User Agreement

Moraine Valley Community College remains committed to delivering technological resources that facilitate the achievement and growth of its faculty, staff, students, and the broader community. The college must also safeguard the confidentiality, integrity, and availability to ensure their effective use in promoting and fulfilling the college’s mission. This agreement serves as a formal agreement between the college and users who are granted access to assets. This agreement outlines uses of assets and identifies prohibited activities, with the goal of minimizing risk to the college. The user agreement aligns with Board policy.

This agreement applies to all individuals who receive and use enterprise assets, including faculty, staff, students, community members, and any other individuals operating college-owned assets. All users are responsible for reading, understanding, and adhering to the terms of this agreement. Additionally, users must familiarize themselves with all related standards.

 

Definitions:

  • Users: Refers to faculty, staff, student, or community members.
  • Assets: College-owned accounts, electronic devices such as desktops, laptops, and mobile phones, IT systems and networks, institutionally licensed or managed software, as well as cloud-based services and virtual environments.

 

  1. User responsibilities:
    1. All college assets are provided to users on a temporary basis and are solely used for college related purposes.
    2. Only authorized technologies and services may be used. Any software installed on college-owned assets must support institutional operations or educational activities and comply with the established software approval process.
    3. All issued IT assets and related data issued by the college must be returned upon departure. This applies to employees who are no longer employed by the college, as well as students who are no longer actively enrolled, continuing their education, or using the device for the intended purpose. Additional rental terms may be applied at the time of rental.
    4. Always secure physical workspace and lock computers when leaving them unattended. information systems hardware and media that contains protected information will be in areas that are protected from physical intrusion, theft, fire, flood, excessive temperature/humidity or other hazards.
    5. Users are only authorized to use assets for legitimate educational and administrative purposes in accordance with applicable policies, procedures, and regulatory requirements. They are fully responsible for all activity conducted under their usernames and the potential consequences.
    6. Users may only access assets, operating systems, applications, files, and data for which they have been explicitly authorized. Users with the technical ability to access or manipulate data does not mean permission to do so.
    7. Connections to the wireless college network must use college credentials except for guests using the guest network. The guest network is designed with reduced speeds to prioritize faculty, staff, and students.
    8. Users are responsible for safeguarding the information, systems, and related assets under their control against loss, damage, or unauthorized access. Assets must be regularly maintained and updated with the latest security patches.
    9. Respect the privacy of individuals and apply reasonable and careful measures to maintain confidentiality, integrity, and availability. 
    10. Only authorized individuals may post content or express opinions that represent the college on social media, blogs, or other online platforms. Unauthorized users must not create the impression of speaking on behalf of Moraine Valley Community College.
    11. Users are required to maintain the confidentiality of all information and knowledge about information systems acquired during their employment or education.
  2. Password requirements
    1. All passwords must be unique.
    2. Passwords created by users must also not be used for personal accounts.
    3. Passwords must not be shared by users.
    4. Passwords must be a minimum of 14 characters.
    5. Accounts will be automatically locked for a specified time after five failed login attempts.
    6. Users shall treat their passwords as confidential information.
    7. All default user passwords must be changed at the first login.
    8. Users must update their password at minimum once a year.
    9. Use Self-Service Password Reset tool or visit the Help Desk in person to change their password. Students can also call or visit the Help Desk.
  3. Multifactor authentication
    1. Users must use multifactor authentication to access externally facing applications, where supported.
    2. Users must use multifactor authentication to access applications hosted by a third-party service provider, where supported.
    3. All remote users must use multifactor authentication to access internal systems and applications.
    4. Multifactor authentication is required for all administrative accounts on all college assets, whether managed on-site or through a third-party provider.
  4. Workstation backups
    1. Users are responsible for ensuring that all college-related data stored on college workstations are properly backed up in compliance with the college’s data retention and protection requirements.
    2. To ensure data , and recoverability, users must use one or more of the following approved backup methods:
      • Microsoft OneDrive.
      • Microsoft Teams.
      • MVCC Network Drives or File Shares.
    3. The use of personal cloud storage services (e.g., personal Dropbox, Google Drive) is not permitted for backing up college data, due to security and compliance risks.
    4. The Information Technology department will provide guidance and support to users in configuring backup solutions and will monitor compliance where applicable.
    5. In the event of data loss, Information Technology will assist in recovering data from backup sources, if data was stored using approved backup methods.
    6. Failure to back up college data using approved methods may result in data loss.
  5. Sensitive data
    1. Ensure that Personally Identifiable Information (PII), confidential, and any sensitive data that may be covered by government or other regulation, is not readily available or accessible on their desks or within their workspace.
    2. Only share your data or college data with authorized individuals and through secure, approved communication channels. Avoid sharing data via public platforms, email, or unauthorized third-party tools.
    3. Sensitive data of any kind should never be accessed on public computers including podium and lab computers.
    4. Never enter sensitive data into an artificial intelligence system.
    5. Consult the Data Security Agreement for comprehensive data protection guidelines. Promptly report any data breach, unauthorized access, loss, or suspected misuse of college data to the informationsecurity@morainevalley.edu.
  6. Prohibited use Users operating Moraine Valley assets must not:
    1. Engage in any activity that intentionally disrupts, damages, or impairs college-owned software, hardware, or other resources, or that interferes with others' ability to access or use those resources.
    2. Use resources that violate laws, license agreements, or other college policies including sexual misconduct, discrimination or harassment.
    3. Attempt to access systems for which you or others do not have authorized permission.
    4. Use unapproved, unauthorized, pirated, or unlicensed software.
    5. Neglect or delay the application of security updates; systems must remain current and secure. Ensure that security updates are applied promptly and systems are kept up to date to prevent vulnerabilities.
    6. Set up rogue access points.
    7. Share their passwords or permit others to use their accounts.
    8. Alter, delete, or manipulate college data of any kind unless authorized to do so. Ensure that any changes made are accurate, traceable, and properly documented.
    9. Disclose information for any purpose other than fulfilling educational or college-related responsibilities, and individuals must take appropriate measures to safeguard the confidentiality of personal information.
    10. Store sensitive personal data on college assets or store sensitive college data on personal devices.
    11. Make physical alterations to college-owned assets and maintain them in their original, neutral condition, as these assets may be repurposed in the future. Do not place branding or stickers on devices.
    12. Leverage the “Remember Me” or “Remember my Password” function inside of a browser.
  7. Personal use of college assets
    1. Users are permitted limited personal use of college assets, such as visiting websites and checking personal email accounts.
    2. Users must not use personally owned accounts (e.g., Apple ID, Google Account, Microsoft Account) for device-wide accounts (e.g., Android, iOS, Windows) on college devices unless permitted by the college. Users must work with Information Technology to create college-specific accounts for required assets and third-party services, such as creating a college-owned Apple ID for an Apple device.
    3. Users must not use enterprise license keys on personal devices unless authorized by the college.
  8. Privacy Expectations
    1. Users should have no expectation of privacy when using college resources. The college reserves the right to monitor, access, and disclose all activities and information generated using assets. This includes, but is not limited to, files, messages (with attachments), and system logs, which may be retained and used as evidence in audits, investigations, or legal proceedings.
  9. Reporting Violations
    1. Any individual who becomes aware of an incident that compromises confidentiality or violates any standard, policy, procedure, related requirement, or applicable law must report it immediately to their supervisor or Student Conduct.

 

Failure to comply with these guidelines may result in disciplinary action, including revocation of access. The College may refer criminal activity to law enforcement.

Email: Informationsecurity@morainevalley.edu

Phone: (708) 974-5438

Print Article