Staff Network and Internet Acceptable Use and

advertisement
The Duval County Public Schools
Staff Network and Internet Acceptable Use and Security
Policy and Guidelines
This policy applies to all employees including contractors, consultants, temporary
employees, part-time employees, as well as those who represent themselves as being
connected in one way or another with the district, and who use district computing resources
or access the Internet with the district’s computing or networking resources.
In order to gain access to the computers, the network and the Internet, staff members must
have executed electronic approval or signed a copy of the Staff Network and Internet
Acceptable Use and Security Agreement form. Building principals and administrators are
responsible for ensuring that staff is trained so that network users under their supervision
are knowledgeable about this policy and district guidelines, procedures and controls.
Duval County Public Schools expects that all staff using the computer technology including
network and the Internet services it provides will:
 Read, understand and electronically approve the Staff Network and Internet Security
Acceptable Use Agreement form
 Agree to abide by federal, state and local laws
Educational and Business Objectives
Computers, networks, electronic mail, voice mail and other technologies are to be used for
district business and educational purposes. The district’s mission, goals and action plans will
guide the business use of technology resources, including the Internet.
The school’s mission, goals, objectives and standards will guide the instructional use of
technology resources, including the Internet. The school expects faculty to integrate
thoughtful use of computer technology throughout the curriculum and to provide guidance
and instruction to students in its use. Teacher supervision of student computer and Internet
activities is a key element in effective and safe use of these resources by students.
Teachers may present web sites to students during instructional times. Parent permission is
required only for independent student research on the Internet with teacher supervision.
School Board Property
The district encourages the business use of the district computer network and instructional
and business systems. All software and equipment configurations (as installed on staff
desks) are owned by Duval County Public Schools. All files stored on district equipment and
back-up copies, are considered to be the property of the district.
The Technology Services Division maintains an approved list of authorized software and
hardware configurations for the district. Neither the hardware nor software configuration can
be changed without specific permission from the Technology Services Division. Examples
include: district or local projects to install new software or hardware, formatting a hard drive,
adding new drivers, or installing non-approved software. The appropriate process for such
change is submission of System Change request to the Technology Services Division. Any
intentional damage to the configuration of equipment may result in appropriate disciplinary
actions
According to Duval County School Board SEC. 5-17 C and (E), any damage to, or loss of,
equipment in which it is felt negligence has occurred will result in restitution being requested
from that individual at the fair market value of the item. If the computer or any of its
1
components are stolen, whether on School Board property or in your personal possession,
the police must be notified immediately and a copy of the report must be submitted to the
proper School Board personnel.
All equipment, software and business files must be returned upon termination of
employment.
All equipment and software repairs should be reported to the district’s Technology Help
Desk and repaired only by authorized district personnel.
Electronic Communications
There are various forms of electronic communications available on computer networks,
including the Internet. All computers, networks, electronic mail and voice mail are to be used
for district business and educational purposes.
Duval County Public Schools must comply with federal regulations for student access to the
Internet; therefore:
 individual student email accounts, instant messaging, chat rooms, and bulletin
boards are not currently authorized uses for students of district technology
equipment
 the district will not issue email accounts to students
 students will not be authorized to access personal email accounts using district
equipment
 teachers are responsible for any email communication sent or received on behalf
of their class using their personal email account
 teachers may not share their password with students
 students may not send or receive email messages using the teacher’s account
 students may create a document that the teacher can review and then email for
them
 teachers are responsible for reviewing the content of any incoming email
message before distributing it to the class
Managing Electronic Messages
It is the user’s responsibility to read mail regularly and maintain the mailbox.
If an electronic mail message contains information relevant to the completion of a business
transaction, contains potentially important reference information, or has value as evidence of
a district management decision, it should be retained for future reference. Most electronic
mail messages will not fall into these categories, and accordingly can be erased after
receipt. Users must regularly move important information from electronic mail message files
from the mail server to their desktop computer. Electronic mail systems are not intended for
the archival storage of important information. Important stored electronic mail messages can
be periodically expunged by systems administrators, mistakenly erased by users, or lost
when system problems occur.
User Back-up
It is the user’s responsibility to back up critical business data to storage other than their
primary hard drive such as floppies, CDs, DVDs, flash drives, or by printing out a hard copy
on paper. The Outlook client is configured to back up to the individual’s hard drive. Outlook
Web Access is currently configured to back up to the server.
2
Internet Service Providers
Staff shall not use dial-up lines, public or private wireless, or cellular data service and
Internet Service Provider (ISP) accounts to access the Internet with DCPS computers while
attached to the DCPS network. Staff must access the Internet through the district’s network
so that all Internet activity passes through DCPS firewalls where access controls and related
security mechanisms will be applied.
All Network Usage is Subject to Monitoring
The Internet and other networks are public places. There is no reasonable expectation of
privacy. The district reserves the right to monitor all traffic on the network and review all files
stored on or transmitted through its computer systems. Messages sent over district internal
electronic mail systems are not subject to the privacy provisions of the Electronic and
Communications Privacy Act of 1986 (which prohibits wiretapping), and therefore may be
read by district management and system administrators.
Files and e-mail are protected by Windows security permissions and only approved
administrators can access or change permissions. Requests from supervisors to access
subordinates files and e-mail must be approved by the CTO. Unless otherwise stated,
submission of a trouble call or ticket will authorize technicians to access individual’s
permissions (email or hard drive) as it may be necessary for technical support personnel to
review the content of an individual employee's communications during the course of problem
resolution. Technical support personnel are not authorized to review the content of an
individual employee's communications out of personal curiosity or at the behest of
individuals who have not gone through proper approval channels. Such action is subject to
disciplinary action.
Safety
Sharing of personal information via the Internet such as name, address and phone number
can compromise personal safety. Absolute privacy cannot be guaranteed in a network
environment.
DCPS employees must obtain signed parental approval before allowing any student access
to the Internet. Student use of all computer technology, including independent Internet
access, will be under the supervision of Duval County Public Schools staff.
The Children's Online Privacy Protection Act, effective April 21, 2000, applies to the online
collection of personal information from children under 13. The Children's Online Privacy
Protection Act and Rule apply to individually identifiable information about a child that is
collected online, such as full name, home address, email address, telephone number or any
other information that would allow someone to identify or contact the child. The Act and Rule
also cover other types of information -- for example, hobbies, interests and information
collected through cookies or other types of tracking mechanisms -- when they are tied to
individually identifiable information.
Liability
The district makes no assurances of any kind, express or implied, regarding any computer
or Internet services provided.
 Use of any information obtained is at the user's own risk
3




The district will not be responsible for any damages the user suffers, including,
but not limited to, loss of data resulting from delays or interruptions in service
The district will not be responsible for the accuracy, nature or quality of
information stored on any storage media such as diskettes, hard drives or
servers; nor for the accuracy, nature, or quality of information gathered through
district-provided Internet access
The district will not be responsible for personal property used to access district
computers, networks, or district-provided Internet access
The district will not be responsible for unauthorized financial obligations resulting
from use of district-provided access to the Internet
Appropriateness of Materials
Access to the Internet provides opportunities for staff and students to explore thousands of
resources outside the walls of their school or office. The district acknowledges the fact that
inappropriate materials exist and will do everything it can to actively avoid them, including
the use of filtering software. The district has implemented technology protection measures
that filter Internet access to block visual displays that are obscene, pornographic or harmful
to minors, but this technology is not 100% effective. No software can filter out all of the
materials that are unacceptable for academic purposes and it should be clearly understood
by all staff and all students and their parents/guardians that intentional access to such
material, in any form, is strictly forbidden. The network is designed to achieve and support
the district’s business and instructional goals and any information that does not support the
goals is to be avoided. The district wants staff and students to use this valuable tool, but at
the same time cannot condone the use of inappropriate information or unauthorized access.
If a staff or student unintentionally accesses such information while doing legitimate
research, he/she should contact the teacher or the person responsible for technology at
his/her site for appropriate action.
It is the responsibility of all users, staff and students to ensure that at all times while in the
Duval County Public Schools, the computers, the network and the Internet are being used
primarily for educational or district business purposes.
Copyright
Unless it is otherwise stated, assume that all materials on the Internet – including Web sites,
audios, videos, and graphics – are copyrighted, and that existing copyright guidelines, such
as those involving photocopying, multimedia, and fair use apply. Staff and students using
computers and the Internet should be aware of what is and is not allowed as it pertains to
software, multimedia productions, and World Wide Web publishing.
Staff and students may not copy software on any district computer and may not bring
software from outside sources for use on district equipment without the prior approval of the
Technology Services Division or its designee.
Network Security
Passwords
 The person in whose name a network account is issued is responsible at all times for
its proper use
 Passwords must never be shared. To share a user ID or password exposes the
authorized user to responsibility for actions the other party takes with the password
and ID
4

Users must choose complex passwords in accordance with the Technology Services
Division complex password operating procedure
Connectivity
 Staff or students may not make arrangements for, or actually complete the installation
of any physical or logical connection, nor make alterations to the existing district’s
network unless approved by the Technology Services Division. This includes
connecting computers, servers, network electronics or other network enabled devices
to the district’s network
 Staff or students may not establish any physical or logical network connection that
could allow users to gain unauthorized access to the district’s systems and information.
This includes the establishment of multi-computer file systems, web services, Internet
FTP servers, and the like
 Staff or students may not establish any unauthorized server or file sharing mechanism,
including but not limited to, Intranet servers, electronic bulletin boards, instant
messaging, local area networks, modem connections to existing networks, or other
multi-user systems for communicating information
 No proxies or personal firewalls are allowed
The Use of Wireless Devices
PDA’s, Pocket PCs, and other wireless devices that can contain sensitive information must
be secured in the same manner as desktop and laptop computers. These devices will be
issued and returned according to district equipment procedures. In order to ensure these
devices are secure, it is the policy of the district that passwords are required on all such
devices used by district employees to hold district data, including, but not limited to, e-mail
and contacts.
Establishing New Business Channels
Unless the Chief Technology Officer, Associate Superintendent of Administration and
Business Services, and the General Director of Policy and Compliance have all approved in
advance, workers are prohibited from using new or existing Internet connections to establish
new business channels. These channels include electronic data interchange (EDI)
arrangements, electronic malls with on-line shopping, on-line database services, etc.
All contracts formed through electronic offer and acceptance messages (fax, EDI, electronic
mail, etc.) must be formalized and confirmed via paper documents within two weeks of
acceptance. Separately, because it may facilitate fraud, workers must not employ scanned
versions of hand-rendered signatures to give the impression that an electronic mail
message or other electronic communications were signed by the sender.
Appropriate Behavior
Staff members are responsible for appropriate behavior on the district’s computers, business
systems, network and the Internet and should adhere to all relevant federal, state, and local
laws; district policies, guidelines, standards, procedures and controls; and the Code of
Ethics and the Principles of Professional Conduct of the Education Profession in Florida.
Users who disregard the federal, state and local laws and codes, district policies, guidelines,
standards, procedures and controls may have their privileges suspended, revoked, and
disciplinary action taken against them, including termination. Users granted access to the
network through the district’s computer systems assume personal responsibility and liability,
both civil and criminal, for uses of the network not authorized by this policy and the district’s
5
guidelines. Employees should only use the information from business systems or the
network in the performance of their duties/responsibilities with the school system.
Information should not be shared with any other person in or out of the school system
unless that is a direct responsibility of the employee.
The district does not sanction any use of its computer systems or the Internet that is not
authorized by or conducted strictly in compliance with this policy and the district’s guidelines,
standards, procedures and controls. Users who disregard this policy and the district’s
guidelines, standards, procedures and controls may have his/her privileges suspended or
revoked and disciplinary action taken against them. Users granted access to the network
through the district’s computers assume personal responsibility and liability, both civil and
criminal, for uses of the network not authorized by this policy and the district’s guidelines,
standards, procedures and controls.
The district retains the right to remove from its information systems any material it views as
offensive or potentially illegal.
The district declares unethical and unacceptable behavior as just cause for disciplinary
action, the revocation of network access privileges, termination and/or the initiation of legal
action for any activity through which an individual:
1. uses the district’s computers and/or network for illegal, inappropriate, or obscene
purposes, or in support of such activities
a. Illegal activities shall be defined as a violation of local, state and/or federal
laws. Inappropriate use shall be defined as a violation of the intended
educational use of the network
b. Obscene activities shall be defined as a violation of generally accepted social
standards for use of a publicly owned and operated communication vehicle
2. uses the district’s computers and/or network for any illegal activity, including violation
of copyright
3. intentionally disrupts network traffic, crashes the network and connected systems or
damages any equipment
4. configures or troubleshoots computers, networks, printers or other associated
equipment, except when directed by the Technology Services Division;
5. vandalizes equipment or software
6. degrades or disrupts equipment or system performance
7. uses the district’s computers and/or network with the intent of or for commercial or
financial gain or fraud
8. steals data, equipment, or intellectual property
9. gains or seeks to gain unauthorized access to resources or systems, including
hacking and using another person’s ID and password to access information
10. forges electronic documents including mail messages or uses an account owned by
another user
11. invades the privacy of individuals
a. Accessing another person's materials, information, or files without the implied
or direct permission of that person or district management is prohibited
b. Erasing, renaming, modifying, or making unusable anyone else's computer
files, programs or disks are also prohibited
12. posts anonymous messages except where professionally appropriate
13. creates, distributes, or purposely activates a computer virus
14. uses the district’s computers, network, and/or other systems to harass or to send or
request racist, inflammatory, obscene or sexist messages
6
15. sends or requests messages or documents that are inconsistent with district or
school policies, guidelines, or codes of conduct
16. possesses any data that might be considered a violation of these rules in print,
magnetic (disk), or any other form
17. bypasses, or attempts to bypass, any controls put in place on the district’s computers
or network systems
18. installs or attempts to install any tool whose main purpose is to gain unauthorized
access
19. installs personal or copyrighted software without appropriate license and approval
from the Technology Services Division
20. distributes inflammatory email that is either emotional or exceeds good business
practice
Disciplinary Action
Use of the district's computing and networking resources is a privilege afforded to employees. Any
violation of this Acceptable Use and Security Policy and Guidelines may be cause for revocation of
network access privileges. Said revocation will not inhibit the Administration's authority to impose
disciplinary action as deemed appropriate.
Information to Capture When Computer Crime or Abuse Is Suspected
To provide evidence for investigation, prosecution, and disciplinary actions, certain
information must be immediately captured whenever a computer crime or abuse is
suspected. The relevant information must then be securely stored off-line until such time as
the appropriate authority determines that the district will no longer need the information.
The information to be immediately collected includes the current system configuration as
well as backup copies of all potentially involved files.
Remedies and Recourses
The Duval County Public School District and the individual schools reserve the right to
restrict or terminate network and Internet access at any time.
If a staff member is accused of any of the violations listed above, he/she has all of the rights
and privileges that a staff member would have if he/she were subject to any other type of
disciplinary action. Staff may not use the network to annoy, harass, or offend other people.
Sexual, ethnic, and racial harassment --including unwanted telephone calls, electronic mail,
and internal mail -- is strictly prohibited and is cause for disciplinary action including
termination.
7
Special Guidelines for DCPS Exchange Users
 Be careful when addressing mail. Know to whom you are sending. In the Global
Address List (GAL) there are many distribution lists. Be careful when sending mail
to a group of people. There are addresses that may go to a group but the address
looks like it is just one person.
 Follow the same protocol that you would if you were sending a hard copy memo.
Follow the chain of command procedures for corresponding with supervisors. For
example, don't send a complaint via email directly to the "top" just because you can.
 Mail should have a subject heading which reflects the content of the message.
 When sending mail to Administrative groups in the Global Access List (GAL), begin
the subject line with one of the following:
o For Action – To indicate that the message is requiring some form of response.
o For Information – To indicate that this is just giving information and a
response is not required.
 In order to ensure that people know who you are, be sure to include a line or two at
the end of your message with contact information.
 Don't use the academic networks for commercial or proprietary work.
 Limit personal emails on the district’s business email system.
 Never send chain letters via electronic mail.
 Follow the conditions of Education Code dealing with students' rights to privacy.
Personally identifiable student information is confidential under Florida Statute
1002.22 and similar federal laws. This legislation establishes the right to privacy of
families and children and provides specific notification requirements and penalties for
non-compliance. Examples of private information include Internet-based student
information reports and grade books, and posting personal student and family
information on the Internet.
 Remember that you are a representative of your school and community on a nonprivate system. You may be alone with your computer, but what you say and do can
be viewed globally! Never swear, use vulgarities, or any other inappropriate
language. Be polite. Never send or encourage others to send abusive messages. Illegal
activities of any kind are strictly forbidden.
 Keep attached files to a minimum size. Including large files or programs may make
your message so large that it cannot be delivered or at least consumes excessive
resources. Space is limited. After your mailbox reaches 100MB, you will be unable
to send or receive mail. It is important that you regularly monitor your folders to
avoid this.
 The content and maintenance of a user's electronic mailbox is the user’s
responsibility.
 Read your mail regularly.
8
The Duval County Public Schools
Staff Network and Internet Acceptable Use and Security
Agreement Form
The following form must be read and signed by anyone using district computers or network
resources. By signing this form, agreement is made to the terms in the Duval County Public
Schools Acceptable Use Policy.
In accordance with the Electronic and Communications Privacy Act of 1986, (18 USS
Section 2510), users are hereby notified that there are no facilities provided by Duval
County Public Schools for sending or receiving private or confidential electronic
communications. All messages will be determined to be readily accessible to the general
public. Duval County Public Schools shall be held harmless against any and all claims
arising from said use.
Name
_______________________________________________
RC or Company Name _________________________________
Department _________________________________________
I have read, understand, and agree to the Duval County Public Schools Staff Network
and Internet Acceptable Use and Security Policy and Guidelines. I agree to follow the
rules contained in these documents. I understand that if I violate the rules my account can
be terminated, my access to computers revoked, and I may face other disciplinary
measures.
I hereby release the Duval County Public Schools, its personnel and any institutions with
which it is affiliated, from any and all claims and damages of any nature arising from my use
of, or inability to use, the district’s network and computer systems, including, but not limited
to claims that may arise from the unauthorized use of the system.
If I work with students, I have read the Student Network and Internet Acceptable Use and
Security policy and guidelines and agree to enforce them with students.
Signature ______________________________________
Date __________________
Revised 01/25/2008
9
Download