To maximize the value and use of CWI’s Information Technology (IT) Resources consistent with applicable state and federal law and the policies of the Idaho Technology Authority (ITA), the Idaho State Board of Education (SBOE) and CWI.
Applies to all users of CWI’s IT Resources.
Information Technology (IT) Resources: An array of products and services that collect, transform, transmit, display, present, and otherwise make data into usable, meaningful and accessible information. IT Resources include but are not limited to: desktop computers, laptops, and tablet PC’s; handheld devices including but not limited to, cell phones; e-mail, voicemail, servers, central computers, and networks; cloud storage systems; network access systems including wireless systems; portable hard drives and databases; computer software; printers and FAX machines and lines; campus, classroom and office audio and visual display devices and switching, camcorders, televisions, physical media; telephone equipment and switches including local and long-distance services; satellite equipment and any other current or future IT resource adopted by CWI as new technologies are developed.
User: Anyone who uses CWI’s information technology resources, even if they have no responsibility for managing the resources. This includes students, faculty, staff, contractors, consultants, and temporary employees.
CWI’s IT Resources are provided to support CWI and its academic and service missions, CWI’s business and administrative functions, and its student and campus life activities. Use of CWI’s IT Resources must comply with state and federal laws and regulations and policies of the Idaho Technology Authority (ITA), the Idaho State Board of Education and CWI.
The primary purpose of CWI’s IT Resources is to conduct official CWI business. CWI employees may, however, use the Internet and electronic mail on occasion for individual purposes on their personal time as provided by applicable CWI policies and procedures.
The First Amendment rights of academic freedom and freedom of expression, including the responsibilities associated with those rights, apply to the use of CWI’s IT Resources.
Rights and responsibilities related to the use of CWI’s IT Resources are guided by this policy, CWI’s Respectful Community Policy, the Student Code of Conduct, other applicable CWI policies, the policies of the Idaho State Board of Education and Idaho Technology Authority (ITA) and other state and federal laws and regulations.
CWI, as a public institution of higher education, is subject to the public records laws of the state of Idaho. While some information may be exempt from disclosure, information or records stored on CWI’s IT Resources are generally presumed to be open for review and inspection and are subject to public disclosure requests and examination by CWI officials in order to determine if exemptions apply to prohibit disclosure. As such, CWI will examine and disclose information or records stored on CWI’s IT Resources as required by law. In addition, CWI may have a business necessity or reason to access and examine information, records, files, communications, and accounts of its employees or students, including but not limited to the investigation of substantiated complaints or other reliable evidence of misuse or violation of law or policy. Therefore, Users of CWI’s IT Resources should have a limited expectation of privacy in the use of such resources.
College IT Resources shall not be used for:
Users of College IT Resources shall not:
Suspected violations of this policy should be reported to the appropriate supervisor, department head, Dean, Vice President or IT.
Use of CWI’s IT Resources is a privilege, not a right, and abuse may result in the immediate removal of privileges pending final resolution.
Violation of any portion of this policy may result in corrective action. Whether a violation has occurred and the appropriate corrective action will be determined by the violator’s supervisor, department head, Dean, or Vice President. Incidents will be evaluated on a case by case basis and may result in one or more of the following:
To provide guidelines for the administration of CWI’s server environment.
Applies to CWI’s servers that house all software and applications utilized users.
Host: A server that is configured explicitly to run software that provides virtual servers for CWI’s server environment. Many hosts make up a cluster.
Server: A computer that is configured to provide services to other computers on the CWI network. These services include file sharing, printing, database access, email, authentication and applications utilized by staff, faculty and students. Servers can be physical machines or can be a virtual server on a special server called a host.
User: Anyone who uses CWI’s information technology resources, even if they have no responsibility for managing the resources. This includes students, faculty, staff, contractors, consultants, and temporary employees.
Information Technology (IT) will provide a robust server infrastructure for CWI for the purpose of providing services such as mission critical applications, printing, file shares, backups and software patching.
To support a reliable server infrastructure, all CWI Users shall conform to the guidelines detailed in this policy.
IT is responsible for every aspect of the server infrastructure which includes:
Access to the server infrastructure is limited to the Server Administration group at CWI. Administrative access will not be granted to any other party.
Server antivirus software is required for all servers connected to CWI’s infrastructure. Such software must be installed and running, and virus definitions kept up-to-date.
IT will maintain documentation of the server infrastructure data including:
All servers in the CWI server infrastructure will be regularly backed up. All backups will be regularly tested and verified.
To establish guidelines for CWI’s telephone and telecommunication services.
Applies to all users of CWI’s Telephone Services.
Telephone Services: CWI’s telephone lines, equipment, products, maintenance, and other related resources that assist employees and students in their telecommunications needs.
User: Anyone who uses CWI’s information technology resources, even if they have no responsibility for managing the resources. This includes students, faculty, staff, contractors, consultants, and temporary employees.
CWI provides Telephone Services based on cost-effective practices that also comply with government rules and regulations. This policy guides decisions that ensure quality service to CWI’s community in a cost effective manner.
CWI’s Information Technology Department is responsible to:
Generally, departments and users should use CWI Telephone Services for work-related purposes.
Misuse of CWI’s Telephone Services may be grounds for corrective action up to and including termination and/or suspension or expulsion in the case of a student. All users should be aware that the misuse of Telephone Services could also result in civil action and/or criminal prosecution.
To ensure compliance with applicable statutes, regulations and mandates relating to the use of software made available by CWI and to establish acceptable practices and responsibilities associated with the use of such software.
Applies to all users at CWI and to all software provided by CWI.
Electronic Technology Resources (“ETRs”): Desktop computers, laptop computers, tablets, cell phones, and handheld devices in which CWI has an ownership, lease, license, proprietary, managerial, administrative, maintenance, or other legal or equitable interest.
License: A type of proprietary or gratuitous license as well as a memorandum of contract between a producer and a user of the computer software that specifies the parameters of the permission granted by the producer to the user.
Software: Any and all computer software (licensed, freeware, shareware).
User: Anyone who uses CWI’s information technology resources, even if they have no responsibility for managing the resources. This includes students, faculty, staff, contractors, consultants, and temporary employees.
CWI provides users with access to a wide variety of Software. This Software is a valuable resource provided for the limited purposes of advancing, enhancing and promoting the business and educational opportunities made available by CWI. This policy sets forth guidelines regarding the use of such Software and establishes acceptable practices and responsibilities associated with the use of such Software. CWI prohibits the improper or illegal use of Software by Users
Software, sent, received, or stored on CWI’s ETRs is the sole and exclusive property of the granted license owner.
All Software is protected under United States copyright law from the time of its creation. CWI has licensed copies of Software from a variety of producers to help fulfill its mission. Unless otherwise provided in the Software license, duplication of copyrighted Software, except for backup and archival purposes, is a violation of applicable laws and this policy.
CWI may track Software usage at any time for any reason. All CWI-owned applications, including Blackboard, are filtered, monitored and logged for, among other things, content, sites visited, patterns of activity, routing information, and duration of use. Accordingly, no User has (or should expect to have) any right of privacy or confidentiality with respect to the use of CWI’s Software. Whether for the purpose of managing those resources and traffic flow, assuring system security, verifying and ensuring compliance with CWI policies or applicable law, or for any other reason, CWI expressly reserves the right (from time-to-time or at any time) to intercept, divert, discard, access or review any Internet connection, other electronic communications or Software stored on CWI’s ETRs.
CWI also reserves the right to disclose to other persons or otherwise use the contents of any Software for any of the foregoing purposes, as well as for the purposes of complying with or assisting law enforcement officials or legal authorities who may, by subpoena, search warrant or otherwise, seek review of communications, or for the purpose of litigation or other legal proceedings.
As a political subdivision of the state of Idaho, CWI is subject to the Idaho Public Records Act. Except as specifically provided therein, the Idaho Public Records Act expressly denies to CWI employees any expectation of privacy in their use of CWI’s ETRs. Users should be aware that their use of ETRs may be subject to the public’s right to inspect and copy records, as that term is defined by Idaho law, of Software installed on CWI’s ETRs.
Users shall, as an express condition of their use, comply with the following standards of conduct with respect to the use of CWI Software:
CWI’s Chief Information Officer is responsible for enforcement of this policy. All Users of Software are required to report any violations of this policy to the Chief Information Officer.
CWI makes no warranties of any kind, either express or implied, that the functions of the Software will be error free or without defect. CWI is not responsible for any damage Users may suffer, including but not limited to, loss of data or interruptions of service. CWI is also not responsible for the accuracy or the quality of the information obtained through or stored on the system. CWI is not responsible for any financial obligations arising from the unauthorized use of Software.
Any violation of this policy may result in corrective action up to and including termination of employment and/or suspension or expulsion in the case of a student. Additionally, Users are subject to loss of Software privileges and, in appropriate cases, civil and/or criminal prosecution.
To state the requirements for remote access to computing resources hosted at CWI using Virtual Private Network (VPN) technology.
Applies to all CWI Users.
Information Technology (IT) Resources: An array of products and services that collect, transform, transmit, display, present, and otherwise make data into usable, meaningful and accessible information. IT Resources include but are not limited to: desktop computers, laptops, and tablet PC’s; handheld devices including but not limited to, cell phones; e-mail, voicemail, servers, central computers, and networks; cloud storage systems; network access systems including wireless systems; portable hard drives and databases; computer software; printers and FAX machines and lines; campus, classroom and office audio and visual display devices and switching, camcorders, televisions, physical media; telephone equipment and switches including local and long-distance services; satellite equipment and any other current or future IT resource adopted by CWI as new technologies are developed.
Remote Access: Access to IT Resources from an electronic or other device not directly connected to the CWI wired or wireless networks, but not including accesses to such IT Resources where Remote Access is considered a primary function and normative use. For example, use of a Web browser to remotely access a CWI Web page is not covered by this policy.
Remote User: One who uses an electronic or other device for Remote Access.
User: Anyone who uses CWI’s information technology resources, even if they have no responsibility for managing the resources. This includes students, faculty, staff, contractors, consultants, and temporary employees.
Virtual Private Network (VPN): a secured private network connection built on top of a public network. A VPN provides a secure encrypted connection or tunnel over the Internet between a CWI individual computer and a private network. VPN allows members of CWI to securely access CWI network resources as if they were on campus.
Remote Access to CWI’s IT Resources must be accomplished in a manner that furthers CWI’s mission while preventing unauthorized use of those resources. This policy is designed to ensure that CWI’s IT Resources are used for the purposes for which they are intended. Accordingly, CWI prohibits illegal or unauthorized Remote Access to CWI’s IT Resources. Only authorized CWI employees may utilize CWI’s VPN for Remote Access.
In order to connect to the VPN it is necessary for Remote Users to install the approved Cisco Anyconnect Software on a laptop provided by CWI (software URL will be provided). Remote Users will need a connection to the Internet from their off-campus location. CWI does not provide Remote Users with an Internet connection, their Internet Service Provider does.
CWI’s Chief Information Officer is responsible for enforcement of this policy.
Any violation of this policy may result in corrective action up to and including termination of employment and/or suspension or expulsion in the event of a student. Additionally, Users who violate this policy may be subject to loss of software privileges, civil action and criminal prosecution.
The purpose of this policy is to provide for a uniform and systematic method for providing IT services required by CWI.
Applies to all Users who access CWI’s IT Resources.
Information Technology (IT) Resources: An array of products and services that collect, transform, transmit, display, present, and otherwise make data into usable, meaningful and accessible information. IT Resources include but are not limited to: desktop computers, laptops, and tablet PC’s; handheld devices including but not limited to, cell phones; e-mail, voicemail, servers, central computers, and networks; cloud storage systems; network access systems including wireless systems; portable hard drives and databases; computer software; printers and FAX machines and lines; campus, classroom and office audio and visual display devices and switching, camcorders, televisions, physical media; telephone equipment and switches including local and long-distance services; satellite equipment and any other current or future IT resource adopted by CWI as new technologies are developed.
User: Anyone who uses CWI’s information technology resources, even if they have no responsibility for managing the resources. This includes students, faculty, staff, contractors, consultants, and temporary employees.
CWI provides Information Technology Resources through a Centralized IT model. All departments and users are required to utilize CWI’s centralized IT department for all IT needs. Benefits of this model include:
CWI’s centralized IT organization provides all IT services to CWI. These services include, but are not limited to:
Any violation of this policy may result in corrective action up to and including termination of employment and/or suspension or expulsion in the case of a student.
To provide a reliable computing device platform which will enhance the workflow and productivity of the CWI community.
Computing device standards apply to all departments, units and offices of CWI. These computing device standards apply only to the “business” functions of CWI, not the “scholarship” functions (i.e., e-mail, calendaring, strategic planning and budgeting fall within the scope of this policy, but not the hardware and software in teaching and research labs).
User: Anyone who uses CWI’s information technology resources, even if they have no responsibility for managing the resources. This includes students, faculty, staff, contractors, consultants, and temporary employees.
CWI strives to provide a reliable computing device platform in which end users have confidence and which will enhance the workflow and productivity of the college community. Accordingly, CWI has adopted the following standards for the purpose of providing high quality service and support. These standards will lead to high quality service and support. If a department or unit needs other desktop products to provide for the scholarship or special needs of that department, then it is important to devote the resources needed to guarantee assistance for users of those products. These standards are set forth to provide consistency, support and the exchange of information as well as access to, and use of, the College’s business systems. In addition, these standards allow for compatibility and thorough, consistent support from the IT Department, co-workers, and vendors. They ensure that information can be distributed in a format and manner that the College community can read, use, and understand, thus promoting a productive working and education environment. A process for exceptions provides for specialized needs.
Responsibility for these standards belongs to CWI’s Chief Information Officer (CIO). Standards will be periodically evaluated and reviewed. Hardware and software, including groupware applications such as virtual whiteboard, distance learning, hosted storage, and collaborative computing will be examined on a regular basis. The Enterprise Technology Advisory Committee and Academic Technology Advisory Committee (standing committees with representation from all areas of CWI) will make recommendations on additions, deletions and/or modifications to these standards. This committee will review the current standards on a regularly scheduled basis. Others wishing to make recommendations may make them directly to the CIO.
A list of supported products will be updated regularly and be made available to the CWI community on the web.
For purposes of this policy, “full support” means that support from the product vendor is still available. Further, assuming that the product is fully compatible with campus administrative systems, IT staff members are fully product knowledgeable and documentation is available. For fully supported products, Users may expect problem resolution, user seminars may be offered, and product consultation may be arranged.
For purposes of this policy, “partial support” means the product may or may not be supported by the vendor, the product may not be fully compatible with campus administrative systems or specific known compatibility issues exist, and product documentation and user training is not available. Under these circumstances IT staff will provide a best effort to support the product.
Microsoft Office is supported for its compatibility with the campus administrative systems. The campus administrative systems dictate which versions of Office are covered by full support. All versions of Office will be supported throughout .
Users should remember that the Web is an extremely valuable way to distribute information, especially in a commuter institution like CWI. It is often preferable to the distribution of paper. Users should consider options for paperless distribution over printed distribution.
Microsoft Outlook is the fully supported college standard, which provides a collaborative environment for our campus community.
The following web browsers are supported:
The browsers and the different versions are supported throughout the browser’s (and specific version’s) life cycle. The campus administrative systems dictate which browsers are installed on CWI computers and covered by full support.
If required to perform his/her job duties, a User will be provided with a single computing device, a desktop or laptop. Exceptions require presidential approval.
The Operating System installed on the computer will be fully supported within the manufacturer’s support product life cycle or end of life statements. The campus administrative systems dictate the rate at which new Operating System versions can be introduced to campus Microsoft Windows. Life cycle information can be found at .
Windows-based computers will be fully supported for four (4) years after the purchase date. After four (4) years the computer will be partially supported. If a computer requires more than $300 dollars of repairs and/or upgrades, a replacement should be considered instead of the repair.
Information Technology will only support licensed versions of software, as set forth in CWI’s Software policy.
Laptop computers have become a good, practical, business purchase. Rugged laptops may be appropriate for Users who move around the institution, travel, or attend frequent meetings. The appropriate choice is encouraged. On the other hand, desktop machines should be purchased for Users who work mainly in their offices.
Mobile devices can be an appropriate choice for the on-the-go User and may be provided on a case-by-case basis with presidential approval. The appropriate device allows the User to stay in contact with the office, organize daily tasks, and carry important information electronically such as contacts or documents.
Mobile “information consumption” devices, such as the iPad, may be practical business purchases in limited instances. Administration staff and those employees who travel extensively and participate in many meetings may be assigned an iPad or other device in addition to their primary computing device. Obtaining such a device requires presidential approval.
Surge protectors, not to be confused with power strips, are to be acquired and used with all computing equipment (PCs, printers, FAX machines, etc.).
Backups are an important part of computing. Lost or corrupted data means the re-entering of data and/or the possibility of data that can never be recovered. Thus, all business, academic and other College-owned work and documents are to be stored on the Users’ personal network drive (H:\) or a network drive (i.e. I:\). This ensures that information is appropriately backed up, should a hard drive fail.
Critical data must be stored on a file server where backups are performed automatically. Employees should check with the network administrator to determine what backups are performed. More information on server backups can be found in CWI’s Server Administration policy.
Storing data on local drives is not recommended and the safety of such data is the responsibility of the assigned User of the computer. All files created or revised each day should be backed up if they are stored on a local drive.
The following table outlines the data classification and proper handling of CWI data.
| Data Classification | Cloud Storage | Network Drive | Local Storage |
|---|---|---|---|
| CWI Protected | Not Allowed | Allowed No special requirements, subject to any applicable laws | Not allowed |
| CWI Sensitive | Allowed, but not advised Requires CIO approval | Allowed No special requirements, subject to any applicable laws | Allowed, but not advised Requires dept. manager approval |
| CWI Public | Allowed No special requirements | Allowed No special requirements | Allowed No special requirements |
Any department or office that requires an exception to these standards should submit such a request in writing to the CIO. The request should state the following:
The User must commit funding and other appropriate resources to providing hardware and software support for the exception. Only CWI’s CIO and Vice President of Finance and Administration (VPFA) can authorize an exception to these standards.
To set forth guidelines for Internet access and usage at CWI.
Applies to all Users who access CWI’s Internet resources.
Information Technology (IT) Resources: An array of products and services that collect, transform, transmit, display, present, and otherwise make data into usable, meaningful and accessible information. IT Resources include but are not limited to: desktop computers, laptops, and tablet PC’s; handheld devices including but not limited to, cell phones; e-mail, voicemail, servers, central computers, and networks; cloud storage systems; network access systems including wireless systems; portable hard drives and databases; computer software; printers and FAX machines and lines; campus, classroom and office audio and visual display devices and switching, camcorders, televisions, physical media; telephone equipment and switches including local and long-distance services; satellite equipment and any other current or future IT resource adopted by CWI as new technologies are developed.
User: Anyone who uses CWI’s information technology resources, even if they have no responsibility for managing the resources. This includes students, faculty, staff, contractors, consultants, and temporary employees.
CWI provides Internet access in order to enhance the student’s learning, efficiency and productivity with guidance from employees. It also is provided to faculty and staff for the purpose of performing their jobs. This technology allows Users to access resources beyond the boundaries of CWI’s physical campus. While the internet offers a wealth of material that is personally, culturally, and professionally enriching to Users of all ages, it also enables access to some material that may be inaccurate, offensive or disturbing to others, or illegal under state or federal law. CWI cannot police the global network and takes no responsibility for its content. The operation of the Internet relies heavily on the proper conduct of the Users who must adhere to the guidelines in this policy, as well as applicable law.
These guidelines apply to the use of CWI IT Resources to access information on the Internet and to the use of CWI IT Resources to provide information to other Internet users. Internet access is a privilege, not a right. CWI prohibits the improper or illegal use of Internet privileges by Users. Violations of the law may result in legal action. Any User violating this policy is likewise subject to loss of access privileges and other appropriate disciplinary actions.
CWI makes no warranties of any kind, whether express or implied, for the Internet service it is providing. CWI is not responsible for any monetary or non-monetary damages a User may suffer, including loss of data, nor is it responsible for the accuracy or quality of information obtained through its Internet resources.
Any User found in violation of this policy may have the privilege of using all CWI IT Resources revoked. CWI’s Chief Information Officer will make the final determination as to what constitutes unacceptable Internet use; his/her decision is final.
CWI students may report violations of this policy to an appropriate department head, Dean or Vice President, the Chief Information Officer or, if appropriate, the Title IX Coordinator. Possible sanctions include deletion of material or direct links to other locations on the Internet, loss of IT Resource privileges, and further corrective action as provided by CWI policy.
Employees may report violations of this policy to their immediate supervisor, an appropriate department head, Dean or Vice President, the Chief Information Officer or, if appropriate, the Title IX Coordinator. Possible sanctions include deletion of material or direct links to other locations on the Internet, loss of IT Resource privileges and further corrective action.
To classify data and establish minimum standards and guidelines to protect against accidental or intentional damage or loss of data, interruption of CWI business, or the compromise of confidential information.
Applies to all users with access to (a) confidential information through CWI or its affiliates or (b) college information resources, including those used by CWI under license, contract, or other affiliation agreement.
Access: Any personal inspection or review of the confidential information or a copy of the confidential information, or an oral or written account of such information.
Confidential Information: Information identified by applicable laws, regulations, or policies as personal information, individually identifiable health information, education records, personally identifiable information, non-public personal data, confidential personal information, or sensitive scientific or sponsored project information. Confidential information includes but is not limited to any information that identifies or describes an individual such as a social security number, physical description, home address, non-business telephone numbers, ethnicity, gender, signature, passport number, bank account or credit card numbers, expiration dates, security codes, passwords, educational information, medical or employment history, driver’s license number, or date of birth. It also includes electronic data that includes an individual’s first name or first initial and last name in combination with one or more of the following data elements, when either the name or data elements are not encrypted: 1) social security number; 2) driver’s license or state identification card number; 3) student or employee identification number; or 4) credit card number in combination with any required security code, access code, password, or expiration number that would permit access to an individual’s financial account.
Confidential information does not include any information knowingly and voluntarily made publicly available by the owner of such information, such as information voluntarily listed in college or other public directories. Custodian: Member of the CWI community having primary responsibility for gathering, inputting, storing, managing, or disposing of confidential information. One becomes a custodian either by designation or by virtue of having acquired, developed, or created information resources for which no other party has stewardship. For example, for purposes of this policy, librarians have custody of library catalogs and related records, faculty have custody of their research and course materials, students have custody of their own work, and any individual who accepts a credit card number in the course of conducting CWI business is the custodian of that information. The term does not necessarily imply legal ownership.
Data: Information generated in the course of official CWI business. Information that is personal to the operator of a system and stored on a college IT resource as a result of incidental personal use is not considered CWI data.
Disclosure: To permit access to or release, transfer, disseminate, or otherwise communicate any part of information by any means, including but not limited to orally, in writing, or by electronic means to any person or entity.
Incident: A potentially reportable incident that may include, but is not limited to, the following:
Individually Identifiable Health Information: Any information, including demographics, collected from an individual that is created or received by a health care provider, health plan, employer, or health care clearinghouse relating to the past, present or future physical or mental health or condition of an individual and identifies the individual, or information which can reasonably be expected to identify the individual.
Information Resources: Includes information in any form and recorded on any media, and all computer and communications equipment and software.
Information Security Officer (ISO) – The individual or individuals responsible for protecting confidential information in the custody of CWI; the security of the equipment and/or repository where this information is processed and/or maintained and the related privacy rights of college students, faculty and staff concerning this information. An ISO has primary responsibility for oversight of information security, networks and systems, and working in cooperation with IT and Human Resource (HR) to educate the CWI community about security responsibilities.
Information Service Provider (Service Providers): A person or entity, including CWI departments, individuals, and ancillary organizations, that receives, maintains, processes or otherwise is permitted to access confidential information through its provision of services directly to CWI who manages significant information resources and systems for the purpose of making those resources available to others. This includes the Office of Information Technology, the Alumni Association, Registrar, and Financial Aid, as well as other entities that operate at a division, department, or sub-department level.
Information Technology (IT) Resources: An array of products and services that collect, transform, transmit, display, present, and otherwise make data into usable, meaningful and accessible information. IT Resources include but are not limited to: desktop computers, laptops, and tablet PC’s; handheld devices including but not limited to, cell phones; e-mail, voicemail, servers, central computers, and networks; cloud storage systems; network access systems including wireless systems; portable hard drives and databases; computer software; printers and FAX machines and lines; campus, classroom and office audio and visual display devices and switching, camcorders, televisions, physical media; telephone equipment and switches including local and long-distance services; satellite equipment and any other current or future IT resource adopted by CWI as new technologies are developed.
Level One Data: Private information that must be protected by law or industry regulation. This information is considered highly sensitive (“HS”).
Level Two Data: Information that should be protected. This information is considered moderately sensitive (“MS”).
Level Three Data: Publicly available information. This information is considered non-sensitive (“NS”).
Managers: Members of the CWI community who have management or supervisory responsibilities, including deans, department chairs, directors, department heads, group leaders, supervisors and faculty who supervise teaching or research assistants.
Minimum Security Standards (“MSS”): Required configuration standards, maintained by the Office of Information Technology, that increase the security of systems (servers, workstations, mobile devices) and help safeguard CWI’s information technology resources and data.
Protected Health Information (“PHI”): Individually identifiable health information that is maintained in any medium or transmitted or maintained in any other form. PHI excludes individually identifiable health information in education records covered by the Family Educational Rights and Privacy Act (FERPA), and records held by a covered entity in its role as an employer.
User: Anyone who uses CWI’s information resources, even if they have no responsibility for managing the resources. This includes students, faculty, staff, contractors, consultants, and temporary employees.
This policy creates an environment that will help protect all members of the CWI community from information security threats that could compromise privacy, productivity, reputation, or intellectual property rights. CWI recognizes the vital role data and information plays in its educational and research missions, and the importance of taking the necessary steps to protect information in all forms.
Given the large amounts of data and information generated by CWI employees and students, it is important everyone is familiar with the provisions of this policy. As more information is used and shared by students, faculty and staff, both within and outside CWI, an associated effort must be made to protect information resources from threats by establishing responsibilities, guidelines, and practices that will help CWI prevent, deter, detect, respond to and recover from compromises to these resources. All CWI data must be subject to some protective measures. This policy classifies CWI data into categories in order to apply appropriate protective security measures.
Users are responsible for protecting the information resources to which they have access. Their responsibilities cover both computerized and non-computerized information and information technology devices they use or possess, including but not limited to paper, reports, books, film, microfiche, microfilms, recordings, computers, PDAs, disks, jump drives/memory sticks, printers, phones, and fax machines. Users must follow the information security practices set by the ISO, as well as any additional departmental or other applicable information security practices.
To define the responsibilities, guidelines, and terms of use for user owned mobile devices configured for CWI data use and that can access CWI’s electronic resources.
This policy applies to all users who utilize either CWI-owned or personally-owned Mobile Devices to access, store, back up, relocate or access any CWI resources or information.
College Computing Resources: Computer hardware, software, data and network resources used and/or provided by CWI, including applications, intranet web access and CWI email/calendar/contacts.
Device Management: Management, security, and monitoring of all Mobile Devices that have access to College Computing Resources.
Mobile Device: Employee provided smartphone, tablet or laptop to be used to perform CWI-related work or educational activities.
User: Anyone who uses CWI’s information technology resources, even if they have no responsibility for managing the resources. This includes students, faculty, staff, contractors, consultants, and temporary employees.
CWI’s IT resources are provided to support CWI and its academic and service missions, its business and administrative function, and its student and campus life activities. CWI takes every precaution to protect the integrity and confidentiality of data that resides within CWI’s technology infrastructure. This policy is intended to prevent this data from being deliberately or inadvertently stored insecurely on a mobile device or transferred over an insecure network where it can potentially be compromised. A breach of this type could result in loss of information, damage to critical applications, financial loss, and damage to CWI’s public image. Users who bring personal devices to campus and use CWI’s IT resources must comply with state and federal laws and regulations, the guidelines in this policy, executive orders and policies of the Idaho Technology Authority (ITA) and the Idaho State Board of Education, and any other applicable CWI policies. Access to CWI resources and information is a privilege, not a right. Consequently, users are not automatically guaranteed the initial or ongoing ability to use these devices to gain access to CWI networks and information.
Jailbroken Apple iOS devices, rooted Android devices, and other similar devices pose a risk to CWI data contained within the secure communications app. Therefore, CWI will disable or remove CWI data access on Mobile Devices determined to be jailbroken or rooted.
To provide a framework for the procurement of all IT hardware, software, and any externally-hosted systems or software for CWI.
Applies to the procurement of all IT hardware, software and any externally-hosted systems or software.
User: Anyone who uses CWI’s information technology resources, even if they have no responsibility for managing the resources. This includes students, faculty, staff, contractors, consultants, and temporary employees.
CWI has established standards for desktop software, operating systems, computer networks and computer hardware and peripherals. This standardization is essential as it allows CWI’s IT Department to provide quality service. The main benefits are:
The IT Department is the sole authority for placing orders for IT software and hardware on behalf of CWI regardless of the source of funding. All IT-related purchases must have full approval and authorization prior to requisitioning. All IT-related hardware and software will be specified by IT. Hardware and software cannot be purchased without approval by IT. All equipment or software purchase requests, whether as individual items or as part of a larger project, must be sent to IT which will process the request pursuant to this policy.
External IT Services include: hosting of software, accessing third party software (except via the internet), maintenance/support services and any other third party supplied IT related service.
To ensure secure, reliable and accountable use of mobile computing and storage devices containing CWI data by establishing unified management of and formally assigning roles and responsibilities with respect to the use of such devices.
Applies to all mobile computing and storage devices used by CWI’s users in the performance of their duties and to all CWI data when accessed through, or stored on, mobile computing and storage devices, regardless of the device’s ownership.
Mobile Computing Devices: Small devices intended primarily for the access to or processing of data, which can be easily carried by a single person and provide persistent storage. Current examples include, but are not limited to, laptop, notebook, netbook and similar portable personal computers, as wells as smartphones and PDAs (Android, Blackberry, iPhone, and others).
Mobile Storage Devices: Media that can be easily carried by a single person and provide persistent storage. Current examples include, but are not limited to, magnetic storage devices (diskettes, tapes, USB hard drives), optical storage devices (CDs, DVDs, magneto-optical disks), memory storage devices (SD cards, thumb drives), and portable devices that make nonvolatile storage available for user files (cameras, MP3 and other music players, audio recorders, smart watches, and cell phones).
Restricted Data: Data in any format collected, developed, maintained or managed by or on behalf of CWI, or within the scope of CWI activities that are subject to specific protections under federal or state law or regulations or under applicable contracts. Examples include, but are not limited to, medical records, social security numbers, credit card numbers, drivers licenses, non-directory student records, research protocols and export controlled technical data.
User: Anyone who uses CWI’s information technology resources, even if they have no responsibility for managing the resources. This includes students, faculty, staff, contractors, consultants, and temporary employees.
CWI is committed to and encourages an open and collaborative environment through the use of mobile devices to facilitate interaction among Users. However, mobile computing devices and mobile storage devices that connect to CWI’s servers or contain CWI Restricted Data can be a substantial security risk for CWI. To reduce that risk, CWI has adopted the following guidelines.
To provide ownership, allowable use, privacy, and retention guidelines for all Users of CWI E-mail Facilities.
Applies to all students, faculty, staff, contractors, consultants, temporary employees, guests, volunteers and all other entities or individuals with access to electronic mail (e-mail) provided by CWI.
CWI E-mail Facilities: Includes all facilities, technology, information resources, and computing and electronic communication devices, hardware, software, and services required to accomplish the processing, storage, transmission, and communication of electronic mail, whether individually controlled or shared, stand-alone, or networked.
Electronic mail (E-mail): a message distributed by electronic means from one User to one or more recipients via a network.
Official CWI E-mail Account: Account with e-mail address of the form @cwi.edu or @my.cwi.edu. An Official CWI E-mail Account is provided to faculty, staff, students, and other individuals granted e-mail privileges at CWI.
User: Anyone who uses CWI’s information technology resources, even if they have no responsibility for managing the resources. This includes students, faculty, staff, contractors, consultants, and temporary employees.
CWI provides CWI E-mail Facilities that enable electronic mail (e-mail) communication by Users. The use of CWI Email Facilities is expected and encouraged to facilitate the exchange of useful information in support of CWI’s mission. Members of the CWI community are expected to use CWI E-mail Facilities in a responsible and ethical manner.
CWI E-mail Facilities are owned by and the property of CWI. E-mail is an official means for communication at CWI. Therefore, CWI has the right to send communications to Users via Official CWI E-mail Accounts and the right to expect that those communications will be received and read by Users in a timely fashion. CWI reserves the right to operate its E-mail Facilities as needed for its educational and administrative services.
CWI E-mail Facilities are provided for activities and associated administrative functions supporting CWI’s mission. Any use of CWI E-mail Facilities should be related to CWI business, including academic pursuits. The use of CWI Email Facilities for teaching and learning is encouraged. Incidental and occasional personal use of CWI E-mail Facilities may occur when such use does not increase costs for CWI or interfere with CWI’s mission or operations. Such incidental use is subject to the provisions of this policy.
Users of CWI E-mail Facilities may redirect communications from an Official CWI E-mail Account to another e-mail address but will retain the responsibility to monitor official communications. Any User who forwards his/her CWI e-mail to another e-mail address expressly assumes all responsibility for delivery beyond the @cwi.edu or @my.cwi.edu domains. CWI is not responsible for forwarded e-mail from other e-mail systems.
CWI Email Facilities shall be used in an ethical and responsible manner. The following are prohibited uses of CWI Email Facilities:
While CWI respects the privacy of Users and does not wish to inspect or monitor the use of CWI E-mail Facilities routinely or to be the arbiter of message content, Users should not have any expectation of privacy or confidentiality as to any e-mails sent or received using CWI E-mail Facilities or an Official CWI E-mail Account. As a public institution of higher education, CWI is subject to the public records laws of the state of Idaho. Any e-mail sent by Users at CWI may be considered a public record subject to public disclosure as required by law. Use of private email in any manner for CWI-related purposes may cause that e-mail account to be subject to public records laws.
CWI reserves the right to access messages and data stored on or transmitted using CWI E-mail Facilities or Official CWI E-mail Accounts at any time for purposes including but not limited to:
The nature of e-mail messages makes them difficult to rely upon as a permanent record. E-mail communications at CWI are not considered to be “record copies” and are transitory, held for convenience, and may be deleted. Users should be aware that messages may or may not be permanent. Also, the confidentiality of any message should not be assumed. Even when a message is deleted, it may be possible to retrieve and read that message. CWI reserves the right to review and retrieve e-mail communications for all lawful purposes. In addition, CWI may be required to put a hold on certain e-mail communications to prevent their deletion. Affected Users will be advised of any such hold.
Any violation of this policy may result in corrective action up to and including termination of employment and/or suspension or expulsion in the case of a student.
To provide the standards for the establishment of CWI’s networking infrastructure.
Applies to CWI’s networking infrastructure in all buildings owned and/or operated by CWI, CWI’s networking infrastructure that provides connectivity between all CWI buildings, and any vendors used in support of the infrastructure.
Data Center: The infrastructure provided by a third party to house mission critical applications and hardware. This infrastructure is for facilities leased by CWI and should always be in a facility or building not owned or operated by CWI. The Data Center provides high availability for power and carrier access to be able to provide redundant and highly available infrastructure for CWI’s mission critical applications.
Independent Distribution Facility (IDF): The IDF is the Telco room in a building that contains the switching and cabling termination points for a LAN. There can be multiple IDF’s in one building. A Data Center cannot reside in an IDF.
Information Technology (IT) Resources: An array of products and services that collect, transform, transmit, display, present, and otherwise make data into usable, meaningful and accessible information. IT Resources include but are not limited to: desktop computers, laptops, and tablet PC’s; handheld devices including but not limited to, cell phones; e-mail, voicemail, servers, central computers, and networks; cloud storage systems; network access systems including wireless systems; portable hard drives and databases; computer software; printers and FAX machines and lines; campus, classroom and office audio and visual display devices and switching, camcorders, televisions, physical media; telephone equipment and switches including local and long-distance services; satellite equipment and any other current or future IT resource adopted by CWI as new technologies are developed.
Local Area Network (LAN): The infrastructure used to provide connectivity within a single building or portion of a building owned and/or operated by CWI. This can be physical infrastructure, such as cabling or switches, or can be a wireless network.
Main Distribution Facility (MDF): The MDF is the Telco room that houses the network core for a particular building and is the focal point for the WAN entering the building and the LAN servicing the building. The Data Center would be considered an MDF.
Telecommunications Rooms (Telco): The secure room that houses the electronics and network cabling for the LAN at each building. Telco rooms can be centrally located, or can be dispersed throughout a building depending on the layout of the building. Multiple floor buildings will typically have an MDF and several IDF rooms. The WAN connection for a building will be in the MDF. IDFs will typically only have switching and cabling for the LAN in a particular section of a building.
User: Anyone who uses CWI’s IT Resources, even if they have no responsibility for managing the resources. This includes students, faculty, staff, contractors, consultants, and temporary employees.
Wide Area Network (WAN): The infrastructure used to provide connectivity between all of the buildings owned and operated by CWI. This can be a mix of several technologies and is usually provided by or leased from a third party or carrier.
CWI supports centralized network services to offer the most advanced technology available while ensuring stable and reliable services are maintained for the benefit of the CWI community. These standards are subject to change based on newly available technology, changes in the makeup of the CWI footprint and any change in the direction of technology support.
To provide support for academics and the business of CWI by keeping software utilized by CWI up to date and patched with the most current updates as approved for deployment on the CWI network.
Applies to all software on all servers and workstations utilized by users.
User: Anyone who uses CWI’s information technology resources, even if they have no responsibility for managing the resources. This includes students, faculty, staff, contractors, consultants, and temporary employees.
Software is utilized on all servers and workstations to provide the applications utilized by users for academics and the day to day activities of CWI and for the systems that support the business critical applications. Updates to this software are provided by manufacturers to address known issues and security flaws. The software is released periodically and CWI’s IT Department will review the provided updates and plan appropriately for the installation of approved patches.