Information Technology
Back to All Babson Back to All Babson
Close
Babson CollegeBabson College logo
High School Programs

Acceptable Use Policy

I.  Purpose

Babson College provides access to and use of its Information Technology Resources and Assets to authorized Users to support its educational and administrative activities. This Acceptable Use Policy (AUP) describes the terms and conditions of such access and use by authorized Users, whether through Information Technology Resources and Assets or through Personal Devices using any Information Technology Resources and Assets.

 

II.  Definitions

  • Acceptable Use refers to the access and/or use of Babson’s Information Technology Resources and Assets by a User as authorized by, and in accordance with, the terms of this AUP.
  • Information Technology (IT) Resources and Assets includes all systems, resources, services, equipment, devices, networks, data, content, and media that is owned, contracted and/or controlled by or on behalf of the College, including but not limited to all operating systems, digital resources, hardware, software, telecommunications and other equipment, apps, databases, storage facilities, computers, IT security tools, and other technologies.
  • User means all faculty, staff, students, alumni, affiliates, volunteers, providers, suppliers, vendors, contractors, consultants, visitors, guests and others whom the College authorizes to access or use any IT Resources and Assets in accordance with the role and/or responsibilities of the User.
  • Personal Devices means all equipment or devices that are privately owned or provided by a third party neither under contract with, nor controlled by or on behalf of the College.

 

III.  Policy

A. Statement of Acceptable Use Policy

This AUP applies to all Users whom the College authorizes to access or use any IT Resources and Assets.  Access to and use of IT Resources and Assets is a privilege extended to Users to allow them to perform functions and activities in furtherance of the College’s non-profit mission, including educational and administrative activities.  Only Users may access or use IT Resources and Assets, and only to the extent of the User’s authorization.  In addition, all Users must act efficiently, responsibly, ethically and remain in compliance with the terms of this AUP, the scope of their authorization, applicable law, and other applicable College policies and procedures.  By using or accessing any of Babson's IT Resources and Assets, Users agree to comply with, and be subject to, the terms of this AUP. 

Users are prohibited from accessing or using IT Resources and Assets to engage in any activity that could adversely affect the security, performance, operations, or availability of IT Resources and Assets, that is inconsistent with or conflicts with the College’s tax-exempt status, or that would subject the College to liability.  Failure to comply with this AUP may result in legal action, contract termination, and/or disciplinary action up to and including the limitation or denial of access to IT Resources and Assets, dismissal from the College, and/or termination of employment or other recognized status.

 

B. Additional Obligations

Users must additionally comply with the following obligations:

  • Users must protect IT Resources and Assets, including data (regardless of where it is stored or accessed), in accordance with applicable College policies and procedures, including but not limited to Babson’s Policy on Data Classification & Handling;
  • Users must always protect their credentials (username/password). See the Authentication and System Access section below for more details;
  • Users must abide by all pertinent licensing and contractual obligations. Information resources licensed by the College for the use of its students, faculty, or staff may only be distributed as permitted by the applicable license;
  • Users may not use IT Resources and Assets in furtherance of an independent business or commercial activity except as part of an approved College program or sanctioned campus organization or activity in accordance with applicable College policies and procedures. The College reserves the right to remove, without warning, any unapproved commercial activities on any IT Resources and Assets;
  • Users should promptly report any known or suspected security incidents or breaches, any lost or stolen IT Resources and Assets, any known or suspected security policy violations or compromises, or any suspicious activity to the Information Security team at informationsecurity@babson.edu;
  • IT Resources and Assets are made available to faculty and staff for College activities and business purposes. Faculty and staff may make limited and incidental personal use of certain IT Resources and Assets, provided such use is in accordance with applicable College policies and procedures and at a level that is determined by the College to be reasonable; and
  • Users may not use shared IT Resources and Assets in any manner that unreasonably inhibits or interferes with the use of such IT Resources and Assets by other Users.

 

C.  Additional Prohibited Use of IT Resources and Assets

Users are additionally prohibited from engaging in any of the following while accessing or using any IT Resources and Assets:

  • Acting in violation of any College policy, including but not limited to its Employment Guidelines, Faculty Handbook, and Community Code of Student Conduct;
  • Engaging in prohibited harassment or discrimination in any form, including but not limited to harassment or discrimination on the basis of any characteristic protected by law and/or College policy;
  • Promoting and/or facilitating any illegal activity, including but not limited to identity theft, hacking, or fraud;
  • Unlawfully distributing, redistributing, downloading or attempting to download copyrighted materials without the permission of the copyright owner;
  • Engaging in the unauthorized access, use, disclosure, duplication, alteration, modification, or destruction of data, content, systems, configurations, or IT Resources and Assets;
  • Tampering with or changing anti-virus, firewall, or other security-related computer settings;
  • Installing prohibited software;
  • Deliberately introducing any malicious program onto or into any IT Resources and Assets (e.g., virus, worm, keystroke logger);
  • Causing or contributing to security breaches or disruptions of network activities or communications, including but not limited to any of the following:
    • Excessively using systems or network capacity for personal gain/benefit;
    • Accessing data without authorization;
    • Attempting or logging into a server or account without authorization;
    • Interfering with or denying service to any other user host or Babson system;
    • Using a program, script, or command or sending messages with the intention of interfering with or disabling a User's session locally or via the IT Resources and Assets;
  • Making misleading or fraudulent offers of products, items, or services;
  • Exporting software, technical information, encryption software, or technology that may violate export control laws; and
  • Engaging, or attempting to engage in, any other conduct or action which the College determines to be inconsistent with or contrary to the terms of this AUP.

 

D. Authentication and System Access

Authorized Users must use College-issued credentials (ID and password) to access certain IT Resources and Assets. Users are additionally subject to and must comply with the following requirements applicable to individual system and application credentials: 

  • Users must keep their College-issued credentials secure and confidential. Sharing credentials is prohibited;
  • Users are accountable for all activities associated with their College-issued credentials;
  • Users should not use their College-issued credentials with non-Babson applications and/or websites (e.g., @babson.edu email address and/or network password on a personal shopping or banking website);
  • Users must change their passwords upon initial login and/or when required (e.g., upon expiration or password reset by IT Staff);
  • Users must change their passwords if they suspect a compromise (e.g., shoulder surfing, phishing);
    • Users may be requested to change their password by an IT Staff member if there is an indication that credentials may have been compromised;
    • IT Staff may force a password reset or deactivate a User’s access or account with or without the consent of the User to the extent necessary to limit potential damage or loss, or to protect the operations or integrity of IT Resources and Assets, e.g., in the event of a compromise or active threat;
  • Users are prohibited from attempting to circumvent the authentication and/or security of any computer, host, network, or application account; and
  • Strong passphrases are highly recommended (See Password Reset Policy). Multi-factor authentication is required for some College services.
  • Emails from IT or Information Security will always have a banner and come from the IT Support Center or Information Security account.
  • We will NEVER ask you to enter credentials over email

 

E. Email Use

Users who are provided access to an email address issued, sponsored, or supported by the College must additionally comply with the following with respect to such email account:

  • User emails relating to College activities or business are considered College records subject to applicable records retention and security requirements. See Records Retention Policy;
  • Users must use College-provided email accounts rather than personal ones while conducting College business;
  • The College may elect to issue, sponsor, or support email accounts as a courtesy for its alumni. Any such email account is a privilege that may be revoked, modified, or removed by the College at any time, with or without notice, in its sole discretion. See Babson’s Alumni Email Policy; and
  • Email distribution lists are College property and may not be accessed for personal use or provided to any third party without the prior approval of the applicable Data Steward in accordance with Babson’s Policy on Data Classification & Handling.

Users are additionally prohibited from engaging in any of the following activities using an email address issued, sponsored, or supported by the College:

  • Accessing or attempting to access the contents of another User's email account except in accordance with the Email Access Policy;
  • Soliciting for political or religious activities;
  • Soliciting for business or commercial activities not directly connected to College business or activities;
  • Sending an email under another individual's name or email address, except when authorized to do so for College business or activities by the owner of the email account;
  • Attempting to disguise the identification or origin of an email;
  • Sending or forwarding any email that the User suspects contains malware; and
  • Sending unwanted/uninvited spam emails and email chain messages (i.e., those sent with the expectation that the recipient will forward the message to a group of people) or other similar messages unrelated to College business or activities.

 

F. Internet Use

Users who access the internet by or through IT Resources and Assets must additionally do so in a manner that supports College business or activities.  With approval of the CIO, CISO, CTO, or their respective designees, the College may block or restrict access to internet websites and protocols to the extent necessary to address or prevent a security threat, data breach, or related risk to the College (e.g., phishing, malware, or other virus or malicious attack).  

 

G. Remote Access

The College makes available secure remote access technologies (e.g., VPN) on College-issued devices and equipment and/or otherwise permits authorized Users to access IT Resources and Assets. VPN is required for privileged accounts and for accessing non-web applications. All remote access to IT Resources and Assets must be accomplished using a remote access method approved by the College.

 

H. Personal Devices

When accessing or using IT Resources and Assets through Personal Devices, Users must additionally comply with the following requirements: 

  • Ensure that Personal Devices meet any system requirements that may be issued by Information Technology, including but not limited to:
    • Password protection;
    • Up-to-date anti-virus protection;
    • Supported web browsers and operating systems; and
    • Multi-factor authentication, wherever possible.
  • Avoid downloading and/or storing Regulated Use Data or Restricted Data on Personal Devices. See Babson’s Policy on Data Classification & Handling;
  • Avoid merging College data or content with the User’s personal data;
  • Avoid disclosing or permitting access to College data or content by any unauthorized individual;
  • Transfer any College data created and/or stored on Personal Devices to College equipment or devices soon as feasible; and
  • Promptly delete or return to the College all College data on Personal Devices upon separation or termination of employment or other designated status with the College (e.g., volunteer status).

 

I. Access and Privacy

IT Resources and Assets belong to the College, and Users should not consider any data, content, or materials on any IT Resources and Assets to be private.  To the extent that Users wish for their private activities to remain private, they should avoid making personal use of IT Resources and Assets.

The College may access User email and email accounts only in accordance with the Email Access Policy.  The College does not routinely monitor documents or information stored on or transmitted through IT Resources and Assets but otherwise reserves the right to access, inspect, monitor, block, review, record, restrict, remove, copy, disclose, and preserve all documents and/or information stored on or transmitted through IT Resources and Assets at any time, with or without notice, when it determines in its sole discretion that it has a legitimate need to do so.  Legitimate needs for such action may include, but are not limited to, protecting the College from liability; complying with requirements of the law, regulations, or College policy; protecting the integrity, security or proper functioning of IT Resources and Assets; investigating violations of the law, regulations, or College policy; and/or enforcing College policy and investigating or adjudicating potential offenses. Any such action: (i) relating to the integrity, security or proper functioning of IT Resources and Assets shall be taken in consultation with the CIO or CISO, or their respective designees; and (ii) in all other cases shall be taken in consultation with the CIO or CISO, or their respective designees, and the General Counsel. 

 

IV.  Additional Information

The College additionally reserves the right to periodically inspect IT Resources and Assets and take any other actions necessary to protect the same.

 

V.  Responsible Office/Department

ITSD, under the direction of the CISO, is responsible for reviewing this AUP and updating as needed in accordance with the College’s policies and practices for the same.

 

VI.   Contact Information

Michael Gioia Chief Information Security Officer mgioia@babson.edu

 

VII.    Related Policies

 

VIII.   Keywords

[List any searchable keywords for this policy]

 

Last Updated and Effective as of: 11/6/23

 

 

 

Access the More in this section