Policies

Information Technology Services (ITS) maintains policies and procedures related to the appropriate and secure use of information technology resources at the College.

Key Policies:

Account Management

Account Creation and Termination

The Accounts Workflow process for initiating creation and termination requests for Lafayette NetIDs and access to services is used for all new hires, transfers, retirements, and terminations, and applies to all part time and temporary employees.

Account Creation

Human Resources (for staff) and the Office of the Provost (for faculty) authorize the creation of NetIDs for new full time, part time, and temporary employees by sending an Accounts Workflow Request to ITS containing information provided by hiring departments. This is known as the Accounts Workflow process and should initiated by contacting either office at least ten working days prior to an employee’s start date.

Human Resources or Office of the Provost initiates the Accounts Workflow Request during the same time that payroll authorization is created. For new hires, ITS creates a Lafayette NetID, grants access to services, and arranges to evaluate and address desktop system needs for the new employee.

Information Technology Services notifies hiring supervisors by email once the new hire’s NetID is created. The email will include NetID information, explain the access granted, and provide pointers to additional information and/or assistance. The hiring supervisor should communicate this information to the new hire as soon as possible.

Learn more about NetIDs

Account Termination

For all employee terminations, transfers, and retirements, ITS receives Accounts Workflow Requests from Human Resources (staff) and Office of the Provost (faculty). Hiring supervisors will be notified via email once access has been terminated. This email may also include information that should be shared with the employee. Note that the Help Desk does not accept new-hire, transfer, retirement, or termination notifications. Access to campus systems cannot be granted or terminated until Human Resources or the Office of the Provost receives the appropriate documentation, prepares the necessary payroll authorization, and submits it to ITS.

The amount of time NetIDs remain active varies according to institutional role.

Students

Access to email is closed during February following the year of graduation. Alumni may configure a Lafayette email forward (e.g., name@alumni.lafayette.edu) by joining the Alumni Online Community as described on the Alumni website. The NetID remains open to provide access to IT Services for Alumni. Students who transfer out or resign from the College retain all access for thirty-days following the date effective provided by the Office of Advising and Co-Curricular Programs. The NetID remains active for  Banner Self-Service access.

Staff Terminations

Accounts will be disabled on the termination date specified by Human Resources in the Accounts Workflow Termination Request. When it is anticipated that College business-related email may continue to be sent, hiring supervisors may request a temporary, thirty-day auto-reply on a former employee’s email account to instruct senders where to direct such business. Requests are made to the Help Desk and should include the content for the auto-reply.

Faculty Terminations

For full-time faculty with a termination date of June 30, access to services is removed on August 31 of the same year. For other faculty, access is removed the day following the date provided by the Office of the Provost in the Accounts Workflow Termination Request. The NetID remains active to allow for access to Self-Service Banner.

Faculty emeriti and other retirees

For faculty voted to emeriti status, access to all services, including email and with the exception of departmental files shares, is retained in perpetuity. Access to departmental shares is removed the day following the transfer date provided by the Office of the Provost in the Accounts Workflow Transfer Request. Access to personal file shares remains in place. In addition, the account will be added to a retiree and emeriti email list.

For all other faculty and staff retirees who wish to retain access to Lafayette services, requests must be submitted to Human Resources in writing via email or letter for authorization. Once authorized, the account will change from active to non-emeriti retiree status. These accounts will retain email access, network access on-campus, and access to Banner Self-Service, and the account will be added to a retiree and emeriti email list.

Problem resolution

Any problems should be directed to the office that provides ITS with the information it uses to manage the account creation/removal process, i.e., Office of Advising and Co-Curricular Programs (students), Office of the Provost (faculty), or Human Resources (staff).

Group Email Accounts

Campus organizations that require a group email account can request that one be created.

Address Forwarding

Address forwarding accounts allow all members of a group to receive messages sent to the account address, but do not provide the ability to send mail from the account. Instead, messages sent to the group account address will be automatically forwarded to the individual email address of each group member. Direct access to an address forwarding account via Webmail or an email client is not possible. One member of the group will be the account owner and will be responsible for communicating group membership changes to Information Technology Services (ITS).

Example

  1. An address forwarding account, e.g., linguists@lafayette.edu, is created.
  2. An owner of the address forwarding account will be designated and will communicate the members of the group to ITS.
  3. Each member of the group will receive messages sent to linguists@lafayette.edu through their individual email account.

Shared Email Accounts

Shared email accounts function like an individual email account but the username and password for the account are shared among the members of the group. A shared account can be used to send as well as receive mail; any member of the group can log in to the account with the shared credentials via Webmail. The credentials are designated for use only with the shared email account. They may not be used to access other services. One member of the group will be the account owner and will be responsible for communicating the account password to group members as well as ensuring that all group members use the account in accordance with the College’s Acceptable Use Policy and see the Help website for information about using shared accounts .

Requesting a Group Account

Group email accounts can be requested by academic or administrative department heads. Accounts for official student groups can be requested by the faculty adviser for the group, who must also assume responsibility as the account owner. All requests will be evaluated on a case-by-case basis.

To request a group account, submit a ticket to the Help Desk. You will be contacted by an ITS staff member who will help determine the best type of group account for your needs.

Requesting Changes to a Group Account

Requests to change the ownership of a shared email account or the members of an address forward should be sent to the Help Desk at help@lafayette.edu or (610) 330-5501.

Department Accounts

Each department at the college has a generic account it can use to send and receive email. These accounts are configured to be able to post to the campus-wide announcement lists, and should be used instead of a particular employee’s email account.

Only specific people in each department have permission to use the department email account. If you do not know the username and password for your department, you should open a ticket with the Help Desk. ITS will then work with you to verify that you are able to use the account, and reset the password.

Guidelines for Strong Passwords

It is Information Technology Services’ (ITS) policy that passwords used to access computing systems at Lafayette be strong. ITS strongly encourages the use of strong passwords for all other computing systems.

A strong password is one that is more secure by virtue of being difficult for a machine or a human to guess. Password strength can be achieved by incorporating the following characteristics; the more characteristics you incorporate into your password, the stronger it will be.

Characteristics of strong passwords

  • At least 8 characters—the more characters, the better
  • A mixture of both uppercase and lowercase letters
  • A mixture of letters and numbers
  • Inclusion of at least one special character, e.g., ! @ # ? ]
    Note: do not use < or > in your password, as both can cause problems in Web browsers

A strong password is hard to guess, but it should be easy for you to remember—a password that has to be written down is not strong, no matter how many of the above characteristics are employed.

While all systems that use the Lafayette NetID and password for authentication support a password with the above characteristics, please note that other systems may not support similarly strong passwords. For example, a system may not recognize case, may have a limit on the number of characters, or may not allow special characters. ITS recommends that in these situations users incorporate as many strong password characteristics as the system will allow.

Examples of weak passwords

  • Any word that can be found in a dictionary, in any language (e.g., airplane or aeroplano).
  • A dictionary word with some letters simply replaced by numbers (e.g., a1rplan3 or aer0plan0).
  • A repeated character or a series of characters (e.g., AAAAA or 12345).
  • A keyboard series of characters (e.g., qwerty or poiuy).
  • Personal information (e.g., birthdays, names of pets or friends, Social Security number, addresses).
  • Anything that’s written down and stored somewhere near your computer.

Tips for keeping your password secure

  • Change it regularly—once every three to six months.
  • Change it if you have the slightest suspicion that the password has become known by a human or a machine.
  • Never use it for other websites.
  • Avoid typing it on computers that you do not trust; for example, in an Internet café.
  • Never save it for a web form on a computer that you do not control or that is used by more than one person.
  • Never tell it to anyone.
  • Never write it down.

Tips for creating a strong password

Think of a word or phrase, and then substitute the letters with numbers and special characters and mix the case. For example:

  • Snoopy and Woodstock becomes Sno0py&ws
  • In the dog house becomes !nTh3dawgHs
  • Let’s have dinner at 8:00 p.m. becomes Lhd@800pm

Think of a word and a number, then intermix them and mix the case. For example, your elementary school name (Main Street Elementary) and your pet’s birth month and year (12/96) becomes m1A2/i9n6

Website Accounts

Lafayette WordPress accounts, used to create and maintain websites using the WordPress content management system, are available to all Lafayette College students and employees. Accounts must be used in accordance with the College’s Acceptable Use Policy, and Information Technology Services (ITS) reserves the right to limit the use of technologies that might compromise the security and integrity of the College’s IT resources.

Websites can be requested for:

  • Departments/Offices
  • College committees
  • Student organizations
  • Personal sites
  • Events
  • Courses/Class projects

Requests for WordPress accounts should be made using the Website Request form. The individual designated as the site administrator will be contacted within three business days with information about the account.

Website types

How a site is designed and developed, its web address, and how it will be linked to from the College website depend on the site’s function.

  • Departments/Offices: Official divisions, departments, programs, and offices will be provided with a WordPress theme that conveys the site’s official College affiliation. The sites have Lafayette subdomain web addresses (e.g., engineering.lafayette.edu, govlaw.lafayette.edu) and are hosted on forge.lafayette.edu.
  • Student organizations/College committees: Sites for student organizations and College committees are expected to represent the organization as a whole. Although pages on the site may be developed by any member(s) of the organization, the organization president or committee chair will be responsible for all content. These sites reside on sites.lafayette.edu and will have addresses that identify the organization or committee (e.g., sites.lafayette.edu/asb, sites.lafayette.edu/squash).
  • Personal pages: Sites that represent a student’s or employee’s personal and academic interests are the creative expressions of the authors. These sites reside on sites.lafayette.edu and have addresses that include the Lafayette NetID (e.g., sites.lafayette.edu/ballyc).
  • Events: Sites can be requested for one-time or recurring events. These sites reside on sites.lafayette.edu and have addresses that identify the event (e.g., sites.lafayette.edu/stemconference).
  • Courses/Class projects: Faculty members may request WordPress sites for courses and/or class projects. An entire class, groups, or individuals can be given access to a site’s administrative tools. These sites reside on sites.lafayette.edu and have addresses that identify the course (e.g., sites.lafayette.edu/eng240-fa19). Faculty members requesting sites for courses and class projects will be contacted by an Instructional Technologist who can consult about site development.

WordPress Help

A collection of help documents on how to get the most out of (and into) your WordPress site is available on the Help website.

Site Administrators

To ensure the overall content and quality of the College’s web presence is high, a “primary administrator” is identified for each departmental and program website. The primary administrator serves as a single point of contact with the Web Content Management team.

We contact the primary administrator regarding the following:

  • Communications regarding the health and quality of the site
  • Information about WordPress training and updates to WordPress tools and services
  • Outages or other critical events related to the site
  • Reports concerning the quality and accessibility of the site

Site Tip

Use the Site Administrator Update Form to designate a new primary site administrator for your departmental or program website.

Privacy and Security

Confidentiality, Privacy, and Security

Appendix R of the Lafayette College Faculty Handbook. (As amended February 7, 2006, by faculty motion 05-11.)

Lafayette College cherishes freedom of expression and the value of privacy for all members of the Lafayette community. Private communication via computer is treated with the same degree of protection as other forms of private communication.

Information Technology Services (ITS) provides reasonable security measures against intrusion and damage to files stored on the central computing facilities. Current technology, however, is not capable of providing complete protection against unauthorized access. Therefore, the confidentiality of e-mail and other system files cannot be assured. In addition, members of the ITS staff may inadvertently see the contents of e-mail or user files due to address errors or as a result of maintaining the system. In such cases, ITS staff members are required to keep the contents of e-mail messages and user files confidential.

Users should be aware that e-mail is a written record and, once delivered, enters the control of the recipient and like other written documents may be admissible as evidence in internal and external proceedings. Messages and/or user files that have been deleted may be retained on the College’s system backup files as part of standard computing services procedures. All users should be aware of the system limitations and use reasonable caution when transmitting confidential materials.

College Privileges

By attaching personal computers or other devices to the College’s network, users consent to College use of scanning programs for security purposes on those resources while attached to the network.

Information technology systems routinely log user actions in order to facilitate recovery from system malfunctions and for system management purposes. The logs of user actions or other information obtained by the scanning programs for security purposes should be treated as confidential in the same manner that user files and e-mails are treated as confidential. ITS is required to post policies and procedures concerning logging of user actions, including the extent of individually-identifiable data collection, data security, and data retention.

Conditions of College Access

ITS endeavors to respect the privacy of all users, but cannot guarantee it. Members of ITS staff are forbidden to log on to a user account or to access a user’s files unless the user gives explicit permission. Exceptions to this privacy policy are made, however, under the following conditions:

  • when required to do so to preserve public health and safety;
  • when necessary to preserve or restore system integrity or security;
  • when required by federal, state, or local law; or
  • when there are reasonable grounds to believe that system resources are being used in violation of law or College policy.

If any of the conditions described above is present, the CIO as well as one other senior officer of the College—the Provost (for faculty users), the Dean of Students (for student users), or the Vice President for Human Resources (for administrative or staff users)—must agree that there is sufficient cause to review a file or e-mail message before it can be accessed without the user’s permission. The appropriate senior officer of the College shall preserve this agreement in writing, identifying the sufficient cause and the file(s) or message(s) to be accessed. Once sufficient cause has been established, the appropriate senior officer of the College and the CIO may then have access to the file(s) or message(s). Information obtained in this manner is admissible in legal proceedings or in a College hearing. At the earliest possible opportunity that is lawful and consistent with other College policy, the appropriate senior officer of the College shall notify the affected individual of the action(s) taken and the reason for the action(s) taken.

Periodic Review

The three senior officers of the College and the CIO shall report annually to the Faculty Academic Policy Committee on the effectiveness of this policy.

Logging of User Actions

Systems operated by Information Technology Services (ITS) automatically log information related to user actions. This information is required for proper operations, effective troubleshooting, and information security operations. The type of information logged varies with each system, but typically includes network addresses of local devices, destination addresses, and network ports being used. Log files often associate login times and locations with Lafayette NetIDs. Log retention time varies by system and the amount of data collected by the system. Access to log files is restricted to authorized staff with the appropriate credentials.

Services

Electronic Recycling

This policy applies to all College-owned computers and electronic devices that are being replaced. There are three possible dispositions:

  • Reuse: the devices still have value to Lafayette and will be reused on campus.
  • Donate: the devices are of no value to Lafayette but may be usable by an outside non-profit agency; we will donate them to those qualifying organizations that have requested used equipment.
  • Recycle: the devices have no value, and must be recycled by an e-waste processor.

Information Technology Services Responsibilities

Reuse

For those devices that can be reused at Lafayette, Information Technology Service (ITS) will become the new owner and distributor, regardless of the budget source that funded the original purchase. For all new computer systems being installed, it is required that the old system be returned to the recycling program. We will work with other constituencies to relocate the old systems. Except for unusual circumstances, they will be installed “as-is” and are not to become part of the inventory of products that qualify for life cycle funding or future replacement.

Donate

For devices that will be donated, ITS will accept requests from outside organizations and pre-qualify them. When a sufficient number of devices become available, ITS will make donation arrangements, including pickup at our Lafayette storage site by the recipient.

Prior to donation, ITS will ensure that all electronically stored data will be erased based on Department of Defense standards. Due to licensing agreements, no other software can be included with donated computer system.

Recycle

For devices to be recycled, ITS will provide a temporary storage location until a sufficient number are accrued to constitute a shipment. Prior to donation, ITS will ensure that all electronically stored data will be erased based on Department of Defense standards. ITS will contact an e-waste vendor and arrange for the pickup from the storage location.

Reuse/Donate/Recycle

  • ITS will provide a storage/staging location to house the systems.
  • ITS will erase all electronically stored data.
  • ITS will assist the user department with arrangements to have the devices moved by Plant Operations from the user department location and to the storage location. ITS staff cannot pick up equipment.
  • ITS will arrange with Plant Operations to load devices from the storage location to a vehicle for machines being donated or recycled.
  • ITS will pay all reasonable Plant Operations moving fees from the Technology Budget. No transfer of funds request will be made back to the user department.

User Department Responsibilities

The user department is responsible for coordinating arrangements with Plant Operations to pick up the devices and deliver them to the ITS storage area.

Remote Access VPN

The Lafayette College remote access Virtual Private Network (VPN) service allows computers to connect to the Lafayette data network from off-campus, thereby granting those computers the same access, rights, and privileges as computers attached to the campus network directly.

Scope

This policy governs appropriate use of the VPN by all employees, students, and third party workers.

Policy

Users and machines connected to the VPN must abide by all policies of the College including, but not limited to, the Computing and Networks Appropriate Use Policy and the Data Stewardship Policy.

Additionally:

  • It is the responsibility of users with VPN privileges to ensure that unauthorized users are not allowed access to Lafayette’s internal networks.
  • All computers that access the VPN must adhere to any posture criterion set by the College.
  • It is the responsibility of instructors, supervisors and department heads to:
    • determine which of their course/office/department’s college activities can and cannot be performed via the VPN from off-campus;
    • determine under what circumstances it is appropriate for an employee to use the VPN to conduct college business, and to request the approval of the Human Resources Office when necessary;
    • communicate the above to their students/employees.
  • All costs associated with network access from off-campus are the responsibility of the VPN user.
  • Only VPN clients provided by Information Technology Services (ITS) can be used to connect to the VPN.
  • It is the responsibility of all VPN users to keep secure all files, keys, and passwords required to connect to the VPN.
  • Some services (e.g., Banner INB) are accessible only on College-owned computers.
  • Personally-owned computers that fail to meet the software security standards of College-owned computers may not be allowed access to the VPN.

Server Colocation

Information Technology Services (ITS) provides a physically secure and environmentally-controlled data center space (i.e. co-location space, or just colo) for organizational, or departmental servers. Individuals using the colo facility are responsible for their own servers, and must adhere to the College’s Acceptable Use Policy.

The colocation service offers the following:

  • Rack space, environmental control, and power
  • Statically assigned IP addresses with DNS
  • One 10/100/1000 Ethernet port
  • Keyboard/Video Display/Mouse (KVM)
  • Escorted facility access 9:00 a.m. to 4:00 p.m. Monday through Friday
  • Basic assistance with physically installing and removing the server

Requests for space may be emailed to colo@lafayette.edu.

More Information:

  • Only rack mount servers which use A208 power can be colocated. ITS reserves the right to inspect the server before it can be approved for colocation.
  • No server hardware or software will be provided by ITS.
  • Any misbehavior (malicious behavior, AUP violations, or vulnerable systems) will result in a server being shut down. Chronic misbehavior will result in permanent loss of colocation privileges.
  • Access to the colocation space should be scheduled in advance by emailing colo@lafayette.edu.
  • Users accessing the colocation space must bring photo ID.
  • Periodic communication between ITS and server administrators will be necessary. If we do not receive timely responses, servers may be removed from the colocation space; unclaimed servers will have their hard drives wiped and be recycled.
  • Power User/Administrator equivalent accounts must be provided to ITS staff. ITS staff will only use this access in emergency situations (power outage, security breach, etc.). Full root/administrator accounts are NOT desired and ITS will not be responsible for any server malfunction should the the root/administrator login credentials be provided.
  • Monitoring of the servers will be performed by ITS in accordance with the College’s AUP.
  • Terms, conditions, and availability of the colocation service are subject to change without notice, although efforts will be made to give as much advanced notice as possible.
  • ITS reserves the right to deny colocation services.

Technology Support in College Spaces

Information Technology Services (ITS) provides technology support in many College spaces, which are defined below, and during the following times:

Supported College spaces

  • All smart classrooms
  • Colton Chapel, Marquis Dining Hall, and the Wilson Room in Pfenning Alumni Center
  • Meeting rooms with installed technology (e.g., Marlo Room, HR conference room)

Supported times

  • Monday through Friday, 8:00 a.m. to 4:00 p.m.

ITS support defined

ITS will respond to help requests in supported College spaces, as well as provide assistance setting up equipment or presentations at the start of an event (with advance notice).

If training is needed with the installed equipment, contact the Help Desk at least 7 business days prior to the event to schedule a consultation with someone from ITS. More information about installed technology is available on the ITS website.

If an event requires support beyond what is outlined above (e.g., additional technology is needed, support is needed outside of the hours above), contact the Help Desk as soon as possible to arrange a consultation regarding what third-party options may be available. Fees may apply and ITS cannot guarantee the availability of third-party equipment and/or support.

ITS installs equipment designed to be user-operated and provides training on the use of this equipment.

Room reservations

All reservable space on campus is managed through the Scheduling Office. To reserve space for an event, contact the Scheduling Office at reserve@lafayette.edu or (610) 330-5077, or visit their reservation webpage.

Guest access to the network and smart classroom computers

If a guest requires network access or use of a smart classroom computer, a College sponsor should use the Guest Account Creation Utility to create a temporary login for the guest. These logins are valid for 72 hours from the time they are created.

Audio and video recording

ITS provides training for faculty, staff, and students to create audio and video recordings, but ITS does not provide staffing audio or video recording.

Terms of Use

Acceptable Use

Lafayette College’s information technology (IT) resources are intended to support the educational, administrative, and campus life activities of the College. The use of these resources is a privilege extended to members of the Lafayette community, who are expected to act in a responsible, ethical, and legal manner. In general, acceptable use entails behavior that respects the rights of others, does not compromise the security or integrity of IT resources, and complies with all applicable laws and license agreements.

This policy establishes specific requirements for the use of computing and network resources at Lafayette College. As with other College policies, violation of the Acceptable Use Policy can result in disciplinary action.

Scope

This policy applies to all users of IT resources owned or managed by Lafayette College. IT resources include all College owned, licensed, or managed hardware and software, as well as the College network, regardless of the ownership of the device connected to the network, the means of connecting, or the locale from which the connection is made.

Policy

  1. Federal, State, and Local Laws. Users must comply with all federal, state, and other applicable law; all applicable College rules and procedures; and all applicable licenses and contracts. Examples include but are not limited to laws pertaining to libel, copyright, trademark, child pornography, and hacking; the College’s code of student conduct; the College’s Principles of Intellectual Honesty; the College’s sexual harassment policy; and all applicable software licenses.
  2. Authorization. Users may use only those IT resources they are authorized to use, in the manner and to the extent authorized, and they must not attempt to subvert or bypass College-imposed security mechanisms. Ability to access computers, computer accounts, computer files, or other IT resources does not, by itself, imply authorization to do so. Accounts and passwords may not be shared with or used by persons other than those to whom they have been assigned by the College. Users must make a reasonable effort to protect passwords and secure resources against unauthorized use.
  3. Fair Share of Resources. Users must respect the finite capacity of the College’s IT resources and limit their use so as not to consume an unreasonable amount of those resources or to interfere unreasonably with the activity of other users. Information Technology Services may set limits on an individual’s use of IT resources or require that an individual user refrain from specific uses in order to assure that these resources can be used by anyone who needs them. Reasonableness of use will be assessed in the context of all relevant circumstances, but any use that degrades the performance of the College network or interferes with the ability of others to use IT resources or with the College’s educational or business activities will be considered unacceptable.
  4. Personal Use. Users may not use IT resources to campaign for or against a candidate for political office or for commercial purposes inconsistent with the College’s tax-exempt status. Personal use of College IT resources for other purposes is permitted when it does not interfere with the performance of one’s job or other College responsibilities, does not compromise the functionality or degrade the performance of IT resources, does not consume a significant amount of IT resources, and is otherwise in compliance with this policy. Further limits on personal use by College employees may be imposed in accordance with normal supervisory practices.

Privacy and Security

The College takes various measures to protect its information resources and users’ accounts. However, you should be aware that the College cannot guarantee privacy and that it is the responsibility of individual users to engage in prudent practices by establishing appropriate access restrictions for their accounts and safeguarding their passwords.

The normal operation of the College’s IT infrastructure requires backing up data, logging activity, monitoring general usage patterns, and other such activities. While the College does not generally review the content of information contained on a computer or transmitted over the network, exceptions are made under the following conditions:

  • when required to preserve public health and safety;
  • when required to preserve or restore system integrity or security;
  • when required by federal, state, or local law; or
  • when there are reasonable grounds to believe that IT resources are being used in violation of law or College policy.

Permission to review individual data can come only from the Vice President for ITS and CIO in conjunction with one other senior officer of the College. For more information on privacy issues, see the “Statement of Confidentiality, Privacy, and Security,” Appendix R in the Lafayette College Faculty Handbook.

Enforcement

Violations of this policy will be handled according to normal disciplinary procedures. However, a user’s IT use privileges may be temporarily suspended by Information Technology Services prior to the initiation or completion of these procedures when there is a reasonable basis to believe that an individual is in violation of this policy.

Archiving, Renaming, and Redirecting Websites

Archiving and Deleting Websites

In order to maintain a current and accessible web presence, Lafayette College archives and deletes a website when it is no longer needed, the individual(s) responsible for it have stepped down from their responsibilities, or it is no longer maintained.

If a site has not been updated in the last 12 months, College Archives will review the site to determine if it should be archived. If so, they will verify that there is a copy of the website in the College’s web archive.

Information Technology Services (ITS) will then notify the site’s administrators that the College considers the website out of date and will make the site inaccessible in 30 days. An inaccessible website can not be reached by the public, but site administrators can access it and the content remains.

If there is no response from the site administrators, ITS will send a second notice email notifying them that the College has made their site inaccessible and will delete it in five months time.

Five months after the second notice — six months after the site was flagged for deletion — ITS will send a final notification about the website’s imminent deletion. Twenty-four hours later, ITS will delete the site.

Policy for Former Employees and Students

Within 30 days of an employee or student leaving the college, College Archives will verify that there is a good copy of the website in the College’s web archive. Once the archive is verified, the site is made inaccessible to the public and scheduled for deletion in six months’ time.

Policy for Alumni

Alumni retain access to their websites until January of the year following their graduation. Starting in January, College Archives will verify the archive for each alumni site. Once the archive is verified, the site is made inaccessible to the public and scheduled for deletion in six months’ time.

Renaming Websites

From time to time departments, offices, and individuals find they need to rename the web address of their website.

ITS and the Communications Division evaluate requests to rename websites on a case-by-case basis based on how difficult the sites are to move and what systems such a move would affect.

When ITS renames a site it will redirect traffic from the old site to the new site according to the “Redirecting Web Traffic” policy.

Redirecting Website Traffic

ITS will redirect all traffic from the former site to a landing page on the new site explaining the redirect and pointing to important resources on the new website. This redirect will be maintained for six months. The College does not maintain one-for-one page redirects.

Identifying Broken Links

When ITS archives, deletes, or redirects a website the Communications Division will identify internal and external links which reference old content and make every effort to contact the administrators of those sites and advise them of the forthcoming change.

Code Copyright Policy for Employees

For employees not covered by the Faculty Handbook, Lafayette College owns the copyright on the code for projects developed as part of their job responsibilities. The suggested attribution for such code is as follows (actual attribution may vary based on the preferred style of the project in question).

Copyright 2017 Lafayette College

In the event the developer’s name should be included, suggested attribution is:

Copyright 2017 Lafayette College (Jack Russell developer)

On work-for-hire projects, the College’s contract with outside vendors should clearly identify the College as the owner.

The College does not own the copyright to projects explicitly not developed as part of their job responsibilities (e.g., a project rejected by the College that employees continued to work on during their own free time).

Copyright Infringement

Lafayette’s Computing and Networks Acceptable Use Policy requires that users comply with all applicable federal, state, and local laws, including laws pertaining to copyright.

Campus network users who violate copyright law by using file-sharing programs to exchange music, videos, software, or other digital content without the consent of the copyright owner risk losing network access; repeated violations will result in disciplinary action.

When the college receives a violation notice stating that copyright infringement has been detected on Lafayette’s network, Information Technology Services (ITS) notifies the network user that they must remove or disable access to the infringing material on their computer. Upon a second notification to a student, network access for their personal computer will be suspended and the matter will be referred to the Office of the Dean of Students for appropriate disciplinary action. Upon a second notification to faculty or other employee, the appropriate senior officer of the college will determine the action to be taken. Lafayette College will terminate all network access for anyone who repeatedly infringes on the rights of copyright holders.

FAQ: Copyright law and the illegal use of file-sharing programs

Q: What is copyright?
A: Copyright is legal protection of intellectual property provided by the laws of the United States. Copyright applies to works in all media, not just print, and it covers all forms of a work, including its digital transmission and subsequent use. One of the most common forms of copyright violation involves downloading or sharing songs and movies from the Internet without the express consent of the copyright owner.

Q: What is the law concerning digital copyright?
A: The Digital Millennium Copyright Act (DMCA) obligates the College to block access to infringing material when a copyright violation is reported. Members of the community who engage in illegal file-sharing are subject to civil penalties from copyright owners as well as disciplinary action from the College.

Q: Is sharing and downloading music files and videos illegal?
A: File-sharing is illegal when it involves copying or distributing copyrighted materials, usually music and movies, but also TV programs, text, games, software, and images, without permission from the copyright owner.

Q: What kinds of activities violate the federal law?
A: Here are some examples of copyright infringement that may be found on a network:

  • You make an MP3 copy of a song because the CD or audio file you bought expressly permits you to do so. But then you offer your copy online using a file-sharing program so others can download it.
  • You join a file-sharing network and download unauthorized copies of copyrighted music from the computers of other network members.
  • You make a movie or large segment of a movie available on a Web site without permission of the copyright owner.

Q: How is copyright infringement detected?
A: The representatives of copyright owners, such as the Recording Industry of America (RIAA) and the Motion Picture Association of America (MPAA), regularly scan the Internet for file-sharing programs (for example, BitTorrent, Gnutella, and Ares) that exchange music, films, or software belonging to the copyright owners they represent. If copyright infringement is detected, they send a violation notice to the owner of the network where the unlawful file-sharing has occurred. The violation notice contains information that can be used to identify the network location of the offending computer.

Q: What happens if the violation notice leads to your computer?
A: When Lafayette receives a violation notice, Information Technology Services notifies the network user that they must remove or disable access to the infringing material on their computer; otherwise, their network connection will be turned off. Upon a second notification to a student, network access for their personal computer will be suspended, and the matter will be referred to the Office of the Dean of Students for appropriate disciplinary action. Upon a second notification to faculty or staff, the Provost or the College’s General Counsel (respectively) will determine the action to be taken. Lafayette College will terminate network access for anyone who repeatedly infringes on the rights of copyright holders.

Q: I need to disable file sharing on my computer, how do I do that?
A: Each peer-to-peer client works differently. Please contact the Help Desk at help@lafayette.edu or (610) 330-5501 for assistance.

Q: To whom should copyright infringement be reported?
A: Lafayette’s agent under the Digital Millennium Copyright Act is:

Peter Hoernle
Information Technology Services
copyleft@lafayette.edu
(610) 330-5801

Data Stewardship

Many individuals in the Lafayette community have access to information during the course of their work that must be protected.

Such information includes, but is not limited to:

  • Personal information (e.g., social security numbers, dates of birth, student records, and financial aid data).
  • Proprietary information (e.g., College financial data and donor information).
  • Regulated information, the disclosure of which is subject to regulatory compliance (including HIPAA, FERPA and GLBA).

This policy establishes specific requirements for handling sensitive digital information at Lafayette College. As with other College policies, violation of the Data Stewardship Policy can result in disciplinary action.

Scope

This policy applies to all employees and students of Lafayette College, as well as temporary workers, consultants, vendors, and any other parties that have a relationship with the College.

Policy

It is the obligation of everyone to protect the confidentiality of sensitive information, all of which may be released only when properly authorized. The following guidelines apply specifically to sensitive information in digital format:

  • Storage. Whenever technically feasible, sensitive information should be stored on institutionally-provided systems with appropriate access control and not on an office computer or a removable storage device (e.g., USB drive). If a computer must be used to store sensitive information, it must be in a secure location, and each individual authorized to use the computer should have a unique logon with a strong password. Sensitive information should not be stored on a laptop unless absolutely necessary, nor should it be stored in third-party cloud services not supported by the College (e.g., Dropbox).
  • Backup. All sensitive information should be backed up, and backups should be stored on institutionally-provided systems.
  • Mobile Devices. Special care must be taken when traveling with sensitive information on a portable device. Access to your laptop or other mobile device requires a strong password where supported. Sensitive information should only be stored on mobile devices temporarily, and should be deleted when no longer needed.
  • Transmission. Sensitive information must be transferred only over secure media. If a medium is not secure (e.g., the Internet), mechanisms to secure the data must be used (e.g., unencrypted files transferred over a Virtual Private Network or encrypted files transferred over an insecure network).
  • Passwords. Users with access to sensitive information should use strong passwords for their Lafayette NetID and Banner accounts, and change these passwords regularly.

Data Retention Policy

Course Retention: Moodle

Information Technology Services (ITS) will retain Moodle course sites for seven years from the point of the course site’s creation. After seven years the course site will be deleted. This archiving process is tiered:

ITS will maintain course sites in an active instance of Moodle for the most recent five years.

  • Sites are accessible to, and may be edited by, faculty.
  • Sites are accessible to students if the course site is visible.

ITS will maintain a site in an offline archive for an additional two years.

  • Sites are inaccessible to faculty. Faculty may request temporary access to a course by contacting the Help Desk.
  • Sites are inaccessible to students.

Faculty who wish to retain a course should download and store a local copy. Faculty will be reminded annually of the course archiving and deletion schedule.

Course Retention: WordPress

WordPress course sites will be retained for five years from the point of the site’s creation. Courses can be edited by faculty and their designees and will remain available as set by the site owner. At the five year point ITS will notify the instructor of record that their site will be deleted. Once confirmed by the site owner, the site will be removed from WordPress. A static HTML export of the site can be provided to the site owner upon request.

Voicemail Recordings

Any voicemail stored in your inbox folder older than 30 days will be automatically deleted. If you wish to retain a voicemail longer than 30 days, it must be moved to the saved folder, where saved voicemails are kept for one year.

Zoom Recordings

Information Technology Services (ITS) will retain Zoom recordings for 60 days from the point of the recording’s creation. These recordings are stored in the account holder’s Zoom portal. After 60 days a recording will be placed into the trash of the account holder’s Zoom portal. Recordings can be restored from the trash within 30 days, but will be permanently deleted after 30 days.

All Zoom recordings are automatically uploaded to the Zoom meeting owner’s Kaltura My media account.

Maintenance Policy

Information Technology Services routinely performs maintenance on College IT systems. This maintenance takes several forms.

Scheduled Maintenance

Service-affecting changes that require downtime are scheduled for Wednesdays from 3 a.m.-7 a.m., but can be planned for other days and times depending on the requirements of the service. ITS requires at least three business days notice to schedule and test the work involved; this lead time varies depending on the service.

Scheduled maintenance are announced ahead of time via the ITS website and social media accounts on Facebook and Twitter.

Emergency Maintenance

In situations when immediate changes are needed to preserve the integrity of systems or data, maintenance may be implemented during during normal business hours with little to no notice. An explanation will be posted to the ITS website afterwards.

Regular Maintenance

Maintenance that does not require a service outage may be done during normal business hours. The community will be notified of regular maintenance changes as appropriate.

Maintenance Blackouts

There are times during the academic year when scheduled system changes are suspended in order to minimize disruptions to IT systems. The general guidelines for these blackouts are as follows:

  • End of summer, move-in, and start of classes
    • Duration: 2 weeks (the week prior to the start of term and the week of the start of term)
  • End of semester, finals week
    • Duration: 2 weeks (the week prior to finals and the week of finals)
  • College-observed holidays and closures
    • Any Wednesday before a holiday, during a holiday, or when the College is closed

The maintenance blackout guidelines are not absolute. Requests for a blackout exception should be sent to the Help Desk at help@lafayette.edu or (610) 330-5501.