Posted September 29, 2017 by Academic and Institutional Technology
Tags:
Security
Updates
Revised Technology Acceptable Use Policy
Effective Date: October 1, 2017
As of October 1, Wheaton College has officially adopted a reviewed and refined version of our Technology Acceptable Use Policy. This is a simplified version of the previous Acceptable Use Policy/Technology Terms and Conditions.
Rationale
In 2016, Wheaton College’s cybersecurity consultants, GreyCastle Security, performed a risk evaluation of our institutional data, in order to increase security. Their top recommendation was that we review and update our Technology Terms and Conditions/Acceptable Use Policy, which has been in place for many years. Additional recommendations from GreyCastle Security included cybersecurity training, which we began last spring.
Faculty, staff, and others in our community take great care to ensure compliance with government-mandated regulations (e.g. FERPA) and other sensitive information. This endeavor is designed to increase the focus and awareness on how we protect similar information when interacting with it electronically.
We have worked closely with GreyCastle and our Governance groups and our Senior Administrative Cabinet (SAC) to discuss and propose enhancements to the Acceptable Use Policy. As of October 1, we have officially adopted the refined version of the Technology Acceptable Use Policy. The full policy can be found here.
Wheaton College’s technology infrastructure exists to support the College and activities needed to fulfill the College’s mission. Access to these resources is a privilege that should be exercised responsibly, ethically, and lawfully.
The purpose of the Technology Acceptable Use Policy is to clearly establish Wheaton College’s position relating to the acceptable use of its technology and your responsibility to protect our information resources. We’d like to highlight some specific areas of importance.
Impact on College Community
We would like to bring your attention to several important aspects of the policy that may need attention.
1. Institutional Data must be stored in College-managed services.
We provide a robust array of services that comply with our security standards to protect and manage data. The following are examples of services that do not comply with our security standards and some acceptable alternatives:
| Non-Wheaton College Services | Wheaton College Alternative Services |
|---|---|
| Evernote for institutional data | Microsoft OneNote |
| Personal Google Docs or DropBox for College business | ThunderCloud Storage, powered by Box |
| Your cellphone as the only storage for alumni or student contact information | Banner, the College’s Enterprise Data Management System |
You are encouraged to use the non-Wheaton services of your choice for your personal business. Faculty who collaborate with scholars outside of the college may, at their own risk, continue to use the service of their choice. Please note that ThunderCloud Storage, powered by Box, is able to provide full collaboration with those within Wheaton College and outside of the College.
2. College-issued computers or other secure devices must be used to access institutional data.
AIT issues computers to employees to do their work. If you need a laptop because you frequently work from home, contact the AIT Service Desk. Personally-owned workstations or devices that store, process, or transmit institutional confidential information must be secured with a minimum of the following:
- A complex password
- Up-to-date security patches
- Working, up-to-date anti-malware protection
- An up-to-date web browser to access online services through https protocols
- The Wheaton College virtual private network (VPN) software
3. Faculty and staff need to exclusively use their Wheaton.edu email for college-related communication.
This is to improve security of information on campus and protect sensitive data (e.g. FERPA) from potential security threats. This part of the policy will be fully enforced by the end of this calendar year.
Those who have automatic email forwarding enabled will need to take steps to remove automatic forwarding from their account. View these instructions to remove automatic forwarding, or contact the AIT Service Desk to assist you.
Updated 12/18/17: AIT has been working directly with those who have automatic email forwarding on their wheaton.edu accounts for the past several weeks, to assist with the transition. Technical steps will be taken on December 31, 2017, to disallow any further automatic forwarding of email accounts. If you're experiencing difficulty with your account, please contact Academic and Institutional Technology.
If you have any questions about these or other policy statements, please contact the AIT Service desk by email or call 630.752.4357 (HELP).