College IT Policies and Guidelines
Acceptable Technology Use Policy
Computing and data communications at Colorado State University are valuable and limited resources that serve a large number and variety of users. All users have the responsibility to make use of these resources in an efficient, ethical, and legal manner.
The University’s computer and network services provide access to resources on and off campus and shall be used in a manner consistent with the instructional, research, and administrative objectives of the University community in general and with the purpose for which such use was intended. Such open access is a privilege and imposes upon users certain responsibilities and obligations. Access to the University’s computers and network services is granted subject to University policies, and local, state, and federal laws.
Acceptable use is always ethical, reflects academic honesty, and shows restraint in the consumption of shared resources. It demonstrates respect for intellectual property, protection of sensitive information, ownership of data, copyright laws, system security mechanisms, and individuals’ rights to privacy and to freedom from intimidation and harassment. All activities inconsistent with these objectives are considered to be inappropriate and may jeopardize continued use of computing facilities and networks.
In consideration of being allowed to use the University’s and the College of Health and Human Sciences’ (CHHS) computer and network services (“Resources”), I understand and agree to the following:
- I shall not use the Resources for any illegal activity or for any activity prohibited by this policy (see below for examples of inappropriate conduct that is prohibited), the Students’ Rights and Responsibilities policy or the policies set forth in the Academic Faculty and Administrative Professional Manual.
- I agree not to use the Resources to infringe upon or otherwise impair, interfere with or violate any copyright or other intellectual property rights of another. This pertains to all copyrighted material, including, but not limited to music, video and software. I understand that I may be potentially liable for misuse of the Resources, including acts that are contrary to University policy. Except for such claims as may be covered by the Governmental Immunity Act (Colorado Revised Statutes 24-10-101 et seq.), I agree to be responsible for all claims arising from my misuse of the Resources and shall indemnify and hold harmless the University and the college from any costs, expenses or liabilities that might be asserted or imposed upon it or any of its officers, agents or affiliates as a result of such misuse.
- I shall avoid any action that interferes with the efficient operation of the Resources or impedes the flow of information necessary for academic or administrative operations of the University or the college.
- I shall protect my technology resources such as user accounts, passwords, data and systems from unauthorized use. I acknowledge that I am responsible for reasonably securing my computer and devices, including implementing such protections as user accounts and passwords to prohibit unauthorized use, applying in a timely fashion operating system and software patches that protect my computer from hackers, and implementing virus scanning software.
- I will access only information that is my own, which is publicly available, or to which my access has been authorized. I will only access networks, network resources, and information for their intended use.
Examples of Inappropriate Conduct:
Conduct which violates this policy includes, but is not limited to:
- Accessing another person’s computer, user account, files, or data without permission.
- Using the campus network to gain unauthorized access to any computer system.
- Using any means to decode or otherwise obtain restricted passwords or access control information.
- Attempting to circumvent or subvert system or network security measures. Examples include creating or running programs that are designed to identify security loopholes, to decrypt intentionally secured data, or to gain unauthorized access to any system.
- Engaging in any activity that might be purposefully harmful to systems or to any information stored thereon, such as creating or propagating viruses, disrupting services, damaging files or making unauthorized modifications to university data.
- Performing any act, intentionally or otherwise, that will interfere with the normal operation of computers, peripherals, or networks.
- Making or using illegal copies of copyrighted software, storing such copies on any university systems, or transmitting them over university networks.
- Harassing or intimidating others via electronic mail, collaboration and messaging software, social media, web pages or other communication mediums.
- Initiating or facilitating in any way mass unsolicited and unofficial electronic mailing (e.g., “spamming”, “flooding”, or “bombing.”).
- Forging the identity of a user or machine in an electronic communication.
- Saturating network or computer resources to the exclusion of another’s use, for example, intentionally overloading the network with traffic or initiating malicious activities such as denial of service attacks.
- Using the University’s systems or networks for personal gain; for example, by selling access to your user account or to university systems or networks, or by performing work for profit (including internships) with university resources in a manner not authorized by the University.
- Engaging in any other activity that does not comply with the general principles presented above.
Enforcement
The University considers violations of acceptable use principles or guidelines to be serious offenses. The University will take such action it deems necessary to copy and examine any files or information resident on university systems allegedly related to unacceptable use, and to protect its network from systems and events that threaten or degrade operations. Violations may be referred to the appropriate University entity for discipline.
The College of Health and Human Sciences and/or Colorado State University will use its best efforts to contact the offending party via e-mail, telephone, or in person to explain the problem and discuss its resolution before taking any action deemed necessary to protect the integrity of the Resources.
In the case of major infractions, for example those that impair others’ ability to use networking and computing resources, CHHS and/or CSU may immediately restrict systems or network access as it deems necessary to mitigate such activities. Only thereafter will CHHS and/or CSU make a reasonable effort to contact the involved parties when these incidents occur.
Application Development Policy
Faculty and staff in the college that are in need of custom web or other applications have the option of contracting services from the college IT group on a cost recovery basis or seeking services from an external consultant. Typically, the most cost-effective option is working with college IT, though that may not always be the case. In instances where faculty or staff would like to seek assistance from an external consultant, college policy requires that the college IT group be consulted before releasing an RFP or signing an agreement. This is done to ensure that whatever is developed will be supportable into the future.
In addition, faculty or staff considering a potential web or other application are encouraged to contact the college IT group as early as possible in order to ensure that the required timelines can be met.
AV Projects Policy
All AV projects (including, but not limited to new installations, upgrades, configuration changes, and podium replacements) are to route through the college IT group to ensure all technology meets college and university standards and is supportable for its entire lifecycle. Each departmental financial officer is to work with college IT to initiate an AV request, and college IT will then coordinate the project with the appropriate university offices.
Backup Retention Policy
College IT performs frequent backups of all mission-critical servers. Due to cost, privacy, and security concerns, backup data cannot be stored indefinitely. Therefore, backup copies of data are stored on college servers for the following time periods:
- File servers (including data stored on M:, P:, S:, R:, and X: drives): Important note: data stored on your machine’s local hard drive or other removable media such as flash drives or external hard drives is not automatically backed up! This includes files saved to your desktop, downloads, and documents folders. It is the user’s responsibility to save any important data on one of the various network drives or the University’s Microsoft 365 environment where appropriate.
- Short-term, hourly backups are retained for a limited period of time.
- Daily backups are stored at a secondary site and retained for 30 days.
- Users have the ability to perform self-service file and folder recovery on their M: and other network drives.
- Database and web application servers:
- Daily backups are stored at a secondary site and retained for 30 days.
All data and servers hosted by the college are housed in physically secure locations.
Charges for Technology Acceptable and Preferred Purchase Guidelines
The College of Health and Human Sciences provides a wide variety of technology services to its students, faculty, and staff. Specifically, CHHS students are provided with access to a number of the college’s technology services, including, but not limited to, six college student computer labs, printing, personal file storage space on a college file storage system, and access to checkout laptops stored in the computer labs.
Each college at the University assesses a technology fee (referred to as Charges for Technology at Colorado State University) to its students. As of July 2023, the College of Health and Human Sciences CFT fee is $78.22 per semester, which is used to fund these services.
The college relies on the University CFT Manual to make determinations about the appropriateness of CFT expenditures. The College of Health and Human Sciences Dean’s Ambassadors acts as the college CFT committee and therefore provides general guidance to the college IT group regarding CFT activities.
When deciding on the appropriateness of a potential expense from the college CFT fund, the following considerations are made:
- Does the proposed expense fall under the “Allowable Uses of Funds” heading in the CSU CFT manual?
- Will the proposed equipment be accessible to a significant number of CHHS students most of the time?
- Does the proposed expense generally improve the academic experience for CHHS students?
- Can the proposed expense be afforded given the current committed budget of the college CFT fund?
The college IT group is responsible for the day-to-day management of the college CFT fund as well as reporting data related to the college CFT budget back to the Dean’s Ambassador’s at least once per semester.
E-commerce Policy
We support the development and maintenance of e-commerce applications for viable business entities in the college.
Business Requirements (Business and Financial Services requirements)
- Business Plan
- Market Analysis
- Revenue and Expense Analysis
- Billing Rates
- Three Year Projections
- Budget Forms Reviewed
- Submit Account Request via Kuali Financial System (if necessary)
- For more detailed information, download the Recharge/Self-Funded Account User’s Guide provided by Campus Services
Development Costs (College of Health and Human Sciences requirements)
- The one-time fee to develop the e-commerce application, set at the college IT group’s approved hourly rate multiplied by the amount of time required to develop the application
Information Security Policy
Introduction
Colorado State University collects information of a sensitive nature to facilitate and enable its business/academic functions. Unauthorized access to such information may have many severe negative consequences, including adversely affecting the reputation of the University. Protection of such personally identifiable information from unauthorized access is required by various private sector, federal and state mandates, including among others the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA), the Family Educational Rights and Privacy Act (FERPA), Colorado House Bills 03-1175 and 06-1157, and the Payment Card Industry Data Security Standard. Sensitive information is stored on a variety of computer systems in the information technology (IT) environment at the University. As such systems are being subjected to increasing numbers and types of attempted unauthorized access, the adoption of these information security policies will aid in the protection of such information.
In addition to this information security policy, users are required to adhere to all policies and guidelines specified in the University Information Technology Security Policy.
Definitions
Personal computers are comprised of desktops, laptops, mobile devices and other such devices of all brands, used principally by one individual at a time. This category also includes laboratory computers.
The College of Health and Human Sciences at Colorado State University is referred to as “the college” as well as the acronym “CHHS” in this document.
Systems administrators in the College of Health and Human Sciences are referred to as “the CHHS IT Group” in this document.
Sensitive information includes, but is not limited to, social security numbers, personally identifiable health information, personally identifiable financial information including credit card information, driver’s license information, personnel employment and student performance information, proprietary research and academic information, third-party proprietary information, FERPA protected non-directory information and any other information that through disclosure would adversely affect an individual or besmirch the reputation of the University.
Please note that the above list may change over time. Furthermore, information such as date of birth may not be considered “sensitive” by itself. However, when combined with other information about an individual (name, address and phone number, for example), may ultimately contribute to identity theft. Reasonable care should be taken to protect all information about faculty, staff, and students even if it is not itself considered to be “sensitive.”
IT-Related Purchasing Policy
The college IT group manages the acquisition of all IT-related equipment (including, but not limited to, desktop computers, notebook computers, printers, tablet devices, and removable storage devices). Each departmental financial officer is required to work with the CHHS IT group when ordering new IT-related equipment to ensure the security and compatibility of the new equipment as well as the data it will house and/or access.
Any computer equipment that will reside within and/or is owned by Colorado State University is subject to many policies related to information technology and security, regardless of the funding source. These policies are meant to protect the integrity of the information CSU’s employees collect, manage, and access. As such, when individuals make purchases of this type of equipment without at least a consultation from the college IT group, they put themselves and their colleagues at risk for having information compromised. For more information, see the University Information Technology Security Policy.
To provide the best possible experience to all of its students, faculty, and staff, and to ensure the lowest possible total cost of ownership for the department/unit, the college, and the University, as well as to adhere to CSU’s purchasing agreements, the college relies primarily on HP for most of its IT-related purchasing. As always, the college will remain solution-oriented and will work with individuals when a specific business need is identified that requires technology outside of the current standard.
For AV-related purchases and projects, refer to AV Projects.
Replacement of Computer Equipment Guidelines
The college IT group coordinates the identification, evaluation, and replacement of computers and computer-related equipment for students, faculty, and staff. Working collaboratively with each of its eight academic units as well as the Dean’s Ambassadors, the college IT group identifies equipment that is no longer under manufacturer’s warranty and/or is no longer compatible with the current software requirements of the college.
The generally accepted lifespan of a computer, based upon industry standards and warranty limitations, is four years. Using these guidelines, approximately one-quarter of the college’s computers are identified as candidates for replacement each year. This is a guideline and is not always achievable due to limited resources of the academic units, the college, or the college Charges for Technology fee.
This approach to the replacement of computers and computer-related equipment seeks to reduce overall operating costs, improve stability and security, and provide access to the best possible information and instructional technology resources.
Server Downtime Policy
The college’s servers require ongoing, routine maintenance to ensure secure, reliable performance. The college IT group may perform this maintenance between the hours of 11 p.m.-6 a.m. unless the update is considered critical. If you ever have difficulty accessing services, or have any questions, please contact the college Helpdesk at (970) 491-3458.
Student Computer Lab Use Policy
All users of the College of Health and Human Sciences’ computer labs are expected to follow this policy and to respect and adhere to lab operators enforcing these rules. Users that violate any of these rules may be subject to revoked access and/or denied login privileges to lab computers. In addition to the policy outlined here, CHHS computer labs adhere to all college and University policies.
- Entry doors to access labs after building hours should not be propped open outside of regular lab hours. Only lab operators may prop open doors to the labs. If the door is closed and locked, student users must use their RamCard to enter 24‐hour access labs.
- No food is permitted in the lab. Covered drinks only.
- No smoking, vaping, or tobacco use is allowed in the labs. Refer to CSU Policy Smoking, Vaping, and Tobacco Use for details.
- Users should be mindful of others trying to work by minimizing distracting audio or loud conversations.
- Do not sit on the desks or tables.
- Supplies are university owned and should not be removed from the lab. Supplies are to be returned to the supply table after use.
- Projectors are for class or presentation use only, and the room should have approved lab reservations before use.
- Lab Reservation Requests for student organizations need to be submitted by the faculty adviser/coach.
- Only lab operators and college IT staff are permitted behind the lab operator desk or closet/storage spaces.
- Only lab operators and Helpdesk staff are permitted to troubleshoot and restock printers. Please ask the lab operator on duty for assistance.
- If you need a print refund due to printer malfunction, please inform the lab operator immediately and request the refund in PaperCut. If the issue occurs when a lab operator is not on staff, please visit the lab during regular business hours and explain the error to the lab operator on duty. Refund requests without lab operator notification will be denied.
- If a lab is reserved or a class is in session, users should not enter the lab unless approved by lab staff or the class instructor.
- Users must have signs or flyers approved by CHHS before posting to any space within the college computer labs.
- Students using checkout laptops must adhere to the requirements outlined in the CHHS Student Laptop Checkout Policy, including returning equipment within the return window..
- Service dogs are allowed in the lab only under the requirements and guidelines defined in the university policy Service Dogs and Emotional Support Animals.
- Behavior or language which causes other users or lab staff to feel uncomfortable, threatened, or harassed will not be tolerated. In these situations, CSUPD will be notified.
Student Laptop Checkout Policy
The College of Health and Human Sciences (CHHS) invests a portion of its student technology fee budget to offer a laptop checkout program to students who are officially recognized as majors, secondary majors, or minors in the college. Eligible students providing a valid CSU student ID can check out laptops from select CHHS computer labs.
The policies governing the use of these checkout laptops and all associated accessories such as power adapters and mice (herein referred to together as “equipment”) are below. By checking out equipment from any CHHS computer lab, students are agreeing to the following terms and conditions:
Eligible Participants
- Only students officially recognized as majors, secondary majors, or minors in the College of Health and Human Sciences can check out equipment from the CHHS computer labs.
- Faculty/staff are not permitted to check out equipment unless they are also majoring in a CHHS discipline and therefore paying CHHS technology fees.
- Equipment cannot be reserved for use by an entire class. All equipment is meant for individual use only.
- A student must present a valid CSU student ID to check out equipment. Other forms of identification are not acceptable.
- A student can only check out one laptop at a time.
Checkout Durations
- All equipment is due back to the computer lab it was checked out from either 8 hours from the time it was checked out or 30 minutes before the lab closes on any given day, whichever comes first.
- Equipment cannot be checked out in the last 30 minutes of a lab’s open hours.
- Students are responsible for knowing the closing time of the lab they checked out equipment from.
- Equipment is never to be kept overnight.
- A student may only renew equipment if there are other laptops available at the time of check-in.
- When a student checks out a laptop, an email will be sent to their default CSU email address to confirm the transaction. Another email will be sent when the equipment is returned as a proof- of-return receipt.
Checkout Locations and Geographical Boundaries
- Equipment is currently available in the following labs:
- Education 220
- Gifford 317
- Moby B 219A
- Preconstruction 200
- Richardson Design Center 104
- Equipment must be returned to the same lab it was checked out from.
- Equipment can be taken anywhere on CSU’s main campus.
Software Installed and Access to CHHS Resources
- The laptops have most of the same software installed on them as the lab desktop computers.
- Laptops will have access to the internet via CSU’s wireless network. There may be spots on campus where wireless is currently unavailable. Please report these dead spots to the lab operator on duty upon check-in.
- Students will have access to the college network drives and are encouraged to save all work to these drives. Any work saved directly to the laptop’s hard drive will be lost upon a restart or check-in.
- Printing is available on the laptops. Print jobs will be sent to the lab from which the laptop was checked out from.
- Webcams are available on the laptops for the convenience of students. Students are responsible for disabling and enabling the webcam as needed and utilizing the webcam’s privacy shutter on the laptop, if available.
Liability, Late Returns, and Misuse
- Students are financially responsible for all equipment they check out.
- The college reserves the right to disallow a student from checking out any of the equipment based on the specific student’s checkout history (including, but not limited to, returning damaged equipment, not returning equipment, or returning equipment late).
- Students should never leave any equipment checked out from the labs unattended.
- Warnings will be sent electronically to the student’s university email address upon each late return.
- Where necessary, the college will seek financial restitution from students who do not return equipment.
- The college reserves the right to revoke checkout privileges at any time based upon violation of the above policies.
- Students are responsible for reading and understanding the above policies.
Student Share (S: Drive) Policy
All students, faculty, and staff in the College of Health and Human Sciences (CHHS) are provided with access to a common shared file space known as the Student Share, or S: Drive. This drive is intended to be used for sharing files between faculty, staff, and students and is accessible from any CHHS computer. Because this information is accessed by many individuals, the data’s structure and security is carefully managed. Below is a description of the default folders, or directories, and details related to how these folders can be utilized by faculty, staff, and students to share and exchange data.
At the root of the S: Drive is a folder for each unit. Inside each of these eight folders are several subfolders, including one for the courses in the department, i.e., “SOE Courses” and another for general file sharing, i.e., “SOE General Sharing.”
“Courses” folder creation and maintenance
At the beginning of each semester, the Courses folder is filled with subfolders for each course offered by the department according to the CSU course catalog. To ensure data privacy and integrity, permissions are set on each of these subfolders that allow access to only the course’s assigned instructor(s) and enrolled students. Course instructors are determined using ARIES. Therefore, if an instructor is not assigned to a course in ARIES, they will not be able to access the course folder. Multiple instructors can be assigned to one course in a semester. This assignment in ARIES is typically done by the unit support staff.
Each course folder contains three subfolders: Course Info, Students, and Assignments. Instructors and students have different levels of rights on each of these folders. Detailed information related to the permissions set on each of these folders can be found on the root of S: Drive in a document named “HowToUseTheSDrive.”
Before the start of each semester, the course folders are created, if they don’t already exist, and permissions to access these folders are set based on information from the CSU course catalog. Since instructors may teach the same course across multiple semesters, no data is deleted from the Course Info folder from previous semesters during this process. However, the contents of the Assignments and Students folders are deleted every August as part of routine maintenance. An email notification is sent to all CHHS faculty announcing the date the content in these folders will be deleted. Data in the Course Info folder will remain unless the instructor deletes it.
“Sharing” folder access and maintenance
The General Sharing folder is available for faculty/staff and students who are not associated with a course to share files. For example, information that a unit may want to distribute to all majors about advising or general course information could be placed in this folder. This sharing folder will be monitored for inappropriate content (see CHHS Acceptable Technology Use Policy).
This folder is intended for temporary sharing of files and will be cleaned of its contents every August. A notification email will be sent to college faculty and staff announcing the date that the folders will be deleted. If necessary, arrangements can be made for long-term, non-course related file sharing between faculty, staff, and students and should be coordinated with the CHHS IT Group by contacting the CHHS Helpdesk. This communication and coordination are critical to maintain security and integrity, and to ensure the data continues to be included in the college’s data backup system.
User Account Management Policy
The college uses NetIDs (user accounts managed by CSU’s Division of IT) for authentication into its systems. Access to college systems is determined by CSU HR and/or Student Information System data.
Access to college resources will be granted within two business days of final HR approval or student enrollment within the college, and removal of said access will take place approximately 30 days after the termination of an employment assignment, or approximately six months after a student’s enrollment status changes (whether that means no longer taking a class in the college, changing major to a discipline outside of the college, or graduating). E-mail notifications will be sent to all students, faculty, and staff as their affiliation with the college changes. Please contact the college Helpdesk at (970) 491-3458 with any questions.
University IT Security Policy
In addition to the College’s IT policies, users are required to adhere to all policies and guidelines specified in the University Information Technology Security Policy.