IT Policies and Security

Policy: Computer Use Master Policy
Dept. Responsible: Information Technology
Effective Date: March 1, 2010
Revised Date: December 20, 2009

Overview

Technology is a critical component in the pursuit of our mission as a university.  It helps promote communication; facilitates research, work and discussion; and is an essential tool in the delivery of our teaching mission.  It provides infrastructure needed to perform a wide range of University functions and to maintain essential University records.  Technology can also help build a sense of community within Butler, as well as with the surrounding community in which we learn, live and work.  But used in ways contrary to our goals, it can also be a powerful tool of harm.  As such, it is critical that all who use Butler’s technology resources do so in fair and responsible ways and according to all applicable laws and University policies.

Butler also cherishes the privacy of personal content and freedom of expression that are at the core of intellectual pursuit and are fundamental to expression of teaching and learning.  However, this must be balanced against the legal responsibilities, rights and risks of the University and others.  This policy endeavors to balance the use of and need for technology, while creating an environment of respect and privacy and, at the same time, ensuring that the assets and reputation of the University are protected.

Scope

This policy applies to all users of Butler University’s computer and voice systems (hereafter referred to as “Butler Systems”):  This includes all computer systems, Butler provided devices, data storage, related communication technologies, and information transmitted or maintained on these technologies.

Policy Statement

1. Butler ownership & responsibility
   1. All Butler Systems are the property of the University unless explicitly defined otherwise through copyrights, law, the Butler University Intellectual Policy or a specific written agreement with the University. Butler University:
      1. Maintains the rights to all Butler Systems;
      2. Will take all reasonable and necessary steps to protect and secure systems and data; and
      3. Will employ tools reasonably necessary to ensure reliability of systems and the availability of its data.
   2. Butler maintains computer systems for the advancement of the University mission
   3. Access to Butler Systems is not in itself a right, but is a privilege provided to individuals with a legitimate need to access these systems.
   4. Acquisition of new computer systems and services will follow Butler procurement policies.  This includes following standards established by Information Technology or obtaining approval of the Chief Information Officer on new systems or services.
   5. At any time, if this policy is violated, access to Butler Systems may be revoked.
2. Your rights and responsibilities as a computer user are to:
   1. Use Butler Systems for University purposes:
      1. To pursue knowledge to further teaching and learning;
      2. To facilitate the execution of your employment duties and responsibilities; and/or
      3. For incidental personal use by faculty and staff.
   2. Use Butler Systems in ways that keep your personal data and the data of the University secure. This can be done by:
      1. Never sharing your password.
      2. Using strong passwords and changing them at a minimum of every six months.
      3. Never allowing others to use your network account or access.
      4. Using all available tools to help protect Butler Systems; see other policies for more details on identity theft, FERPA, HIPAA, etc.
      5. Signing off or locking your computer when not attended.
      6. Being aware of common threats to computer systems and accounts (virus, phishing, social engineered attack, etc.).
   3. Use Butler Systems in legal manner by:
      1. Sharing music, video, images, document, etc.  only if you own or have permission to share such items.
      2. Using software and intellectual property provided accordance with software copyright and license agreements.
      3. Building community and relationships while not harassing or defaming others.
      4. Accessing all systems and data for which you have permission, but not attempting to or gain unauthorized access to systems or data to which you do not have access.
      5. Not impersonating others.
      6. Not attempting to disrupt other users or University computer system operations.
      7. Abiding by all applicable federal, state and local laws.
      8. Abiding by all University policies.
   4. Use Butler Systems in an ethical manner:
      1. By fostering the high ethical standards of the University.
      2. By refraining from use of technology for academic dishonesty (i.e., plagiarism or cheating).

Administration of Policy

The oversight of this policy is the responsibility of the CIO and should be reviewed annually.

Related Policies

• Fair, Responsible and Acceptable Use Policy
• Procurement Policy (located on BUfiles in general\Forms\Business Forms\Business Policies)
• Privacy of Personally Created Content
• Employee Code of Responsibility for Security & Confidentiality of Information
• Identity Theft Information – Storage, Disposal, Breach & Red Flags
• Federal HIPAA (Health Insurance Portability and Accountability Act)
• Federal FERPA (Family Educational Rights and Privacy Act)

Revision History

Approved by the Board of Trustees: February 26, 2010
Approved by Sr. Administrative Group: January 19, 2010
Approved by the Information Management Council: December 20, 2009
Prior Update: June 2, 2002
Originally created: May 13, 1994

Overview/Purpose

Butler University is a not-for-profit educational institution domiciled in the State of Indiana.  The University exists to provide the highest quality of liberal arts and professional education and to integrate the two by creating and fostering a stimulating intellectual community built upon interactive dialogue and inquiry among faculty, staff, and students.

Butler University is committed to protecting the privacy of its constituents.

Information Gathered

Butler University websites may collect personal information such as your name, address, email address, telephone number(s), and password(s).  Additionally, credit card or other personal information may be requested for selected activities such as purchases, donations, or registration.

Security

Butler University is committed to ensuring that your information is secure.  To protect the privacy of your data and others, we have taken important environmental, electronic, and managerial steps to safeguard and secure the information.

Distribution of Collected Information

Information gathered will only be used for purposes consistent with the University mission.   Butler will not share personal information about you with unaffiliated third parties for use in marketing their products and services.

Butler does work with select third parties to accomplish its mission.  We may disclose information about you as necessary to fulfill those third-party service agreements. For example, we may disclose information about you to assist us in servicing or maintaining your account with us. These third parties must agree to use the information only for the services requested by the university.

We may also disclose information about you to governmental entities when required under law or in response to subpoenas.  Lastly, we may disclose your personal information to other organizations when you specifically request us to do so, such as in a transcript request.

Links

While using the Butler website, you may encounter links to the web pages of organizations not directly affiliated with Butler.  Butler does not control the content or information practices of external organizations or the information they may collect.  We recommend you review the privacy statements of these organizations.  Please keep in mind also that, whenever you voluntarily disclose personal information online-for example, on a social network site shared by many individuals or in a chat area-that information can be collected and used by others who also have access to that service.  In short, if you post personal information online that is accessible to other members of an organization, we cannot control others’ use of that information.

Cookies

Cookies are small pieces of data stored by the web browser, often used to remember information about preferences and pages you have visited.  By setting preferences in your browser, you can refuse to accept cookies, disable cookies and remove cookies from your computer; however, that may affect the functioning of the sites you visit.

Username and Password

The university may assign you a username and password to permit access to selected sites.   You are responsible for maintaining the confidentiality of the username and password.   You must immediately notify the university of any unauthorized use of your username and password.  Whenever you provide personal information via a web transaction, you should sign out of the web site and close your browser at the end of each session.

Alternative to Web Site Transactions

Butler web sites provide access to information and services for constituents that may not have a formal relationship with the University as a student or employee.  If you are neither a student nor employee and prefer not to provide any information online, we invite you to cancel the transaction and contact the administrative unit responsible for the service to conduct the business in person, by mail or by telephone.

Consent

Your use of our services and Web site indicates your acceptance of the terms and conditions of use. In addition to the terms of this Privacy Statement, all pertinent, non-conflicting provisions of the Student Handbook, Employee Handbook, Faculty Handbook, Computer Use Policies, and the My.Butler Terms & Conditions apply to your use of Butler’s websites.  If you do not agree to these terms, please discontinue your use of our sites.

This Policy

Butler University’s Privacy Statement is available on our web site or a hardcopy may be requested via telephone or mail.  Our Privacy Statement may, from time to time, change, and we invite you to periodically review it to ensure your familiarity with the most recent version.

What is identity theft?

Identity theft is when sensitive information is either stolen or disclosed unknowingly in order to use it for fraud or other crimes. Around 10 million Americans each year have their identity stolen. Identity theft most often involves the following pieces of information (which are protected under Indiana law):

• Social Security number
• Driver’s license or state id number
• Credit or debit card number
• Financial account number
• Passwords

How do I protect identity theft information?

There are several things you MUST do according to Butler policy to protect identity theft information:

• Collect and store identity theft information only when absolutely essential to your task; use alternate information, such as the Butler employee ID number when possible.
• Store all electronic documents that contain identity theft information on Butler’s central file storage (BUfiles) or in the central administrative systems such as Advance, PeopleSoft, etc. These are the most secure locations.
• Keep all paper documents containing sensitive information in locked storage when not in use. To discard sensitive documents, place them in the grey locked storage containers located with most copy machines across campus; the grey containers are emptied and shredded by a bonded firm.
• Return unused electronic devices to Information Technology (IT) for proper and secure disposal.
• Contact IT if identity theft data must be transferred to an outside party to ensure a secure transfer method.
• If you accidently lose control of or improperly dispose of paper or electronic media that contains any of the information defined above, notify your supervisor who will notify the Chief Information Officer or Vice President of Finance.
• Do not store identity theft information fields on your Butler or home PC or Mac, on your laptops, Smartphone, or mobile storage devices such as CDs or USB “thumb” drives. These are not secure and are easily misplaced.
• Do not send identity theft fields via email to anyone inside or outside of Butler.
• Do not dispose of documents with sensitive information in standard trash cans.

There are several things you can do to protect all electronic information:

• Never share your Butler password with anyone or post your password to computer applications.
• Maintain a strong password that is not easy for someone else to guess. The system allows longer “pass phrases” which can be easy to remember but impossible to guess; example:nirvana**340.
• Never log on to your workstation and then let anyone else use it.
• Always log off of your workstation when you are going to be away from your work area.
• Install only reputable or Butler licensed software on your computers.

Policy:  Fair, Responsible and Acceptable Computer Use
Dept. Responsible: Information Technology
Effective Date: March 1, 2010
Revised Date: December 20, 2009

Overview

Information technology is a powerful tool in advancing the mission of the University.  Common sense and mutual respect underlie all rights, privileges and responsibilities of those who utilize these technologies.  It is the intent of the University that the community shares these resources in creative and exciting ways in advancing our goals.  Inappropriate use can result in the loss of the privilege of accessing Butler Systems or data.  It can also lead to disciplinary action, potential termination or legal action.  The purpose of this policy is to outline what constitutes fair and acceptable use of computer technologies at Butler University.

Scope

This policy applies to all users of Butler University’s computer and voice systems (hereafter referred to as “Butler Systems”):  This includes all computer systems, Butler provided devices, data storage, related communication technologies, and information transmitted or maintained on these technologies.

Policy Statement

1. Fair & appropriate use:
   1. Supporting the mission of the University, teaching/learning, creative activities, or engaging the community
   2. Supporting studies, instruction, duties as employees, official University business, and University sanctioned activities
   3. Faculty & Staff:  incidental personal use
   4. All users must:
      1. Comply with all state, federal, and local laws;
      2. Comply with all University policies;
      3. Comply with IT standards regarding usage of network and technological resources
      4. Respect intellectual property rights of others;
      5. Protect files and system access from use by others;
      6. Practice etiquette in communication;
      7. Utilize systems via only your Butler assigned computer account and I.D.; and
      8. Access only files or systems that are yours, public, or that the account holder has given you permission to access
2. Inappropriate use:
   1. Operating a personal business (except as part of a class sponsored activity).
   2. Serving as primary computer system for outside organization, except:
      1. where Butler has official affiliate relationship; or
      2. where approval has been granted from college/division leadership and Information Technology and applicable accounts obtained in advance.
   3. Using resources excessively, e.g., utilizing resources notably beyond the norm for the person’s role on campus.
   4. Circumventing security measures at Butler or on other networks.
   5. Impersonating others.

Administration

The oversight of this policy is the responsibility of the CIO, and should be reviewed annually.

Related Policies

• Computer Use Master Policy
• Privacy of Personally Created Content
• Employee Code of Responsibility for Security & Confidentiality of Information
• Identity Theft Information – Storage, Disposal, Breach & Red Flags
• Federal HIPAA (Health Insurance Portability and Accountability Act)
• Federal FERPA (Family Educational Rights and Privacy Act);  see Student Handbook

Revision History

Approved by the Board of Trustees: February 26, 2010
Approved by Sr. Administrative Group: January 19, 2010
Approved by the Information Management Council: December 20, 2009
Created 12/20/2009 as complete rewrite from Computer Use Policy, June 2002

Policy:  Privacy of Personally Created Content
Dept. Responsible: Information Technology
Effective Date: March 1, 2010
Revised Date: December 20, 2009

Overview

Butler University cherishes the freedom of expression, the diversity of values and perspectives inherent in an academic institution, and the value of privacy for all members of its community. We do not condone censorship nor do we routinely access or inspect data stored on Butler systems and devices. However, these values and rights must be balanced against the legal obligations of the University, as well as with the needs of the larger community.

At times, legitimate reasons exist for persons other than the account holder to access computers, computer files, or network traffic stored on or passing through Butler Systems. This policy endeavors to balance the privacy of the individual while protecting the University and the community it serves.

Scope

This policy applies to all users of Butler University’s computer and voice systems (hereafter referred to as “Butler Systems”): This includes all computer systems, Butler provided devices, data storage, related communication technologies, and information transmitted or maintained on these technologies.  It also applies to personal content created by faculty, staff, and students using Butler’s Systems.

Policy Statement

1. Data stored on Butler Systems will not be accessed by anyone other than:
   • The account holder;
   • The originator or recipient of a communication; or
   • The person assigned a computer system or technology on which data is stored EXCEPT in the specific circumstances outlined in this policy
2. What is covered:
   • Data and other files, including electronic mail and voicemail, stored on, encrypted on, or in transit to or from individual computer or voicemail accounts;
   • University owned or managed systems;
   • University owned computers and related technologies assigned to individuals or groups; and
   • University data and files on personally owned and other devices.
3. Reasons to access user data or systems by University personnel other than the account holder
   • A-Situations that require written authorization of account holder or applicable VP (or President), Executive Director or College Dean:
     • 1-Critical operational necessity – information needed for critical operation and the person is unavailable (terminated, incapacitated, unreachable, unwilling, or deceased).
     • 2-Reasonable cause for investigation – evidence that reasonably causes the University to conclude that the user may be engaging in or may be planning to engage in a violation of law or University policy.
     • 3-Response to lawful demand – subpoena, warrant or legal order.
     • 4-Request on behalf of parents or the estate of a deceased student.
     • 5-Substantial University risk of harm or liability.
     • 6-When permission is given by account holder.
   • B-Situations that do not require written authorization:
     • 1-Emergency problem resolution – when an Information Technology (IT) technician has reasonable belief that a program/process will cause significant system or network degradation, or could cause loss/damage to data.
     • 2-Collaborative information or resources – systems/data that by their nature are not private – e.g. shared computers, documents, folders.
     • 3-Content neutral system generated information – information generated by systems that helps maintain storage, performance and security of systems.
     • 4-Network communications – IT staff may observe, capture and analyze network communication to ensure security and reliability of network.
     • 5-Implied consent – situation where user has requested assistance in diagnosing or solving a technical problem.
     • 6-System administrative need – normal data backup, upgrade, or problem resolution.
4. Procedure for accessing and reviewing personal data
   • A-Accessing data – Procedure for accessing data or systems requiring written permission:
     • Request: Appropriate party as designated in section 3A above will make request in writing outlining the scope of the information needed along with rationale for accessing system/data, and will present that to the Chief Information Officer (CIO) in the Information Technology department.
     • Approval:
       • CIO will carefully review the request to access or review personal data and validate that the request meets the criteria outlined in section 3 above.
       • CIO will consult with and obtain approval from a third party senior leader outside the area initiating the request (e.g., Executive Director of HR, Provost, VP Student Affairs, College Dean, President).  However, in the case of a request to access the account of a Butler staff member under section 3A6 above, no third party approval will be required.
       • In the CIO’s absence, the Information Technology director designated as the acting CIO will handle the request on behalf of the CIO; the CIO will then be informed and consulted as soon as practical.
       • If there is disagreement between requestor, CIO and the third party, the President will act as the final arbiter.
     • Access: CIO will always go through a system administrator to gain access to data.
     • Notification: CIO or designee will make a reasonable effort to report access of data to account holder prior to access except:
       • When doing so may result in the destruction, removal or alteration of data;
       • When prior notice is not practical due to urgency; or
       • When other circumstances make prior notice inappropriate or impractical.
       • When prior notice is not appropriate or practical, reasonable efforts will be made to notify affected individual as soon as practical following access unless other circumstances make follow up inappropriate.
   • B-Reviewing data – Procedure for reviewing data or systems requiring written permission:
     • Review:  Data obtained for a request will be reviewed by the fewest individuals practical in order to meet the required need.  This will generally be the requesting VP or Executive Director or College Dean or a third party (e.g., HR, BUPD, Provost Office, Student Affairs, Legal Counsel).
     • Share findings: The person whose files or systems were accessed may request to have the findings shared with them.
   • C-Reporting:
     • Information Technology will maintain a confidential record of all requests for access to data or systems under section 3A of this policy.
     • In the spirit of disclosure, the CIO will make an annual report, in the fall, to the Information Management Council (IMC) of any requests to access data or systems under the provisions of section 3A of this policy.
       • The report will cover any and all investigations which have been closed since the previous report.
       • This information will be provided to the IMC on a confidential basis and members agree to maintain confidentiality of such information.
       • The events will be in a redacted format to protect the privacy of individuals; however, for each account accessed under this policy, the report will include at a minimum:
         • General classification of the account holder(s):  faculty, staff, student, affiliate.
         • Incident timeframe as defined by:  fall semester, spring semester, summer.
         • Section(s) of this policy which allowed the access and thus a broad sense of reasons.
         • Name of third party who reviewed the request pursuant to section 4B of this policy.
         • Disposition of request:  completed or rejected.
         • The report will not include:  specific account names, specific reasons, or the specific person making the request.
       • Accounts that are involved in an ongoing investigation will be reported to the IMC in the reporting cycle immediately following the close of the investigation.
       • IMC meeting minutes will reflect the production of the report and whether the committee feels that the reported actions appear to be in compliance with this policy.
       • In the interest of maintaining confidentiality, should any member of the IMC have questions regarding specific incidents in the CIO’s report, he/she will need to follow up solely with the CIO, the reviewer of the request or the University President.  A committee member may also communicate a concern through the University’s EthicsPoint Fraud and Improper Conduct telephone hotline or on the My.Butler EthicsPoint Reporting website, both of which are monitored by the Board of Trustees.

Administration

The oversight of this policy is the responsibility of the President and CIO, and should be reviewed annually.

Related Policies

• Computer Use Master Policy
• Fair, Responsible and Acceptable Computer Use
• Employee Code of Responsibility for Security & Confidentiality of Information
• Identity Theft Information – Storage, Disposal, Breach & Red Flags
• Federal HIPAA (Health Insurance Portability and Accountability Act)
• Federal FERPA (Family Educational Rights and Privacy Act); see Student Handbook

Revision History

Approved by the Board of Trustees, February 26, 2010
Approved by Sr. Administrative Group: January 19, 2010
Approved by the Information Management Council: December 20, 2009
Created: 12/20/2009 as complete rewrite from Computer Use Policy, June 2002

Policy: Employee Code of Responsibility for Security and Confidentiality of Information
Dept. Responsible: Human Resources
Effective Date: March 1, 2010
Revised Date: June 1, 2009

Overview

Butler University, both as an educational institution of higher learning and an employer, requires the strict confidentiality and security of the institution’s records, in compliance with the Family Educational Rights and Privacy Act of 1974 (FERPA), the Health Insurance Portability and Accountability Act (HIPAA), Indiana code and other federal, state, and local laws as applicable that affect the dissemination and use of confidential or protected information and records.  Administrators, faculty, staff, and student workers (Employees) who have access to such information and/or records shall safeguard the privacy and confidentiality of such information and/or records and shall not disclose or disseminate such information and/or records (in whatever form maintained) to any unauthorized person or entity.

Scope

This policy applies to faculty, staff, and all others performing tasks on behalf of Butler University, including but not limited to contractors, affiliates, guest instructors, student workers, and third party providers, as it is through the diligent efforts of everyone that information is protected.

Policy Statement

1. Without limiting the generality of the foregoing, activities which are prohibited in all cases include, but are not limited to:
   1. Engaging in any unauthorized or inappropriate use of information and/or records, or permitting such unauthorized or inappropriate use;
   2. Obtaining or attempting to obtain personal benefit or permitting others to obtain or attempt to obtain personal benefit by the use or disclosure of any confidential information and/or records that an Employee accesses in the course of his/her work assignment or otherwise;
   3. Exhibiting or divulging contents of any record or report to any person or entity, except in the conduct of the Employee’s work assignment and/or responsibilities in accordance with Butler University policies;
   4. Knowingly including or causing to be included in any record or report a false, inaccurate, or misleading entry;
   5. Removing any official record or report (or copy thereof) from the office where it is kept, except in the performance of the Employee’s work assignment and/or responsibilities in accordance with Butler University policies; and
   6. Aiding, abetting, or acting in conspiracy with any other person to violate or compromise the confidentiality  of  protected  information  or  records,  or  to  violate  this  Employee  Code  of Responsibility.
2. Compliance — Employees are expected to immediately report any threatened or actual violation of this Employee Code of Responsibility to their immediate supervisor or the Human Resources Department.
3. Breach — Any violation of this Employee Code of Responsibility will subject the offending Employee to disciplinary action consistent with the policies of Butler University, which may include termination of employment and possible legal action.  Where the Employee is a student, disciplinary action may also include suspension or expulsion from the University, or such other academic or other sanctions as the University deems appropriate.

Administration

Operational responsibility of this policy is delegated to the Executive Director of Human Resources. Periodically or as required, this policy will be reviewed by the Sr. Administrative Group to ensure the policy is up to date and applicable in the current environment.  Periodic reports will be made to the Sr. Administrative Group in the event of material breaches.

Related Policies

• Computer Use Master Policy
• Privacy of Personally Created Content
• Fair, Responsible and Acceptable Computer Use
• Identity Theft Information – Storage, Disposal, Breach & Red Flags
• Federal HIPAA (Health Insurance Portability and Accountability Act)
• Federal FERPA (Family Educational Rights and Privacy Act); see Student Handbook

Revision History

Approved by the Board of Trustees, February 26, 2010
Became formal campus wide policy March 1, 2010; previously Human Resources and Registration and Records form signed prior to granting PeopleSoft access and/or at new hire
Approved by Sr. Administrative Group: January 19, 2010
Statement revised June 2009
Originally created April 2001

Policy: Butler University Copyright Policy
Dept. Responsible: Irwin Library
Effective Date: December 2, 2011
Revised Date: 10.11.11
PDF of Policy

Purpose

This policy is not intended to act as a substitute for legal advice, and proper legal advice should be obtained when necessary.

The purpose of the Butler University Copyright Policy is to provide a summary of United States copyright laws as they relate to the use of copyright protected materials in an educational setting. All Butler University faculty, staff, and students are expected to act as responsible users of the copyrighted works of others, which includes making informed, good faith decisions that comply with copyright law. When permission to use copyright protected material is required, that permission must be obtained prior to use of the materials. Infringement of another person’s copyright is a violation of federal law. The legal ramifications of infringement include fines that range from $200 to $150,000 per infringement. Every student, faculty member, and employee of the University is expected to comply with this policy. For additional help with copyright, please see the Copyright LibGuide at libguides.butler.edu/copyright.

Copyright Law

Copyright law protects the expression of an idea; it does not protect ideas, data, or facts. Copyright is a form of legal protection for authors of original works, including dramatic, musical, artistic, literary, and other intellectual products. Copyright gives authors a set of exclusive legal rights for a limited period of time. Under current law, the author’s rights begin automatically when a work is created. Copyrighted works are not limited to those that bear a copyright notice (e.g. ©) or to those that are registered. Copyright is automatic and arises upon the creation of a given work. These rights prohibit others from, among other things, using the works without permission or profiting from the sale or performance of these works. Section 106 of the Copyright Act generally gives the owner of copyright the exclusive right to do and to authorize others to do the following:

1. Reproduce copies of the original work.
2. Prepare derivative works based on the original copyrighted work.
3. Distribute copies of the work by rental, lease, sale, or lending.
4. Publicly perform the work.
5. Publicly display the work.

However, the rights are not absolute. They are subject to “fair use” limitations addressed below.

Copyright applies to any format that is fixed and tangible. Typical formats may include:

1. Printed words
2. Video tape
3. DVDs and CDs
4. Computer files-both audio and video
5. Photographs-both print and electronic

“Fair Use”

The provision for “fair use” of a copyright protected work is found in the Copyright Act at Section 107. Under the “fair use” provision, a reproduction of someone else’s copyright-protected work may be considered non-infringing if it is used for criticism, comment, news reporting, teaching, scholarship or research. If the reproduction is for one of these purposes, then a determination of “fair use” will be guided by consideration of four non-exclusive factors:

1. The purpose and character of use (principally, whether for commercial or nonprofit educational use);
2. The nature of the copyright-protected work;
3. The amount and substantiality of the portion used; and
4. The effect of the contemplated use on the potential market for or value of the copyright-protected work.

The difference between “fair use” and “infringement” of a copyright-protected work is not easy to determine. The burden of establishing a “fair use” is on the user and requires a very circumstance-specific analysis of the intended use or reuse of a work. Here are three examples that illustrate this challenge:

Copyright Provisions for Higher Education

The Copyright Act contains specific exceptions for the use of copyright-protected materials by academic institutions. These provisions include:

• Section 107 on fair use, which is discussed above.
• Section 108 on reproduction by libraries and archives, which applies to activities such as archiving; replacing lost, damaged or obsolete copies, patron requests for entire works, and interlibrary loans.
• Section 109 on first sale, which permits the resale or lending of copies of works, providing the basis for library lending and the sale of used books.
• Section 110 on the use of materials in an educational setting, which permits certain types of content use in the classroom. Common examples include the use of legally acquired DVDs and CDs in a classroom. The use should be instructional and not for entertainment or reward.

Help With Copyright

• The Copyright FAQ
• The Copyright & Intellectual Property Libguide
• Jennifer Coronado (9549 or jray@butler.edu)—Butler University Scholarly Communication Librarian. The Scholarly Communication Librarian does not provide legal advice or enforce copyright compliance. The Scholarly Communication Librarian oversees all activities that pertain to copyright as it pertains to interlibrary loan and course reserves. In addition, the Scholarly Communication Librarian serves as an educational resource to students, faculty, and staff concerning copyright issues.
• Josh Petrusa (9236 or jpetrusa@butler.edu)—Associate Dean of Technical Services. The Associate Dean of Technical Services is responsible for all library-related database licensing agreements.
• Pete Williams (9700 or williams@butler.edu)—CIO. Mr. Williams is responsible for oversight and compliance of Butler University’s Computer Use Policy.
• Legal counsel—The university can, when warranted, consult with legal counsel for advice concerning copyright-related issues.

Related Campus Policies

• Butler University’s Intellectual Property Policy
• Butler University’s Computer Use Policy
• Butler Libraries Policies
• Interlibrary Loan and Copyright

Living Document Statement

This policy is a living document and must remain adaptable to respond to new developments in copyright law. Butler University will keep this policy under review and modify when necessary.

Name: Computer Support Standards
Scope: Faculty & Staff Members
Department Responsible: Information Technology
Effective Date: October 1, 2000
Rev. Date: 7/7/16

Computer Support Standards

The purpose of these standards is to ensure an information technology infrastructure that promotes the academic mission of the University in teaching, learning, research, and administration. The specific goal is to define computer-related hardware and software support standards that will be provided by Information Technology. These standards apply to:

• All University-owned computer hardware
• All University-owned computer software
• All users of computer systems, including but not limited to University students, faculty, and staff

Any item submitted for support must be installed on a system with a University Identification Number.

The priority of computer support for the University community is:

• Computer labs and Classrooms, including Media Services equipment
• Faculty desktop systems
• Departments that directly serve the academic mission of the University
• Non-academic departments
• Affiliate programs

These standards do not apply to administrative applications (such as Schedule 25, PeopleSoft, etc…); these applications are supported separately by Information Technology.

Software Support

Information Technology has established three levels of software support

• Full Support (for Standard University-wide Supported Software)
• Limited Support (for Non-Standard, Department-Specific Software)
• Special-case Support (for Non-Standard, Classroom Instruction-Specific Software)

Full Support

Information Technology is responsible for licensing, installation, maintenance, and troubleshooting of all Standard software. This support includes:

• Purchasing and licensing
• Initial installation on new or existing machines
• Updates, service packs, patches, and repairs
• Upgrades to newer versions (once licensed, tested and approved by Information Technology)
• Phone support for commons questions through the Help Desk (ext. 4357)

Application support through Information Technology

Training and Classroom support through Information Technology Software packages and services included are (current for Summer 2016):

• Microsoft Windows  10
• Apple Mac OS 10.9 and higher
• Microsoft Office 2011 (Macintosh), Office 2013 (Windows), or Office 2016 (Windows)
• Microsoft Internet Explorer 11.x
• Adobe Acrobat Reader 11.x
• Butler email
• Butler Canvas
• Butler Listserv system (email lists)
• SPSS (Limited to those with licenses)

Limited Support

This includes software packages in use by various departments or individuals on campus that are not supported campus-wide. These packages are typically departmental or discipline specific, and are not widely used by other departments. Information Technology does not have any expertise with these applications, and does not provide technical support beyond the following:

• Initial installation
• Updates, service packs, patches, and repairs (provided by the user, not Information Technology)
• Version Upgrades (provided by the user, not Information Technology)
• Troubleshooting as related to system performance, not application related.
• Departmental and/or Individual Responsibility:
  • Initial Purchase
  • Purchase of additional Licensing
  • Purchase of Version Upgrades
  • Training and Classroom support
  • Application and Technical support is through the Vendor or Manufacturer
• Typical Limited-support Applications:
  • Adobe Acrobat
  • Adobe Illustrator
  • Adobe Photoshop
  • Adobe Premier
  • QuarkXPress
  • iTunes
  • WordPerfect

Special-case Support

In some special cases, Information Technology may provide additional support for typically non-standard software applications. This is on a case-by-case basis, and is typically reserved for support of software used for classroom instruction. Information Technology does NOT purchase this software, nor does it provide licenses or upgrades. Information Technology will provide all of the support listed for Limited-support software (see above), and will provide some application support and troubleshooting. Actual usage of the software will be the responsibility of the individual instructors or department.

Non-supported Software

In some cases, software or services are specifically not supported by Information Technology. These items may have inherent security risks, known problems, or other issues. Please do not ask for support on these items or install them on University owned equipment.

• File sharing application
• Video Games (Computer and Console)

Computer Hardware Repair Guidelines

These guidelines govern all University owned computer hardware.

Any item submitted for repair must have a University Computer Center Number (UCC#).

Personal equipment will not be repaired for any reason.

Repair priority is as follows:

• Computer Labs and Classrooms (including Media Services equipment)
• Faculty desktop systems
• Departments that directly serve the academic mission
• Non-academic departments
• Affiliate programs

Repair times are affected by parts availability and priority of repair

Warranty Repairs

• Systems under warranty will be repaired per the warranty
• 3 year warranty on any computer hardware or peripherals is required
• Departments are encouraged to purchase extended warranties beyond three years on equipment that will remain in use.
• HP and Apple computers will be repaired on campus
• Hewlett-Packard printers will be repaired on campus
• Computers and peripherals from other sources may be repaired by an outside agency
• There will be no charge to the user for any warranty repair
• Reminder: warranty repairs do not cover misuse or abuse.

Non-warranty repairs:

• Systems 3 years old (as defined by their purchase date from vendor) will be repaired to the extent necessary to maintain full functionality.
• There will be no charge to the user for computer repair for systems d 3 years old.
• If the repair is not the result of a defect or failure (ie: abuse or misuse), the user’s department may be charged for materials. There will be no charge for labor by IT, though any labor charges incurred by outside agencies will be passed to the department.

Repairs on systems four years old will include the following.

• Drives (floppy, hard disk, CD, etc…)
• Power Supplies
• Original equipment keyboards and Mice
• Monitors
• If the repair is due to abuse or misuse and not from hardware failure, the users department may be charged for materials and any labor charges incurred by outside agencies will be passed to the department.
• Systems five years old or older will not be repaired by IT, and will be the responsibility of the user’s department to replace.
• Systems downgraded to “legacy” by the manufacturer will not be serviced.

Departments should take the initiative and replace aging systems to avoid down time.

Consumable Items

Consumable items include, but may not be limited to, laptop batteries and removable media (DVD-ROMS, CD-ROMS, flash drives, etc…). These items often carry a separate warranty from the manufacturer. If they fail while under this warranty, IT will assist in having them replaced. If these items fail or wear out outside of their warranty period, then IT can assist in replacing them, but is the department’s responsibility to cover costs.

Important Note:
Data stored on individual machines is the responsibility of the user. Information Technology will make every attempt to preserve data, but backups and duplicate copies are the responsibility of the user. If you are unable to back up your data before service, you MUST inform Information Technology before the machine is picked up for service. We cannot be responsible for data loss due to user error or lack of communication. Please keep a backup on the network or removable media.

New Computer Hardware Purchasing Recommendations

Information Technology maintains a list of recommended hardware for new purchases and upgrades/replacements. This list is intended to assure compatibility with current standards, match our current support and maintenance contracts, and position the University for future expansion and upgrades. All items listed are known to be of good quality and have the requisite 3 year warranty included or available. Warranties of 3 years or greater are required for all computer, printer, and monitor purchases. Extended warranties on other peripherals, such as scanners and external drives, are highly recommended. Information Technology will not perform any repair work on out of warranty peripherals. Information Technology reserves the right to approve all computer hardware purchases. We will make every attempt to meet the needs of the purchasing department while respecting the best interest of the University. Items ordered by bypassing Information Technology’s approval may be explicitly barred from support by Information Technology.

When submitting a requisition to Purchasing, please either include a copy of the recommendation with your purchase request marked or transfer the exact specifications to your requisition form.

Used Computer Re-Allocation

All University-owned computers replaced with new equipment should be returned to Information Technology. In some instances, departments and colleges may request that a computer be used to replace another staff/faculty member’s equipment. Information Technology will approve this if:

• The used equipment is still serviceable by Information Technology (see the Hardware Support Guidelines)
• The used equipment is significantly better than what it replaces
• Only one “trickle-down” per department per new purchase
• Preference is given to the oldest computer in the department

Departments or Colleges may request a used computer from Information Technology to be used for non-critical applications. However, Information Technology does not maintain a pool of available computers for permanent allocation. When a machine is approved for use by another department, that department may be responsible for any needed upgrades, repairs, or extended warranties needed to return the machine to service. Under no circumstances will a machine that does not meet the Hardware Support Guidelines be returned to service.

• You must have a valid Butler ID or active Butler Network Account (username and password) to use a computer lab
• Academic use takes priority over all other uses
• Installation of additional software (games or otherwise) onto lab or classroom equipment is prohibited. The installation of illegal or unlicensed software is a federal offense, not just University policy
• Printing should be limited to one copy
• Equipment maintenance is to be handled by IT staff ONLY.

Prohibited Wireless Devices

Butler’s Computer Use Master Policy allows Butler users to connect their own devices to the campus network. In order to maintain optimal network operations, IT does not allow access to devices that require any modification to the existing campus network or interfere with its normal operation. To this end, certain devices are not allowed on the Butler University network unless approved by Information Technology. These devices include, but are not strictly limited to:

• Wireless Access Points (e.g., Apple AirPort Base Stations, Linksys Access Points, or Gateways)
• Routers (e.g., Cable/DSL routers)
• Any device or computer running network server services such as DHCP, DNS, SMTP, WINS, or acting as a network router (e.g., Windows Internet Connection Sharing)
• Non-Bluetooth wireless peripherals including:
  • Wireless speaker systems for your PC or stereo
  • Wireless printers (or disable wireless and print via USB)
  • Wireless Access Points (WAPs) or Routers (including Apple Airport Devices)
• Computers with Ad-Hoc Wireless Networks (Microsoft or Apple Internet Connection Sharing)
• Zigbee or Wireless USB (2.4GHz) Devices
• Devices designed for personal home networks, such as Chromecast

These devices and services are known to interfere with the operation of the Butler University network. Operation of these devices or services is a violation of University policy, and will result in loss of network access and/or disciplinary action. Intentional interruption of Butler University network services will result in further disciplinary action and/or prosecution. Click here for the complete Computer Use Master Policy. Remember, the master policy and these standards are NOT to discourage technology use, but to promote and maintain a reliable network for all to use.

Approved Wireless Devices

• Bluetooth 2.1 (or higher) compatible devices (keyboards, mice, audio headsets, etc.)
• Client devices with Wi-Fi certified 802.11a/b/g/n wireless capabilities including:
• Laptops and Desktops
• Smartphones (iOS, Android, etc.)
• Tablet computing devices (iPad, Kindle, Surface, etc.)

Note: Chromecast may not fully function on the Butler network.

View more information on wireless networking.

Due to the unique nature of many consumer devices and Information Technology’s (IT) limited ability to manage, upgrade, and repair them, IT only offers two levels of support for smartphones and non-standard devices. Butler standard devices are listed here. If a device is not on the Butler standard list, it is considered non-standard.

Basic support includes advice and general troubleshooting as they relate to:

• Butler WiFi
• Butler Email setup
• Connection to computer
• Updating of device operating systems or firmware

Basic Support Does Not Include:

• Reconciling billing issues with carriers
• Repairing hardware
• Non-vendor compliant hardware (i.e., third-party hacked or jail broken phones)
• Non-IT created application support

For these issues, please contact your wireless provider directly.

Information Technology offers a wide range of classroom- and event-related technologies and support on Butler’s campus. Please adhere to the following standards when working with IT.

Equipment Requests for Classes and Events

When requesting deliverable media equipment for all classes and events, you must notify IT of your needs at least 2 business days in advance. If you fail to provide adequate notice, IT reserves the right to deny your request regardless of circumstance.

Who Can Request Equipment

Faculty and Staff can make equipment requests for on-campus classes and events through IT. With an instructor’s permission, students can request equipment for on-campus, classroom use. Students will be asked to provide a valid Butler ID when picking up the equipment.

For on-campus equipment requests for student group events, groups must obtain permission from their Faculty advisor.

Outside groups wishing to request equipment must do so through the office of University Events. Fees may be assessed.

Off-campus Use of Equipment

For Butler-specific off-campus events, IT will allow Faculty and Staff to use deliverable media equipment. IT will not deliver equipment for off-campus events; Faculty and Staff must arrange to pick requested equipment up from IT’s office in HB315 and will be held responsible for the care and condition of on-loan equipment.

IT does not generally allow off-campus use of resources for non-Butler-specific events. Faculty and Staff with special needs in this regard may contact IT. IT reserves the right to examine individual circumstances when requests of this nature are made. In the event an individual’s request cannot be met, IT can suggest alternate media rental outlets in Indianapolis.

Equipment Failures

If a delivered or installed piece of media equipment fails, IT will attempt to solve the problem first by troubleshooting the malfunctioning equipment. If this does not offer a reasonable solution to a problem, IT will provide replacement equipment. The number of resources available at a given time is very limited, and therefore circumstances will arise where replacement of a failed piece of equipment is not an option.

If at any time you notice a piece of media equipment failing, please contact IT and provide all pertinent information.

Name: Blogging Standards
Scope: Faculty & Staff Members
Department Responsible: Information Technology
Effective Date: May 14, 2012

All members of the Butler University community who maintain content within Blogs @ Butler are expected to adhere to the following standards:

1. Butler University encourages and promotes the free expression and exchange of ideas through department, personal, group, or club blogs.
2. The content of all blogs operated through Butler University are open to public comment at the administrator’s choice. The comments are the responsibility of individual users and members, including Butler students, faculty, and staff, and do not necessarily reflect the opinions or policies of Butler University.
3. The Butler University website will not link to or promote any blog that does not adhere to published policies and guidelines for blogging and computer usage.
4. Think prior to posting. Even with strict privacy settings, information posted to blogs should not be considered private. If you would not say something in public, do not say it online.
5. Be civil and respectful, and never post vulgar, obscene, defamatory or libelous remarks. You can be held legally liable for comments you make online.
6. Do not post confidential or proprietary information. Faculty and staff must adhere to all Butler University policies and procedures, as well as Federal standards, such as FERPA and HIPAA.
7. Be respectful of copyrighted and trademark information, including Butler University logos and marks. This extends to the intellectual property of the University and that of the faculty, staff and administration who work for it. Please refer to the Marketing website for more information regarding logo usage and editorial standards.
8. Butler University reserves the right to remove any content or ban any user that violates these standards or any other established campus policies. Please review all University Computing Policies to understand your rights and responsibilities.

Administration of Standards

The oversight of these blogging standards is the responsibility of the CIO, and they should be reviewed annually.

Related Policies

• Fair, Responsible and Acceptable Use Policy
• Privacy of Personally Created Content
• Employee Code of Responsibility for Security & Confidentiality of Information
• Identity Theft Information – Storage, Disposal, Breach & Red Flags
• Federal HIPAA (Health Insurance Portability and Accountability Act)
• Federal FERPA (Family Educational Rights and Privacy Act) see Student Handbook

Dept. Responsible: Purchasing/Campus Impressions/IT
Effective Date: 6/7/12
Rev. Date: N/A

1.0 Purpose

Butler University’s Document Hardware Management Standards provide a uniform and consistent approach to the allocation and usage of all document production assets across campus. These assets include but are not limited to items listed under “Definitions”.

These standards address how document production hardware can be cost-effectively managed across the entire University.  Each individual department and college should use these standards along with the “best practices” contained in this document to assess their needs.

2.0 Scope

These standards apply to faculty, staff, and all others performing tasks on behalf of Butler University including but not limited to contractors, affiliates, student workers, and third-party providers.

Student printing is not covered by these standards.

3.0 Policy

In an effort to maintain a cost effective and productive working environment, all document production assets will be allocated based on the following criteria and charged at the appropriate rate:

• Consolidating devices when it makes sense (see section 3.1 Device Consolidation)
• Average monthly volume, departmental functions and specific document output needs (see section 3.2 Sizing and Usage Grid for Copiers and Printers)
• Distance (see section 3.3 Distance)

Standard models will be provided with optional features to provide consistency among departments and colleges and address specific departmental requirements. Asset placement and usage will be reviewed as required or necessary with departments to maintain a cost efficient print environment, to ensure the most effective use of document production resources and to improve employee productivity and departmental workflow efficiencies.

3.1 Device Consolidation

Multiple devices including copiers, printers, faxes and scanners, that are located within a close, unimpeded proximity, will be combined into a multifunction device (MFD) unless cost prohibitive. Duplication of equipment and functions will be minimized within reason. Multiple devices will be considered for areas with volume justification.

3.2 Sizing and Usage Grid for Copiers and Printers

The cost associated with an asset increases with its speed, volume and capabilities. The chart below will be used to help determine the correct device based on volume bands and features.

3.3 Distance

A networked document output device will be made available to faculty and staff within reasonable proximity to their work area (50 feet/printer, 100 feet/copier). No one will have to walk an unreasonable distance or be presented with obstacles (e.g., locked doors, multiple doors, stairs, etc.). The distance requirement will be waived for a department or college where daily work processes require printing, copying and/or involve heavy client interaction. Special consideration will be given to those with mobility impairments. Color printing will be available as required.

4.0 Procurement of New and Replacement Printers

1. Requests for a new or replacement device should be made through the IT Help Desk.
2. Standard model devices must be used unless there is a justified need for a higher level specification model.
3. Additional devices will be considered for an individual or work group based on a substantiated business need and endorsement by the department head or above.
4. Local printers (as defined in section 6.0) are not permitted except for locations where one or two staff members have a significant physical separation (e.g., different floor or building, etc.).
5. Butler will not support personal printers (as defined in section 6.0).
6. Procurement of new or replacement devices must be approved by Director level or above.

5.0 Best Practices and Recommendations:

1. Black and white printers are to be used in preference to color printers.
2. Color printing should only be utilized where it is required to convey important information that would be lost in black and white. Only the necessary pages in the document should be printed in color. Other exceptions may also apply (e.g., signage, marketing materials, etc.) when printing in color may convey the message more effectively.
3. Confidential information which is printed must be collected from the printer immediately and it is the responsibility of the person to ensure confidentiality.  To learn more on how to print using secure features, contact the IT Help Desk.
4. Output devices are to be used for business purposes only.
5. Only the necessary pages in the document are to be printed/copied.
6. Double sided (duplex) printing is highly encouraged whenever possible.
7. A copier should be used in preference to a printer when producing a large amount of copies.
8. Large capacity copying/printing jobs (more than 100 pages) should be sent to Campus Impressions. Please use Campus Impressions for submitting electronic files. PDF is the preferred file format to ensure high quality output.
9. Accept assignments electronically and encourage students to submit assignments electronically using the learning management system or email.
10. Use electronic document sharing whenever feasible.
11. 1. Print to PDF and save to the network, USB drive or other space when possible.
    2. Email PDFs instead of a hard copy.
12. Use print preview to ensure you are going to get what you expect.
13. Cancel mistakes or duplicate jobs BEFORE they print.
14. Print presentations with multiple slides on a page.
15. Change your default margin size to be slimmer.
16. Organize email electronically (don’t print and file unless it is absolutely necessary).

IT is happy to provide assistance on reducing your printing; contact the IT Help Desk for assistance.

6.0 Definitions

• Black and White Laser Printer‐ A printer that is only capable of printing in one color (black) at a time. The laser “paints” the image onto a drum, which is then transferred onto paper.
• Color Laser Printer‐ A printer that is capable of printing more than one color. The colors (yellow, cyan, magenta and black) are applied to the drum and are then adhered to the paper.
• Local Printer‐ A printer that is purchased by Butler but not residing on the network and attached to ONLY one computer and/or workstation via a USB printer cable.
• Multi Function Device (MFD)- A printer or copier capable of a variety of tasks (i.e., copying, faxing, printing and scanning) within the same device and is connected to a network and (generally) accessible by computers on that network.
• Personal Printer‐ A printer that is purchased by an individual and not residing on the network and attached to ONLY one computer and/or workstation via USB printer cable.
• Document Production Asset- Includes printers, copiers, scanners, MFDs, and stand-alone faxes.

7.0 Administration

Operational responsibility of these standards is delegated to the Vice President for Finance and Administration and Chief Information Officer. Periodically or as required, these standards will be reviewed to ensure they are up-to-date and applicable in the current environment.

8.0 Related Policies

None

9.0 Revision History

Created January 2012 and effective 6/7/12

View information on Butler’s Learning Management System Policy and Procedures.

Butler’s Computer Use Master Policy allows Butler students to connect their own devices to the campus network. In order to maintain optimal network operations, IT requires that certain security standards be met.

Antivirus Protection

Every student should have functioning and up-to-date antivirus software installed on each of their computers. Once installed, it is the student’s responsibility to keep the program up-to-date and periodically scan their computer for viruses. Computers found to be infected by a virus will be removed from the network due to the security risk(s) they pose.

Updates

Automatic operating system updates must be enabled on all computers, tablets, and smartphones in order to better protect your devices. Learn more about automatic Windows and Mac updates.

Firewalls

Firewalls must be enabled on all computers. Learn how to enable your Windows or Mac firewall.

Additional Information and Helpful Resources

• Safe Computing
• Windows Security
• Mac Security

View Qualtrics Policies and Terms of Agreement.

Automatic Mac Updates
View information on updating your Mac.

Firewall Protection
View instructions for enabling the firewall on your Mac.

Faculty and Staff Software Updates

This section contains information about automatic update settings on Butler computers with the Microsoft Windows operating system. Automatic updates will normally be applied once a month.

1. When updates are available, a notification will appear near the clock in the system tray. Click the icon to immediately install the updates.
2. If you do not install the updates on your own they will be applied automatically overnight and your machine will be rebooted.

Always log off (not lock) your computer when you leave for the day. Updates that install overnight will most likely require a system reboot.
Update Process Overview
In order to keep Butler’s systems secure, it is necessary to apply software updates to most computers on a regular basis. All updates go through a testing process to mitigate the impact to end users. Updates will be applied on a monthly basis unless the severity of an update requires otherwise.

The process:

1. Critical updates are downloaded and tested by IT.
2. After testing, updates are published to all Butler computers.
3. In the days following, all computers will receive the updates and notify the logged on user that they are ready to install. If no user is logged on, the computer will install the updates and reboot automatically overnight. If a user is logged on, they will get a warning before the system reboots.

Student Software Updates

In order to keep the Butler network secure, it is necessary to apply software updates on a regular basis. IT recommends setting your computer to update automatically.

Virus and Malware Protection

Viruses and Malware are defined as “a variety of forms of hostile, intrusive, or annoying software or program code.” These programs are designed to infiltrate computer software, and sometimes can be used to capture personal data and information or damage your computer.
Malware can do the following:

• Create popups, even when you don’t have a browser window open
• Steal your passwords & credit card numbers
• Track every web site you visit
• Cause your computer to run slower by using up system resources

To reduce your risk of getting a virus, IT suggests that you do the following:

• Avoid using file sharing programs, such as Limewire or Bittorrent
• Follow precautions when accessing email and attachments
• Software Updates – Learn about one of the most critical steps to protecting your computer in the Faculty/Staff and Student sections above.
• Firewall Protection – Ensure your firewall is enabled.

Removal Tips
Try running a virus scan using your antivirus software. If removal fails, please contact the IT Help Desk as soon as possible. It is against the Computer Use Policy to continue to access the Butler network with a virus, and you may lose access until the virus has been removed.

Firewall Protection

Learn how to protect your computer from hackers by enabling the firewall.