PURPOSE:
This Acceptable Use Policy (AUP) outlines the guidelines and expectations for the appropriate and responsible use of Idaho College of Osteopathic Medicine (ICOM) technology resources. The purpose of this policy is to ensure the secure, ethical, and efficient use of these resources in support of the Institution's mission of osteopathic medical education, research, and service. This policy aims to protect ICOM's information assets, network, systems, reputation, and users from misuse, security threats, and legal liabilities. This policy applies to all individuals who are granted access to ICOM's technology resources, including on-premises infrastructure and cloud-based services (including SaaS applications).
SCOPE:
This policy applies to all users of ICOM's technology resources, including but not limited to:
- Faculty
- Staff
- Administrators
- Students
- Researchers
- Affiliates
- Volunteers
- Contractors
- Vendors
- Guests authorized to use ICOM's technology resources
This policy covers all ICOM-owned, leased, managed, or used technology resources, including but not limited to:
- Computer hardware (desktops, laptops, servers, mobile devices)
- Software applications (institutionally licensed and SaaS applications)
- Network infrastructure (wired and wireless networks, internet access)
- Email systems
- Internet and web access
- Telecommunication systems (phones, voicemail)
- Data and information stored on ICOM systems or accessed through ICOM resources
- Cloud-based services and platforms used for institutional purposes
- Any other technology resource provided or authorized by ICOM
DEFINITIONS:
- Firewall: A network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.
- IDS/IPS (Intrusion Detection and Prevention System): A security appliance that monitors network traffic for malicious activity and can either alert administrators (IDS) or automatically block or prevent the activity (IPS).
- Network Segmentation: The practice of dividing a network into smaller, isolated segments to improve security and performance.
- VLAN (Virtual Local Area Network): A logical grouping of network devices that allows them to communicate as if they were on the same physical network segment, regardless of their actual physical location.
- VPN (Virtual Private Network): A technology that creates a secure and encrypted connection over a less secure network, such as the internet.
- WPA3 (Wi-Fi Protected Access 3): The latest and most secure Wi-Fi security protocol.
POLICY:
General Principles:
- Users are responsible for using ICOM's technology resources in a manner that is ethical, legal, respectful, and consistent with the Institution's mission and values.
- Use of ICOM's technology resources is primarily for academic, administrative, research, and other legitimate institutional purposes.
- Users are expected to exercise good judgment and common sense when using ICOM's technology resources.
- Users are responsible for protecting their ICOM accounts and passwords and for ensuring the security of any devices they use to access ICOM resources.
- ICOM reserves the right to monitor the use of its technology resources to ensure compliance with this policy and for other legitimate business purposes, in accordance with applicable laws and policies.
Acceptable Use:
Users are permitted to use ICOM's technology resources for purposes directly related to their role at the Institution, including:
- Conducting academic coursework and research.
- Performing administrative duties and tasks.
- Communicating with colleagues, students, and external partners for institutional purposes.
- Accessing approved software and online resources relevant to their work or studies.
- Participating in online learning activities and accessing educational materials.
- Engaging in other activities that directly support the Institution's mission.
Prohibited Uses:
The following uses of ICOM's technology resources are strictly prohibited:
- Illegal Activities: Engaging in any activity that violates federal, state, or local laws, including but not limited to copyright infringement, illegal downloading or distribution of software or media, harassment, discrimination, threats, and unauthorized access to other systems or networks.
- Unauthorized Access: Accessing or attempting to access systems, accounts, data, or networks for which the user has not been explicitly authorized. This includes attempting to circumvent security measures or gain elevated privileges.
- Disruption of Services: Intentionally or negligently disrupting the operation of ICOM's technology resources, including overloading networks, introducing viruses or malware, or interfering with the use of resources by others.
- Commercial Use: Using ICOM's technology resources for personal financial gain, commercial activities, or private business ventures unrelated to the Institution, unless specifically authorized by ICOM.
- Unauthorized Software or Hardware: Installing or using unauthorized software, hardware, or devices on the ICOM network without prior approval from the IT Department.
- Circumventing Security Measures: Attempting to bypass or disable security controls implemented by ICOM, including firewalls, antivirus software, and access controls.
- Sharing Accounts: Sharing ICOM user accounts, passwords, or access credentials with others is strictly prohibited. Each user is responsible for the activity conducted under their own account.
- Sending Spam or Unsolicited Communications: Sending unsolicited bulk emails (spam), chain letters, or other unauthorized communications using ICOM's email systems or network.
- Harassment and Offensive Content: Creating, accessing, storing, or transmitting content that is harassing, discriminatory, offensive, obscene, pornographic, defamatory, or threatening.
- Misrepresentation: Impersonating another individual or misrepresenting one's affiliation with ICOM when using technology resources.
- Excessive Personal Use: Using ICOM's technology resources for excessive personal use that interferes with the user's responsibilities or burdens the Institution's resources.
- Unauthorized Monitoring: Monitoring the network traffic or electronic communications of other users without explicit authorization.
- Violation of Vendor Terms of Service: Violating the terms of service or acceptable use policies of third-party vendors, including SaaS application providers, when accessing their services through ICOM's network or with ICOM-provided accounts.
- Bypassing Security Policies: Circumventing security policies or configurations implemented by ICOM.
Email and Internet Use:
- ICOM's email systems and internet access are provided primarily for institutional purposes. Reasonable personal use is permitted, provided it does not violate other aspects of this policy and does not consume excessive resources.
- Users should exercise caution when opening email attachments or clicking on links from unknown or untrusted sources to prevent phishing attacks and malware infections.
- Downloading or accessing inappropriate or harmful content from the internet is prohibited.
Social Media Use:
- Use of social media should adhere to the ICOM Social Media Policy. This policy governs the use of social media when representing the Institution or when personal use may impact ICOM's reputation.
Personally Owned Devices (BYOD):
- Personally owned devices connected to the ICOM network or used to access ICOM resources must comply with this Acceptable Use Policy and any additional requirements outlined in the Mobile Device Management Policy or other relevant policies.
Reporting Violations:
- Users who become aware of any violations of this Acceptable Use Policy should report them to their supervisor, the IT Help Desk, or the Information Technology Office immediately.
ENFORCEMENT:
Violations of this Acceptable Use Policy may result in disciplinary actions, up to and including warnings, suspension or termination of account access, suspension or termination of employment or student status, and potential legal consequences, consistent with other ICOM policies and procedures. The IT Department is responsible for investigating suspected violations and enforcing this policy.
MONITORING:
ICOM reserves the right to monitor and log the use of its technology resources, including internet activity, email communications, and system access, to ensure compliance with this policy, investigate security incidents, and maintain the integrity and security of its systems and data. Such monitoring will be conducted in accordance with applicable laws and institutional policies.
PRIVACY:
While ICOM respects user privacy, users should have no expectation of privacy when using ICOM's technology resources. Institutional business needs may necessitate access to and review of user activity and data on ICOM systems.
POLICY EXCEPTIONS:
Exceptions to this policy may be granted in limited circumstances by designated authorization authorities (e.g., Chief Information Officer, System Administrator), with appropriate justification and compensating controls documented.
POLICY REVIEW AND UPDATES:
This Acceptable Use Policy will be reviewed and updated at least annually, or as needed to reflect changes in technology, legal requirements, institutional policies, or best practices. The IT Department is responsible for coordinating policy reviews and updates.
POLICY OWNER:
Chief Information Officer
APPROVAL:
Effective: 8/23/21
Last Reviewed: 7/8/25
Review Requirement: Annual