Acceptable Use Policy
Wentworth Institute of Technology (Wentworth) maintains information resources to execute and deliver the Institute’s academic initiatives. These resources include information systems, learning technology, and data that the Institute is responsible for both maintaining and protecting against compromises to their confidentiality, integrity, and/or availability.
The goals of this policy are:
- Establish the requirements for the acceptable, appropriate, and responsible use of Institute information resources.
- Provide specific guidance to the adherence to the Institute’s Code of Conduct and related policies as they relate to the use of Institute information resources.
- Educate the Wentworth community on the acceptable, appropriate, and responsible use of information resources.
This policy applies to all users of Institute information resources, whether they are affiliated with the Institute or not, and to all uses of those resources, whether on campus or from remote locations. This policy is supplemented by all other Wentworth policies, standards, and guidelines, and by the policies and standards those networks to which Wentworth is affiliated, including but not limited to Colleges of the Fenway and related consortia.
Information resources governed and protected by this policy include:
- Data or information assets utilized by the Institute for both academic and administrative purposes; including both electronic and hardcopy versions.
- Information systems utilized for the creation, storage, transmission, and delivery of the Institute’s information assets; includes all Institute network and infrastructure devices and components, servers, workstations, desktops, laptops, tablets, telephony, and other electronic devices.
- Learning technology utilized in the creation and dissemination of educational materials.
- All software, applications, services, and protocols licensed and/or provisioned by the Institute for use on or with information systems and learning technology.
- Each person is responsible for utilizing Institute information resources in an efficient, ethical, and legal manner and in ways consistent with the overall Institute policy and code of conduct, as well as federal, state, and local laws. Example unacceptable behaviors include, but are not limited to:
- Transmitting or reproducing materials that are slanderous or defamatory in nature or that otherwise violate existing laws or Wentworth policies.
- Displaying obscene, lewd, or sexually harassing images or text in a Wentworth facility or location.
- Using electronic communication to harass or threaten others.
- For security, compliance, and maintenance purposes, authorized personnel may monitor and audit equipment, systems, and network traffic. Devices that interfere with other devices or users on the Wentworth network may be disconnected. The Institute prohibits actively blocking authorized audit scans. Firewalls and other blocking technologies must permit access to the scan sources.
- Each person is responsible for respecting all pertinent licenses, contractual agreements, and copyrights.
- Each user is responsible for maintaining and protecting their credentials utilized for authenticating to any Institute information resource or information system connecting to an Institute information resource.
- Each user is required to comply with the Institute’s Password Standard and any other policy document restricting or setting requirements for identification, authentication, authorization, and/or access to Institute information resources.
- At no time is any user allowed to provide the details of their account credentials to any other person.
Information and Learning Technology Resources
- Each user is responsible for ensuring the protection of the Institute’s information resources provisioned to them for institutional or personal use. This includes but is not limited to:
- Ensuring that all information systems and learning technology are physically secured against theft or damage.
- Ensuring that all information assets are properly safeguarded against unauthorized use or access, to maintain confidentiality, integrity, and availability of that information asset.
- Ensuring that information systems and learning technology are used in a professional and respectable manner for the purposes for which their use was intended.
- All devices that are connected to an Institute information system must follow the minimum configuration standard set by the Division of Technology Services and other Institute governance groups.
- All users are prohibited from utilizing any Institute information resources for the purposes of scanning, infiltrating, and/or any other act intended to determine vulnerabilities or otherwise compromise information resources, whether against an Institute device or not.
- Each user is responsible for the responsible and appropriate use of the Institute’s network with the understanding that priority will be provided to academic and administrative traffic.
- All unethical or unlawful activities on the Institute’s network are strictly prohibited. This includes but is not limited to:
- Peer-to-peer sharing of copyrighted or licensed materials.
- Unauthorized disclosure of sensitive or proprietary data protected by state or federal laws and/or Institute policies and standards.
- Any activities intended to circumvent or perform reconnaissance on or against any information systems, within or external to the Institute’s network.
- Intentional introduction of malicious code.
- The transfer of inappropriate materials, or those materials deemed to violate the code of conduct, is strictly prohibited on the Institute’s network.
The following are strictly prohibited:
- Inappropriate use of communication vehicles and equipment, including, but not limited to, supporting illegal activities, and procuring or transmitting material that violates Wentworth policies against harassment or the safeguarding of confidential or proprietary information.
- Sending Spam via e-mail, text messages, pages, instant messages, voice mail, or other forms of electronic communication.
- Forging, misrepresenting, obscuring, suppressing, or replacing a user identity on any electronic communication to mislead the recipient about the sender. This includes the acts of spoofing or otherwise misrepresenting your identity or giving false or misleading email addresses.
- Use of a Wentworth e-mail or IP address to engage in conduct that violates Wentworth policies, standards, or guidelines. Posting to a public newsgroup, bulletin board or listserv with a Wentworth e-mail or IP address represents Wentworth to the public; therefore, you must exercise good judgment to avoid misrepresenting or exceeding your authority in representing the opinion of the Institute.
It is the responsibilities of each member of the Wentworth community to report incidents involving violations of this and any Institute policy, as well as any unlawful activity, to the appropriate persons. For reporting incidents related to Wentworth information resources, email the Information Security Office at firstname.lastname@example.org or call the Tech Spot at 617-989-4500. To report unlawful activity, contact Public Safety at 617-989-4400.
This policy does not cover personally owned information resources that are not connected to or otherwise using Institute information resources.
This policy does not apply to cyber-security, computer engineering, or network engineering research activity that, by their very nature, may violate the scope of this policy. Such research must be carried out in a manner that employs sufficient and appropriate safeguards to contain the research to a pre-defined and intended Institute information resource(s). Such research must be safeguarded from conception to termination of the research. In addition, such research must not interfere with or compromise the operation or security of the Institute’s resources. All staff, faculty, or students involved in such research are strongly advised to consult with the Information Security Office before initiating any activities associated with such research to ensure that adequate and appropriate safeguards are implemented.
Minor infractions of this policy, when accidental, such as consuming excessive resources or overloading computer systems, are generally resolved informally by the unit administering the accounts or network. This may be done through electronic mail or in-person discussion and education.
Repeated minor infractions or misconduct, which is more serious, may result in the temporary or permanent loss of computer access privileges or the modification of those privileges. More serious violations include, but are not limited to, the unauthorized use of computer resources, attempts to steal passwords or data, unauthorized use or copying of licensed software, repeated harassment or threatening behavior. Any violation of this policy may result in curtailment or loss of access privileges immediately, pending review, and will be subject to any existing disciplinary procedures of Wentworth. In addition, offenders may be referred to their sponsoring advisor, department, or other appropriate offices for further action. If the individual is a student, the matter may be referred to Student Affairs for disciplinary action.
Student violations of campus policy will be referred to the judicial committee. Faculty or Staff violations of campus policy will be referred to the Provost's Office and Human Resources, respectively. Penalties may range from a warning or temporary suspension of email privileges to permanent revocation of privileges. Violations of law will be reported to the appropriate legal authorities.
Violation of local, state, and federal law may also subject users to prosecution by local, state, and federal authorities. In any such prosecution or investigation, Wentworth will cooperate with authorities. Any offense which violates local, state or federal laws may result in the immediate loss of all Wentworth computing privileges and will be referred to appropriate offices and/or law enforcement authorities. The administration of Wentworth retains the right to immediately suspend user network access, pending appropriate judicial review, if a serious infraction of policy is alleged.