Acceptable Student Use of IT Resources Policy

Policy Number: CS-1506-2017

Policy Title: Acceptable Student Use of IT Resources Policy

Policy Owner: Chief Information Officer

Effective Date:

Last Revised:

On this page:

  1. Purpose
  2. Application and Scope
  3. Definitions
  4. Principles
  5. Accountability and Compliance
  6. Roles and Responsibilities
  7. Rules
  8. Policy Revision Date
  9. Attachments
  10. Specific Links

1. Purpose

The purpose of this policy is to provide students with guidance on acceptable and unacceptable use of the College’s Information Technology (IT) resources. Computing, networking, telephony, and information resources of Mohawk College are available to advance our education, teaching, research, and administration service missions. Any access and use of these resources and services that interfere with these goals are prohibited.

All who access and use these resources will abide by this policy, all applicable policies, legal and contractual requirements, and the highest standard of ethical principles and practices, when using these College resources.

 

2. Application and Scope

This policy applies to all students, applicants, and former students that use any component of the College’s IT resources regardless of the physical location or device used. This policy excludes student workers while performing job duties. During student working activities student workers are governed by the ‘Acceptable Employee Use of IT Resources Policy.’

 

3. Definitions

“Authenticate” refers to the process of logging onto an IT resource by validating a user’s identity. This is typically completed by providing a username and then validating that username by providing something you know such as a password, something you have such as a card, or by providing something you are – such as a biometric piece of information (fingerprint, retina scan, palm, etc.).

“IT Infrastructure” refers to software, hardware, devices, networks, server systems, data storage, data centres, related equipment, and cloud-based technologies.

“IT resources” refers to any IT Infrastructure component that can be interacted with and used by individuals such as a computer, application, mobile phone, data, etc.

“Sensitive Information” includes information that should not be shared and may include restricted, confidential, or personally identifiable information or documents.

“User(s)” includes any student that uses or operates an IT resource.

 

4. Principles

This policy is based on five key principles:

Ethics, Values and Fairness

Exercise common decency, good judgement, and respect for the College community members and property.

Security 

Preserve the integrity and availability of systems and services and ensuring that actions taken by College community members do not negatively affect College IT resources. 

Privacy

Protect and safeguard College IT infrastructure and information.

Compliance

Use of IT resources adheres to all legal, regulatory and College policy requirements.

Productivity

Access to IT resources is uninterrupted and accessible when needed.

 

5. Accountability and Compliance

5.1 Accountability Framework

This policy has been approved by the Senior Leadership Team.

5.2 Compliance

The Chief Information Officer, in cooperation with other departments, will monitor and ensure compliance with this policy.

 

6. Roles and Responsibilities

6.1 Chief Information Officer

The Chief Information Officer is responsible for the security of all IT resources.

6.2 Manager, IT Security

The Manager of IT Security is responsible for the security of all IT resources.

6.3 Employees

  • Be knowledgeable about IT Security Policies and practices and advise students of the appropriate guidance and actions to take where required.

6.4 Students

  • Be familiar with College IT policies and procedures.
  • Use IT resources in a safe and respectful manner that does not negatively affect the student experience in compliance with this policy.
  • Protect the confidentiality, integrity, and availability of IT resources.

 

7. Rules

7.1 Authorized Use

All students using Mohawk College IT resources must use those resources to carry out the academic functions for which they were provided, specifically:

  • Access to IT resources shall only be provided to students or applicants in compliance with Mohawk College’s IT User Account Lifecycle Policy whether they be full-time, part-time, continuing education, distance education, apprenticeship, or other.
  • Access to and use of IT resources is limited to those which the student is authorized to use.
  • Students must authenticate into systems using their own College provided account and should not use any other user account other than their own when accessing IT resources.

7.2 Personal Use of IT Resources

7.2.1

Students may use IT resources for limited personal use. However, browsing must be limited to well-known and reputable websites and not threaten the security or availability of IT resources. Access to IT resources must be preferentially given to those requiring use for academic purposes.

7.2.2

Personal files stored on IT resources will not be accessible or returned after account closure as defined in the IT User Account Lifecycle Policy.

7.3 Prohibited Use

All students using Mohawk College IT resources are strictly prohibited from:

  • Using IT resources for any commercial activity, or, for conducting any personal business in which they would receive personal or financial gain unless they have received permission from the Conflict of Interest Committee.
  • Using IT resources in a way that interferes with the student experience (including student well-being and success), College operations or business, or, creates any monetary cost to the College.
  • Exporting software from the College for resale or distribution.
  • Exporting any intellectual property of the College or business partners without the appropriate consent or contractual agreements.
  • Destroying, vandalizing or purposefully damaging or altering College IT resources and infrastructure.
  • Downloading video, audio, software or any other resource that is protected by copyright law. Students acknowledge that the College will notify copyright abusers in the event the College is served a copyright claim due to a copyright infringement by their account.
  • Accessing or creating illegal, disruptive, abusive, intimidating, harassing, pornographic, or obscene content.
  • Deliberately circumventing or attempting to circumvent data protection and system access controls.

7.4 Security

7.4.1

Users of IT resources must not knowingly place the security of information or systems at risk. At all times, Users must:

  • Contact the IT Service Desk immediately in the event of an IT security incident, see Appendix A for procedure.
  • Set a strong password that at minimum complies with Appendix B of this policy.
  • Keep your passwords and pin codes secure and never share them with any individual.
  • Do not leave saved work on College provided computers.
  • Never install untrusted software or applications on IT infrastructure or resources.
  • Ensure that personally owned devices that connect on campus are protected with antivirus software, a personal firewall, and regularly install security updates and patches to operating systems, applications, and web browsers.

7.4.2

No individual shall knowingly breach, compromise, endanger or threaten the College’s IT resources, attempt to do so, or allow others to do so. This includes probing, scanning, assessing or penetrating College IT resources. Users must report any misuse of IT resources to the IT Service Desk. Failure to report misuse may result in the assumption that the User who witnessed the misuse was party to the act.

7.4.3

Mohawk College reserves the right and responsibility to protect the College and community members from security threats and inappropriate use of IT infrastructure and resources by taking actions, including but not limited to:

  • Quarantining your device and resetting your account password immediately and without your awareness or consent.
  • Monitoring computers, mobile devices, systems, networks, services, accounts, web activity, and user activity.
  • Denying a user the right to access IT resources at any time the College deems necessary. 

7.5 Compliance

Use of the College’s IT resources is subject to, and must comply with, all applicable laws and College policies and procedures, including this policy. Non-compliance with applicable laws and regulations may result in civil liability or criminal prosecution. The College reserves the right to restrict or deny access to its IT resources, to monitor your use of those resources and to take actions it deems necessary or appropriate to protect College IT resources. By using the College’s IT resources, Users are confirming agreement with this policy. 

In addition to the above, Users of IT resources must also comply with: 

  • Applicable College policies, procedures and standards;
  • Copyright Laws including, but not limited to, the sharing of pirated software, audio, and video;
  • Licensing agreements; and
  • Any other agreements between the College and an external service provider.

7.6 Noncompliance

Noncompliance with this policy may result in disciplinary action in accordance with Appendix C of the Student Behaviour Policy.  Additionally, noncompliance with this policy may also result in the recovery of costs due to damages or fees and/or criminal or civil action.

 

8. Policy Revision Date

8.1 Revision Date

May 2026

8.2 Responsibility

The Chief Information Officer will review this policy every five years or earlier where required.

 

9. Attachments

 

10. Specific Links


Appendix A: Reporting an IT Security Incident

What is an IT Security Incident?

An IT is an incident that may affect the confidentiality, integrity or availability of the College’s IT infrastructure through unauthorized access, accidental disclosure, or other, including:

  • The presence of any form of malicious software (malware, viruses, worms, etc.).
  • The presence of any abnormal software that was not previous present on a computer or server.
  • Suspicion that your user account has been compromised.
  • Intentional or accidental exposure of sensitive information.
  • Web browsers re-directing automatically or producing popup messages or advertisements unexpectedly.
  • File types, formats, or naming conventions changing unexpectedly or files not opening as expected.
  • Slow computer performance, applications hanging, or any unexpected behaviour.
  • Notifications that anti-virus or firewalls are not running or are disabled.
  • Lost or stolen devices including but not limited to laptops, mobile phones, desktop computers, portable storage devices, switches, etc.

Reporting an IT Security Incident

  1. Disconnect the network cable from the computer.
  2. Do not power off the computer.
  3. Contact the Mohawk College IT Service Desk immediately by phone if you believe you are experiencing an IT Security incident regardless of your location.
    • Phone: 905 575 1212 x2199
    • E-mail: helpdesk [at] mohawkcollege.ca (I)itservicedesk [at] mohawkcollege.ca (T Service Desk)
    • IT Service Desk Portal
  4. Inform your immediate manager of the current status.
  5.  Make notes about the IT incident to make sure that you can provide clear and accurate information to IT staff.
    • When making notes, consider the following:
      1. What happened?
        1. What websites have I visited recently?
        2. Have I received any suspicious e-mails that were actioned recently?
      2. When did it happen? (specifically at what time) 
      3. Where did it happen (Physical Location and Network Location (ex: Wireless)?
      4. Who was involved?
      5. Could there be sensitive, personal or confidential information at risk?

Appendix B: Secure Password Requirements

All users must set passwords of high quality to protect their accounts from compromise following the requirements below.

Passwords Must:

  • Be a minimum of eight characters in length;
  • Not be the same as the last six passwords used;
  • Use three of the following four character classes:
    • Lower Case Letters;
    • Upper Case Letters;
    • Numbers;
    • Symbols;
  • Be free of multiple consecutive characters or numbers;
  • Not be based on something that could be easily guessed or a dictionary word;
  • Not be the same as passwords used for personal accounts.

In addition to the rules above, passwords must be reset if they are ever shared or exposed. Information Technology will immediately reset any password should it be suspected to be compromised.