BASED ON POLICY NUMBER AND TITLE:
3-1-0 USE OF INFORMATION TECHNOLOGY RESOURCES
PURPOSE: This policy governs Trident Technical College (TTC) employees’ use and retention of information technology resources at TTC, including, but not limited to: e-mail, voicemail, software, hardware, network resources, back-up storage files, and infrastructure. This policy provides a cost effective approach to preserving and maintaining electronically stored data in compliance with applicable State and Federal law, and Federal e-discovery rules. It is also part of the TTC comprehensive disaster recovery plan and the TTC’s Document Retention Procedure 8-22-1 .
Legal Authorities: S.C. Public Records Act; S.C. Department of Archives & History General Retention Schedules; South Carolina Rules of Civil Procedure; Federal Rules of Civil Procedure.
- Information Technology Resources - assets that support computing and telecommunications including electronic sources that store and transport data, video and voice information.
- User - any authorized full or part-time faculty or staff member currently employed by TTC or any other non-student individual or group of non-student individuals authorized to use TTC owned computers or information technology resources.
- Remote User - any authorized full or part-time faculty or staff member currently employed by TTC or any other non-student individual or group of non-student individuals authorized to use TTC owned computers or information technology resources who accesses TTC information technology resources from an off-campus location, including but not limited to a home, airport, hotel, library, or any other public or private place.
- Information Technology Services (IT) - the department of TTC responsible for all IT resources except Datatel.
- Network – two or more computer systems linked together that enables users and computers to share information, software applications and other resources; the infrastructure that connects them; and access to the Internet.
- E-mail – any attempt to create, transmit, receive, or store text and picture communication messages over a local network or the Internet, which may include or have attached media and data files.
- H Drive (home directory) – a directory in a file system owned by a single user and used by that person to store files that s/he creates or copies there. It is located on TTC’s server in the datacenter.
- Local Hard Drive – also known as the C Drive (Local Disk C :) is the disk drive inside the user’s PC.
- Infrastructure – the physical hardware used to interconnect computers and users.
- USER RESPONSIBILITIES
As a User or a Remote User, you are responsible for:
- Reviewing, understanding, and complying with all policies and procedures related to access, acceptable use, and security of Information Technology resources;
- Asking systems administrators or the Records Custodian for clarification on access and acceptable use issues not specifically addressed in TTC policies, rules, guidelines, and procedures, and
- Ensuring that all electronic communications and messages, including voicemails and e-mails, are at all times courteous, professional, and businesslike.
- PROHIBITED USER CONDUCT
- You must not download, upload, or transmit information that may adversely affect TTC, and you may not store such information on TTC’s network, equipment, voicemail, or e-mail. Inappropriate materials that adversely affect TTC include statements, graphics, or images that are harassing, menacing, threatening, discriminatory, defamatory, racial, sexual, obscene, or prohibited by law.
- TTC does not allow you to play games, computer-based or otherwise, on college owned equipment during work hours. Also, you must not abuse the capability to use TTC Internet access to obtain non work-related information, just as you may not abuse telephones, fax machines, copiers or any other TTC resource for personal use.
- Monitoring User Conduct
- Personal use of TTC information technology resources is primarily a management issue monitored by your supervisor(s), but
- TTC reserves the right to periodically audit, inspect, and monitor user created content that is stored and/or transmitted on the TTC network as deemed appropriate. IT Services staff will report evidence of abuse to the Director of IT Services who will inform the Vice President of Technology and Planning. The Vice President will then work with cabinet members, as appropriate, to resolve the issue.
- ELECTRONIC MAIL (E-MAIL)
- Your TTC e-mail account(s) should be used primarily for business purposes, but TTC permits some personal use of TTC e-mail accounts and Internet access provided such use does not interfere with your job duties or cause excessive network traffic or storage issues.
TTC prohibits the following uses of TTC e-mail accounts. You may not:
- Forge or manipulate e-mail author information,
- Distribute computer viruses worms, or other harmful software programs on TTC resources.
- Use TTC e-mail distribution lists for sending: chain letters, spam, non-work related e-mail messages or work related email messages not critical to the entire college.
- Send plain text e-mail messages containing protected, sensitive data (Social Security Numbers (SSN's), credit card numbers, Date of Births (DOB's), student records, tax information) to external recipients. You must use encrypted file attachments to send protected data.
- Send e-mail messages containing inappropriate material such as statements, graphics or images that are harassing, menacing, threatening, discriminatory, defamatory, racial, sexual, pornographic, obscene, or prohibited by local, state, and federal law.
- TTC reserves the right to refuse (1) e-mail from external entities that send unsolicited, mass, or commercial messages, and (2) electronic messages that appear to contain viruses that would affect TTC users, and (3) to filter and discard such messages.
- E-mail Privacy
- E-mail messages you create, transmit, and receive on TTC computers are subject to review by IT Services as appropriate. TTC reserves the right to monitor the content of email sent from TTC email accounts (e.g. firstname.lastname@example.org) provided a legitimate, business-related reason exists.
- TTC also reserves the right to disclose e-mail messages to outside parties, regulators, law enforcement, and courts of law in connection with disputes, grievances or litigation, or if the President determines such disclosure is in the best interest of the college. Accordingly, you should always ensure that e-mail messages are courteous, professional, and businesslike.
- Employees that connect a mobile device to the TTC email server must be aware that their mobile device can be remotely wiped of all data if the device is lost or stolen.
- E-mail messages you create should not contain unnecessary graphic backgrounds or unnecessary image files.
- E-mail Retention
- E-mails created on TTC computers do not create a unique record series for retention purposes. The S.C. Public Records Act, the S.C. Department of History and Archives General Retention Schedules, and Federal e-discovery rules guide the retention of email. Accordingly, you must not delete certain e-mails without the approval of the Records Custodian.
- TTC classifies all work-related e-mails created, transmitted, or received over the TTC network as either Non-Public Record E-mails or Public Record E-mails.
- Non-Public Record E-mails are messages and communications that have limited or no administrative value to TTC and are not essential to the fulfillment of statutory obligations or to the documentation of TTC responsibilities. Examples of Non-Public Record E-mails include but are not limited to: (1) unsolicited junk mail, (2) listserv e-mail, (3) event reminder e-mail, (4) and personal non-work related email. No retention requirements for Non-Public Record E-mail messages exist, and you may delete such e-mails without approval from the Records Custodian. Please note you must delete all Non-Public Record E-mails on the first workday of every month.
- Public Record E-mails are messages and communications that have either permanent or temporary administrative value to TTC or are otherwise required to be maintained under state or federal law for a specific period of time. Examples of Public Record E-mails include but are not limited to: (1) e-mail correspondence between a student and a faculty advisor relating to the student’s academic progress, and (2) e-mail correspondence between TTC and a firm with which TTC has a service or maintenance contract discussing services rendered to TTC. The retention time for Public Record E-mails must follow the retention times applicable to paper and electronic public records in the same record series. In order to determine how long you must retain Public Record E-mails, refer to the Document Retention Guidelines located in the Public Folders. In the event the content of an e-mail message does not fit into an existing record series, you must contact TTC’s Record Custodian to create a special record series. Until an appropriate record series is created, you must preserve the e-mail(s).
- You must store Public Record E-mails until their pre-approved destruction date in one of the following manners. (1) Print a hard copy of the e-mail and store it in an appropriate file in your office. (2) Store the e-mail in the appropriate folder in your Home Directory. Once stored, you should delete the e-mail from Outlook. Under no circumstances may you store e-mails in Outlook for more than 18 months, including e-mail retained in local “.pst” files. Please note that you may not store e-mails or “.pst” files on your local drive (C drives); you may store them only on your H drive or in hard copy.
- E-mail Backup and Retention of Backup Files (Data Recovery)
- IT performs a full backup of the TTC e-mail system each day. Although IT performs email backups, you still must retain electronic or hard copies of e-mails as directed by this Procedure. Data from daily backups is erased and rewritten every two (2) weeks.
- IT also performs a monthly full backup of the TTC e-mail system as part of the TTC comprehensive disaster recovery plan. Monthly backups are performed on the first Saturday of the following month. Data from monthly backup tapes is stored offline for six (6) months and in compliance with the requirements of S.C. Code Ann. § 30-1-70.
- STORAGE OF FILES ON THE TTC HOME DIRECTORY (H DRIVE)
- You must store all required documents created in furtherance of TTC business on the Home Directory (H drive). As with Public Record E-mails, you may not store work related documents on your local hard drive (C drive), because IT does not back up individual local hard drives. Work related documents you store on your C drive could be lost with no way to restore them.
- TTC does not encourage you to create and/or modify personal documents while using a TTC owned computer. However, if you choose to do so, please do not store your personal documents on the H drive. You may only store personal documents on your C drive.
- No documents stored on your H drive should be more than two years old. You must delete documents that are more than two years old or store them according to the South Carolina Records Retention Schedule. Absent extraordinary circumstances, a document should not remain on your H drive after its retention time expires. After the document’s retention time expires you must move it to a CD or flash drive if you want to retain it.
- If you use a TTC laptop or tablet PC for work, you are responsible for copying documents and data created and stored on the laptop or tablet PC to the network on a regularly scheduled basis. Typically, data should be transferred from your laptop or tablet PC to the H drive at least twice per week. Protected, sensitive data must not be stored on mobile devices or mobile storage. Protected data must only be stored in TTC's enterprise information systems (e.g. student information system) and high security network drives.
- H Drive Data Backup and Retention of Backup Files (Data Recovery)
- IT performs daily backups of all TTC H drives. Data from daily incremental backups is erased and rewritten every two (2) weeks.
- IT also performs a monthly full backup of all TTC H drives as part of the TTC comprehensive disaster recovery plan. Monthly backups are performed on the first Saturday of the following month. Data from monthly backup tapes is stored offline for six (6) months and in compliance with the requirements of S.C. Code Ann. § 30-1-70. It is important to strictly follow this procedure because S.C. and Federal Rules of Civil Procedure require TTC to store electronic documents “in the usual course of business” as provided for by this policy. F.R.C.P. 34(b)(2)(E)(i).
- STORAGE OF SHARED FILES ON THE TTC NETWORK
- A document stored in file share folders should be deleted or stored off-line if it is more than two years. You must follow the South Carolina Records Retention Guidelines with respect to shared files as well. For example, you should not retain an obsolete form in a file share folder once it has been superseded. Absent extraordinary circumstances, you should not allow a document to remain in a folder after its retention time expires. You should move such documents to a CD or flash drive if you wish to retain it.
- File Share Folder Data Backup and Retention of Backup Files (Data Recovery).
- IT performs daily backups of all TTC file share folders. Data from daily backups is erased and rewritten every two (2) weeks.
- IT also performs a monthly full backup of all file share folders as part of the TTC comprehensive disaster recovery plan. Data from monthly backup tapes is stored offline for six (6) months and in compliance with the requirements of S.C. Code Ann. § 30-1-70. It is important to strictly follow this procedure because S.C. and Federal laws require TTC to store electronic documents “in the usual course of business” as provided for by this policy. F.R.C.P. 34(b)(2)(E)(i).
- SUPERVISOR'S RESPONSIBILITIES FOR EMPLOYEE'S DATA
- When an employee retires, resigns, or is terminated Human Resources must contact IT immediately in accordance with TTC procedure 8-10-1 Employee Terminations.
- The supervisor will have access to the employee’s home directory and e-mail for 90 days. During these 90 days, the supervisor must determine whether to retain or delete the files and e-mails.
- If any of the e-mails or files must be retained, the supervisor is responsible for the removal to the proper storage location.
- The employee’s home directory and email will automatically be deleted after 90 days by IT. This data will still be accessible via monthly tape backups for an additional six (6) months from the termination date. Prior to deletion, the IT manager will confirm the deletion with the former employee’s Vice President.
- If you change positions within the college, the requirements stated in items one (1) and two (2) above become your responsibility, not your supervisor’s responsibility.