IT Policies

Saint Mary's College Responsible Use of Technology Policy

I. Policy Statement

Saint Mary’s College requires each person who uses technology resources and data to do so responsibly, abiding by all applicable laws, policies, and regulations, and in alignment with college values.  Each person is responsible for protecting the security, confidentiality, integrity, and availability of information and data created, received, stored, transmitted, or otherwise used by the college in all forms.  Saint Mary’s supports freedom of expression and an open environment for the pursuit of scholarly inquiry, and everyone is held to the ethical standards established by principles commonly accepted as a guide to behavior in a community of scholars.  

 

This policy applies to anyone using Saint Mary’s technology resources, data, and networks, including students, alumnae/i, faculty, staff, guests, and other members of the Saint Mary’s community.

 

II. Purpose

This policy outlines the acceptable use of technology resources at Saint Mary’s College to protect the information of our community members and to enable community members to use technology to fulfill the mission of Saint Mary’s while also supporting the tenets of academic freedom.  This policy protects both individual members of the Saint Mary’s community and the college as a whole.  Inappropriate use exposes the college to a variety of risks, including cyberattacks, the compromise of technology systems and services, data breach, and legal issues.

 

III. Standards and Procedures

Responsible use of technology resources and data includes, but is not limited to, the following:

  • Adhering to Saint Mary’s policies, standards, and guidelines, including the College Governance Manual, Employee Handbook, Device Security Standard, the Account and Authentication Policy, and other documents defining the security of technology and data at Saint Mary’s.
  • Adhering to applicable laws and regulations regarding the use of technology, including the privacy of information, such as GLBA, FERPA, and HIPAA.
  • Adhering to copyright law and the Fair Use provision of the Digital Millennium Copyright Act of 1998.
  • Respecting security mechanisms to protect systems, networks, services, and data.
  • Using shared resources in a way that does not negatively impact others (such as storage, network bandwidth, and services). 
  • Authorized access, use, or sharing information and services.
  • Maintaining the confidentiality of the account password assigned to you and not sharing that password or multi-factor methods with others, including not using your account credentials to allow access for a guest or other unauthorized user.
  • Maintaining the security of personally-owned technology devices that connect to the Saint Mary’s network.  This includes promptly applying patches, updates, and upgrades, as well as maintaining up-to-date virus protection.
  • Using device security settings, such as requiring a password at login or using a PIN to unlock a device.

 

Unacceptable use includes, but is not limited to, the following:

  • Unauthorized access to or unauthorized use of Saint Mary’s technology resources.
  • Use of technology resources or data in violation of any applicable law or regulation. 
  • Use of technology or data that creates a legal risk.
  • Unauthorized commercial use of technology resources.
  • Activity that hinders another person’s or the College’s use of technology resources and data, including denial-of-service attacks.
  • Actions that are likely to result in the loss of another person’s work or data.
  • Installation, distribution, or intentional use of malicious software (spyware, malware, viruses, etc.).
  • Security breaches, intentional or otherwise, including negligent management of a server, workstation, or service resulting in its unauthorized use or compromise.  
  • Revealing your password to anyone.
  • Sharing information or data with anyone who is not appropriately authorized.
  • Breach of confidentiality policies, standards, and laws.
  • Copyright infringement or violation of the rights of any person or company protected by copyright, trade secret, patent or other intellectual property.
  • Using college technology resources (including network and devices connected to the network) to knowingly access, view, print, store, post, disseminate, host, or create pornography or obscene material.
  • Use of technology resources to commit fraud.
  • Impersonating another user on computers, networks, email, or distribution of electronic messages.
  • Phishing and spamming.
  • Using technology in public or private to discriminate, harass, bully, endanger others, or that contributes to an uncomfortable community, including hate speech.
  • Tampering or damaging with technology cabling, power, and/or Saint Mary’s equipment.
  • Sending “chain letters” or lengthy unsolicited messages to lists of people. 
  • Distribution of unsolicited advertising.
  • Using technology with known security flaws that could compromise Saint Mary’s network, technology systems, or data.
  • Unauthorized network routers, switches, wireless access points, and other network hardware devices, as well as computer software/settings that are designed to share network connections.
  • Exporting software, technical information, encryption software or technology, in violation of international or regional export control laws.  
  • Unauthorized port scanning or security scanning.
  • Using technology in violation of federal, state, or local laws and regulations.

 

Saint Mary’s College reserves the right for authorized individuals to monitor equipment, systems, and network traffic at any time in order to preserve the integrity and operation of Saint Mary’s technology services.

 

IV. Enforcement

This policy will be enforced by the Chief Information Officer and/or the Executive Team.  Any exceptions must be approved by the Chief Information Officer, documented, and approved at least annually. Violations may result in disciplinary action, including suspension, restriction of access, or more severe consequences, up to and including termination of employment or enrollment.  In cases where illegal activities or theft of college property (physical, digital, or intellectual) are suspected, the college may report such activities to the appropriate authorities.

 

V. Other Information

This policy may be revised at any time without notice. All revisions supersede prior policy and are effective immediately upon approval. 

Last Updated: December 11, 2025