Vanier College logo

7610-1 Acceptable Use of Information Technology, Computing Resources and Computer Facilities Policy

In case of discrepancies, the official PDF version of the document takes precedence.

1. PURPOSE

To ensure that the use of the College’s information technology (IT) resources supports the mission and goals of Vanier College and to define acceptable use standards for Vanier College Information Technology, Computing Resources, and Computer Facilities as defined in this policy’s scope.

This policy supersedes all previous versions of the Acceptable Use of Information Technology, Computer Resources and Computer Facilities policy, and reflects a reclassification of the policy number from 7120-7 to 7610-1.

2. SCOPE

This policy covers all members (regardless of contractual status) of the Vanier College community: faculty, staff, students, administrators, and any guest or consultant who use any aspect of Vanier College information technology, computing resources and computer facilities in the broadest sense, covering hardware, software, networks, databases, Internet and associated equipment and licences.

This policy lists both responsibilities of individual users and unacceptable uses of Vanier College Information Technology, Computing Resources, and Computer Facilities that the College will not tolerate. It applies equally for the use of devices provided by the college, or personal devices on the network, when applicable.

3. DEFINITIONS

  • “Board”: the Vanier College Board of Governors, appointed in accordance with By-law 1 The General Administration of the College.
  • “College”: Vanier College of General and Vocational Education, which may be abbreviated to Vanier College, or CEGEP Vanier College as deemed necessary or expedient, and includes each of its campuses.
  • IT Resources: any aspect of Vanier College information technology, computing resources and computer facilities in the broadest sense, covering hardware, software, networks, databases, Internet and associated equipment and licences.
  • Students: Any persons enrolled at Vanier College in one or more credited or non-credited courses.
  • Employees: Anyone, with access to Vanier IT Resources, hired by the College as staff, faculty, administrator, consultant or otherwise authorized by Information Systems and Technology (IST) and legitimately provided with a valid Vanier log-in.
  • Users: Any person using College IT resources.
  • MFA: Multi-Factor Authentication. A security process that requires users to provide two or more distinct forms of identification to verify their identity before accessing an account, system, or application.

4. LEGAL FRAMEWORK

  • The legal framework is defined in the Information Security Policy

5. CONTENT

5.1. The Vanier College Information Systems and Technology Department shall:

  1. Maintain an environment in which access to the computing resources supports the mission of the College.
  2. Distribute to employees and students the Acceptable Use policy at least once a year by means of an appropriate distribution mechanism.
  3. Provide, at the start of each year to applicable employees, notice to participate in cyber awareness training.

5.2. All Users shall:

  1. Use IT Resources solely for the administrative, educational, and research goals of the College.
    1. Personal information not related to the mission of the College should not be stored on the systems and devices of the College.
    2. Any exceptions to this provision must be authorized by an exception request detailing the nature of the information, size, and end date of the requested use. The end-date cannot be further than June 30th of the current academic year, otherwise a renewal request must be presented. All requests must be placed via the College ticketing system and include manager approval. The User must wait for IT approval before proceeding.
  2. Use IT resources in a way that reflects well on Vanier College, the department or course involved, the project underway, and the individual Vanier College Community User.
  3. Use of Social Networks is governed by the Social Media Directive managed by Communications and Corporate Affairs. All official and unofficial accounts sharing Vanier College Content must comply with the procedures outlined therein.
  4. A guest must have their sponsor submit a request at least 24 hours in advance for wi-fi access. This wi-fi access will be granted for a maximum of 5 days.
  5. Remember and protect the secrecy of their account password(s).
    1. All members of the Vanier College community are required to use MFA for their accounts.
    2. When access to IT resources is received after enrollment or during employment, users are required to log in online to Omnivox and M365 to set up MFA and password recovery options. Users given access to additional software are required to enable MFA and password recovery when it is available.
  6. Obtain validation and authorization from the Director of IST Service prior to initiating the promotion or the development of any data impacting or technology solution.
  7. No users shall, whether intentionally or through negligence, attempt to circumvent security systems or disregard the security standards adopted by Vanier College.
  8. IT resources should be used in an effective, ethical, and lawful manner. Vanier College will not condone or tolerate the unacceptable or improper use of computer resources or facilities. Examples of unacceptable uses of Vanier IT resources, which are not intended to be exhaustive, can be found in Appendix A of this document.

5.3. Incident Reporting:

  1. Reporting to the IST HelpDesk(744-7500 ext. 7529 or http://help.vaniercollege.qc.ca/) any apparent system malfunction, security breach, or any incidents of unacceptable use.
    1. If appropriate, reports of these incidents should also be made to the manager who would be responsible for handling a complaint about such incidents under any of Vanier College policies.
    2. Based on the impact and urgency of the event, an escalation process can be initiated after an appropriate delay to the Coordinator of Infrastructure & Security (ext. 7861 or it-management@vaniercollege.qc.ca). This can be followed, if still required, by an escalation to the Director of the IST Service, (ext. 7156 or it-management@vaniercollege.qc.ca).
    3. Incidents that should be reported are all those found in Appendix A and any other incident using IT Resources that contravenes IST or user responsibilities within the policy, laws, or negatively impacts any users and/or Vanier College.
  2. Incidents of SPAM (unsolicited commercial message and/or unsolicited installation of a computer program in the course of a commercial activity) as per Canada Anti-Spam Law (CASL) can be reported via College email services to spam@vaniercollege.qc.ca or phishing@vaniercollege.qc.ca. It can be reported as a HelpDesk Ticket.
  3. If unsure of the propriety of an action, seek advice from Vanier College IST Management.

5.4. Application:

The Director of Information Systems and Technology is responsible for the application of this policy.

Failure to use IT Resources in an acceptable manner may lead to the termination of access to computing services, shutdown of computer account(s), expulsion from Vanier computer facilities, and other possible losses of privileges as well as the possibility of further disciplinary action by the College under any of its relevant policies and/or referral to legal and law enforcement agencies.

The users are responsible for seeking training from the College if they are unclear about how to go about meeting these responsibilities.

6. REVIEW PERIOD

This Acceptable Use Policy may be issued, reviewed and updated, if necessary, on an annual basis.

This Policy shall be reviewed at least once each 5 years, or sooner if required.

Appendix A: Examples of unethical and unlawful use of Vanier IT resources

Category Actions
Security Breach Access to computing resources without authorization
Release of passwords or other confidential information
Reading, obtaining copies of, or modifying data files, programs or passwords belonging to other computer users without the permission of those users.
Providing the use of a personal account and password to unauthorized persons.
Developing or using programs such as malware, or viruses that damage software or hardware components.
Property Damage and/or Service Disruption Physical damage to computer resources
Causing, directly or indirectly, excessive strain on the computer facilities or unwarranted or unsolicited interference with other users. Examples: chain email letters, spamming unsolicited bulk e-mail, and so on.
Using IT resources such as the Internet, electronic mail, WWW, and bulletin boards to display, download or send fraudulent, harassing, hateful or obscene material.
Developing or using programs that harass other users
Harassment Contravening Laws and Regulations of any sort, including copyrights and all forms of Intellectual Property rights
Copyright Breaching the terms and conditions of a software licensing agreement.
Other Contravening Vanier College’s posted rules and regulations of use of departmental computer labs or facilities. Examples: game playing, consumption of food, instant messaging.
Use of any Vanier College IT resources for a commercial purpose: This also includes transmitting unsolicited commercial messages and/or unsolicited installation of a computer program in the course of a commercial activity and/or personal advertisements via any electronic transmission method by using College’s computer systems/resources or resources contracted by the College, such as Omnivox, MIA, Clara, etc. and any other activity that is in violation of applicable Canadian or Quebec law, such as the Canadian Anti-Spam Law.