INTERalliance of Greater Cincinnati

ACCEPTABLE USE OF INFORMATION TECHNOLOGY RESOURCES

Last Updated: February 2024

This policy covers the acceptable use of Information Technology resources, including INTERalliance laptops and network, both by the INTERalliance Leadership Council and by attendees of INTERalliance events like TechOlympics.

A. REASON FOR POLICY

A trusted and effective information technology environment (“IT environment”) is vital to the mission of the INTERalliance of Greater Cincinnati (“INTERalliance”). To that end, the INTERalliance provides an IT environment which includes an array of computer hardware, electronic systems, computing services, networks, databases, and other resources (collectively, “IT Resources” or “Resources”). These Resources are intended to support the educational and work activities of members of the INTERalliance’s academic community and their external collaborators, support the operations of the INTERalliance, provide access to services of the INTERalliance and other publicly available information, and ensure a safe and secure IT operating environment to all members of the INTERalliance community.

This policy is intended to define and promote the responsible use of information technology at the INTERalliance while simultaneously limiting and preventing abuse of IT resources. Access to and usage of IT Resources entails certain expectations and responsibilities for both users and managers of the IT environment. This policy applies to all users of INTERalliance technology resources (“Users”), regardless of affiliation and irrespective of whether these resources are accessed from the INTERalliance office, an event venue, or from remote locations. Users covered by the policy include (but are not limited to) students, staff, teachers, sponsors, speakers, and any other guests of the INTERalliance.

Access to IT Resources is a privilege granted by the INTERalliance and must be treated as such by all Users of these systems. Effective security is a team effort involving the participation and support of every INTERalliance student, faculty, staff, retiree, non-employee associate, and guest of the INTERalliance who interacts with IT resources. It is the responsibility of every User to read and understand the terms of this Policy and to conduct their activities accordingly.

The purpose of this Policy is to protect the INTERalliance community. Inappropriate use of IT resources exposes the INTERalliance to risks including cyber security attacks, compromise of IT resources, and legal issues.

B. POLICY

1. Appropriate Uses

INTERalliance provides IT Resources during its events for use during workshops and competitions at TechOlympics and for use by the INTERalliance Leadership Council. Examples of acceptable uses are:

• Competing in Wiki Races, Speed Typing, Cybersecurity CTF, etc. during TechOlympics.
• Administrative work needed to prepare for running TechOlympics 2024.
• Communication within and outside INTERalliance for purposes related to INTERalliance business

2. Individual Responsibilities

Incidental Personal Use

The INTERalliance allows incidental personal use of IT Resources. Such use must not consume significant IT resources, interfere with other users’ access to resources, be excessive as determined by management, or otherwise violate any federal or state laws, or any INTERalliance policies or codes of conduct.

Incidental personal use that inaccurately creates the appearance that the INTERalliance is endorsing, supporting, or affiliated with any organization, product, service, statement, or position is prohibited.

Users who make incidental personal use of IT resources do so at their own risk. The INTERalliance cannot guarantee the security or continued operation of any IT resource or the security of any personal data.

If personal use adversely affects or conflicts with INTERalliance operations or activities, the individual will be asked to cease those activities and may be subject to disciplinary actions.

Individual Responsibilities

When an individual accesses INTERalliance computing services and accepts any INTERalliance issued online account, they agree to comply with this Policy and all other related policies. All members of the INTERalliance community are responsible for familiarizing themselves with all applicable policies prior to use. The INTERalliance requires Users to engage in “safe computing” practices, such as establishing appropriate access restrictions for their accounts, setting strong passwords and guarding those passwords, keeping their personal operating systems and software applications up-to-date and patched and employing security measures on their personal devices. Users are responsible to prevent others from obtaining physical access to their IT resources and ensuring that electronic and paper files in their care are safeguarded.

Bring Your Own Device (BYOD)

Users connecting personal devices to IT resources must abide by the following requirements:

• Users will not download or transfer Sensitive INTERalliance Data to their personal devices or unapproved cloud storage.
• Users will password-protect and/or passcode-lock their personal devices.
• User agrees to delete any Sensitive INTERalliance Data that may be inadvertently downloaded and stored on personal devices.
• If the personal device is lost or stolen, the device should be erased if possible. Users are strongly encouraged to regularly back up their personal devices.
• Users will maintain appropriate security protection on the personal device.
• Users may not use a Virtual Private Network (VPN) on an INTERalliance Network.
• Personal devices must not disrupt INTERalliance services or bypass INTERalliance established controls and safeguards.

Legal and INTERalliance Compliance

When using IT resources or third-party owned resources, Users must comply with all applicable federal, state and local laws. These include laws of general application, such as libel, copyright, trademark, privacy, obscenity, and export control, for instance, the Millennium Copyright Act (DMCA) as well as laws that are specific to computers and communication systems, such as the Computer Fraud and Abuse Act (CFAA) the Federal anti-hacking statute that prohibits unauthorized access to computers and the Electronic Communications Privacy Act (ECPA).

Users must not utilize IT resources to violate copyright, patent, trademark, other intellectual property rights, engage in plagiarism, or illegally download or share files. Upon formal notification or due to detection, IT must take down or otherwise block access to the infringing material. Users must also comply with applicable INTERalliance policies, and the terms of any contract or license which governs the use of the third-party resource and by which the Individual or the INTERalliance is bound.

Unauthorized Use

Users will not engage in unauthorized use of IT resources. Users will use only computers, computer accounts and data for which they have authorization. Examples of activities that violate these Terms include, without limitation, the following.

• Tampering with any hardware, networks, applications, system files or other Users’ files without authorization or permission.

• Circumventing or altering software, physical protections or other restrictions placed on computers, networks, software, applications or files.

• Allowing unauthorized access to the INTERalliance network through any computer or network device (including wireless access points).

• Use of equipment or devices that may negatively impact security, stability or performance of the INTERalliance computing environment is prohibited.

• Unauthorized use of a INTERalliance user personal identity or access (log-in) credentials is prohibited, as is sharing of credentials between two or more users.

• IT resources will not be used to fundraise, advertise, lobby, or solicit unless that use is authorized by the INTERalliance.

• The use of IT Resources, like all other INTERalliance-provided resources and activities, is subject to the requirements of ethical and legal behavior, which are consistent with INTERalliance policy and federal, state and local law.

• Users are prohibited from infringing others’ privacy.

• User are prohibited from sending obscene, pornographic, rude, or harassing messages of any kind.

• The public display of sexually explicit material on any resource may constitute sexual harassment under Title IX. INTERalliance staff and students are protected from sexual harassment by federal law.

• Users may not use IT Resources to access or possess pornographic material unrelated to INTERalliance instruction, research, or business needs.

• Users are prohibited from using IT resources in any way that would suggest their endorsement by the INTERalliance.

• IT resources shall not be used to operate a business or for commercial purposes unless that use is approved in advance by the appropriate INTERalliance Executive Director.

• IT resources may not be used to support the operations or activities of organizations that are not affiliated with the INTERalliance unless authorized by INTERalliance.

• Users are prohibited from establishing or maintaining a server without prior written authorization from Information Technologies. If approved, users are required to be responsible for keeping the server up-to-date and free of vulnerabilities.

• Users are prohibited from launching attacks, probes, or introducing, creating, or propagating any malicious programs.

• Users are prohibited from abusing printing privileges.

Use of Enterprise Tools

The INTERalliance purchases and maintains enterprise collaboration, social media, learning, research, and other technology platforms. Faculty and staff should leverage these enterprise tools available to them in the INTERalliance technology ecosystem. The use of enterprise tools reduces the risk to the INTERalliance and increases compliance with INTERalliance policies, procedures, standards and guidelines, and applicable regulatory requirements.

3. INTERalliance Rights and Responsibilities

The INTERalliance reserves the right to access, monitor, and disclose the contents and activity of an individual User on any INTERalliance IT resources and any personal device connected to or interfering with INTERalliance IT resources. Such actions may be taken at the institutional or local level and may include, but are not limited to, scanning, sanitizing, or monitoring stored data, network traffic, usage patterns and other uses of IT Resources. It may also include blocking unauthorized access to and unauthorized uses of its networks, systems, and data. This action may be taken for any reasonable cause, including, without limitation, the following:

• Maintaining the network’s integrity and the rights of others authorized to access IT Resources.

• Maintaining the security of IT Resources from threat or suspected threat;

• Preventing misuse of technology if such misuse is suspected; and

• Furthering a legitimate business need of the INTERalliance (e.g., access to IT Resources is necessary due to sudden death or incapacity of the employee).

Users who violate the Policy may be subject to disciplinary action handled through the INTERalliance’s normal student and employee disciplinary procedures.

C. DEFINITIONS

Users: All individuals that have access to INTERalliance’s IT Resources, including but not limited to all students, full time and adjunct faculty, staff, retirees, non-employee associates and guests using INTERalliance IT Resources, whether on or off site.

IT Resources: Includes an array of institutional electronic systems, computing services, networks, databases, and other resources (collectively, “IT Resources” or “Resources”). Sensitive INTERalliance Data: Sensitive INTERalliance Data is defined as documents or data whose loss, misuse, or unauthorized access can adversely affect the privacy or welfare of an individual or the INTERalliance, including information protected by privacy regulations and data classification policies.

Digital Millennium Copyright Act (DMCA):sets forth a general prohibition on circumvention of technological measures that control access to a digital work even if the resulting use of the work would otherwise be fair use.

Misuse: Technology or Data not used as intended based on policy, legal compliance or as defined in the Unauthorized Use or BYOD section.

D. PROCEDURES

Reporting and Enforcement

An individual’s access to IT Resources may be limited, suspended, or terminated without warning if that individual violates this or any other INTERalliance policy. Alleged or suspected violations of this policy will be addressed by the INTERalliance Central Ofice. Violations of INTERalliance policies governing the acceptable use of IT Resources may result in action against the User.

The INTERalliance Central Office and Tech Team reserves the right to remove or disconnect any device from IT Resources if such device negatively impacts, or has the potential to negatively impact, INTERalliance operations as determined by the INTERalliance Teech Team.

Investigations of information technology systems or services misuse is limited only to the INTERalliance IT Team or the INTERalliance Central Office. In addition to its own administrative review of possible violations of this policy and other INTERalliance policies, the INTERalliance is obligated to report certain uses of IT resources to law enforcement agencies. If an investigation involving review of the content of a faculty member, staff member or student’s files is required, authorization will be obtained from the INTERalliance Central Office. Disciplinary action for violation of this policy is handled through the INTERalliance’s normal student and employee disciplinary procedures.

Technical Issues

For technical issues send a request to the INTERalliance Tech Team at tech@INTERalliance.org.

Grievances

Grievances for decisions made regarding this policy should be sent to the Executive Director.

DISCLAIMER

The INTERalliance is not responsible for the content on websites or social media pages, other than the official web pages (https://INTERalliance.org and subdomains, https://TechOlympics.org) and our official social media pages. Such unofficial websites may include unmoderated public forums containing the personal opinions and expressions which do not represent the opinions or expressions of INTERalliance. The content of these unofficial websites and any links posted to third-party websites are not screened, approved, reviewed, or endorsed by the INTERalliance or any entity affiliated with the INTERalliance. The text and other material on the unofficial websites reflect the opinion of the specific author and are not statements of advice, opinion, or information of the INTERalliance. No one may use INTERalliance web pages for fundraising or advertising for commercial or non- commercial organizations, except for INTERalliance partners and the events of INTERalliance partners in compliance with policies governing these activities.

NOTIFICATION OF POLICY CHANGES

The INTERalliance of Greater Cincinnati reserves the right to change the Policy on Acceptable Use of IT Resources at any time. Such changes will be posted on the INTERalliance website (www.INTERalliance.org) and will become effective upon posting.

REVIEW CYCLE

This policy will be periodically reviewed and updated as appropriate.