Acceptable Use Policy for Computing and Communications
In general, the College's computing facilities and services are meant for college-related, non-commercial use. These facilities and services include: the central systems and network used for academic and administrative computing, along with their associated software and files; communications facilities such as dial-up and network access; other college-owned computers including those in departments and labs; and college-provided supplies and other materials.
The use of the College's computing facilities and services is a privilege, not a right, granted by the College to its users. By using the facilities to store information, the user acknowledges the College's right to access any file (including electronic mail files) on its systems as a part of responsible system management.
Most of the software provided by the College for use in its facilities and on its computer systems is governed by licensing agreements. By using such software, the user agrees to abide by the terms of those agreements as well as applicable local, state and federal laws. Unauthorized copying or removal of such college-supplied software is specifically prohibited.
Furthermore, users may not use or attempt to use the College's computing facilities and services in any way that deliberately interferes with the reasonable and private use of these facilities and services by others. The College reserves the right to revoke a user's privilege to use any or all of the College's computing facilities and services. Further action may be taken by the College should the user violate any of these policies. Such violations may also result in legal action should they involve such things as copyright laws and licensing agreements.
Students, faculty, and staff have a single password for access to all network services including email, Canvas, AccessLVC, MyLVC, the LVC website, lab computers, the library catalog, and research databases.
Characteristics - Passwords must be at least eight characters in length; contain at least one alphabetic and one numeric character; be different from the last five passwords; and not be easily guessable (license plate, telephone number, birthday, etc.).
Expiration - Users are required to change their passwords at least every 180 days (more frequently for some users). Users are encouraged to change their password more frequently, and should immediately do so if the password may have been compromised (i.e., someone may have seen or otherwise obtained it). An email notification is sent to the user 14 days before his or her password expires, followed by several reminders.
Reset - Users who have forgotten their password or allowed it to expire may reset their password. The user requesting the change is authenticated using a combination of username, last four digits of SSN, birth date and a secret question that is required for employees and optional for students. A password is generated and displayed on the screen for a maximum of 20 seconds. The generated password is random and follows the guidelines in the Characteristics section above.
User Responsibilities - Users are held responsible for all activities associated with their accounts. Upon using his or her LVC username and password for the first time, a user agrees to:
- Comply with the College's Acceptable Use Policy.
- Use a strong password (see the Characteristics section above).
- Change the password at least every 180 days or more frequently as needed.
- Protect the password and never share it even with a relative, friend, or colleague
Employee Computer Policy
The College seeks to provide technology that best meets the needs of all users while also trying to maximize the use of its resources. The Office of Information Technology (OIT) recognizes the existence of multiple computing platforms to support the instructional, research, and computing needs of its employees. To that end, employees typically will be offered a Windows desktop or laptop computer of varying designs, weight, or features depending on the position and/or employee responsibilities. In situations where a desktop computer is assigned, and the employee and their supervisor feel a laptop computer is needed, a written request may be submitted to the OIT.
An Apple computer may be issued for employees with demonstrated need. A request for a computer other than a Windows PC should be made in writing to the OIT and should include the reasons why a non-Windows system is required. Justification should be specific and go beyond issues of individual preference, e.g. the need to use unique, platform-dependent software applications. For faculty, the Dean of the Faculty, in consultation with the OIT, will determine if a non-Windows system will be provided. For all other employees, the Senior Director of Information Technology & CIO will determine if a non-Windows system will be provided. OIT will provide training and assistance as needed for employees moving to a new platform.
Additional accessories, computing hardware or software may be purchased through the Office of Information Technology. Please request a cost for these additional items in advance along with an expected date needed. You will be asked to supply a budget number prior to purchasing, please have this number ready in order to purchase the additional items quickly.
Software Copyright Policy
Respect for the intellectual work and property of others has traditionally been essential to the mission of colleges and universities.
This institution recognizes its obligation to promote procedures and circumstances that will reinforce this principle and to provide continuing guidance as to what constitutes dishonesty.
- Violation of software license agreements and/or copyright, including such practices as unauthorized copying or commercial use of software, is both unethical and illegal. In particular, some of the software used by the college is licensed under a special academic agreement that may prevent its use for commercial endeavors. For example, Macromedia products are made available for educational purposes only. Any work made using college-provided software must comply with the academic agreement and be for educational purposes only. To create non-academic work, faculty, staff, and students must use a commercial copy of the software to comply fully with terms of the license agreement.
- Plagiarism, including the unauthorized copying of non-copyrighted software, programs, applications, data, or code is not condoned or tolerated by the institution.
- Acts of plagiarism or the failure to observe software copyrights and/or license agreements may result in disciplinary action by this institution and/or legal action by the rightful owner.
Copyrighted Works Policy
The Higher Education Opportunity Act of 2008 (HEOA), is a re-authorization of the Higher Education Act of 1965 (HEA).
It includes provisions that are designed to reduce the illegal uploading and downloading of copyrighted works through peer-to-peer (P2P) file sharing. These provisions include requirements that:
- Institutions make an annual disclosure that informs students that the illegal distribution of copyrighted materials may subject them to criminal and civil penalties and describes the steps that institutions will take to detect and punish illegal distribution of copyrighted materials.
- Institutions certify to the Secretary of Education that they have developed plans to “effectively combat” the unauthorized distribution of copyrighted material.
- Institutions, “to the extent practicable,” offer alternatives to illegal file sharing.
- Institutions identify procedures for periodically reviewing the effectiveness of the plans to combat the unauthorized distribution of copyrighted materials.
- All users are bound to the College Computer User Agreement Policy which authorizes the College to take action if a user violates policy including illegal or other prohibited activities.
- Illegal sharing of software or media may result in the loss of network privileges or further disciplinary action by the College.
- Any subsequent violations of this nature will be referred to Student Affairs for disciplinary action that could result in suspension.
- Email the following to students and employees each semester:
- This is a reminder that the College respects the copyrights held by the owners of intellectual property such as sound recordings and videos. Many of our own faculty, students, and alumni hold copyrights to articles, books, music, art, and other forms of creative works. They and other authors and artists have, among other things, the fundamental right to determine how their works are copied and distributed.
- If you are acquiring or distributing copyrighted materials through file-sharing applications you may be in violation of copyright law. There are ethical as well as legal issues surrounding such file sharing, and we urge you to honor the rights of the owners of these works.
- Proactively follow-up on all RIAA or Media notices of violations. This may include contacting the student and the Student Affairs department, as well as recommending further disciplinary actions as per the file-sharing policies set forth by the College.
- Employ bandwidth shaping and content-filtering technology to deter illegal peer-to-peer sharing.
- Offer information about legal alternatives for downloading copyrighted materials.
- Annually review file-sharing and copyright policies, procedures, and technologies.
Multi-Factor Authentication Policy
The purpose of this policy is to define requirements for accessing Lebanon Valley College's network and information systems from off campus. This policy is designed to minimize security exposure and to limit damages to LVC from unauthorized access to and use of LVC’s systems. Multi-factor authentication adds a layer of security which helps deter the use of compromised credentials.
This policy applies to all members of the LVC community with a college-owned or personally owned computer or workstation used to connect to the campus network and technology resources. Many systems on LVC’s campus may be protected by multi-factor authentication (“MFA”). This policy applies to any college system that requires an additional layer of protection, as determined by the Office of Information Technology such as: Azure, Office 365, VPN and SSO Services.
3.1 User Requirements
• Register a device or alternative contact to provide a secure method for LVC to contact you during the authentication (logon) process, such as a cellphone that can receive texts or has the Microsoft Authenticator app installed, a landline phone or a non-College email address. If you do not register, you will not be able to use and therefore not be able to access systems that require MFA.
• When you attempt to log into a LVC system protected by MFA, the system will “challenge” you by requesting a secret security code. This code will be provided through the secure method you selected during registration or as a confirmation request in the MFA application. If you enter the correct code, you will be allowed into the system. Failed attempts will be handled according to current College account policies and procedures.
• It is your responsibility to promptly report the theft, loss or unauthorized disclosure of proprietary or personally identifiable information (PII) to the Office of Information Technology.
Users will use the MFA self-enrollment process to register their authentication device(s).
There may be situations in which a User has a legitimate need to utilize LVC technology resources outside the scope of this policy. The CIO in consultation with the Infrastructure and Security team may approve, in advance, exception requests based on balancing the benefit versus the risk to the College. Exception requests should be made through the Solutions Center email@example.com.
Include a brief description of the type of data you need to access. Please be certain to indicate if you handle Personally Identifiable Information (PII) or other confidential information, such as electronic protected Health Information (ePHI), financial data, student academic records (e.g. grades or test scores), credit card payments, Social Security numbers or work with children.
4.2 Periodic Review and Recertification
Due to the evolving nature of technology, cyber threats and the changing roles of users at the College all exemptions will be reviewed periodically and at the discretion of the CIO in collaboration with the Infrastructure and Security team. This review will verify that the need stated in the request is still valid and/or that the employee still requires the approved MFA exempted access.
5. Off-Hours and Emergency Access to Protected Data
The Infrastructure and Security team shall maintain internal procedures for processing emergency access requests if issues arise with the MFA authentication process. Users should contact the Solutions Center for access in the event of an emergency at firstname.lastname@example.org or 717-867-6072.
Approved by Presidents Staff on 7/6/2021
Helpful Links and Instructions