly.
If any user installs software without authorization on their machine, and this software is determined to have caused technical problems with said machine, the costs for correcting the problems will be borne by the user.
¶ 4.11 Personal Business
AIIAS-owned personal computers are to be used for AIIAS business. Staff members are responsible for the safety and security of the office equipment with which they are entrusted. Only AIIAS Faculty/Staff and students assigned to work with the Faculty/Staff are allowed to use the office computers and peripheral hardware. Children or other realtives or friends are not allowed. In the computer laboratories, academic work of students and faculty takes precedence over personal uses. Use of AIIAS computers for personal commercial activities is prohibited.
¶ 5. AIIAS Information Technology Privileges
¶ 5.1 General Guidelines
-
AIIAS reserves the right to conduct routine maintenance, track problems, and maintain the integrity of its systems. As is the case with all data kept on AIIAS computer systems, the content of electronic mail may be revealed by such activities.
-
AIIAS does not routinely monitor the contents of e-mail. However, such monitoring may be conducted when required to protect the integrity of the systems or to comply with legal obligations.
-
AIIAS reserves the right to inspect the contents of electronic mail and all disk files in the course of an investigation into alleged impropriety or as necessary to locate substantive information not readily available by other means.
-
Authorization to investigate the contents of user files must be given by the VP Finance on the basis of instructions from AIIAS Administration.
-
“AIIAS work” should generally be done on computer or communications equipment provided by AIIAS. Where personally owned equipment is used for AIIAS business, and AIIAS assumes no obligation to maintain or replace this equipment unless arrangements are made in advance.
¶ 5.2 Allocation of resources
-
AITS provides and maintains a data network, as approved by administration. This connection gives access to other computers and services both within and outside the campus.
-
Every faculty, staff and student AIIAS account permits access to e-mail, the World Wide Web, and other local, national and international services.
-
AITS will take the necessary measures to protect server-based user files from unauthorized access from on or off AIIAS.
-
Anyone connecting a computer to the AIIAS network; employee or student – is required to abide by the standards set by AITS.
-
Connections to the campus data network may be made or changed only by personnel from AITS.
-
No unauthorized servers are permitted on the AIIAS network.
-
Any requests for a routable IP address should be made through the IT Director to the IT Committee, to be approved by ADCOM.
-
Configuring static private IP addresses on any device connected to AIIAS data network must only be done in consultation with AITS.
¶ 5.3 System Administration, Networking and Data Communications
-
Any computer on the campus network that is configured to be a server must permit administrative access by AIIAS network administrator.
-
A system administrator (i.e., the person responsible for the technical operations of a particular machine) may access others’ files for the maintenance of networks and computer and storage systems, such as to create backup copies of media. However, in all cases, all individuals’ privileges and rights of privacy are to be preserved to the greatest extent possible.
-
System Managers are authorized to examine user files or processes only as far as necessary to ensure reliable and secure system operation. If reliable system operation is in jeopardy, system operators are also authorized to kill or suspend user processes, move user files to alternate storage media or delete files that can be easily recovered (for instance, from the Internet). The users affected will be promptly notified of the actions taken and the reasons why. System Managers will make every reasonable attempt to assist users in recovering work files that were destroyed in the process of attempting to keep the AIIAS systems running properly.
-
AIIAS reserves the right to review accounts in their entirety, which includes but is not limited to e-mail, stored data, and data in transit, and if an infraction is suspected, the traffic and files will be investigated with or without the knowledge of the account holder.
-
Electronic mail, once received, belongs to the recipient. A user’s mailbox is treated in the same manner as any other file belonging to that user, and is subject to the same privacy protections as regular files. AIIAS will not attempt to regulate the content of electronic mail except for cases involving violations of other policies. AIIAS accepts no liability for the content of users’ electronic mail. AIIAS has policies against racism, sexism, and sexual harassment; if necessary, individuals may direct their concerns to the appropriate administrator.
-
AIIAS may authorize confidential passwords or other secure entry identification; however, users should have no expectation of privacy in the material sent or received by them over AIIAS computing systems or networks. While general content review will not be undertaken, monitoring of this material may occur for the reasons specified above.
¶ 5.4 Monitoring of usage; inspection of files
Users should also be aware that their uses of AIIAS computing resources are not completely private. While AIIAS does not routinely monitor individual usage of its computing resources, the normal operation and maintenance of AIIAS computing resources require the backup and caching of data and communications, the logging of activity, the monitoring of general usage patterns, and other such activities that are necessary for maintaining network availability and performance.
AIIAS may also specifically monitor the activity and accounts of individual users of AIIAS computing resources, including individual login sessions and communications, without notice. This monitoring may occur in the following instances:
-
The user has voluntarily made them accessible to the public.
-
It reasonably appears necessary to do so to protect the integrity, security, or functionality of AIIAS or to protect AIIAS from liability.
-
There is reasonable cause to believe that the user has violated, or is violating, this policy.
-
An account appears to be engaged in unusual or unusually excessive activity, as indicated by the monitoring of general activity and usage patterns.
-
Upon receipt of a legally served directive of appropriate law enforcement agencies.
Any such individual monitoring, other than that specified in “(1)”, required by law, or necessary to respond to bona fide emergency situations, must be authorized in advance by the VP Finance; in all such cases, the appropriate unit head will be informed as time and the situation will allow. In all cases, all individuals’ privileges and right of privacy are to be preserved to the greatest extent possible.
¶ 5.5 Suspension of Individual privileges
Units of AIIAS operating computers and networks may suspend computer and network privileges of an individual for reasons relating to his/her physical or emotional safety and well-being, or for reasons relating to the safety and well-being of other members of the campus community, or AIIAS property. Access will be promptly restored when safety and well-being can be reasonably assured, unless access is to remain suspended as a result of formal disciplinary action imposed by the Office of the Vice President for Student Affairs (for students) or the employee’s department in consultation with the Office of Human Resources (for employees).
¶ 5.6 Wireless Policy
-
A wireless card connecing to AIIAS networks should only be configured to “Infrastructure” Mode.
-
No cordless 2.4 GHz phones are allowed on campus. Please choose other frequencies.
-
Large amounts of data should not be transferred across the wireless network without breaking into smaller blocks.
-
Any Wireless Access Point/s (WAP), router/s as well as other appliance/s connected to the AIIAS network must have the MAC/Physical address/es registered with the AITS department.
¶ 6. AIIAS responsibilities
¶ 6.1 Risk management
AIIAS, through the Department of Finance, maintains a periodic risk evaluation process to protect its information systems infrastructure and data in the face of a changing information security environment. All unit heads are required to approve an annual risk evaluation conducted by the unit with a semi-annual follow-up on identified risks.
Benefits of a properly performed risk analysis include:
Increase security awareness at all organizational levels from operations to management.
- Evaluate the status of the current security posture.
- Highlight areas where greater security is needed.
- Assemble facts, dispel myths, and fight complacency.
- Justify, prioritize, and implement effective counter-measures and procedures.
These evaluations will entail a thorough review of each unit’s information security policy, procedures, and practices.
Units will develop a policy for purchasing computing resources to ensure these resources fit the unit’s technology architecture and are properly supported.
¶ 6.2 Security procedures
AIIAS has the responsibility to develop, implement, maintain, and enforce appropriate security procedures to ensure the integrity of individual and institutional information, and to impose appropriate penalties when privacy is purposefully abridged.
¶ 6.3 Anti-harassment procedures
AIIAS has the responsibility to develop, implement, maintain, and enforce appropriate procedures to discourage harassment through the use of its computers or networks and to impose appropriate penalties when such harassment takes place.
¶ 6.4 Upholding of copyrights and license provisions
AIIAS has the responsibility to uphold all copyrights, laws governing access and use of information, and rules or contractual requirements of organizations supplying information resources to members of the community (e.g., Internet acceptable use policies and license requirements for commercial information databases).
Computer users must not use AIIAS’ computer facilities to gain unauthorized access to remote networks or systems or violate the use policies of any remote system. Use of external networks connected to AIIAS’ networks must comply with the policies of acceptable use promulgated by the organizations responsible for those networks.
AIIAS computer accounts are to be used for the institutional-related activities for which they are assigned. AIIAS computing resources are not to be used for commercial activities without written authorization from the college administration.
¶ 6.5 Disposition of Depreciated AIIAS Computer Equipment
Computers, like most AIIAS equipment, may be surpluses when they no longer meet the needs of the department. Below are the steps to go through in order to dispose of this equipment.
- Before disposing of excess computers, their availability must be advertised on the campus Intranet (or by other approved means) to other AIIAS departments for fourteen consecutive days.
- a. If another department wants the computers, transfer to that department using the transfer form provided by AITS.
- b. If the computers remain unclaimed after the fourteen days, proceed to the next step.
-
The hard drives must be manually and/or magnetically reformatted, effectively erasing the data and software to prevent infractions of copyright laws, software licensing agreements and/or security procedures regarding institutional data.
-
Choose one of the options for disposition of excess computer equipment (in order of preference)
- a. Cannibalization – Determine whether or not to cannibalize the computer for spare parts.
- b. Donation – The computer may be donated to a non-profit organization.
- c. Salvage – If the computer is not appropriate for cannibalization or for donation, it can be salvaged.
¶ 6.6 Supported Software
¶ 6.6.1 Purpose
This policy outlines acquisition and review policies and the assignment of support levels for software used by AIIAS faculty, students and staff. Its intent is to enhance the stability and predictability of AIIAS computing resources, optimize software acquisition and maintenance, and guide the allocation of computing consultant time and expertise.
¶ 6.6.2 Acquisition
All purchases of computer-related software must be cleared through AIIAS Information Technology Services (AITS). AITS will support software that it acquires of AIIAS faculty and staff, and/or recommended by AITS staff for campus-wide usage. AITS will give funding to applications that address a wide range of disciplines for instruction, research, and administration uses (e.g., SPSS, Office) and to software to be used for a specific course or program, or for development of course materials. Items considered when evaluating software for acquisition and support include, but are not necessarily limited to: the number of potential users on campus; initial and ongoing costs; the ability of the software to run on AIIAS computing systems; comparisons with other software of the same type; industry trends; and the possibility of sharing licenses across campus. During the acquisition process, discussions on the support level are held. If AITS cannot provide support and the department still wants to acquire this software, then the department must assume local responsibility and appoint a support liaison.
¶ 6.6.3 Support Levels
AITS provides three levels of software support to AIIAS computing clients: full, limited, and minimal support. Each operating system and application that is made available by AITS falls into one of these support levels. This is true for all platforms and distribution methods including the Application Servers (serving Windows-based software to the public computing sites and classrooms, AIIAS departments). In selected cases, AITS will also provide limited support for software not installed on AITS computing systems.
¶ 6.6.3.1 Full Support
Full support is given to software useful to broad segments of AIIAS. AITS encourages clients to adopt fully supported software whenever possible. AITS staff and consultants provide installation services and technical support for this software. AITS strives to develop in-depth knowledge about these applications and will pursue solutions to problems that may arise in their use at AIIAS. Training is provided, based on need, through the AITS seminar series or cooperative arrangements with departments. AITS also maintains vendor and local documentation as needed.
AITS also provides within a reasonable time current versions of fully supported software on its computing systems. Software and security upgrades are executed with a view to minimizing disruption for clients. Before an upgrade, appropriate user groups are contacted by AITS Staff, in concert with the AITS Department, to ascertain potential problems and arrive at an upgrade date. Upgrades affecting clients will be announced with enough time prior to implementation to minimize disruptions.
¶ 6.6.3.2 Limited Support
Limited support is assigned to software for which there is less need to recommend a standard or to provide a full range of services. This category of software is generally useful to fewer clients than is the case for full support software. The assignment of limited support is based on current client need and AITS resources. A consultant(s) will be familiar with this software and will provide installation and technical support. If a consultant is unable to answer a question, she or he may suggest strategies for resolving problems, or suggest other sources of assistance such as a vendor knowledge base or user groups. Training is not provided for limited support software. AITS may have vendor documentation for reference, and may have developed local documentation.
¶ 6.6.3.3 Minimal Support
Upon client request, AITS may install on its computing systems discipline-specific software obtained by Schools and Departments. AITS may, depending upon AITS capabilities and institutional priorities, install on its computing systems software which is intended to provide a convenience – through ease of accessibility – to clients. For software installed under either of these two conditions, AITS does not provide technical support, training, or local documentation. Support would have to be provided through an academic department support liaison, the software vendor, or through user groups. AITS may have vendor documentation available for reference.
¶ 6.6.4 Support Assignments and Changes
At the time of a software acquisition, a support level is assigned. For software in the minimal support category, an academic department support liaison needs to be identified by the requesting department. Current software is evaluated annually for relevance to the AIIAS community, hardware and software support investment, and price increases. A list is maintained on the Web that specifies support level and support consultants for each application. The support level list is reviewed as necessary; changes to this list are recommended to the IT Committee by the IT Operations Committee in consultation with faculty and staff, and user groups, from appropriate areas.
¶ 6.6.5 Supported Software List
See appendix A for the current list of supported software.
¶ 6.7 Purchasing of Computer Equipment
All purchases of computer related hardware and software must be processed through AITS. All systems purchased will meet minimum standards as set up by AITS. Any exceptions to this policy must be cleared through the Information Technology Committee.
When equipment is purchased for a specific office, the individual concerned may choose to pay for equipment upgrades (larger hard disk, monitor, CD rewriter, etc.) personally. Unless the upgrade paid for by the individual is clearly separable, the equipment purchased under this policy belongs entirely to AIIAS.
¶ 6.7.1 Purpose
The intent of this policy is to provide resources to meet the computing needs of the institution, enhance the stability and predictability of AIIAS computing resources, optimize software acquisition and maintenance, and guide the allocation of computing consultant time and expertise.
¶ 6.7.2 Definition
Standard desktop hardware is that which adheres to the standard list of hardware specifications and is assembled and maintainable by AITS. Certain individuals by virtue of their job requirements may need additional computing resources. Under such circumstances, a department wishing to upgrade one or more components may do so as long as the hardware configuration still meets the minimum hardware configuration. Any hardware change which causes a machine to fall below minimum standards must be cleared through the Information Technology Committee.
¶ 6.7.3 Acquisition
All purchases of computer related hardware and software must be cleared through AITS.
¶ 6.7.4 Support
AITS will service all standard desktop computers with its personnel. Under normal circumstances, users should expect to either have the computer repaired or have a functional replacement in a timely manner. AITS will work with the employee to minimize the disruptions to work due to any issues that may arise.
Standard laptops fall under the AIIAS laptop policy. Under this policy, support must be available locally from the manufacturer under a 3-year minimum parts and labor warranty. AITS is not responsible to support laptop hardware.
¶ 7. Procedures and sanctions
¶ 7.1 Investigative contact
If anyone is contacted by a representative from an external law enforcement organization (District Attorney’s Office, NBI, etc.) that is conducting an investigation of an alleged violation involving AITS computing and networking resources, they must inform the AITS and the VP Finance immediately. Refer the requesting agency to the director of AITS. For routine matters, send e-mail to security@aiias.edu. For urgent matters, contact AITS Operations at (063)46-414-4490.
¶ 7.2 Responding to security and abuse incidents
All authorized users are stakeholders and share a measure of responsibility in intrusion, detection, prevention, and response. At AIIAS the VP Finance has been delegated the authority to enforce information security policies and is charged with:
-
Implementing system architecture mandates, system protection features, and procedural information security measures to minimize the potential for fraud, misappropriation, unauthorized disclosure, loss of data, or misuse.
-
Initiating appropriate and swift action, using any reasonable means, in cases of suspected or alleged information security incidents to ensure necessary protection of AIIAS resources, which may include disconnection of resources, appropriate measures to secure evidence to support the investigation of incidents, or any reasonable action deemed appropriate to the situation.
All users and units have the responsibility to report any discovered unauthorized access attempts or other improper usage of AIIAS, networks, or other information processing equipment. If you observe, or have reported to you, a security or abuse problem with any AIIAS computer or network facilities, including violations of this policy:
-
Take immediate steps as necessary to ensure the safety and well-being of information resources. For example, if warranted, a system administrator should be contacted to temporarily disable any offending or apparently compromised computer accounts, or to temporarily disconnect or block offending computers from the network.
-
Ensure that the following people are notified: (1) your department/school head and (2) the AITS.
AITS will coordinate the technical and administrative response to such incidents. Reports of all incidents will be forwarded to Student Affairs (for apparent policy violations by students) or the department/school head (for employees) and to the VP Finance.
¶ 7.3 Disciplinary Action and Appeals
Depending on the nature and severity of the policy violation, Computer Services may take one or more of the following disciplinary actions:
- Send a verbal, written, or electronic mail warning
- Allow only restricted computer privileges
- Temporarily suspend the computer account (typically 1 to 10 weeks)
- Revoke all computer privileges
Any AIIAS employee installing or requesting someone to install unlicensed software on an institutional computer shall be subject to the following penalties:
- First offense : Letter of reprimand to be placed in their personnel file.
- Second offense: One week suspension
- Third offense: Termination of employment
Warnings and temporary suspension of accounts may be issued by the appropriate System Manager. Serious policy violations may be forwarded to AIIAS Administration who may take other disciplinary measures.
Users who are for any reason dissatisfied by the application of this policy by AITS have a right to appeal to the chair of the Information Technology Committee. The chair of the Information Technology Committee in consultation with the VP Finance will decide what temporary computer access is appropriate during any disciplinary proceedings.
¶ 7.4 Range of disciplinary sanctions
Persons in violation of this policy are subject to the full range of sanctions, including the loss of computer or network access privileges, disciplinary action, dismissal from AIIAS, and legal action. Some violations may constitute criminal offenses, as specified the appropriate laws; AIIAS will carry out its responsibility to report such violations to the appropriate authorities.
¶ 7.5 Guidelines in AIIAS Intranet
Because it is of a public nature the following guidelines should be observed:
-
All messages put on the Intranet must be of general public interest and in a language that all can understand and at AIIAS this is in English.
-
Private messages for small groups are best sent directly to them via E-mail and that can be in any language.
-
Concerns that individuals may have about maintenance, safety, policies and procedures and any other issue should be addressed to the persons in charge and are not to be put on the Intranet.
-
Messages of a political nature are not for the Intranet and only matters of concern to the AIIAS community as a whole can be put on the Intranet.
-
Any issue that undermines the credibility of faculty, staff, and students is not for public airing and should be discussed with the persons concerned. Anything that would create division and suspicion in the minds of the AIIAS readers should not be placed on the Intranet.
-
Goods for sale, seeking information, sharing places to see and visit, anything that will inform and enlighten our community, are welcome to place on the Intranet.
Significant portions of this document have been adapted from the policies of:
-
Georgia Tech Institute www.security.gatech.edu/policy
-
University of Wisconsin-Madison www.ssc.wisc.edu
¶ Appendix A
¶ Client Operating System
| Software | Support Level |
|---|---|
| Windows 10 | Full |
| MacOS | Partial |
| Linux | Minimal |
¶ Office Applications Sofware
MICROSOFT OFFICE 2016,2019 and 365
| Software | Support Level |
|---|---|
| Access | Limited |
| Excel | Full |
| PowerPoint | Full |
| Word | Full |
| Outlook | Limited |
| OpenOffice | Limited |
¶ Appendix B – Laptop Standards as of August 2023
¶ Windows Laptop
ThinkPad T14 Gen 4 
Processor: Intel 13th Generation or AMD Ryzen™ 5 PRO
Operating System: Windows
Total Memory: 8 GB
Solid State Drive:512 GB SSD
Display: 14"
Camera: 720P HD RGB with Microphone
Warranty: 3-years
Notes: AMOS only works on this type of computer.
¶ Apple Laptop
MacBook Air with M1 chip 
Colors: Space Gray / Gold / Silver
Operating System: MacOS
Total Memory: 8 GB
Solid State Drive: 512 GB SSD
Display: 14"
Warranty: 3 years AppleCare+
Note: Attempt to run Windows applications in this type of computer will incur an additional license cost and memory upgrades.
¶ Appendix C – AIIAS Computer Specification March 2008
Intel Core 2 Duo E66550, 2.33GHz
Intel motherboard with S/V/L
1 GB DDR2-667
160G Seagate SATA HDD
DVDRW
Silver Black Casing 500W Power Supply
19” LCD Monitor
USB Keyboard
Optical Mouse
USB