PURPOSE:
ICOM's email services support the educational and administrative activities of the College and serve as a means of official communication by and between users and ICOM. The purpose of this policy is to ensure that this critical service remains available and reliable, and is used for purposes appropriate to the College's mission
SCOPE:
This policy applies to all members of the ICOM community who are entitled to email services.
POLICY:
ICOM provides email services to faculty, staff and students. Use of ICOM email services must be consistent with ICOM's educational goals and comply with local, state and federal laws and university policies.
Faculty and Staff
Email services are available for faculty and staff to conduct and communicate College business. Incidental personal use of email is allowed with the understanding that the primary use be job- related, and that occasional use does not adversely impact work responsibilities or the performance of the network.
Email services are provided only while a user is employed by the College and once a user's electronic services are terminated, employees may no longer access the contents of their mailboxes, nor should they export their mailbox to a personal account before departure.
Faculty and staff email users are advised that electronic data (and communications using the College network for transmission or storage) may be reviewed and/or accessed by authorized ICOM officials for purposes related to College business. ICOM has the authority to access and inspect the contents of any equipment, files, or email on its electronic systems.
Students
Email services are available for students to support learning and for communication by and between the College and themselves. The services are provided only while a student is enrolled in the College and once a student's electronic services are terminated, students may no longer access the contents of their mailboxes.
Student email users are advised that electronic data (and communications using the ICOM network for transmission or storage) may be reviewed and/or accessed in accordance with ICOM's Acceptable Use Policy. ICOM has the authority to access and inspect the contents of any equipment, files or email on its electronic systems.
Confidential Information
When sending ICOM Level III data (as described in the ICOM Data Security Policy), the user must encrypt the protected data in a method approved by the office of Information Technology.
Malware
ICOM email users should be careful not to open unexpected attachments from unknown or even known senders, nor follow web links within an email message unless the user is certain that the link is legitimate. Following a link in an email message executes code, that can also install malicious programs on the workstation.
Identity Theft
Forms sent via email from an unknown sender should never be filled out by following a link.
Password Protection
ICOM’s policy requires the use of strong passwords for the protection of email. A strong password must contain digits or punctuation characters as well as letters.
Shared Email Groups
Teams that provide services in response to email requests should create a shared mailbox (Google Group) to help support team functional continuity for managing requests sent via email. Further information about shared mailboxes can be obtained from IT about setting up Google Groups.
Staying Current
Official ICOM communications such as urgent bulk email, course email, and ICOMInsider should be read on a regular basis since those communications may affect day-to-day activities and responsibilities
Compromised Accounts
An email account that has been compromised, whether through password-cracking, social engineering or any other means, must be promptly remedied with the appropriate means. The appropriate means will include a password reset, review of account settings, computer scans and malware disinfection to prevent possible leakage of PII, spamming, potentially infecting others and degradations of network service. If the account is being used to harm others at ICOM and the owner cannot be reached in a reasonable period of time (“reasonable” being driven by the negative impact to the ICOM community), the office of Information Technology will reset the password. Should the same account be compromised three or more times in any 12-month period, the account will be immediately suspended, and will not be re-enabled until the user notifies the Director of Information Technology to ensure that all remediation has taken place, and is provided with remedial training.
RESPONSIBLE OFFICIALS:
Director of IT/Information Security Authority, Faculty, Staff, and Students
POLICY OWNER:
Chief Information Officer/Information Security Authority
APPROVED:
Effective: 8/23/21
Last Reviewed: 1/24/25
Review Requirement: Annual