CNU ICT Policies

Acceptable Use Policy

Section I: Access to Information Technology Facilities

A. Governing Principles

1. In support of its essential mission to enhance educational, economic and cultural opportunities for the people of Cebu Province, Cebu Normal University offers information technology resources to its students, faculty and staff. These resources contribute to the work of all members of the University community. They advance the scholarly pursuit of knowledge and those administrative functions necessary for the operation of the University.

2. Users of the University's information technology facilities are required to comply with and be subject to the CNU Information Technology Acceptable Use policy, university policies, user access request form, a list of which can be obtained from the office of the ICTO. The University reserves the right to amend this document at any time without prior notice.

3. All information technology users are expected to demonstrate respect for the rights of other users and to promote equitable use by all, enabling necessary access to all.

4. User access to information technology resources is contingent upon prudent and responsible use.

B. Authorization and Equity of Access

University information technology resources are provided to faculty, staff, and students for the purposes of study, research, service and other academic and university related activities. Access to information technology resources is granted to an individual by CNU for that individual's sole use in furthering the University’s mission and purpose. Information technology resources must be shared among users in an equitable manner. The user may not participate in any behavior that unreasonably interferes with the equitable use of information technology resources by another.

C. Acknowledgement of Receipt Authorization

Signature on an account application form, acceptance of a user ID, or online registration denotes that the applicant has read and understands the guidelines available and also denotes acceptance of this Acceptable Use document.

D. Priority for Access and Resource Allocation

The priority guiding information technology access and resource allocation is teaching and learning. Service, research and administrative priorities will be determined as they support teaching and learning.

---

Section II: Security of University Information Technology Resources

A. Protection of Information Technology Resources and Institutional Data

1. To protect the integrity of the University's information technology facilities and the users thereof against unauthorized or improper use of those facilities, CNU reserves the right, without notice, to temporarily limit or restrict any individual's use and to inspect, copy, remove, or otherwise alter any data, file, or system resource which may undermine the authorized use of any information technology facility.

B. Investigation and Review of Policy Infractions

1. University sanctions are imposed by the appropriate university authority and may include, but are not limited to, limitation or revocation of access rights and/or reimbursement to the university for all costs incurred in detecting and proving the violation of these rules, as well as from the violation itself.

2. Users must use only those information technology resources which the University has authorized for their individual use. The unauthorized use of information technology resources or providing false or misleading information for the purpose of obtaining access to information technology facilities is prohibited and may be regarded as a criminal act and will be treated accordingly. Users may not use university information technology facilities to gain unauthorized access to other institutions, organizations, or individuals.

3. Failure to comply with one or more of the specific requirements of this policy may jeopardize access to or use of CNUfacilities and services and could result in a review and investigation into the identified violation.

4. Supervisors of systems and facilities have the authority to immediately terminate any program or access that is suspected to be inappropriate or detrimental to operations.

C. Control and Licensing of Software

1. All users are expected to comply with all intellectual property laws including copyright law.

2. Users may not copy, distribute, display, or disclose third party proprietary software without prior authorization from the licenser. Proprietary software may not be installed on systems not properly licensed for its use. The University does not condone or authorize the copying or possession of illegal software. University students and employees are prohibited from copying software illegally and possessing illegal copies of software, whether for course-related, job-related, or private use. Any violations of this policy is the personal responsibility of the user. The University assumes no liability for such acts.

3. Any user who suspects or has knowledge of copyright or intellectual property law violations must immediately report this activity to the University Intellectual Property Rights Office (IPRO). Failure to report such activity will be considered a violation of the Information Technology Acceptable Use Policy.

D. Individual Privacy

1. Users are authorized to access, use, copy, modify, delete or grant others access to their personal files or data, as specified in this policy. However, users are not authorized to perform any of these functions on another user's account or a university system unless specifically authorized by the account holder, job description, the ICTO-Head or designee, or the appropriate system administrator.

2. Users may not monitor another user's data communications.

3. User privacy is not to be violated. However, user privacy is subject to all university policies. As such, authorized individuals may access and disseminate private information in performance of their official job duties. Unauthorized personal use of a user’s private information is prohibited .

4. Failure to protect the privacy of others by intentionally or unintentionally permitting access to systems or data is unacceptable. Violations of this requirement include, but are not limited to:

a. Leaving confidential or protected information on a screen where it could be viewed by unauthorized individuals
b. Giving a personal password to someone else
c. Leaving a personal password where it can easily be found
d. Allowing someone to use a system signed on under a personal password
e. Knowingly failing to report a personal password that has been used by another person, with or without permission
f. Leaving a system signed on and accessible while unattended

E. Confidentiality

1. The unauthorized release of any personal or confidential information may violate state and federal law and will not be tolerated. Failure to protect confidential information is unacceptable.
a. Users are responsible for their information technology accounts; they should maintain secure passwords and take precautions against unauthorized access to their information technology resources. Users may be charged with a violation if someone uses their accounts inappropriately.

F. General Security

1. General security infractions include, but are not limited to:
a. Using information technology resources for unauthorized remote activities
b. Deliberately causing system failure, disruption, or compromising system security
c. Intentionally obscuring, changing, or forging of the date, time, physical source, logical source, or other label or header information on data or electronic communications
d. Unauthorized interception of electronically transmitted information without prior written authorization from the ICTO-Head or designee
e. Performing an act which will adversely impact the operation of computers, terminals, peripherals, or networks. This includes, but is not limited to, tampering with components of a local area network (LAN) or the high-speed backbone network, otherwise blocking communication lines, or interfering with the operational readiness of a computer

---

Section III: Copyright and the Use of CNU’s Information Technology Resources

A. General Copyright Principles

1. The nature and purpose of copyright in general.

a. Copyright protections are intended to promote progress in science and the arts and to stimulate the production and publication of enlightening and creative matter.
b. Books, periodicals, musical works, motion pictures, sound recordings, computer programs, and photographs are examples of materials or works which may be protected by copyright.
c. The rights afforded to the holder of a copyright include the exclusive rights to copy and distribute the work to which the copyright applies.
d. It is not the purpose of this policy to discuss copyright principles in detail. Helpful information regarding Copyright Law is available on-line from the Intellectual Property Office of the Philippines whose address is https://www.ipophil.gov.ph/copyright/. That site contains relevant materials such as “Copyright Basics” and “Frequently Asked Questions” as well as links to various publications which cover a wide array of topics.

2. Infringement

a. An act which violates any right of the holder of a copyright is an infringing act and is illegal.

i. Section II of this Acceptable Use Policy specifically discusses the “Control and Licensing of Software.”
ii. As described below under Section III (C), violation of copyright may carry civil and criminal penalties.

b. Securing the permission of the copyright owner to make use of a work is an effective method for addressing a copyright issue.

3. Limitations on copyright protections.

a. Copyright protections are not absolute and there are exceptions to the rights afforded by copyright.
b. The “fair use” doctrine is one such exception.

i. The “fair use” doctrine recognizes instances in which use of a copyrighted work in connection with certain activities is considered “fair” and not infringing although such behavior could be infringing in other contexts.
ii. Application of the “fair use” exception entails a fact intensive inquiry and the consideration of various factors.

a. It cannot be assumed the “fair use” exception automatically applies to a particular situation or that all rights afforded by copyright give way merely because a use occurs, for example, within the context of the classroom.
b. The Intellectual Property Office of the Philippines has stated, “Copyright need not be registered to be protected. The legal protection is given the moment a work is created.”

B. Application of Copyright Principles to Users of CNU’s Information Technology Resources

1. Copyright principles apply to materials posted to and downloaded from the internet.

a. As stated in the “Frequently Asked Questions” found on the website of the Intellectual Property Office of the Philippines, “Uploading or downloading works protected by copyright without the authority of the copyright owner is an infringement of the copyright owner's exclusive rights of reproduction and/or distribution. Since any original work of authorship fixed in a tangible medium (including a computer file) is protected by federal copyright law upon creation, in the absence of clear information to the contrary, most works may be assumed to be protected by federal copyright law.”
b. Users of CNU’s Intellectual Property Rights Office must be aware that potential copyright issues exist with respect to materials copied from or posted to the internet.
c. If posting or downloading information to or from the internet, the CNU website or any webpage, or any other site is required as part of a regular university function or activity, those involved are responsible for ensuring copyright is not violated.
2. Copyright compliance by users of CNU’s information technology resources

a. CNU’s Information Technology Resources must be used in accordance with copyright law. The following policy statements do not limit the breadth of the preceding statement.

i. It is a violation of this Acceptable Use Policy to use CNU’s information technology resources to place materials protected by copyright on the internet or any other site in violation of the rights of the holder of the copyright.
ii. It is a violation of this Acceptable Use Policy to use any information technology resources to place materials protected by copyright on any CNU webpage or website in violation of the rights of the holder of the copyright.
iii. It is a violation of this Acceptable Use Policy to use CNU’s Information Technology Resources to download or distribute copyrighted materials in violation of the rights of the holder of the copyright.
iv. Peer-to-peer (p2p) file sharing often involves works which are protected by copyright. It is a violation of this Acceptable Use Policy for users of CNU’s Information Technology Resources to download protected music or movies in violation of the rights of the holder of the copyright.
v. Distribution of copyrighted material in violation of the rights of the holder of any copyright interest, including unauthorized p2p file sharing, may lead to civil and criminal penalties.
vi. Users of CNU’s Information Technology Resources, like the users of other resources, are responsible for determining whether their use of the information technology resources violates copyright and whether materials posted to or copied from the internet or CNU’s website or any CNU webpage are protected by copyright and for complying with the copyright applicable to the work.

a. It has been held that the rationale “try before you buy” is not a “fair use” which prevents the unauthorized downloading of music from being infringing.
b. The unauthorized downloading of only a “few” songs is no defense to a claim of copyright infringement.
b. Actions by CNU to foster copyright compliance by users of its Information Technology Resources

i. Notice to CNU of materials on its website which violate copyright
a. In accordance with law, CNU will expeditiously remove or disable access to infringing material if it has actual knowledge that material is infringing or receives notice from the owner, or the authorized agent of the owner, of the copyright interest allegedly infringed.
b. The notice from the owner, or authorized agent of the owner, of a copyright interest referred to in paragraph B.2.b.i.a. must contain the following:

i. A physical or electronic signature of a person authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.
ii. Identification of the copyrighted work claimed to have been infringed, or, if multiple copyrighted works at a single online site are covered by a single notification, a representative list of such works at that site.
iii. Identification of the material, or a reference or link to the material or activity, that is claimed to be infringing or to be the subject of infringing activity and that is to be removed or access to which is to be disabled, and information reasonably sufficient to permit CNU to locate the material or reference or link.
iv. Information reasonably sufficient to permit CNU to contact the complaining party, such as an address, telephone number, and, if available, an electronic mail address at which the complaining party may be contacted.
v. A statement that the complaining party has a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law.
vi. A statement that the information in the notification is accurate, and under penalty of perjury, and that the complaining party is authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.

ii. CNU has designated the Intellectual Property Rights Office (IPRO), as its agent for receipt of notices of claimed infringement. The office may be contacted at Cebu Normal University, Osmeña Boulevard, Cebu City. Their telephone number is 2541452, and their e-mail address is ipro@cnu.edu.ph.
iii. CNU’s program to combat the unauthorized downloading and/or distribution of copyrighted material by users of CNU’s Information Technology Resources
i. Technological Resources
i. CNU uses technological resources to identify potential p2p traffic. These resources do not unduly interfere with the educational and research use of the CNU network.
ii. CNU accommodates and does not interfere with standard technical measures that are used by copyright owners to identify or protect copyrighted works.
ii. Educational methods
i. CNU will educate the users of its information technology resources of the importance of complying with copyright in connection with the use of its information technology resources.
ii. Students have been warned, and students will continue to be warned, against the unauthorized uploading, downloading, and distribution of copyrighted material including p2p file sharing.
iii. Alternatives to downloading
i. The Intellectual Property Rights Office will periodically review legal alternatives for downloading or otherwise acquiring copyrighted material.
ii. If such alternatives are identified, the results will be provided to the campus community.
iii. If deemed practicable by CNU, alternatives for downloading or otherwise acquiring copyrighted material may be made available.

C. Penalties for Violation of CNU policy regarding copyright and Information Technology Resources

1. Penalties under the law for copyright infringement.

a. Users may be sued for their infringing activities. Acts can be infringing and result in civil penalties even though there is no intent to violate a copyright. Under certain circumstances, the infringer may be responsible for the other party's attorney's fees. Statutory civil damages can be as high as P150,000 for each work infringed if a violation is committed willfully.
b. Willful copyright infringement can also be a crime. Even a first time offense can carry a prison term of from 1 to 5 years plus fines depending upon the facts and circumstances.

2. Institutional penalties.

a. Procedures are discussed above with respect to notifying CNU of the presence of infringing materials on its website.

b. The procedure for handling complaints against any individual suspected of violating this policy regarding copyright and the use of CNU’s Information Technology Resources is described in Section V.

c. Users of CNU Information Technology Resources who engage in activity contrary to this copyright policy, including unauthorized p2p file sharing, will be disciplined.

d. Complaints against students should be referred to the Vice President for Academic Affairs.

i. Such referral may result in proceedings before the University’s Ethics Review Board.
ii. Sanctions which may be imposed against any student violating this policy include, depending upon the circumstances, referral to alternative services, warning, loss of privileges, probation, restitution, a program of self-improvement and education, recommendation of suspension, and recommendation of expulsion.

e. Complaints against faculty and staff who violate this policy will be handled in accordance with established university policy or practice.

i. Penalties assessed against faculty and staff who violate this policy may include written warning, loss of privileges, suspension of employment, and termination of employment depending upon the circumstances.
ii. Complaints against employee’s subject to receipt of employee disciplinary reports will be handled in accordance with provisions of the Personnel Policies and Procedures Manual regarding employee discipline. The severity of the violation will be taken into account in assessing any penalty.
iii. Established grievance procedures will be utilized to review any penalty imposed.
iv. Temporary or permanent loss of access to CNU’s information technology resources may occur with a first violation of this policy. In appropriate circumstances, repeat offenders will permanently lose access.

f. In the event CNU becomes aware of a user’s alleged violation of this policy, it may take advantage of the provisions regarding “Protection of Information Technology Resources and Institutional Data” and “Investigation and Review of Policy Infractions” found in Section II above.
g. As provided under Section II, under “Control and Licensing of Software,” any user who suspects or has knowledge of copyright violations must immediately report this activity to the University’s Intellectual Property Rights Office (IPRO), whose contact information is found above in Section B.2.b.ii. Failure to report such activity will be considered a violation of the Information Technology Acceptable Use Policy.

D. Periodic Policy Review

1. This policy related to copyright and the use of CNU’s Information Technology Resources will be reviewed periodically in order to assure that it addresses the changing needs and concerns of Cebu Normal University and to remain compliant with law.

2. The Information Technology Advisory Committee will perform the periodic review stated in the preceding paragraph by applying assessment criteria it deems relevant.

a. It is authorized to revise and/or implement new policies under this Section III upon approval of the President of the University.
b. The authorization under this Section includes implementing revised or additional procedures related to, or penalties for, alleged violations of this policy. All such additions and/or revisions must be approved by the President of the University.

---

Section IV: Ethical Practices

A. Expectations

1. All users are expected to conduct themselves in a legal, professional, fair, considerate, and ethical manner. Each individual should use equipment safely, responsibly and only for its intended function. Users should keep all equipment clean and in good operating condition.

B. Protection and Maintenance of Equipment

1. Protection and maintenance of equipment includes, but are not limited to:

a. Having only authorized staff perform installations
b. Plugging all equipment into an Underwriter's Laboratory approved surge protector or uninterruptible power supply
c. Locating equipment according to manufacturer’s specifications. Equipment should be protected from extreme heat or cold, excessive humidity, smoke, dust, overloaded circuits, stressed or worn cords, or any other potentially damaging situation
d. Keeping food and beverages away from equipment
e. Scheduling routine maintenance

2. Equipment, software, tools, supplies, etc., are not to be removed from their assigned locations without authorization from the administrator responsible for those items.

3. Repair or replacement of any item damaged when used for purposes other than those related to university functions or when used without authorization will be at the user's expense. Unpaid debts incurred in this manner will be handled in accordance with the usual Accounting and Financial Services procedures.

C. Harassing, Offensive, Profane, and Abusive Material

1. University information technology resources may not be used in a harassing, offensive, profane, or abusive manner. The perception or reaction of affected persons is a major factor in determining if a specific action is in violation of this policy.

D. Commercial Use

1. University information technology resources may not be used for personal or commercial profit. Individuals may not use information technology resources for any commercial purpose without prior written authorization from the ICTO-Head, or designee.

---

Section V: Violations

A. Procedure for Reporting Violations

1. Violations should be reported to the faculty/immediate supervisor of the individual, the ICTO-Head, or the administrator responsible for the system that was breached or misused. The notified party will inform the appropriate university official. Violations may result in one or more of the following actions:

a. Verbal or written warning with reference to appropriate policy
b. Suspend access either temporarily or permanently
c. File a formal Employee Disciplinary Report (EDR), if the individual is an employee
d. Formally submit student infractions to the Vice President for Student Affairs
e. Consult with the University Attorney and/or Public Safety, who may file civil or criminal charges.
f. Refer complaints of harassment or discrimination to the Office of Equal Opportunity
g. For any individuals outside of the immediate university community, send a written notice of the infraction to the employer, principal, or entity that initiated access for that person

B. Procedure for Appeal

1. Appeals may be filed using existing procedures for staff, faculty, and students. All other appeals will go to the Vice President for Administrative Services for disposition.

---

Section VI: Administration of Policy

A. Procedure for Development, Review and Modification of this Policy

1. The Policy Review Subcommittee of the Information Technology Advisory Committee will be a body comprised of at least four members of the larger committee in addition to the ICTO-Head. The Policy Review Subcommittee will meet at the call of the ICTO-Head.

2. Proposals for new policies and/or modifications to existing policies will be forwarded to the ICTO-Head. The proposals and comments will be brought before the ITAC Policy Review Subcommittee by the ICTO-Head.

B. Communication of Policy

1. Signature on an account application form, acceptance of a user ID, or online registration denotes that the applicant has read and understands the guidelines available and also denotes acceptance of the Information Technology Acceptable Use Policy.

2. The policy is available online at http://campus.murraystate.edu/aup/ and in print form in Waterfield Library.

C. Other Information Technology Policies

1. Departments with their own information technology labs will adhere to the same general operating guidelines as established by this policy. Glossary of Terms

Technical Terms used in the Technology Policy · Access Rights Permission to use an CNU information technology resource according to appropriate limitations, controls, and guidelines.
· Commercial purpose A goal or end involving the buying and/or selling of goods or services for the purpose of making a profit.
· Data A representation of facts, concepts, or instructions suitable for communication, interpretation, or processing by human or automatic means.
· Disk Space Allocation the amount of disk storage space assigned to a particular user by University Information Systems or the appropriate system administrator.
· Equitable Use Use of information technology resources in accordance with this policy, within the rules of an individual CNU facility, and so as not to unreasonably interfere with the use of the same resources by others.
· File A collection of data treated as a unit.
· Inappropriate use of authority or special privilege Use of one's access right(s) or position in a manner that violates the rules of use of those privileges as specified by the ICTO-Head, or designee, or the appropriate system administrator.
· Information Technology Resource Any information technology/network equipment, facility or service made available to users by Cebu Normal University.
· Password A string of characters that a user must supply to meet security requirements before gaining access to a particular information technology resource.
· Prudent and Responsible Use Use of information technology resources in a manner that promotes the efficient use and security of one's own access right(s), the access rights of other users, and CNU information technology resources.
· Remote Activity Any information technology action or behavior that accesses remote site facilities via an CNU information technology resource.
· Remote Site Any information technology/network equipment, facility, or service not part of, but connected with, CNU information technology resources via a communications network.
· System Administrator Any individual authorized by the ICTO-Head, the Provost/Vice President, or a designee to administer a particular information technology hardware system and/or its system software.
· Transmission The transfer of a signal, message, or other form of information from one location to another.
· Unauthorized Act With the exception of information technology actions or behaviors permitted in this policy, any act performed without the explicit permission of the ICTO-Head, or designee, or the appropriate system administrator.
· Usage Record Information or data indicating the level of usage of information technology resources by a particular user.
· User Any individual -- whether student, staff, or individual external to CNU -- who uses CNU information technology resources.
· User ID A character string that uniquely identifies a particular user of CNU information technology resources.

---