Introduction

Computer information systems and networks are an integral part of business at Northcentral Technical College (NTC or the College). The College has made a substantial investment in human and financial resources to create these systems.

Information Security has been established in order to:

  1. Protect this investment.
  2. Safeguard the information contained within these systems.
  3. Reduce business and legal risk.
  4. Protect the good name of the College.

These guidelines protect Northcentral Technical College, its students, its employees, and its partners. Inappropriate use exposes all of these entities to risks including loss of confidentiality, revenue, compromise of network systems and services, fines, non-compliance with regulations, statutory violations, and unnecessary litigation.

Violations

Failure to observe these guidelines may result in disciplinary action by the College depending upon the type and severity of the violation, whether it causes any liability or loss to the College, and/or the presence of any repeated violation(s).

Administration

The Associate Vice President of Information Technology/Chief Information Officer is responsible for the administration of this policy.

Content

  1. Statement of Responsibility
  2. Mobile Devices
  3. Internet and Email
  4. Computer Viruses
  5. Access Codes and Passwords
  6. Physical Security
  7. Regulation Compliance
  8. Copyright and License Agreements

1. Statement of Responsibility

General responsibilities pertaining to this policy are set forth in this section. The following sections list additional specific responsibilities.

Supervisors Responsibilities

Supervisors:

  1. Ensure that all appropriate personnel and students are aware of and comply with this policy.
  2. Create appropriate performance standards, control practices, and procedures designed to provide reasonable assurance that all employees/students observe this policy.

Associate Vice President of Information Technology / Chief Information Officer Responsibilities

The Associate Vice President of Information Technology / Chief Information Officer will:

  1. Develop and maintain written standards and procedures necessary to ensure implementation of and compliance with these policy directives.
  2. Provide appropriate support and guidance to assist employees to fulfill their responsibilities under this directive.

2. Mobile Devices

To access NTC systems, NTC email and contacts, and apps that you have downloaded and installed, including but not limited to Microsoft Teams, Work Day, Chrome River, DUO, Blackbaud, LinkedIn Learning, on a personally owned mobile device, (e.g., smartphone, iPad, laptops, etc.) you must agree to the terms and conditions set forth below. This agreement is necessary to help ensure proper protection of NTC confidential information accessed through your mobile device.

  1. Employees must surrender their mobile device to NTC in the event a security or privacy breach has or is suspected to have occurred in connection with the mobile device.
  2. If requested, employees must also grant NTC access to their mobile device service provider’s usage records.
  3. Information Technology (IT) will provide self-service instructions for mobile device connection to NTC systems, NTC e‐mail, calendar, and contacts, and downloaded apps such as Microsoft Teams, Work Day, Chrome River, DUO, Blackbaud, LinkedIn Learning. All other support issues should be directed to the employee’s mobile device service provider.
  4. Mobile devices should not be used for College business while driving unless equipped with a hands-free device.
  5. Employees may not use the recording or photographic capability of their mobile devices in areas of the facility where individuals would have a reasonable expectation of privacy.

3. Internet and Email

This policy pertains to internet and e-mail use on any computer connected to the NTC network or placed in any NTC educational environment.

Access to the Internet is provided to employees and students for the benefit of Northcentral Technical College and its students. Employees and students are able to connect to a variety of educational resources around the world. Computers connected to the Internet also face risks associated with computer viruses and data security, and users can easily and in some cases inadvertently download material that is inappropriate to the educational, business or workplace setting. To ensure that all students/employees are responsible and productive internet users and to protect the College's interests the following guidelines have been established for using the Internet and e-mail.

Acceptable use

Employees and students using the Internet are representing the College. Employees and students are responsible for ensuring that the Internet is used in an effective, ethical, and lawful manner. Examples of acceptable use are:

  1. Using web browsers to obtain educational information from educational web sites.
  2. Accessing databases for information as needed.
  3. Using e-mail for Northcentral Technical College business contacts.

Unacceptable use

Employees and students must not use the Internet for purposes that are illegal, unethical, harmful to the College, or nonproductive. Examples of unacceptable use are:

  1. Broadcasting e-mail, i.e., spam.
  2. Transmitting any content that is offensive, harassing, slandering or fraudulent.
  3. Destruction of or damage to equipment, software, or data belonging to the College or others.
  4. Disruption or unauthorized monitoring of electronic communications.
  5. Use of the College's trademarks, logos, insignia, or copyrights without prior approval.
  6. Use of computing facilities for private business purposes unrelated to the mission of the College or to College life.
  7. Violation of software license agreements.
  8. Displaying or sending obscene, pornographic, sexually explicit, or offensive material.
  9. Displaying or sending material that is contrary to the mission or values of the College.
  10. Peer-to-Peer (P2P) file sharing programs for non-instructional use.

Employee and student responsibilities

An employee or student who uses the Internet or Internet e-mail shall:

  1. Ensure that the use of the Internet does not interfere with his/her productivity.
  2. Be responsible for the content of all text, audio, or images that is placed or sent over the Internet. All communications should have the employee’s/student’s name attached.
  3. Not transmit copyrighted materials without permission.
  4. Know and abide by all applicable Northcentral Technical College policies dealing with security and confidentiality of College records.
  5. Avoid transmission of Personally Identifiable Information (PII). This information should be handled in accordance with NTC privacy specific safeguards. If it is necessary to transmit PII, employees are required to take steps to ensure that information is transmitted in a secure manner and delivered to the proper person who is authorized to receive such information for a legitimate use. If assistance is needed with the secure email, please contact the Help Desk.

Monitoring

All messages created, sent, or retrieved over NTC’s Network are the property of the College and may be regarded as public information. Northcentral Technical College reserves the right to access the contents of any messages sent over its facilities if the College believes, in its sole judgment, that it has a business need to do so.

All communications, including text and images, can be disclosed to law enforcement or other third parties without prior consent of the sender or the receiver.

4. Computer Viruses

Computer viruses are programs designed to make unauthorized changes to programs and data. Therefore, viruses can cause destruction of College resources.

Background

It is important to know that:

  1. Computer viruses are much easier to prevent than to cure.
  2. Defenses against computer viruses include protection against unauthorized access to computer systems, using only trusted sources for data and programs, and maintaining virus-scanning software.

Information Technology’s responsibilities

  1. Install and maintain appropriate antivirus software on all Northcentral Technical College owned computers.
  2. Respond to all virus attacks, destroy any virus detected, and document each incident.

Employee/Student/General Public responsibilities

  1. No one shall knowingly introduce a computer virus into College computers.
  2. No one shall load storage media of unknown origin.
  3. Any person who suspects that his/her workstation has been infected by a virus shall immediately power off the workstation and call the IT help desk at (715)803-1160.

5. Access Codes and Passwords

The confidentiality and integrity of data stored on College computer systems must be protected by access controls to ensure that only authorized persons have access. This access shall be restricted to only those capabilities that are appropriate to each person’s duties.

Information Technology (IT) Department responsibilities

  1. The IT Department shall be responsible for the administration of access controls to all College computer systems. Security changes will be processed upon receipt of a Help Desk Ticket from the supervisor.
  2. The IT Department will maintain a list of administrative access codes and passwords and keep this list in a secure area.

Employee responsibilities

  1. Shall be responsible for all computer transactions that are made with his/her User ID and Password.
  2. Shall not disclose passwords to others. Passwords must be changed immediately if it is suspected that others may know them. Passwords should not be recorded where they may be easily obtained.
  3. Will change passwords at least every 90 days.
  4. Should use passwords that will not be easily guessed by others.
  5. Should recognize that leaving your computer logged into and unattended is equivalent to giving out your User ID and Password. You should lock your computer if away from your desk and log out when leaving a workstation for an extended period.

Supervisor responsibilities

Supervisors should notify the Human Resources team promptly whenever an employee leaves the College or transfers to another department so that his/her access can be revoked/changed. Involuntary terminations must be reported concurrent with the termination.

Human Resources responsibility

Employee security changes for new hires, transfers and terminations originate from transactions entered by the Human Resources Team.

6. Physical Security

It is the College’s policy to protect computer hardware, software, data, and documentation from misuse, theft, unauthorized access, and environmental hazards.

Employee responsibilities

  1. Storage media should be stored out of sight when not in use. If they contain highly sensitive or confidential data, they must be locked up.
  2. Storage media should be kept away from environmental hazards such as heat, direct sunlight, and magnetic fields.
  3. Environmental hazards to hardware such as food, smoke, liquids, high or low humidity, and extreme heat or cold should be avoided.
  4. Since the Associate Vice President of Information Technology / Chief Information Officer is responsible for all equipment installations, disconnections, modifications, and relocations, employees are not to perform these activities. This does not apply to temporary moves of portable computers for which an initial connection has been set up by IT.
  5. Employees shall not take Northcentral Technical College owned equipment out of the building without the informed consent of their manager. Informed consent means that the manager knows what equipment is leaving, what data is on it, and for what purpose it will be used.
  6. Employees should exercise reasonable care to safeguard the valuable electronic equipment assigned to them. Employees who neglect this duty may be accountable for any loss or damage that may result.

7. Regulation Compliance

  1. Personally Identifiable Information (PII): Northcentral Technical College has privacy specific safeguard controls for protecting the confidentiality of PII. These controls provide stringent protections above what is used for other types of data. Privacy specific safeguards help the College to collect, maintain, use, and disseminate data in ways that protect the confidentiality of the data.
  2. Family Educational Rights and Privacy Act of 1974 (FERPA): Access to an NTC student’s educational record is governed by the Family Educational Rights and Privacy Act of 1974 (FERPA) and in conjunction with the Wisconsin Technical College System and Wisconsin Statutes.
  3. A student’s official education record is confidential and shall not be released to anyone except the student unless the student provides written consent for release of information. Information requiring consent includes, but is not limited to class enrollment, attendance, grades, performance, and behavior. See Administrative/Operating Guideline #280 for more information.
  4. Payment Card Industry (PCI): Northcentral Technical College maintains compliance with the Payment Card Industry.

Employees Must Secure Confidential Information

Employees are encouraged to use common sense judgment in securing confidential information to the proper extent. If an employee is uncertain of the sensitivity of a particular piece of information, he/she should contact their manager for guidance.

8. Copyrights and License Agreements

It is Northcentral Technical College’s policy to comply with all laws regarding intellectual property.

Legal reference

Northcentral Technical College and its employees are legally bound to comply with all proprietary software license agreements. Complying with the Federal Copyright Act 17 U.S. Code § 506 - Criminal offenses. Noncompliance can expose Northcentral Technical College and the responsible employee(s)/student(s) to civil and/or criminal penalties.

Scope

This directive applies to all software that is owned by Northcentral Technical College, licensed to Northcentral Technical College, or developed using Northcentral Technical College resources by employees or vendors.

Information Technology’s responsibilities

  1. Maintain records of software licenses owned by Northcentral Technical College.
  2. Periodically (at least annually) scan the College’s computers to verify that only authorized software is installed.

Employee/Student responsibilities

Employees/Students shall not install or copy software that is not licensed to or owned by Northcentral Technical College on the College’s computers.

Civil penalties Title 18 U.S. Code § 2319

Violation of copyright law exposes the College and the responsible employee(s) to civil penalties not limited to:

  1. Liability and damages suffered by the copyright owner.
  2. Profits that are attributed to copying.
  3. Fines for illegally copies.

Title 18 U.S. Code § 2319 - Criminal infringement of a copyright

Any person who violates section 506(a) (relating to criminal offenses) of title 17 shall be punished as provided in subsections and such penalties shall be in addition to any other provisions of title 17 or any other law. Any person who commits an offense under section 506 of title 17, Criminal Offenses:

  1. Shall be imprisoned not more than 5 years, or fined in the amount set forth in this title, or both, if the offense consists of the reproduction or distribution, including by electronic means, during any 180-day period, of at least 10 copies or phonorecords, of 1 or more copyrighted works, which have a total retail value of more than $2,500.
  2. Shall be imprisoned not more than 10 years, or fined in the amount set forth in this title, or both, if the offense is a felony and is a second or subsequent offense under this subsection.
  3. Shall be imprisoned not more than 1 year, or fined in the amount set forth in this title, or both, in any other case.
  4. Violations will refer to 18 U.S. Code § 2319 - Criminal infringement of a copyright.

Acknowledgment Procedure of the Information Security Policy

Complete the following steps:

  1. Read the Information Security Policy.
  2. By accepting the Employee Handbook you are agreeing to the terms in the Administrative/Operating Guideline – Information Security Policy.
    1. I have received and read a copy of the “Information Security Policy” and understand the
    2. same;
    3. I understand and agree that any computers, software, and storage media provided to me by the College contains proprietary and confidential information about Northcentral Technical College and its students or its vendors, and that this is and remains the
    4. property of the College at all times;
    5. I agree that I shall not copy, duplicate (except for backup purposes as part of my job here at Northcentral Technical College), otherwise disclose, or allow anyone else to copy or duplicate any of this information or software;
    6. I agree that, if I leave Northcentral Technical College for any reason, I shall immediately
    7. return to the College the original and copies of any and all software, computer materials, or computer equipment that I may have received from the College that is either in my possession or otherwise directly or indirectly under my control.

Questions regarding this policy should be directed to the Associate Vice President of Information Technology/Chief Information Officer.

Revised on 11/11/2016
Revised on 03/20/2017
Revised on 12/01/2017
Revised on 02/21/2022