ÌÇÐÄvlog¾«Æ·

The purpose of this procedure is to outline and inform the ethical and lawful use of technology at the ÌÇÐÄvlog¾«Æ· Institute of Technology and Advanced Learning (Conestoga). This includes the use of technology and technology resources. This procedure applies to all technology users.

ÌÇÐÄvlog¾«Æ· maintains a glossary of terms specific to the institution. The ones in use for this document are defined below.

Technology Users 

• Safeguard their unique passwords/passphrases and accounts. Do not disclose passwords/passphrases to others and secure all methods of authentication from compromise or misuse.
• Protect the confidentiality, integrity, and availability of Conestoga's information and technology resources in accordance with the Technology Governance Policy.
• Comply with the requirements of contracts and licenses applicable to the software, applications, information, and data they install or store on Conestoga technology resources.
• Utilize only technology resources that they are authorized to use and use them only in the manner and to the extent authorized.
• Respect the privacy of other technology users and their technology resources, regardless of whether those technology resources are securely protected. For example, an unattended device is left unlocked in a public space should be secured or removed from public access.
• Respect the capacity of those technology resources and limit use so as not to consume an unreasonable amount of those technology resources or to interfere unreasonably with the activity of other technology users. For example, avoid consuming more than an average amount of network bandwidth.

Conestoga Supervisors 

• Ensure that employees comply with the Technology Governance Policy, this procedure, and any other technology related policies and procedures.
• Ensure employees have the technology resources needed to perform their job functions.
• Ensure employee access to technology resources and information is revoked or removed when no longer required. 

Information Technology and Systems Department (IT & S)

• The maintenance and operation of Conestoga technology. 
• Integration, deployment, and support for new, existing, and renewed technology.
• Support technology users with use of technology, including addressing issues, breakage, and replacement of technology. 

Cyber Security Team

• Maintain the confidentiality, integrity, and availability of Conestoga technology. 
• Monitoring and responding to breaches of this procedure, security issues, or other malicious activity.
• Provide end user notifications and support in cases of breaches or misuse, as defined in this procedure.

1. Conestoga Accounts
1. All technology users will be issued individual accounts. Shared accounts with the same username and password information or the sharing of passwords/passphrases of accounts will not be allowed.
2. Information on individual current account lifecycles for employees can be found online. Information on individual account lifecycles for students can be found online. Account lifecycles will be managed via automated processes and align to the information provided.
3. Some technology users will require secondary accounts. Privileged accounts are used when a technology user needs elevated access to complete tasks. Privileged accounts are issued after approval from the Cyber Security team. These accounts are to be used to perform authorized administrative actions on, to, or within technology resources, which the technology user is authorized to do so. Privileged account access can be revoked at any time. Privileged account access cannot be shared with other technology users. Privileged accounts must only be used for work-related activities in cases where elevated access is required.
4. Privileged accounts are terminated on the employee's last day of employment or at Cyber Security's discretion.
2. Long-Term Leave of Absence
1. Employee Long Term Leaves of Absence
1. A long-term leave of absence as defined by Human Resources is a planned leave of longer than six months. The type of leave and approval processes reside with the Human Resources department.
2. In the case of an approved leave of absence, the employee will return their college-issued technology for the duration of the absence. The employee's access to technology resources will be suspended for the duration of the leave. All exceptions to this process are subject to approval by the relevant department that provides oversight for the technology user (e.g., Human Resources for employees).
2. Student Long Term Leaves of Absence
1. A long-term leave of absence as defined by the Registrar's Office and business logic contained within the Student Information System.
2. In the case of a leave of absence, the student will return their college-issued technology for the duration of the absence. The student's access to technology resources will be suspended for the duration of the leave. All exceptions to this process are subject to approval and relevant changes of status in the Student Information System.
3. Suspected Account/Device Compromise
1. Conestoga retains the right to isolate technological resources connected to Conestoga's technology when indicators of compromise are observed. Technology user accounts may also have any active sessions revoked, and/or passwords/passphrases changed in the event a compromise is suspected or has occurred. In the case of a confirmed technology resource breach, the technology user of the account may also be assigned additional security awareness training.
2. Technology resources are released from isolation when the technology user can prove the technology resource is no longer a threat to other technology resources or technology users. After receiving notice from Cyber Security or the IT and S Service Delivery team, a technology user will regain access to their technology resources through setting a new password/passphrase and/or confirming or updating MFA methods and/or proving that a device is no longer compromised. Compromised devices can be proven cleared of compromise by re-imaging, restoration to a previously secure state, or vetting the security of the device by a member of the IT and S department.
4. Network and Infrastructure Access
1. Technology resources that are allowed to connect to other technology resources such as data networks require approval or are issued by the IT and S department. Personal devices are allowed to connect to Conestoga technology resources only by those with active authorization.
2. Conestoga technology allows for fair use by all authorized technology users. Overutilization, unfair use, or negative impact to other technology users could result in technology resources being blocked from the network.
3. Technology resources not issued by the IT and S department can be reviewed for access by contacting the IT Service Desk. Questions or concerns regarding allowed technology resources should be directed to the IT and S desk via email at itsdesk@conestogac.on.ca.
5. Software and Applications
1. All third-party technology resources must be reviewed and approved for use by the Cyber Security team prior to use by technology users. All requests for review should be emailed to itsdesk@conestogac.on.ca.
2. When using approved technology resources, technology users will abide by any licensing requirements and terms of use and/or service.
3. Conestoga prohibits the use of free trial software without previous approval. For a full list of approved software Conestoga offers to technology users refer to Conestoga IT downloads or the technology register.
6. Electronic Communications
1. Employees
1. Employees may be given access to Microsoft Teams, Outlook email, mobile technology resources, and other technology for communication purposes. These technology resources are to be used for Conestoga business. Acceptable uses include work-related discussions, collaboration, sharing of information pertinent to job roles, and communication with vendors, partners, students, or colleagues.
2. Students
1. Students may be given access to Microsoft Teams, Outlook email, and other technology for communication purposes. These technology resources are to be used for academic/school-related purposes. Acceptable uses include academic-related discussions, collaboration, sharing of information pertinent to learning activities, and communication with other students and staff.
3. Guests\Contractors
1. Guests\Contractors may be given access to Microsoft Teams, Outlook email, and other technology for communication purposes. These technology resources are to be used for Conestoga business. Acceptable uses include work-related discussions, collaboration, sharing of information pertinent to job duties, and communication with Conestoga employees or students.
7. Labs and Shared Computers
1. Labs and shared computers are available to technology users to access e-mail, web browsing, and to make use of installed software to increase their computer knowledge, enhance their computing skills, and further their learning experience. The computers in the labs provide technology users with the latest in hardware, operating/applications software, and related services. Students are expected to be considerate and respectful of other technology users using the labs and shared computers.
2. If required, contact Security Services or IT and S for access to a lab and shared computer area. Technology users may be directed to use an alternative lab and shared computer that is available.
3. Under no circumstances should technology resources within the labs be moved, modified, or disconnected. Network printers and associated supplies are paid for from technology fees. For further information please refer to the printing guidelines.
8. Usage of Technology
1. Personal Usage
1. Occasional personal usage of technology and technology resources provided by Conestoga is permitted if the user is authorized to use Conestoga's technology.  Conestoga technology will be primarily used for business purposes. Personal usage may include but is not limited to using technology on work breaks, to access personal accounts, and limited personal communications.
2. Prohibited Usage
1. Prohibited usage of technology and technology resources include but are not limited to activities that are against other policies and procedures, activities that break laws or regulations, use of technology for personal gain or profit, and use of technology causing direct harm or malicious activities towards a person, group of people, or other technology users.
2. Prohibited uses of technology will result in an immediate termination of authorization to use technology and may result in the reporting of activities to the authorities.
3. Acceptable and Unacceptable Usage Examples
1. Acceptable and unacceptable usage of technology examples for technology users can be located here. All technology users will abide by these examples as they will change over time as technology changes. Any questions or concerns may be directed to itsdesk@conestogac.on.ca.
9. Bring Your Own Technology (BYOT)
1. Staff
1. Technology that is not issued to staff by the IT and S department or deployed from an academic area will be considered BYOT. This technology is the responsibility of the staff member. However, support may be provided by academic areas and the IT and S department when it comes to interconnections between BYOT and Conestoga technology. All BYOT will abide by the same requirements of Conestoga technology and Conestoga retains the right to prevent the use of BYOT if it fails to meet those requirements.
2. Students
1. Students are expected to bring technology to Conestoga as required for their academic and school-related purposes. This technology is the responsibility of the student. However, support may be provided by academic areas and the IT and S department when it comes to interconnections between BYOT and Conestoga technology. All BYOT will abide by the same requirements of Conestoga technology and Conestoga retains the right to prevent the use of BYOT if it fails to meet those requirements.
10. Monitoring of Technology
1. Conestoga will monitor usage and status of technology as part of ongoing operations. This monitoring will be for tracking issues, supporting technology users, and ensuring proper usage of technology. Monitoring will also include security monitoring to ensure that technology remains safe and secure. Technology auditing will be done on a regular basis to ensure proper access control, technology usage, and that technology is functional and in a supported state. Monitoring and auditing of technology shall be done in accordance with the Freedom of Information and Protection of Privacy Act.
11. Security
1. All technology users are responsible for keeping their technology resources secure and to not knowingly provide access to their technology resources to another technology user or third parties. If a technology user suspects any sort of compromise, they are to communicate with IT and S via one of the contact methods listed on the IT Service Desk page.