• 401.12

    Code No. 401.12


    1.  Overview

    The North Polk Community School District is committed to protecting its students, employees and assets from illegal or damaging actions by individuals, either knowingly or unknowingly.

    Information technology (IT) systems, including but not limited to computer equipment, software, operating systems, storage media, network accounts providing internet access, electronic mail, WWW browsing and FTP are property of North Polk Community School District.  For purposes of this policy, all communication devices owned and operated by the District, including District telephone systems voicemail, will be educational purposes and business purposes in serving the interest of the District.

    Effective security is a team effort involving the participation and support of every North Polk Community School District employee, student and affiliate who deals with information and/or information systems; it is the responsibility of all users to know these guidelines and to conduct their activities accordingly.

    2.  Purpose

    The purpose of this policy is to describe the acceptable use of IT equipment at North Polk Community School District.  These rules are in place to protect employees, students and the District.

    3.  Scope

    This policy applies to students, employees, contractors, consultants, volunteers and all other individuals at North Polk Community School District, including all personnel affiliated with third parties.  This policy applies to all equipment that is owned or leased by the District.

    4.  Policy

              4.1  General Use and Ownership

      • While North Polk Community School District desires to provide a reasonable level of privacy, all users should be aware that the data they create, receive, transmit, or store on District IT systems is the property of the District.   Because of the need to protect the District’s network, management cannot and does not guarantee the confidentiality of information or material stored on any IT equipment device belonging to the District.
      • Employees and students are allowed modest and occasional use of IT systems for personal use.   All such individual are responsible for exercising good judgment regarding the reasonableness of personal use.  Employees should be guided by District policies and sound professional judgment on personal use.  If there is any uncertainty, employees should consult their supervisor or principal.
      • The District recommends that any information that users consider sensitive or vulnerable be encrypted.
      • For security, enforcement and network maintenance purposes, District authorized individuals may monitor equipment, systems, and network traffic at any time. 
      • The District reserves the right to audit equipment, networks and systems on a periodic basis and on an “as needed” basis with or without notice to ensure compliance with this policy. 

              4.2 Security and Proprietary Information

      • Employees should take all necessary steps to prevent unauthorized access to confidential information stored in the IT system.
      • All users should keep passwords secure and should not share accounts.
      • Because information contained on portable computers is especially vulnerable, special care should be exercised in this regard.
      • Postings by users from a District email address to outside recipients such as newsgroups should contain a disclaimer stating that the opinions expressed are strictly their own and not necessarily those of the District, unless posting is in the course of school duties.
      • All hosts used by a user that are connected to the District IT system, whether owned by the employee or the District, shall be continually executing approved virus-scanning software.
      • All users must use caution when opening email attachments received from unknown senders, which may contain viruses, email bombs, or Trojan horse codes.

    4.3 Unacceptable Use

    The following lists generally describe those activities which are prohibited.  Employees may be exempted from these restrictions during the course of their legitimate job responsibilities (e.g., systems administration staff may have a need to disable the network access of a host if that host is disrupting production services).

    Under no circumstances is any user authorized to engage in any activity that is illegal under local, state, federal, or international law while utilizing District-owned systems or resources.  The lists below are by no means exhaustive, but are intended to provide a framework for understanding the kinds of activities which fall into the category of unacceptable use.

    The following kinds of activities are strictly prohibited:

    System and Network Activities

    1. Violations of the rights of any person or company protected by copyright, trade secret, patent, or other intellectual property or similar laws or regulations, including, but not limited to, the installation or distribution of “pirated” or other software products that are not appropriately licensed for use by the District.
    2. Unauthorized coping of copyrighted material including, but not limited to, digitization and distribution of photographs from magazines, books, or other copyrighted sources, copyrighted music, and the installation of any copyrighted software for which the District or the end user does not have a active license.
    3. Exporting software, technical information, or other technology in violation of international or regional export control laws.
    4. Introduction of malicious programs into the network or server (e.g., viruses, worms, Trojan horses, email bombs, etc.).
    5. Revealing an account password to others or allowing use of an account by others.  This includes a user’s family and other household members when work is being done at home.
    6. Using District equipment or IT systems to actively engage in procuring or transmitting material that is I violation of sexual harassment or hostile workplace laws or polices.
    7. Making fraudulent offers of products, items, or services originating from any District account. 
    8. Effecting security breaches or disruptions of network communication.  Security breaches include, but are not limited to, accessing data of which the employee is not an intended recipient or logging into a server or account that the employee is not expressly authorized to access, unless these activities are within the scope of regular duties.  For purposes of this section, “disruption” includes, but is not limited to, network sniffing, pinged floods, packet spoofing, denial of service, and forged routing information.
    9. Port scanning or security scanning unless prior notification to the District is made.
    10. Executing any form of network monitoring which will intercept data not intended for the employee’s host, unless this activity is a part of the employee’s normal job/duty.
    11. Circumventing user authentication or security of any host, network, or account.
    12. Interfering with or denying service to any user other than the employee’s host (for example, denial of service attack).
    13. Using any program/script/command or sending messages of any kind with the intent to interfere with or disable a user’s terminal session via any means, locally or via the IT system.
    14. Providing information about, or lists of, District employees or students to unauthorized parties outside the District.

    Email and Communications Activities

    1. Sending unsolicited email messages including the sending of “junk mail” or other advertising material to individuals who did not specifically request such material (email spam, or unauthorized and/or unsolicited electronic mass mailings).
    2. Any form of harassment via email, telephone, or paging, whether through language, frequency, or size of messages.
    3. Unauthorized use, or forging, of email header information.
    4. Solicitation of email for any other email address, other than that of the poster’s account, with the intent to harass or to collect replies.
    5. Creating or forwarding “chain letters,” “Ponzi” or other “pyramid” schemes of any type.
    6. Use of unsolicited email originating from within the District’s networks of other Internet/Intranet/ Extranet service providers on behalf of, or to advertise, any service hosted by the District or connected via the District’s network.
    7. Posting the same or similar non-work or non-school related messages to large numbers of recipients (e.g. newsgroup spam).

    5. Enforcement

    An investigation into any suspected misuse of District equipment or IT systems may be undertaken with or without notice to IT system users.  Any user found to have violated this policy may be subject to a full range of disciplinary action.  Any employee found to have violated this policy, for example, may be subject to disciplinary action up to and including termination of employment.

    Approved:        4/18/2009

    Reviewed:        3/25/2009, 01/23/2014

    Revised:            4/18/2009