Computing Policies Manual


TABLE OF CONTENTS

100.00  GOVERNANCE
120.00    University Computing Policy Committee (UCPC)
120.10      Charge
120.20      Committee Structure
130.00    Computer Fee Advisory Committee (CFAC)
130.10      Charge
130.20      Committee Structure
140.00    Administrative Information System Projects Committee
140.10      Charge
140.20      Committee Structure

200.00  RESOURCE FINANCE AND ACQUISITION
210.00    Student Computer Fee
210.10      Background
210.20      Fee Allocation Process
210.30      Monitoring of Student Fee Purchases
220.00    Resource Acquisition and Replacement Strategy
220.10      Objective
220.20      Background
220.30      Strategic Plan
220.40      Plant Fund

300.00  RESOURCE ALLOCATION AND MANAGEMENT
310.00    Campus Wide Information System - MSUinfo
310.10      Background
310.20      Access
310.30      Content
310.40      Maintenance
320.00    Computing Resource Allocation and Management
320.10      Objectives
320.20      Resource Categories
320.30      Consumables
320.31        Computer Usage
320.32        Computer Access
320.33        Network Services
320.34        Software
320.35        System Support
320.36        Consulting Services
320.37        User Training
320.40      Appendices
330.00    Student Computer Laboratories
330.10      Background
330.20      Scheduling
330.30      Fees
340.00    Administrative Information System
340.10      Objective
340.20      Definitions
340.30      System Management
340.40      System Security
340.50      System Access
340.60      Release of Information
340.70      System Enhancement
340.80      Appendices
350.00    MSU-Bozeman Web Site
350.10      Definitions
350.20      Purpose
350.30      Content
350.40      Management


400.00  ACCEPTABLE USE POLICIES
410.00    Montana State University Network [MSUNET]
410.10      Objective
410.20      Policy
420.00    SummitNet, Montana's Statewide Telecommunications Network
430.00    MSU's Internet Service Provider

500.00  SYSTEM SECURITY
510.00    Data Security
510.10      Background
510.20      Data Classifications
510.30      Access Control
510.40      User Responsibilities
510.50      Security Officer
510.60      Penalties
520.00    Unauthorized Use of Computer Software
520.10      Background
520.20      Montana University System Computer Software Use Policy
520.30      Policy Dissemination at Montana State University
520.40      Penalties

100.00 Governance

120.00 University Computing Policy Committee (UCPC)

Revised November 1995

120.10 Charge

Serve as an advisory committee on all policy matters pertaining to University computing, including but not limited to planning, budgeting resource allocation, equipment acquisition, maintenance, access, security and policy issues supporting instruction, research and administrative computing.

120.20 Committee Structure

  1. Membership

    1. Voting Members: Two faculty, professionals, or classified employees with computing expertise representing each of the Provost, V.P. for Research and V.P. for Administration & Finance, and one faculty, professional or classified employee with computing expertise representing each of MSU-Billings and MSU-Northern. One student representative from MSU-Bozeman.

    2. Voting Ex Officio Members: Executive Director of Information Services; Director of Information Technology Center; Computer Science Department Head.

  2. Length of Term: Members will be appointed to two-year terms. One representative from Instruction, Research and Administration will be appointed or reappointed each year. The student member will be appointed to a one-year term.

  3. Appointed by: President's Executive Council

  4. Chair: To be appointed by the Executive Director of Information Services

  5. Advisory to: Executive Director of Information Services

  6. Reports Due: Computing Plan annually; periodic procedures and policies as required.

130.00 Computer Fee Advisory Committee (CFAC)

Revised March 1993

130.10 Charge

Review requests for student computer fees by various campus entities and recommend allocations to the President and Board of Regents per Section 940.23 of the Montana University System Policy and Procedures Manual.

130.20 Committee Structure

  1. Membership

    1. Voting Members: One or more faculty members representing instruction; minimum 25% student representation; chair.

    2. Nonvoting Ex Officio Members: Director, Information Technology Center; Department Head, Computer Science.

  2. Length of Term: One year, renewable

  3. Appointed by: Provost/Vice President for Academic Affairs

  4. Chair: Vice Provost for Academic Affairs

  5. Advisory to: President

  6. Reports Due: As requested

140.00 Administrative Information System Projects Committee

Revised February 1993

140.10 Charge

Coordinate projects and enhancements for the Administrative Information System. Advise the President's Executive Council, as necessary, with respect to management, policy, and procedural matters of the Administrative Information Systems.

140.20 Committee Structure

  1. Membership

    1. Voting members: One assistant or associate dean and one department head.

    2. Voting Ex Officio Members: Data Base Managers of the three system modules; Data Base Information Coordinator; Manager, Administrative Systems.

  2. Length of Term: One year, renewable

  3. Voting academic members appointed by: Vice Provost for Academic Affairs

  4. Chair: Data Base Information Coordinator

  5. Advisory to: President's Executive Council

  6. Reports Due: Periodic procedures and policies, as requested by the President's Executive Council.

200.00 Resource Finance and Acquisition

210.00 Student Computer Fee

Revised January 1996

210.10 Background

The Board of Regents has authorized units of the university system to collect a fee from students to be used for "purchase or lease of computer equipment, software, maintenance or related items which will benefit the instructional program" (MUS Policy and Procedures Manual, Section 940.23). This policy establishes a mechanism for allocating those fees.

210.20 Fee Allocation Process

  1. The Computer Fee Advisory Committee (CFAC) (Section 130.00) sends an annual request for proposals suggesting uses of student computer fees to all deans and all directors of global computing facilities.

  2. Deans and directors submit written proposals to the CFAC, detailing intended uses, immediate and long-term costs, including maintenance of the equipment desired. All requested equipment must be consistent with the MSU computing plan and compatible with MSUnet.

  3. After the CFAC has reviewed all proposals submitted, each dean and director has an opportunity to address the committee on the merits of his or her proposal and answer any questions the committee may have.

  4. Following the hearings, the CFAC evaluates all proposals in terms of student access to the requested equipment and rejects any that are not in accord with Regents' policies. The committee prioritizes the remaining requests in terms of their instructional impact, determines which can be covered by the available funds, and recommends allocations to the President, Commissioner of Higher Education, and Regents, who give final approval per established Regents' policy.

  5. The ITC Director also provides reports to the CFAC concerning the installation and implementation of purchases using the student computer fund.

  6. The MSU Treasurer provides an annual report to CFAC on expenditures and reversions of the Student Computer Fees.

210.30 Monitoring of Student Fee Purchases

  1. Property Management affixes stickers to all equipment purchased with student computer fees and uses a unique funding code in the property databases to distinguish it from equipment purchased with other funds.

  2. The CFAC conducts an annual inspection of all equipment purchased with student computer fees to ascertain that it is being used as intended and is being properly maintained.

  3. In cases where machines are not being used or maintained appropriately, the CFAC issues a written statement to the responsible Dean or Director, detailing the issues of noncompliance and including a deadline for compliance.

  4. If compliance is not satisfactory, the CFAC recommends to the President that the equipment be reallocated. The process outlined in Section 210.20 is followed for reallocation.

220.00 Resource Acquisition and Replacement Strategy

Revised September 1993

220.10 Objective

To establish a framework for the orderly expansion, migration, and replacement of the President's Executive Council controlled hardware and software on the MSU campus.

220.20 Background

The hardware and software that implement the "core" services for Montana State University have historically been acquired, maintained and updated in an unstructured manner. These information systems are a strategic resource for MSU, and must be maintained, enhanced, and replaced in a fashion that effectively supports the university mission. In addition, providers of "global" services must follow standards to ensure those services are accessible from the campus network.

220.30 Strategic Plan

ITC will develop a five year strategic plan for information resources on the MSU campus. This plan will be updated by ITC, reviewed by the UCPC, and approved by the President's Executive Council on an annual basis. It will include, but not be limited to, the following:

  1. Migration of all campus hardware and software systems toward an environment that is "open" in nature. Open systems are those that use nonproprietary operating systems like Unix, communications protocols such as TCP/IP, and database front-ends like SQL. These environments tend to have more universal support, afford easier migration of applications, and reduce vendor dependence;

  2. Evolution of the campus data network toward a seamless integration of data, voice, and video;

  3. Standards for connection to and interaction with the campus network;

  4. Integration of the campus network with the emerging National Information Infrastructure and the National Research and Education Network.

220.40 Plant Fund

  1. A plant fund will be established to provide for renewal and replacement of the MSU information system. This includes the devices which comprise the campus network and interconnect local and wide area networks, central output devices and the software and hardware which support the Administrative Information Systems and other central services.

  2. The President's Executive Council and ITC must make contributions to this fund at a level that allows for replacement of core software and hardware at the end of their effective life spans.

  3. Expenditures from this plant fund will be in accordance with the priorities established in the strategic plan.

300.00 Resource Allocation and Management

310.00 Campus Wide Information System - MSUinfo

Revised January 1996

310.10 Background

Montana Session Laws 1991, Chapter 222 [HB 160], established a solid waste reduction goal of 25% by 1996. Section 5(c) of that chapter directs the university system to "apply computer technology to reduce the generation of waste paper through the use of electronic bulletin boards." This policy presents guidelines for implementing and maintaining an electronic bulletin board, or campus wide information system, for the MSU system.

310.20 Access

All information posted on MSUinfo is considered to be public information. MSUinfo may be accessed by anyone on the Internet.

310.30 Content

  1. An MSUinfo Coordinator appointed by the President's Executive Council (PEC) will determine specific MSUinfo contents and menu. The coordinator will evaluate requests to add menu items to MSUinfo. Each request must identify a person responsible for installing and updating the information. Denials may be appealed to the University Computing Policy Committee (UCPC).

  2. The President's Executive Council will provide an allocation of disk space for information of university-wide interest. University offices wanting to post information of interest to limited audiences may do so by allocating their own disk space for this purpose. The MSUinfo coordinator will decide whether information will be stored on centrally allocated disk or must be placed on disk space already allocated to the requesting office. Decisions may be appealed to the UCPC.

310.40 Maintenance

  1. ITC is responsible for maintaining the MSUinfo software and the menu structure, with input from the MSUinfo coordinator. ITC will provide training and technical assistance for university offices wanting to post information on MSUinfo.

  2. Each menu item must be kept current by the person identified as responsible. MSUinfo information must include the name, position and title of the responsible person and the date of the most recent revision.

320.00 Computing Resource Allocation and Management

Revised March 1992

320.10 Objectives

  1. To provide and control general access to computing and information processing resources at Montana State University. All computing resources at MSU are regarded as finite and must be shared equitably among the university functions of instruction, research, outreach, and administration in order to provide efficient and effective support for the comprehensive mission of the University.

  2. To allocate these resources in a manner that addresses their costs and limits their access realistically, so that their value may be preserved. Costs for hardware maintenance, replacement, and upgrades must be reflected appropriately in charges for computing resources. Budgetary restrictions offer an efficient means for allocating resources and are the basis of MSU's model of computer resource usage.

320.20 Resource Categories

  1. Consumables. Printed output, disk storage, and high resolution graphics input/output.

  2. Computer Usage. Central processor unit (CPU) time, memory, disk input/output, connect time, and magnetic tape mounts.

  3. Resource Access. Physical and virtual access to all network services, software, and peripheral devices.

  4. Network Services. Implementation and maintenance of the campus computing network.

  5. Software. Software used on the network, generally available to the campus community at large, and managed by ITC.

  6. System Support. Assistance provided by ITC to coordinate system access and operation and to maintain system and network software and hardware.

  7. Consulting Services. Assistance provided by ITC to address user questions concerning supported software and hardware.

  8. User Training. Training activities for MSU operating systems and basic applications.

320.30 Consumables

  1. ITC, with the approval of the President's Executive Council and input solicited from each division manager (see Appendix I), will determine annual base allocations by division from usage data of the last fiscal year. Usage data shall be a starting point for discussion and shall be reviewed annually. Allocation of consumable resources will begin early in May and be completed by mid June in time for input into ITC, college, and departmental budgets for the new fiscal year.

  2. Funding the base allocation for all accounts will be the responsibility of ITC. Each SL account manager will be responsible for delegating and managing the base allocation.

  3. ITC will provide "automated" line-item monitoring of consumables by account with automatic threshold reports to users upon completion of online/batch sessions, and summary threshold reports covering all accounts supervised to the SL account manager. A summary of SL account status will be given to each division manager.

  4. When 75 percent and 90 percent of the base allocation has been expended, ITC will issue appropriately severe warnings online, on computer output, and via the billing process.

  5. When 100 percent of the base allocation has been expended, ITC will inform the SL account manager and the division manager that the account is responsible for payment for any further usage.

  6. SL account managers who anticipate that they will exceed their allocations can appeal their allocations to their division manager. Division managers can appeal their allocations to the President's Executive Council.

320.31 Computer Usage

  1. ITC will be responsible for establishing computer accounts with an initial allocation of computer usage resources based on historical and/or projected user needs. Available account types are listed in Appendix II.

  2. ITC will develop management structures for accounts, manage and monitor computer usage, and report usage statistics in appropriate units with dollar estimates. ITC will set the cost of these resources in a way that recognizes their current availability and encourages the use of ITC systems.

  3. ITC has the option to allocate computer usage resources in excess of the base allocation on request. Should the director decide that an allocation might adversely affect the campus community, the request will be referred to the appropriate vice president and associated computing committee for further review.

  4. ITC will establish incentives for conserving computer resource use during peak periods as needed. Should computer usage resources become scarce and require more rigid control, ITC will request an allocation policy from UCPC, subject to approval by the President's Executive Council.

320.32 Computer Access

  1. Access to each system will be controlled by the accountable administrator, determined by the resources' funding source (see Appendix III).

  2. In cases of multiple funding sources, resource access will be negotiated between accountable administrators, with disputes adjudicated by the President's Executive Council.

  3. Users seeking access to a system resource must make a request to the accountable administrator.

  4. ITC can accept authority for controlling access to a resource by mutual agreement with the accountable administrator. ITC can also delegate authority for controlling resource access by appointing an administrator.

  5. Accountable administrators may charge for resource access to recover the cost of materials, time, and/or expertise. Charges should not exceed those levied at comparable universities and are subject to review by the President's Executive Council.

  6. ITC will maintain an inventory of system resources, including location, intended use, and accountable administrator. The accountable administrator is responsible for reporting to ITC any change in resource capability, configuration, or account management.

320.33 Network Services

  1. A Network Advisory Subcommittee, comprised of representatives from ITC, instruction, research, administration, and a member of UCPC, will be appointed by UCPC to advise them on network planning and policy issues and to provide guidance for ITC.

  2. The subcommittee will define the MSU network domains and update the definition as appropriate. They will produce and review annually a plan for network domain operations, maintenance, expansion, and upgrades.

  3. The subcommittee will develop quantitative measurements of network usage. UCPC and ITC will develop equitable procedures for funding network services based on historical and/or projected usage, subject to approval by the President's Executive Council.

  4. ITC is responsible for administration and maintenance of the network backbone and network domains (Section 320.35). In order to facilitate the goal of ensuring compatibility of network domains, ITC must approve all implementations or modifications of network domains that serve a broad constituency, such as those established by the Geographic Information & Analysis Center and the MSU Libraries.

  5. Each network domain will have a coordinator/manager to serve as liaison for ITC and the Network Advisory Subcommittee.

320.34 Software

  1. Software used on the network and managed by ITC will be evaluated regularly by a Software Advisory Subcommittee appointed by UCPC. Membership will include representatives from ITC, instruction, research, administration, and a member of UCPC. The subcommittee will report to UCPC and provide guidance for ITC.

  2. Advisory subcommittee evaluations of each software package will consider the software's impact on the system, the number of current or potential users, and the costs of acquiring, maintaining, and updating the package. The subcommittee will produce for UCPC a prioritized listing of recommendations for software acquisition, discontinuance, license renewal, maintenance and ongoing support. The list will include funding sources and level of access or use.

  3. ITC will monitor use of software. Software will be assigned to the unit of the system appropriate to the level of demand and the characteristics of the software. Low demand software that can be efficiently run on a distributed unit generally should be available only on that unit.

  4. ITC will offer education and consulting services to support use of software packages based on priorities set by the advisory subcommittee.

  5. Software not selected as essential for campus use but purchased, operated, and maintained by individual users will not be the responsibility of ITC.

320.35 System Support

  1. ITC is responsible for coordinating the interaction of network domains, including the distribution and management of network addresses.

  2. ITC will maintain the network and hardware for those systems purchased by state appropriations designated for computing, and any other systems recommended by ITC and UCPC. Similar services can be provided for other systems on a cost recovery basis.

  3. Normal operations tasks, including backup/restore, tape and form mounts, error logging, and system accounting will be provided by ITC for those systems purchased by state appropriations designated for computing, and any other systems recommended by ITC and UCPC. These services can be provided for other systems on a cost recovery basis.

320.36 Consulting Services

  1. ITC is responsible for resolving questions and issues that concern supported software and hardware. A list of supported programs and equipment, and the level of support offered, may be obtained from ITC.

  2. Questions or problems requiring more than 30 minutes of staff time or an on-site visit normally will be charged. Other questions will be answered at no charge.

  3. ITC will base decisions to undertake special projects and all associated charges on the magnitude of each proposed project, the staff available, and the benefit of the project to campus users.

  4. ITC will assist individual users and MSU departments in selecting software and hardware best suited to their needs, including the ability to communicate with the campus network. Users and departments selecting unsupported software or hardware are responsible for arranging their own service and support.

320.37 User Training

  1. ITC will provide training, generally at no charge, in the use of basic utilities associated with VMS, Unix, Mac, and DOS operating systems (e.g., logging on, editors, file structures, mail, and reading news). Training for other software used in the instructional program is the responsibility of the academic departments.

  2. Training in the use of application software packages commonly used in campus offices will be available from ITC for a fee. Alternatively, departments may pursue other avenues for training.

  3. Additional training requested by users will be developed and offered by ITC as resources permit.

320.40 Appendices

Appendix I

Division managers are responsible for distributing base allocations of consumable computer resources to SL account managers within their divisions. Division managers include:

Appendix II

Types of accounts administered by ITC include:

Appendix III

Sources of funding for system resources and the accountable administrator associated with each source are as follows:

330.00 Student Computer Laboratories

Revised May 1993

330.10 Background

Most of the equipment located in student computer laboratories has been purchased with student computer fees (Section 210.00) for instructional use. Requests by instructors for classroom scheduling and requests by nonstudents for instructional use have increased as the facilities have been expanded and improved. This policy emphasizes instructional use and prioritizes student access of the facilities while providing mechanisms for use by nonstudents.

330.20 Scheduling

  1. Responsibility for scheduling student computer laboratories lies with ITC in consultation with the Registrar's office.

  2. Student computer laboratories may be regularly scheduled for instructional uses only for those components of MSU classes specified in the catalog as using Laboratory or Recitation/Discussion modes of instruction.

  3. Classes will not be scheduled in Reid 306 so that the largest computer laboratory will be available to students at all times.

  4. Student computer laboratories may be scheduled for special events (e.g., class demonstrations, examinations) only after all regular room scheduling has been completed.

330.30 Fees

  1. Regularly scheduled MSU classes and ITC short courses will use the student computer laboratories without charge.

  2. ITC will recommend to the President's Executive Council a scheduling fee for all other users. All scheduling revenues will go to the Computer Fee Advisory Committee (Section 130.00) to be allocated with student computer fees.

  3. Use of these facilities for instructional purposes by non-university users shall follow the procedures in the MSU Administrative Handbook, "Use of Facilities," Section VIII.

340.00 Administrative Information System

Revised January 1993

340.10 Objective

To establish an operational framework which facilitates optimal use of the Administrative Information System for the benefit of students, faculty, and staff.

340.20 Definitions

  1. Administrative Information System (AIS): Data and software dedicated to the management of personnel, student, and financial records of Montana State University.

  2. Financial Records System (FRS): The financial module of the AIS.

  3. Human Resources System (HRS): The personnel and payroll module of the AIS.

  4. Student Information System (SIS): The student records module of the AIS.

  5. Data Base Information Coordinator (DBIC): Individual responsible for overall management of the AIS.

  6. Data Base Manager (DBM): Individual responsible for overall management of one of the AIS modules.

  7. Administrative Systems: A department of systems analysts who provide programming support for the AIS.

  8. Functional Office: An administrative department whose responsibilities and functions are directly associated with one or more of the AIS modules (see Appendix for a list of functional offices).

340.30 System Management

  1. Data Base Information Coordinator (DBIC)

    1. The DBIC will be appointed from current MSU employees by the the President's Executive Council to manage the AIS, subject to approval of the employee's supervisor.

    2. Responsibilities of the DBIC include:

      1. Facilitating cooperation among DBMs, functional offices, ITC, and departmental users of the AIS.

      2. Coordinating the development of policy proposals and the operational and security procedures necessary for management of the AIS.

      3. Serving as an ex-officio member of any committee or task force appointed to study the feasibility of acquiring new system modules or related software.

  2. Data Base Managers (DBMs)

    1. Each of the system modules will be administered by a DBM, appointed by the appropriate Vice President and approved by the President's Executive Council. Unless otherwise designated, the FRS DBM will be the MSU Controller, the HRS DBM will be the MSU Director of Personnel Services, and the SIS DBM will be the MSU Registrar.

    2. Responsibilities of each DBM include:

      1. Facilitating cooperation among the functional offices associated with the appropriate system module and serving as their liaison with the DBIC, ITC staff, and departmental users.

      2. Coordinating requests for system access and prioritizing requests for programming support for the appropriate module.

      3. Coordinating daily scheduling operations for the appropriate module.

      4. Addressing issues relating to system security, system access, and release of data from the appropriate module.

  3. Administrative Information System Projects Committee

    1. A committee will coordinate projects and enhancements for the AIS and advise the President's Executive Council, as necessary, with respect to management, policy, and procedural matters of the AIS. The committee will meet monthly.

    2. The committee will chaired by the DBIC. Voting members will include the three DBMs, an assistant or associate dean, and a department head. The academic positions will be appointed by the Vice Provost for Academic Affairs.

  4. Module Teams

    1. Each AIS module will have a module team comprised of representatives from the module's functional offices (see Appendix I).

    2. Each team will meet at least bimonthly to review requests for software modifications or enhancements, identify those to be addressed in house, and forward the remainder to the Administrative Information System Projects Coordinating Committee (see Section 140.00).

    3. The team will advise the DBM as necessary concerning requests for AIS access, data, and reports.

    4. The team will provide training in module access and software modifications as necessary for departmental users.

340.40 System Security

  1. Detailed procedures for the security of data accessed by the AIS will be developed by the DBIC and DBMs in consultation with module teams and administrative system analysts. Copies of current procedures are available from the DBIC.

  2. The DBIC and the DBMs will develop educational programs to acquaint the campus community with security policies and procedures, and will develop auditing procedures to adequately monitor campus compliance.

  3. Campus departments and colleges are responsible for maintaining the privacy and integrity of data accessed by their employees and for training employees in the proper use of databases. Departmental and college administrators are responsible for notifying ITC in a timely fashion upon the termination of one of their employees.

  4. In the event of a breach in security, the DBIC, the DBMs, and the ITC security officer will review the departmental operations which allowed the breach to occur and prescribe corrective measures as appropriate.

340.50 System Access

  1. The DBIC and the DBMs, in consultation with the three Advisory Committees, will develop standard levels of system access to be provided to specific categories of users. Copies of current procedures are available from DBIC.

  2. Departments and colleges are responsible for requesting system access or changes in access by submitting an access application form to the appropriate DBM.

340.60 Release of Information

  1. Release of information must be in compliance with the Family Educational Rights and Privacy Act of 1974, related Montana statutes, and guidelines in the MSU Undergraduate Bulletin.

  2. Information accessed using the AIS will be for internal use only and will be considered unofficial. Unauthorized disclosure will be treated as a breach of system security, and offenders are subject to penalties consistent with university security policies.

340.70 System Enhancement

  1. Proposals for system enhancements may be submitted to any of the following committees:

    1. Module teams, which may accept them or forward them to the AIS Projects Committee with recommendations.

    2. The Projects Coordinating Committee, which makes decisions on which projects shall be implemented. Appeals to Project Coordinating Committee decisions may be made to the President's Executive Council.

  2. The DBIC will coordinate input from the above committees to prioritize requests for enhancement of the AIS and modification of system software.

  3. The DBIC will work with the ITC director to develop proposals for major system development, which must be reviewed and approved by the President's Executive Council. The DBIC and ITC director will coordinate and monitor program implementation.

340.80 Appendix

The individuals and functional offices below constitute the primary contributors to and users of each of the system modules. Each functional office will have at least one representative on a team for relevant modules.

350.00 MSU-Bozeman Web Site

Interim Policy Revised October 2002

350.10 Definitions

The Montana State University-Bozeman Web site encompasses all pages whose URL is in the domain of [montana.edu].

The official MSU-Bozeman home page has the URL [http://www.montana.edu/].

Institutional pages are those closely associated with the MSU-Bozeman home page whose format and content are centrally controlled by ITC.

Local pages are all other pages within the MSU-Bozeman Web site except personal pages.

Personal pages are those created and maintained by individual students, faculty, and staff of MSU-Bozeman without direct institutional oversight.

Commercial activity encompasses all exchange or buying and selling of goods and services, including advertising and receipt of contributions, that do not involve governmental funds.

350.20 Purpose

MSU-Bozeman maintains a Web site to provide information about the University to the campus community and the public at large. Colleges, departments, and divisions are encouraged to develop and maintain local Web pages accessible through the MSU-Bozeman home page. Information presented is considered to be public information except where licensing agreements, confidentiality concerns, or instructional considerations require otherwise.

350.30 Content

  1. All official, institutional, local, and personal Web pages represent Montana State University-Bozeman; therefore, all information presented must comply with existing law and university policy, including:

    1. Acceptable Use Policies for MSUnet, SummitNet, and MSU's Internet service provider

    2. Student Academic and Conduct Guidelines and Grievance Procedures and Faculty Handbook;

    3. Non-Discrimination Policies and Procedures

    4. Family Education and Privacy Act of 1974

    5. U.S. Copyright Law

  2. Individuals may develop local pages for nonprofit organizations related to their work for the University, with the understanding that MSU-Bozeman will not provide assistance for development or maintenance and will not guarantee the accessibility of those pages.

  3. Restrictions on commercial activity

    1. No private commercial activity is allowed on any Web page at any level in the domain of [montana.edu], including personal Web pages hosted by the University.

    2. Commercial activity by institutional entities--those authorized and governed by the Board of Regents, such as colleges, departments, centers, institutes, and clubs--is permitted in the domain of [montana.edu] if it is consistent with and in support of the University's land-grant mission of instruction, research, and service, or is consistent with Regental authorization.

      1. Institutional entities may display corporate names or logos on their Web pages to acknowledge corporate sponsorship as long as they do not display comparative messages ("Brand X is better than Brand Y"), enticements to buy a particular product ("Brand X will improve your life"), or price information ("Brand X costs only $2.00").

      2. Institutional entities wanting to provide links to corporate Web sites in exchange for money, goods, or services must establish an annual base corporate sponsorship contract through the University's Legal Counsel. If the University's Treasurer determines that the proposed links are likely to result in unrelated business income tax liability for the University, then the additional costs will be estimated and may be added to the contract.

    3. Institutionally-affiliated entities--those incorporated for the sole purpose of supporting the missions of MSU, including the Alumni Association, MSU Foundation, MSU Bookstore, MSU Athletic Scholarship Association, Research and Development Institute, and Museum of the Rockies Inc.--are required to establish a [.org] domain for commercial activity. MSU will provide up to 5 MB of Web server space on MSUNET for noncommercial activity, and the entity must reimburse MSU for any additional server space costs. Institutionally-affiliated entities must reimburse MSU for all commercial activity taking place on MSU Web servers over MSUNET.

    4. Institutionally-associated entities--those that are not programs of MSU but have a contractual relationship with MSU and reside on or near the campus--are required to establish a [.org] domain for commercial activity. MSU will provide up to 1 MB of Web server space on MSUNET for noncommercial activity, and the entity must reimburse MSU for any additional server space costs. MSU will not provide any services for commercial activity.

  4. Each Web page should conform to the Web Content and Format Guidelines approved by the Executive Director of Information Services.

350.40 Management

  1. Web Advisory Committee

    1. Recommends policies and procedures for administering the MSU-Bozeman Web site to the Executive Director for Information Services;

    2. Recommends format and content guidelines for local Web pages to the Executive Director for Information Services;

    3. Advises ITC concerning priorities for development of ITC-assisted Web pages and priorities for the Web Coordinator;

    4. Advises ITC on Web-related products, applications, and services.

  2. Web Coordinator

    1. Implements design recommendations of the Web Advisory Committee;

    2. Processes requests to link local Web pages to the MSU-Bozeman home page or Institutional pages and monitors the integrity of those links;

    3. Maintains linkage structure for the home page and all institutional pages.

  3. Enforcement

    1. A Web page suspected of violating 350.30 A will be unlinked from the MSU-Bozeman home page and all institutional pages until either the violation is corrected or the appropriate administrative body determines that no policy violation exists. Any consequences will be handled by the appropriate administrative body.

    2. When a Web page is thought to be out of conformance with 350.30 B or 350.30 C, the following procedure will be implemented:

      1. The Web Coordinator will discuss the problem with the contact person for that page and request that the problem be remedied.

      2. If attempts at informal resolution are not successful, the Web Coordinator will send written notification to the contact person, who will have 14 days to either correct the problem or file an appeal.

      3. Failure to respond to the written notification within 14 days will result in removal of links to that page.

      4. Decisions by the Web Coordinator concerning linking of pages to MSU-Bozeman's home page or institutional pages and judgments by the Web Coordinator pertaining to 350.30 B may be appealed.

        1. An appeal is initiated by notifying the Chair of the Web Advisory Committee.

        2. The Web Advisory Committee will meet within 14 days of receipt of an appeal. The Committee will issue a decision within 7 days after their meeting.

        3. Decisions of the Web Advisory Committee may be appealed to the Executive Director of Information Services within 7 days of the Committee's decision.

        4. If the Web Coordinator's judgment is upheld, the page(s) involved must be corrected within 7 days or will be unlinked.

400.00 Acceptable Use Policies

410.00 Montana State University Network (MSUNET)

Revised August 1999

410.10 Objective

To establish guidelines for acceptable use of the Montana State University Network, which is defined as the university's data communications network and associated computing and information processing systems, resources and facilities.

410.20 Policy

  1. Use of connected networks, including the Internet, Internet2, SummitNet, and our Internet service provider, must be consistent with the rules and acceptable use policies established for those networks. MSUnet includes the data communications network and associated information processing and computing resources at MSU.

  2. Release of information through MSUnet is bound by the Family Educational Rights and Privacy Act of 1974 (the "Buckley Amendment"), Montana Code Annotated 20-25-515 and 20-25-516, and the Personnel Policy and Procedures Manual, Section 1110.00.

  3. Use of MSUnet must be consistent with Section 420.00 (Professional Rights and Responsibilities) of the Faculty Handbook, Section 2-2-12 of the State Employee Standards of Conduct, and Section III.H.4 of the Student Conduct Code.

  4. Any illegal or unauthorized use of MSUnet systems, software, data, or electronic mail is prohibited. Violation of the privacy of others, accessing another user's systems, software, data, or electronic mail without that user's permission is prohibited.

  5. Any use that adversely affects the operation of MSUnet or jeopardizes its use or performance for other users is prohibited. Use of MSUnet for personal activities, such as playing electronic games, in a manner that restricts access to resources for official university business is prohibited.

  6. Use of MSUnet for purposes that may be interpreted as harassment or intimidation is prohibited (Sexual Harassment Policy, Personnel Policy and Procedures Manual, Section 1210.00; Student Conduct Code, Section III.H.4.e).

  7. Commercial or for-profit uses of MSUnet are allowed only in specific instances approved by the President's Executive Council.

  8. Alleged violations of this policy should be reported to the Information Technology Center (ITC). Suspected incidents will be investigated by ITC in cooperation with the alleged violator's supervisor and other MSU authorities as required by the nature of the offense. The appropriate MSU, state, and Regent's grievance procedures and disciplinary actions apply in these cases.

  9. The following banner will be displayed at logon to ITC-controlled systems:

    "The systems that comprise Montana State University's network (MSUnet) are for authorized users only. Use of these systems implies consent to monitoring of activities on these systems."

  10. Violating terms of applicable software licensing agreements or copyright laws, including but not limited to inappropriate reproduction and/or distribution of music (.mp3 files, for example), computer software, copyrighted text, images, etc., is prohibited.

  11. Users may not connect unauthorized equipment to the campus network. This includes hubs, routers, or any other mechanism that gives multiple computers access to the network through a single jack.

  12. Associating an unapproved domain name with an MSU-owned IP address is prohibited. Domain name approval is granted by the ITC Network, Systems, and Operations manager.

  13. Unauthorized attempts to circumvent data protection schemes, firewalls, or other mechanisms put in place by MSU to manage the network are prohibited. This includes creating and/or running programs that are designed to identify and/or exploit security loopholes or decrypt intentionally secure data.

  14. Running or installing on any computer system or network, or making available to another user a program intended to damage or to place excessive load on a computer system or network is prohibited. This includes, but is not limited to, programs known as computer viruses, Trojan horses, worms, and 'denial of service' programs.

  15. Accounts on devices connected to the MSU network are typically assigned to individuals. Such an account is for the exclusive use of that individual and its use by any other individual is prohibited.

420.00 SummitNet, Montana's Statewide Telecommunications Network

SummitNet Acceptable Use Policy

430.00 MSU's Internet Service Provider

Qwest Acceptable Use Policy

500.00 System Security

510.00 Data Security

Revised November 1992

510.10 Background

The MSU computer network accommodates a wide assortment of data, ranging from highly confidential information to material made available for the entire campus community. This policy establishes a system of classifying data with respect to need for security, and institutes guidelines for maintaining the security of each data classification. The policy covers all data accessible on MSUnet or stored in stand-alone systems.

510.20 Data Classifications

  1. Restricted Data: All data which, if released in an uncontrolled fashion, could have substantial fiscal or legal impacts on the University. Examples include personal data containing elements such as Social Security numbers, student grades, and personnel records.

  2. External Data: All data belonging to an outside party or agency. Examples include data maintained by commercial account owners and certain researchers who have special data arrangements with public or personal agencies.

  3. Personal Data: All data equivalent to personal documents stored in desks or file cabinets. Examples include electronic mail, personal correspondence, and personal files, including most research files.

  4. Public Data: All data that is not restricted by one of the above classifications. Examples include the Campus-wide Information System and ITC banner information.

510.30 Access Control

  1. Restricted Data: Copying or moving restricted data to other accounts alters its classification from restricted to personal and changes the responsibility for access control, but does not change the confidentiality of the data. Access to the Administrative Information System is the responsibility of the Data Base Managers (DBMs), as described in Section 340.30.

  2. External Data: Access control is the responsibility of the local owners and researchers, who may request assistance in securing data from the Security Officer (Section 510.50).

  3. Personal Data: Access control is the responsibility of each individual account owner, who may request assistance in securing data from the Security Officer (Section 510.50). Recipients of restricted data are responsible for maintaining the restricted nature of the data.

  4. Public Data: Access is unrestricted.

510.40 User Responsibilities

  1. Users will not make or permit any unauthorized use of any data present in university accounts. They will not seek personal or financial benefit or allow others to benefit personally or financially by knowledge of any job-related data.

  2. Users will maintain a clear understanding of the types of data which can be released without the data owner's consent, and will not release any other information.

  3. Users will take reasonable measures for protecting data in their possession or to which they have access. The "Security Responsibilities of Departments for Data and Information Technology Resources" are detailed in Montana Code Annotated 2-15-114.

510.50 Security Officer

  1. The Director of ITC shall appoint a Security Officer from among ITC staff to be responsible for implementing and monitoring data security policies and procedures.

  2. The Security Officer's responsibilities include:

    1. Restricted Data: Works with the DBMs to monitor all access to restricted data and investigate all security violations.

    2. External and Personal Data: At the request of the account owner, serves as a consultant for establishing a level of data security beyond that normally provided by ITC, or for investigating breaches of data security.

  3. At the request of the Director of ITC, the Security Officer will monitor or investigate possible breaches of data security. In the absence of the Director, the Security Officer is responsible for responding to complaints and initiating investigations.

  4. The Security Officer will serve as MSU's liaison to the Internet for investigations of possible Internet security violations.

510.60 Penalties

  1. Alleged violations of this policy should be reported to the Director of ITC. Incidents will be investigated by ITC in cooperation with the alleged violator's supervisor and other MSU authorities as required by the nature of the offense.

  2. The appropriate MSU, Board of Regents, and state grievance procedures and disciplinary actions apply in cases of alleged data security violations. Users found to have violated data security may be subject to suspension of computer access privileges, letter of reprimand, academic sanction, unsatisfactory performance evaluation, suspension or expulsion, employment termination, and/or accountability in a court of law.

520.00 Unauthorized Use of Computer Software

Revised August 1992

520.10 Background

The Board of Regents has established a system wide policy, "Unauthorized Copying and Use of Computer Software" (Item 55-002-R0687), which is printed in Section 520.20. Montana State University has developed several avenues for disseminating this policy, which are described in Section 520.30.

520.20 Montana University System Computer Software Use Policy

  1. Employees and students of any unit of the Montana University system, community college or vocational technical center are prohibited from making or using any unauthorized copy or copies of computer software or related documentation on any equipment available at or through such institution.

  2. Employees and students are subject to disciplinary actions under appropriate employee or student regulations in addition to any civil or criminal penalties which may be imposed as a result of vendor action.

  3. In the event an employee is sued by the copyright owner or licenser, the state will generally not provide a defense or indemnification.

520.30 Policy Dissemination at Montana State University

  1. Copies of this policy are available to MSU students and staff from ITC and through the computerized campus-wide information system (MSUinfo).

  2. The following statement will be an integral part of all conduct guidelines for faculty, staff, and students: "Copying of software, including programs, applications, data bases and code not authorized by the copyright owner or licenser is illegal." This statement, or one similarly worded, will be published in the following places:

    • Faculty Handbook
    • Personnel Policies and Procedures Manual
    • Undergraduate Bulletin
    • Student Conduct Code
    • Posted in all student computer laboratories.
    • Printed in the Staff Bulletin early in each academic year.

520.40 Penalties

  1. Alleged violations of this policy should be reported to the Director of ITC. Suspected incidents will be investigated by ITC in cooperation with the alleged violator's supervisor and other MSU authorities as required by the nature of the offense. The appropriate MSU, state, and Regent's grievance procedures and disciplinary actions apply in these cases.

  2. The appropriate MSU, Board of Regents, and state grievance procedures and disciplinary actions apply in cases of alleged unauthorized use of computer software. Users found to have violated data security may be subject to suspension of computer access privileges, letter of reprimand, academic sanction, unsatisfactory performance evaluation, suspension or expulsion, employment termination, and/or accountability in a court of law.