5.22 Acceptable Use of Computers and Information Technology Resources

Responsible Position

Chief Information Officer


RELATED ITEMS

Minnesota State Board Policy

Minnesota State System Procedure

Minnesota Statute

Federal Law


PROCEDURES

Purpose

This procedure outlines the responsibilities and expectations for the acceptable use of Alexandria Technical and Community College’s information technology resources. It ensures compliance with Minnesota State Board Policy 5.22 and Procedure 5.22.1, and supports the security, privacy, and integrity of institutional data and systems. 

Scope

This procedure applies to all users of the College’s information technology resources, including students, employees, contractors, volunteers, and other authorized individuals, regardless of location or affiliation. 

Privacy and Monitoring

While the College strives to provide reasonable privacy, users should have no expectation of privacy when using institutional IT resources. The College reserves the right to monitor and access data for: 

  • Routine system maintenance and troubledshooting.
  • Security audits and investigations.
  • Compliance with institutional, state, and federal policies.
  • Protection of institutional assets and data integrity.

Monitoring is conducted only by authorized personnel and in accordance with applicable laws.

Acceptable Use

Users must use IT resources in a manner that supports the College’s educational, research, and administrative missions. Prohibited uses include, but are not limited to:

  • Unauthorized access to accounts, systems, or data.
  • Sharing passwords or credentials.
  • Harassment, threats, or illegal discrimination.
  • Commercial or political activities unrelated to ATCC operations.
  • Distribution of malicious software or unlicensed media.
  • Excessive personal use that interferes with institutional operations.
User Responsibilities

All users are responsible for:

  • Complying with applicable laws, policies, and licensing agreements.
  • Protecting their credentials and securing devices.
  • Using authorized systems and data.
  • Reporting suspected security incidents immediaty.
Data Security and Classification

Users must protect institutional data according to it's classification:

  • Public: Minimal protection required.
  • Private: Restricted to authorized users (e.g., FERPA-protected data.)
  • Confidential/Secure: Highly sensitive; requires encryption and limited access.
Enforcement and Sanctions

Violations of this procedure may result in:

  • Suspension or revocation of IT privileges.
  • Disciplinary action under student or employee conduct codes.
  • Legal action, including restitution for damages.
  • Expulsion or termination of employment.

ATCC may also refer violations to law enforcement when appropriate.