P-R

Summary Philosophy

Azusa Pacific University acknowledges that as technology advances into the new millennium, communication and interactions will incorporate developing technologies that provide easier and cheaper avenues of providing for color, full motion, improved sound, and even touch. The university restates the presupposition that it will generally lag behind cutting-edge technologies long enough to provide for “debugging,” a stable environment, and somewhat-reduced pricing.

General Assumptions

We have not yet reached the stage where the percentage of the university operating budget for computer technology as a utility is sufficient to support computers for part-time staff and adjunct faculty.

It is recognized that there may be a need for a part-time staff or adjunct faculty member to have a computer. Until strategic planning incorporates computers for this group as a whole, requests are individually reviewed.

A formal request can be made by filling out the IT Computer Request Form and submitting it to the IT Support Center. The formal request must include the following:

1. Signatures of department heads, chairs, and deans
2. Justification for the request
3. Date submitted

Criteria Used in Decision-Making

The following criteria are used:

1. Can the person use other computers located around the campus? If not, why not?
2. What are the specific tasks and uses that require computer usage?
3. What percentage of the job description relates to this usage?
4. Does the person have an office that includes data and electrical?
5. Is there a shared printer in reasonable proximity to the office?
6. Will computer usage by the part-time employee be monitored?
7. Are there specific requirements beyond the university standards for either hardware or software?

Once the form has been received by the IT Support Center, a work order is generated and an email sent to the requestor with the work order number as notification that the form has been received and is in process. The form is reviewed by IT and a decision communicated to the requestor in the form of a response to the work order with an explanation of the decision.

If the computer request is approved, the requestor will be asked for an account number for the payment of the computer at a cost of $6,000.

Appeal Process

In the event that the computer request is denied, the requestor may submit a written request for review with the deputy chief information officer/executive director of IT.

Appendix A: Policy Routing

Status: Approved (approved on November 1, 2000)
Revised on: October 17, 2005

Purpose

The primary purpose of this policy is to inform, educate, and set expectations for the members of the university community of their individual and corporate responsibilities towards the use of peer-to-peer applications using the university’s network.

Scope

This policy addresses the issues, impacts, and concerns with file sharing aspects of peer-to-peer networking applications using the university’s network.

Background

While the definition is controversial, generally a peer-to-peer (often referred to as P2P) computer network refers to any network that does not have fixed clients and servers, but a number of peer nodes that function as both clients and servers to the other nodes on the network. This model of network arrangement is contrasted with the client-server model. Any node is able to initiate or complete any supported transaction. Peer nodes may differ in local configuration, processing speed, network bandwidth, and storage quantity. Put simply, peer-to-peer computing is the sharing of computer resources and services by direct exchange between systems. Many researchers are looking into the practical uses of this technology.

This policy intends to make it clear that P2P architecture is not in question. What is a concern, however, is one of the most prevalent uses of this technology: P2P file sharing applications used for the distribution of copyrighted content. BitTorrent, µTorrent, Morpheus, KaZaA, Aimster, Madster, AudioGalaxy, and Gnutella are examples of the kinds of P2P file sharing software that can be used inappropriately to share copyrighted content. Note that some of these applications use more than one means of network transport, and can be used to transfer non copyrighted content. Our purpose is to address abuses, rather than implicate the technology itself. Along with copyright infringement, other concerns of P2P file sharing applications include network resource utilization, security, and inappropriate content.

For the purposes of this policy, a peer-to-peer file sharing application is any application that transforms a personal computer into a server that distributes data simultaneously to other computers.

Policy

It is the policy of APU that the university’s network connections may not be used to violate copyright laws. The unauthorized reproduction of copyrighted materials is a serious violation of APU’s Internet Acceptable Use Policy, as well as U.S. Copyright Laws, as discussed above.

In order to ensure compliance with the Recording Industry Association of America (RIAA), the Motion Picture Association of America (MPAA), and law enforcement, peer-to-peer file sharing has been restricted by the university. All peer-to-peer file sharing network activity will be monitored and usage tracked. Network activity that utilizes peer-to-peer applications that have a high prevalence for distributing copyrighted material will be blocked.

Enforcement of Policy

If an artist, author, publisher, the Recording Industry Association of America (RIAA), the Motion Picture Association of America (MPAA), or a law enforcement agency notifies the university that a faculty/staff member or student is violating copyright laws, IT will provide to the relevant offices within the university information in the form of Internet Protocol (IP) address information and any information from logs to assist in the investigation of the complaint. If appropriate, action will be taken against the violator in accordance with university policy. In some cases, violations of university policy can result in suspension or revocation of network access privileges without refund of network access fees and/or civil or criminal prosecution under state and federal statutes.

Exception Process

If you believe that a restriction has been placed incorrectly, contact the IT Support Center to request that a site, application, or service be allowed. For this process you will need to provide your name, living area or office location, a current contact number, type of service being blocked (website, application, game, etc.), and a justification as to why the service should be whitelisted. Due to the complex nature of peer-to-peer services, IT will provide best-level effort to seek a solution for legitimate P2P services. Fortunately, most popular applications (such as games from Blizzard Entertainment) will automatically fall back to a direct internet connection if they determine that P2P is not available. In addition, a number of legal options exist for obtaining access to copyrighted materials. A comprehensive list can be found on the Educause website.

Impact

Copyright Infringement

Downloading or distributing copyrighted material—e.g., documents, music, movies, videos, text, etc.—without permission from the rightful owner violates the United States Copyright Act and several university policies. While it is true that a number of artists have allowed their creative works to be freely copied, those artists remain very much the exception. It is best to assume that all works are copyright-protected except those that explicitly state otherwise.

Students, faculty and staff who may be in violation of copyright law not only place themselves at risk, but they may be exposing Azusa Pacific University to liability as an institution for contributory or vicarious infringement—e.g., using university network resources to obtain the material and/or to store the material on university computers and/or servers.

Impact to APU’s Network

Peer-to-peer file sharing applications typically allow a user to set up their computer so that other people can access specific files on their computer. This process, in effect, converts the user’s computer into a server. While this might seem like a nice service to offer, there are some serious drawbacks. A user’s computer acting as a server can place an enormous burden on APU’s network(s). This single computer/server can severely impact the performance of APU’s network—for example, music files (MP3) are usually very large, 2-10 MB, and movie files (DivX) can be enormous, averaging 600 MB.

Purpose

To implement regulations that safeguards the universities valuable data and enterprise computing equipment.

Scope

The scope of this policy is limited to physical access to the IT Network Operation Centers (NOCs).

Background

Traditionally APU has relied upon trust of the various employees within IT to determine whether an individual should have access to the NOC’s. This has proved to be inadequate as network and server stability has become more critical in maintaining an efficient, reliable, and secure environment. The current compliance environment requires that APU secures access to servers and storage devices that contain private and confidential information.

Policy

Physical access will be limited to APU employees whom the Associate Director of Network Services approves to have access to the NOC locations. The criteria for access to the NOC’s will be based on: The individual’s need to work physically with Network, Server, Telecom, related equipment The frequency which the individual will need such access.

If the frequency is less than once per month then the individual will be escorted by an authorized employee who has access.

Enforcement

Card key locks will be maintained on all NOC doors. The access list will be maintained by the Manager of Systems Engineering in cooperation with the university locksmith.

Appeal Process

All appeals will be submitted to the Associate Director of Network Services and then escalated up the business structure for further review.

Exceptions

Facilities Management employees will continue to be granted access to the NOCs via traditional key lock. This access should be used for maintenance of HVAC systems, power, and fire alarm. The use of this access will be audited and reviewed by the Associate Director of Network Services to ensure proper use is being practiced. In case, misuse is detected the Associate Director of Network Services will contact the employee’s manager to discuss the misconduct.

Purpose of the Policy

University software standards and guidelines have been agreed upon by the University Information Management Committee (UIMC) in an effort to be consistent with appropriate strategic technology for the partnership. Software standards have been agreed upon to be non-negotiable. Thus, it is intentional that the number of these standards be kept to a minimum. The intention of this document is to communicate protocol for amending, adding, or requesting exceptions to these standards.

Exceptions to the Standards

Where special circumstances occur due to faculty/departmental specific requirements, legal, or other issues, exceptions may be made to the standard formally through the UIMC. These exceptions can be requested through the Chief Information Officer for discussion and subsequent vote at the UIMC.

Amendments to the Standards

Standards can be amended, deleted, or added to by written submission to the UIMC through the Chief Information Officer. A process of evaluation related to technology impact, and stakeholder analysis is undertaken by the Director of Network and Operations within four weeks of the request.

The Director of Network and Operations will submit the request with a formal evaluation and recommendation to the UIMC for final discussion and approval.

Appendix A -- Policy Routing

Status:
Edit Date:

• This policy was approved by the IT Cabinet on
• This policy was approved by the UIMC on

Approved by: John C. Reynolds, Vice President of Information Technology
Author: John C. Reynolds, Vice President of Information Technology

Purpose of the Policy

The use of electronic mail/messaging has become the standard form of business communication within organizations. It is often necessary to communicate to standard groups of addressees within the organization for communication or information purposes. Examples of this at Azusa Pacific University are APU Everyone, APU Faculty, etc.

The preferred method of large address communication is through existing channels, however, there are situations where a message to a large community is necessary. This “Acceptable Use of Public Address Lists” policy addresses this organizational need.

New public address lists (permanent name lists that exceed a specific area of accountability or influence), are created by request through the Office of the Chief Information Officer in order to protect the organization, and the impact to the members of these lists.

In comparison, private address lists are created by individual users to address their common communities such as departmental faculty, staff (departmental lists), or special interest groups.

Scope

The public address list policy provides guidelines for the use of electronic mail communications for all Azusa Pacific University faculty, staff, and administration.

Policy

Correspondence sent to APU’s distribution lists is considered to be a business document that is vital for all staff and faculty. The appropriate use of public address lists should be to support employees in their jobs, or for APU community business and meeting notifications.

The use of APU’s distribution lists should be consistent with the university’s email policy, and should NOT be used for personal thoughts, opportunities, chain letters, employee businesses, personal political stances, sale of personal items, or for any other personal reasons. Information should be relevant to APU affairs, issues, or events that are critical and of an urgent nature.

“APU Everyone” email is a community communication vehicle that keeps the APU community informed, in many cases on critical organizational issues. APU Everyone email may only be sent by the President’s Cabinet. Anyone who wishes to send a message to APU Everyone must have said message approved and sent by one of these offices.

Prayer requests are encouraged, but should be coordinated through the community prayer coordinator, Rachel Lopez. Send all prayer/praise messages to her, and she will consolidate them and send them out as a community prayer item at least once a day. These prayer requests should consist of one to two sentences. Updates should be provided no more than once a week, and should also be one to two sentences.

APU News email is optional. Any APU faculty and/or staff may choose to remove themselves from the APU News distribution list by going to the Cougars’ Den and clicking on the Edit “APU News” options link in the “Account Management” channel. Next, uncheck the box next to APU News and click Done to be removed from this distribution list. Addition to and removal from the list is possible at any time simply by checking or unchecking this box.

Attachments, such as video clips, images, word documents, etc., should not be attached to APU News emails without prior approval from the Office of the CIO.

APU Students email is a distribution list for all students (undergraduate, graduate, doctoral and degree completion) to keep them informed of APU wide activities and events. APU Students may only be sent by the Office of Campus Life or the President’s Cabinet.

Please remember that there are public folders for your use, including a folder for personal sales. These folders should be used for those items that would be less likely to fit into the standards set forth for the APU Everyone and APU News distribution lists.

The policy above is reflected in the “Fair Use Agreement” signed by all Internet users (faculty and staff), and in the policy on computer usage in the APU Staff Handbook (page 66). In both policies, it states that excessive personal use or inappropriate use of the computer systems may result in disciplinary action, which may lead to termination.

Appendix A: Policy Routing

• This policy was approved by President’s Cabinet on January 21, 2003.
• This policy was revised September 19, 2005, and approved by President’s Cabinet.

Approved by: John C. Reynolds, Vice President of Information Technology
Author: John C. Reynolds, Vice President of Information Technology

Purpose

This policy and procedure explains the value of computer refreshes and describes how Information Technology (IT) implements this policy. This refresh policy is designed to be published to the APU community to make this procedure more transparent.

Scope

This policy applies to all Azusa Pacific University employees, and addresses the following issue: refresh of computer systems.

Value

Azusa Pacific University provides all full-time faculty and staff, some student workers, and some part-time faculty and staff (according to policy) with university-owned computers. In addition, APU has computers in many classrooms, labs, and libraries. These computers have become critical to the day-to-day functions at APU.

In order to maintain pace with technology change, and to manage acceptable support levels, these computers need to be upgraded in a cyclic fashion in order to maintain their business value and functionality. These upgrades are described as a “computer refresh.” A computer refresh is a business value and support decision made in conjunction with administration and IT. As IT is accountable for all hardware purchases for APU, it has the ability to maintain a master inventory and aging list of all computers.

Standard

The industry standards that APU has adopted are that every desktop configuration is considered for refresh every four (4) years from purchase, and laptops, netbooks, and tablet PCs every three (3) years from purchase. This is a significant financial commitment and thus it is critical that all stakeholders (administration, faculty, staff, and IT) consider this process critically as responsible financial stewards.

Procedure

IT will compile a refresh list through inventory management that identifies which computers should be refreshed each fiscal year. This list will be completed by March 30 of each year, and will then be distributed to deans and vice presidents via an IT webpage. IT will work with deans and vice presidents to finalize the refresh lists by June 15.

An IT computer technician will contact the client of the identified computer to schedule an appointment for the refresh to take place. When the IT computer technician comes to do the refresh, they will pick up the computer needing to be refreshed and transfer all of the files in the user’s folder to the new computer. They will also install any other departmentally required software and configure the new computer for use. The refreshed computer will be held by IT for at least one week in case any information was not transferred to the new computer.

Impact

While IT staff are always looking for ways to make the refresh less intrusive on clients, the refresh is still a process that can take several hours depending on the amount of files that need to be transferred and departmentally required software that needs to be reinstalled onto the refreshed computer.

Requests for accelerating the refresh schedule of a computer for faculty and staff must be made through the office of the chief information officer, have dean- or vice-president-level approval, and include a departmental account number for the computer to be charged against. The computer being refreshed will be returned to IT and cannot be kept by the department for other computer needs. If additional computers are needed, submit a computer request form through the IT Support Center.

All computers purchased through the refresh process are owned by APU and under the trustee of IT.