Skip to main content
Close
A-Z
Quick Links

Acceptable Use of College Computing Resources

 PDF
  1. Policy

    This policy governs the appropriate use of Salt Lake Community College (SLCC) information systems, networks, and electronic resources for educational, research, and administrative purposes. SLCC faculty, staff, students, contractors, vendors, third-party agents, and community members who access these resources must comply with this policy.

  2. References
    1. Family Educational Rights and Privacy Act of 1974, 20 U.S.C. § 1232g
    2. Federal Information Security Management Act of 2002, 44 U.S.C. § 3541
    3. Health Insurance Portability and Accountability Act (HIPAA): Security and Privacy, 45 C.F.R. 164
    4. Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009, Pub. L. 111-5, Division A, Title XIII, Subtitle D.
    5. Information Technology Resource Security, Utah Board of Higher Education R.345.
    6. Computing Systems Program, Utah Board of Higher Education R.341.
    7. Institutional Business Communications, Utah Board of Higher Education R.840.
  3. Definitions
    1. Authentication Credentials: user ID and PIN, username and password, or other secrets or keys used to gain access to a restricted resource.
    2. Automated Monitoring: a service or function of an autonomous monitoring tool that correlates and analyzes Logs and alerts across multiple IT security technologies.
    3. Enterprise Email Service: the email system the college uses to engage in official business, such as email addresses ending with “slcc.edu.” This definition does not include a separate, affiliated email service the college may offer to alums or other groups.
    4. Incidental Personal Use: authorized use of a restricted resource resulting in non-commercial or minimal non-college-related activities that do not interfere with college operations or incur additional costs. This does not include external personal business transactions.
    5. Institutional Business Email Communications: email communications sent by an employee or another authorized individual on behalf of SLCC as part of their duties, and other email communications the college has designated as business communications.
    6. Political Purposes: any act intended to influence any person to vote or refrain from voting for or against a candidate, judge, ballot measure, ballot proposition, or to solicit campaign contributions.
    7. Resource: any information systems, assets, or electronic hardware or software that makes storing or using information possible.
    8. Restricted Resource: resources available only to individuals in particular roles within the college community.
    9. Signature-based Detection: identifies known viruses and other malware by recognizing key aspects of their design or operation.
    10. Best Practices: rules for operation and application of resource configurations, including operating system and application patching, anti-virus and malware protection, firmware updates, secured networks, etc.
    11. User: faculty, staff, students, contractors, vendors, third-party agents, and members of the college community who access college resources.
    12. Virtual Private Network (VPN): a service that uses a public telecommunication infrastructure, such as the Internet, to provide remote users with secure access to a different network, which may have more cybersecurity requirements.
  4. Procedures
    1. General
      1. SLCC’s Office of Information Technology (OIT) administers, maintains, and monitors the college’s computing resources to protect college property and the college community.
      2. Users must utilize college-provided resources responsibly. To maintain reliable service for all, users must avoid excessive or improper use that could disrupt access for others. All usage should support the college’s mission and maintain public trust.
      3. Individual departments may establish reasonable and appropriate conditions for using resources. Departmental conditions must be consistent with this policy and may provide additional guidelines or restrictions.
      4. User-owned equipment connected to college resources must have up-to-date security software and follow the college’s security guidelines to prevent unauthorized access. Refer to the Information Security Policy for detailed requirements.
    2. User Responsibilities

      1. Users must:

      1. ensure their use of college resources does not disrupt, distract from, or interfere with college business;
      2. be responsible for activity originating from their resources, which the user can reasonably control;
      3. obey relevant federal, state, and local laws with particular attention to copyright, defamation, harassment, obscenity, child pornography, privacy, and government property laws. The college will cooperate with law enforcement agencies when allegations of violations are made;
      4. report the theft or misuse of college computer and technology resources to the college’s Public Safety Department and OIT as soon as possible;
      5. report observed violations of this policy to IT support, the Security Office, or Public Safety;
      6. use college resources for intended purposes only when authorized and only in the manner and to the extent authorized; and
      7. protect access to and the integrity of college resources.

      2. Users must not:

      1. intentionally access or attempt to access any restricted resource or private data owned by the college or another user without express permission;
      2. create or disseminate malicious programs that would harm the integrity of college resources;
      3. monitor or attempt to monitor the use of college resources without authorization;
      4. use college resources in a manner that interferes with the ability of other users to access college resources;
      5. falsely identify themselves on college resources;
      6. use unauthorized applications designed to obscure the nature of web traffic unless the use is for a legitimate educational purpose;
      7. engage in activities that damage the college’s reputation;
      8. attempt to circumvent the IT security mechanisms of any college resource as established by the Information Security Office;
      9. attempt to degrade system performance or capability;
      10. use college resources for soliciting business, selling products, or otherwise engaging in commercial activities other than those expressly permitted by college policies and procedures; and
      11. alter electronic communications to conceal their identity or pose as another person. This provision extends to using traffic anonymizers like TOR and anonymous proxies. While using a VPN for legitimate purposes, such as accessing a non-college employer’s network or personal information like bank records, is permitted, accessing college resources anonymously via VPN is not allowed.

      3. All unauthorized resource use is strictly prohibited, even if the college mistakenly allows a user access.

    3. Incidental Personal Use
      1. Users must use college-issued restricted resources for purposes consistent with their particular role within the college community.
      2. Users may use a college-issued restricted resource for incidental personal use provided that the use is lawful and that each of the following conditions is met:
        1. there is no additional accrued cost to the college as a result of the use;
        2. the use does not interrupt nor interfere with college operations; and
        3. the use is not for substantial personal profit, gain, or promotion of non-college-sponsored commercial ventures.
      3. The college reserves the right to prohibit any user’s personal use without prior notice for any reason.
      4. The college has no responsibilities to users for maintaining or providing support for incidental personal use data stored on college resources.
    4. Use of College Credentials
      1. Authentication credentials are assigned as an access privilege for restricted resources relevant to the user’s role.
      2. Users must maintain credentials that are compliant with college requirements and best practices. Read the Password Complexity Requirements and Troubleshooting article for current guidance.
      3. OIT may limit or revoke a user’s use of resources based on business reasons, technical priorities, or financial considerations.
      4. Users are prohibited from sharing their own or utilizing another user’s account, username, password, or other authentication token.
      5. Users must not view or use another user’s accounts, computer files, programs, or data without written or express permission.
      6. If a user is assigned a new position or responsibilities that do not require access to a college resource, their approval will be revoked, and they must cease using the resource.
    5. Use of College Data

      Users must:

      1. treat college data and information maintained by other users as confidential unless otherwise classified under a federal or state law, statute, regulation, or college policy;
      2. protect the College’s restricted resources and sensitive data;
      3. protect the integrity of the resource and the confidentiality of stored and transmitted data;
      4. refer to the OIT Guideline for storing college data for authorized storage locations and the types of data that belong on specific college-authorized platforms; and
      5. not release confidential, private, controlled, or proprietary information without authorization.
    6. Use of College Networks
      1. When on college properties, users should access college resources through the college-provided wired or wireless networks. Personal hotspots can disrupt the college’s network and should be avoided to ensure a stable and reliable connection for everyone.
      2. Users must not create or run private networks on college properties unless it has been coordinated with OIT. Users may submit a Technology Request Form for requests.
      3. From any public or unsecured network, faculty and staff must use the college-provided VPN to access college resources.
    7. Use of College-provided Internet
      1. Users access the internet at their own risk.
      2. To protect personal safety and privacy, internet users should be cautious and consider the risks before sharing personal information with others.
    8. Use of College Email
      1. Users must use only the college’s enterprise email system when conducting college business.
      2. Users are prohibited from:
        1. sending unauthorized, unsolicited email communications, including spam or other advertising material, to users who did not specifically request such communications; and
        2. using the college’s enterprise email system for personal political purposes.
      3. Staff and faculty shall not auto-forward college email to an external account.
    9. Use of Approved Online Services
      1. To safeguard data and maintain security, users must access and store college-related information exclusively through college-approved online services.
      2. Using unauthorized external platforms is prohibited, as it risks exposing sensitive data and login credentials.
      3. Users are required to utilize only the managed systems provided by the college, ensuring full compliance with security protocols and the protection of confidential information.
    10. Use of Social Media
      1. Users are personally responsible for user-generated content published on social media.
      2. Users are prohibited from publishing information to social media that violates federal, state, or local laws, including the Family Educational Rights and Privacy Act (FERPA), the Health Insurance Portability and Accountability Act (HIPAA), Utah’s Government Records Access Management Act (GRAMA), and copyright and trademark protections.
    11. Use of Intellectual Property

      1. Users shall:

      1. only install or distribute software on college resources that are appropriately licensed for use by the college; and
      2. abide by the Reproduction and Use of Copyrighted Materials Policy when using college resources and copyrighted material.

      2. Users must follow the Copyright Ownership and Intellectual Property Policy.

    12. Use of Artificial Intelligence (AI)
      1. AI use at the college shall adhere to ethical and responsible principles, respecting users’ rights, privacy, and consent. It should aim to improve education, support research, and streamline administrative tasks while protecting the college’s and user’s rights and privacy.
      2. When using AI applications, users must comply with data protection laws and college policies on privacy and security. Users must not input private, controlled, or confidential information related to the college, as well as personally identifiable information without consent, into any publicly accessible AI services or training models.
      3. AI systems’ training data and algorithms can perpetuate biases, potentially leading to unfair or discriminatory outcomes. Users should ensure that AI is applied in a fair and equitable way.
      4. The use of AI in academic work must be transparent and expressly permitted. AI tools should not be used to commit academic misconduct, such as plagiarism or cheating, as outlined in the Code of Student Rights and Responsibilities.
      5. Faculty and staff shall ensure AI technologies they use for college business, including in teaching, research, and administration, adhere to this policy and guide students on the appropriate use of AI.
      6. OIT will implement and maintain secure AI systems, ensure compliance with all applicable data protection regulations, and regularly assess and manage risks associated with AI applications.
      7. AI decision-making processes must be transparent, allowing for human oversight and intervention when needed.
      8. Read the current OIT Guidelines for AI Use at SLCC for further guidance.
    13. Privacy Expectations
      1. College resources are the sole property of the college, and the college may access all data and information at any time. By using college resources, users agree they have no right or expectation of privacy in those resources.
      2. Users should follow best practices to protect their own privacy, ensure the confidentiality of their personal identifying information, and guard against the loss or destruction of their intellectual property.
      3. The college reserves the right to authorize specific individuals or groups, including contracted business partners, to monitor college resources.
      4. Records identified on college resources may be subject to GRAMA.
    14. Enforcement
      1. The college may take any action reasonably related to the performance of college business or the protection of college resources, property, or users, including disconnecting devices, revoking or prohibiting access to resources, or monitoring, examining, or disclosing data or information.
      2. Corrective action or academic sanctions for violations of this policy will follow the college’s Corrective Action Policy for college employees and the Code of Student Rights and Responsibilities for students.
      3. Users who are not college faculty, staff, or students may:
        1. have their access to resources revoked for violating this policy; and
        2. be subject to legal actions under applicable federal and state laws if they attempt to gain unauthorized access to college data, systems, or networks. Unauthorized access may result in criminal charges, civil penalties, and other legal consequences.
    15. Warranties
      1. The college makes no warranties of any kind concerning resources.
      2. The college is not responsible for damages resulting from using or misusing college resources, including data loss, hacking, or service interruptions.

Date of last cabinet review: September 23, 2025

The originator of this policy and procedure is the Office of Information Technology. Questions regarding this policy and procedure may be directed to the originator by calling 801-957-5100.