Introduction
LIBRARY AND INFORMATION SERVICES
Extension 2000
/academics/lis
The services and collections of Library and Information Services (LIS) are developed to serve the needs of students of a strong liberal arts undergraduate institution that also offers graduate programs in foreign languages and English literature. Policies pertaining to Library and Information Services (LIS) affect students, faculty, staff, community members, and visitors who avail themselves of the services of Middlebury College libraries as well as computing, media, networking and educational technology resources and services.
Information about specific services offered by LIS, and procedures related to requesting services, is available on the LIS website (http://www.middlebury.edu/academics/lis/) and by calling staff at these phone numbers:
|
Library and Information Services |
802.443.2000 |
|
Library Circulation Services |
802.443.5494 |
|
Technology Help Desk |
802.443.2200 |
|
Curricular Technology |
802.443.5469 |
|
Media Services |
802.443.2200 |
|
Telephone Services |
802.443.5700 |
The sections that follow describe policies of Library and Information Services, including obligations of members of the community to ensure adherence to legal requirements relating to copyright, security, and privacy of information.
Library Borrowing Guidelines
Middlebury College maintains its Libraries for the use of students, faculty, and staff in support of the instructional goals of the College.
The library purchases or subscribes to materials in printed, microform, digital, manuscript, and recorded formats, principally in support of the teaching program of the College. Materials solely for faculty research are usually not acquired for the library collections. It may be necessary, therefore, to supplement local resources through interlibrary loan, consortial borrowing, and the use of research libraries.
A valid Middlebury College ID is required to transact library business. Library privileges are extended to faculty, students, alumni and staff of the Middlebury College community and to guest borrowers by application. Check the LIS website for up-to-date borrower information, polices and loan periods.
Media collection materials needed for course work are available at the circulation desk; restrictions exist on access to this collection. Check the LIS website for information about loan policies and periods. DVDs in the "browsing collection" may be checked out by Middlebury students, staff, and faculty for non-public viewing in the privacy of rooms or homes. See the Copyright and Fair Use Guidelines section of the College Handbook for additional information.
Faculty, staff, and students may recall materials that are on loan to other borrowers. If you receive a recall notice, you are obligated to return recalled items immediately. Overdue library materials and fines will restrict borrowing privileges. All borrowers are responsible for payment of charges assessed for damaged or lost materials.
RESPONSIBLE USE OF LIBRARY MATERIALS
As members of the scholarly community using our common resources, all library users are responsible for maintaining our library collections.
Library use is a privilege extended to those who recognize that the collections are resources to be shared with current and future users and who observe the regulations and procedures established to make materials accessible to all.
Abuse of library materials may result in the revocation of library borrowing privileges and could result in referral for College judicial procedure. Library and Information Services is committed to maintaining collections, which exist as a common resource to be shared, preserved and respected in a manner guaranteeing protection for future users. The ethical use of library materials involves acceptance of this principle and appropriate conduct regarding library collections.
Inappropriate use includes, but is not limited to:
a. Writing upon, defacing, tearing, cutting, mutilating, or destroying books or other library property in the custody of the library.
b. Willful concealment of a book or other library property on one's person or among one's belongings while attempting to leave, or leaving the premises of the library without formal borrowing through the library circulation desks.
c. The willful concealment of a book or other library property within the libraries.
d. The willful removal of a book or other library property in contravention to library regulations.
e. The intentional alteration or destruction of library ownership records.
f. The willful retention of library materials beyond their stated loan periods.
Please direct questions about borrowing to Library Circulation Services
Email: library_circulation@middlebury.edu
Phone: 802-443-5494
Copyright and Fair Use Guidelines
U.S. law provides protection to authors, creators and publishers of works. It also grants privileges (fair use) that do not infringe copyright, for purposes such as criticism, comment, news reporting, teaching, scholarship or research. Middlebury College values and respects intellectual property rights, even as it recognizes an equivalent responsibility to advance the needs of scholarship and teaching within the framework of the law.
The following are Guidelines only and do constitute legal advice that can be assumed to be applicable to every situation. In some instances, federal court cases result in interpretation of copyright law that pertains to specific acts of copying or to particular media; also, contract law (such as license and purchase agreements) takes precedence over fair use.
Basic rules of thumb for fair use copying
On a case-by-case basis, consider these four factors together for each item you desire to copy.
(see also Appendix A: Applying the Fair Use Factors) 1. The copy is for nonprofit educational purpose
- multiple copies for classroom use are permitted, if the material is an excerpt and does not infringe on the market place
- a copy for "scholarship or research" is permitted, if the other factors below are met
2. Consider the nature of the work
- the more creative and less factual a work, the more it is protected by copyright law
some examples of degrees of protection under the law:
More protection
fiction
original movies
creative works |
Less protection
factual works
news broadcasts
compilations |
for creative works only small portions should be copied unless permission has been acquired,
whereas greater portions of purely factual items may be copied under fair use
3. Only a limited portion of a work may be copied
- it is not permitted to copy an entire or significant portion of a publication or work that is still under copyright without permission of the copyright holder.
4. Sales of original materials ("the market") should not be affected by copies being made
- consider copies for classroom use on case-by-case basis:
--- the student would not normally be a potential purchaser of the work unless enrolled in the course
--- since the student uses the excerpts as a member of the class, the use probably has very little, if any, effect on the actual or potential market for the work
Classroom handouts
Copyrighted material can be provided to students in a class if:
1. The instructor is the copyright owner of the material, or
2. The copyright owner of the material grants permission, or
3. The material is in the public domain, or
4. The use of the material is a "fair use" under the law (see above)
Course Packs
The College Store prepares and sells course packs that include photocopied readings.
1. Because copyrighted material is packaged for re-sale, permissions are required for all items included in a course pack, unless the item is in the public domain.
2. Copyright fees are built into the selling price of the compilation.
Course Management Systems
Copyright issues must be considered when placing protected materials in an online setting, applying the same factors as for classroom handouts, or seeking permission.
1. Materials must be limited by password access to those currently enrolled in College courses.
2. Materials can be distributed outside the class or posted on publicly accessible internet sites if and only if copyright permission has been secured.
Course Web Pages
Consider all the following for fair use of copyrighted material:
1. Access
- ensure web page is accessible only to students currently enrolled in your course
- at end of semester, take down web page with digitized materials, or remove copyrighted materials
2. Attribution
- include copyright attribution and citations to original works
3. Brevity
- keep portions of copied materials brief/minimal
- number of digitized texts and audiovisual images/clips should be few and brief
4. Effect on market
- text, images, etc., on a course webpage should never be extensive enough to substitute for the purchase of an issue of a journal, a book, recording, or a course pack
Freely permitted on a course web page:
1. Links to others' works
- links from your webpage to another image, document, table, etc., on the Web
2. Your own work
- your own problem sets, sample exams, class and lecture notes, photographs, video, audio, etc.
- note: you may not hold copyright to your own work if, for example, it has been published and you have assigned rights to the publisher
3. Works in the public domain
- in general, works copyrighted before 1923 may be freely copied
- see separate chart for an up-to-date table of different types of materials and when they fall into public domain
4. U.S. govt. publications
- Federal documents published through the Government Printing Office are not protected by copyright and may be freely copied
Library Course Reserve and Electronic Reserves
Library course reserves are an extension of the classroom. Copies provided via library reserves and electronic reserves (ERes) are considered equivalent to multiple copies for classroom use, limited to use by those enrolled in the course.
1. The library applies fair use principles when making materials available on reserve, whether print or online.
2. All reserve materials are either library-owned or provided by the faculty member.
3. Copyright permissions may be required by the library in instances where a significant number of excerpts from the same publication are included on reserve, or the use of items is repeated from semester to semester (hence, potentially affecting the market place), or a copy of an entire work not owned by the College or library is placed on reserve.
Library online content
Licenses governing the use of library full text databases, electronic journals, e-books, and other digital resources may follow fair use or may have more or less liberal use restrictions.[1] The terms of a license will generally prevail over copyright law. By making use of licensed material, you inherently agree to its license terms, even if those terms limit your fair use rights. LIS staff can assist in determining what uses are permissible under each license.
Photocopying, Scanning, Digitization
Copyright law limits the reproduction of copyrighted material.[2]
1. Usually, only a small portion of a copyrighted work may be legally copied unless special permission has been secured.
- Reprographics and the Library will not copy or digitize an entire book, journal, CD, DVD or film for individual use unless the item is in the public domain, or copyright permission has been acquired
- Individuals should be aware that copyright restrictions may apply in making their own copies of entire items, particularly if the item is currently copyrighted and available for purchase. Copies should remain for private use, and never be redistributed or resold.
2. Based on Court cases, Congressional hearings, and agreements between publishers and the academic community, this typically means the following may be copied for books and journals:
- a single chapter chapter of a book
- a small portion of a copyrighted book
- a single article from a journal
3. Libraries may be permitted to make copies of entire works for archival purposes
4. Particular restrictions apply to media such as music and video (see sections below).
- Use of copyrighted films, videos, recordings, and software generally requires permission, purchase or licensing.
- Only legally acquired copies should be used in classroom presentations
Web page content
College policy does not permit the posting of copyrighted material on its publicly accessible web servers without permission of the copyright holder.
1. You must have the written permission of the copyright holder copy to distribute any materials of a third party (including software, database files, documentation, articles, graphics files, audio or video files) via the web or other College internet servers.
2. For course web pages, see above guidelines.
- Copyright permission must be secured if course web pages are made publicly accessible and they include any copyrighted material.
Video
The display (screening) of films, broadcasts, videos and DVDs is affected by copyright law and licensing agreements.
1. Films, broadcasts, videos, and DVDs may be shown in a face-to-face classroom setting during the regular course of instruction. The item used in the classroom or placed on reserve must be one of the following:
- A legally purchased copy acquired by the College or the course instructor (copyright law explicitly prohibits the presentation of unlawfully made copies of films in educational settings)
- A copy made by the College/Library under copyright law for preservation/archival purposes
- A rental copy, which may legally be used or placed on reserve as well.
2. Use of materials borrowed from the library is limited to private viewing, with the exception of classroom screenings and viewings directly related to a current College course by students enrolled in that course. Most other showing and viewing of films, videos or DVDs constitute a public performance and permission for the showing must be obtained by paying a licensing fee to the copyright holder or licensing agent.
3. Students who need to obtain public performance licensing for an event should contact the Center for Campus Activities and Leadership (CCAL) in McCullough Hall, ext. 3108.
LIS staff can provide information about purchase or licensing of films and broadcasts for curricular use.
4. Students and faculty members who plan to schedule screenings should be mindful of the following guidelines:
- Screenings of films or videos for which we hold no non-theatrical public performance rights may only be listed in the calendar if the screening is for a specific course and the number and/or name of the course is also listed in the calendar.
- Films or videos screened for entertainment purposes, or for which the College has non-theatrical public performance rights, may be advertised and promoted only on campus (which includes WRMC-FM, the Campus, and the alumni magazine). None of this promotion may say that the public is invited, nor will there be separate admission prices for ID and non-ID card holders. In general, all off-campus promotion is prohibited, including posters and flyers, unless for those specific titles for which the College has obtained rights.
5. Presentations viewed through ERes or a course web/server site must be restricted to those registered in the course. Access to the materials via ERes or the web shall be removed following the terms in which they are viewed as part of the curriculum.
Music
Only portions of printed musical works should be copied for study purposes, as with other printed matter: the law indicates that multiple copies of a "performable unit" should not be provided to all members of a class. Entire works may be copied for emergency rehearsal and performance purposes, provided purchased copies will be substituted in due course.
Commercially distributed and copyrighted recordings (LPs, CDs, licensed downloads) may be played in a face-to-face classroom setting during the regular course of instruction, and may be made available via library reserves as an extension of the classroom.
1. Copyright law indicates an entire recording may be presented ("performed") in a face-to-face teaching situation. Otherwise, only portions of a work are permitted to be copied.
2. Presentations viewed through ERes or a course web/server site must be restricted to those registered in the course. The complete contents of a recording may not be digitized, downloaded and redistributed without copyright permission or licensing fees being paid.
3. Middlebury College agrees with the the Music Library Association's Statement on the Digital Transmission of Electronic Reserves, excerpted below:
The Music Library Association fully supports …[the] view that students enrolled in a class have the educational right to aurally access its assigned musical works both in the classroom and through class reserves. The MLA also believes that the dubbing or digital copying of musical works for class reserves falls within the spirit of the fair use provision of the copyright law.
In light of the above, the Music Library Association supports the creation and transmission of digital audio file copies of copyrighted recordings of musical works for course reserves purposes, under the following conditions:
- Access to such digital copies must be through library-controlled equipment and campus-restricted networks.
- Access to digital copies from outside of the campus should be limited to individuals who have been authenticated: namely, students enrolled either in a course or in formal independent study with an instructor in the institution.
- Digital copies should be made only of works that are being taught in the course or study.
- Digital copies may be made of whole movements or whole works.
- Either the institution or the course instructor should own the original that is used to make the digital file. The Library should make a good faith effort to purchase a commercially available copy of anything that is provided by the instructor.
- The library should remove access to the files at the completion of the course.
- The library may store course files for future re-use. This includes the digital copy made from an instructor's original if the library has made a good faith effort to purchase its own copy commercially.
Art Works
Art works may be viewed in a face-to-face classroom setting during the regular course of instruction, and may be made available via library reserves and restricted-access databases such as MDID as an extension of the classroom for the purpose of research and study.
1. Art works photocopied, photographed, digitized or otherwise reproduced as part of a course assignment must be restricted to members of the course.
2. Multimedia presentations that are made public and that include art works must receive copyright permissions/licensing.
3. Contact the Visual Resources Curator for additional information.
Appendix A.
Applying the fair use factors.
According to an opinion of the Attorney General of the State of Georgia issued in 1996:
Teachers should always act in good faith in copying excerpts for classroom use; and his or her conduct in copying must be such that an objective observer would conclude that the teacher acted in good faith. Therefore, it would be appropriate for teachers to comply with the following factors:
1. Limit the size of the excerpt copied to pedagogical needs.
2. Limit the sale of the copies to members of the class.
3. Limit the student's cost to the cost of reproducing the materials.
In summary, notwithstanding broad copyright notices that may purport to prohibit any copying without written permission, copying for classroom use is a legitimate activity and a legal right under the fair use doctrine of 17 U.S.C. § 107. Moreover, where a teacher or librarian or other employee of a non-profit institution infringes a copyright with a good faith belief that the copying was a fair use, the Copyright Act requires courts to remit statutory damages if there is an infringement action.[3]
Permissions
In cases where the fair use analysis weighs against using any particular item, the user should seek permission from the copyright holder.
[1] adopted from Common Academic Uses of Copyrighted Material. Syracuse University Library. http://library.syr.edu/copyright/materials.html [accessed 10-October-2005]
[2] In good faith application of fair use, only
portions of works will be copied by College staff for research purposes, library reserve or classroom use, unless a work is in the public domain. Some statements/agreements between publishers, libraries, and educational institutions suggest guidelines that provide a "safe harbor" by limiting the quantity and frequency of copies made for educational purposes. These guidelines are not actual law, and following them assumes (but does not guarantee) that
limited classroom use of copies is protected from a copyright suit.
[3] Department of Law, State of Georgia,UNOFFICIAL OPINION. Re: The Scope of the Fair Use Doctrine, 17 USC §107, for making copies for classroom use, for teachers who make copies for research and scholarship, and the potential liability of teachers, librarians and employees of non-profit institutions for exceeding the parameters of fair use. Issued 14-February-1996.
Respect for People and Property
General College policies regarding respect for College employees and property apply to conduct in and use of the libraries.
Food and beverages must be covered and kept in spill-proof containers. Users must take precautions to avoid spillage and soiling of library books, media, and facilities. Food and drink appliances, such as toasters and coffee-makers, are not permitted in study areas. see also: Responsible Use of Library Materials in the Library Borrowing Guidelines section of the College Hnadbook.
Smoking or the use of tobacco are not permitted in any Middlebury College library.
Please respect the use of the libraries as locations where a variety of services are provided and received, and where study and reading take place. Please mute cell-phone ringtones and keep conversations and phone calls at a low volume when others are studying nearby.
Faculty, staff and guest parents should be present to supervise their children and remind them that those around them may be studying or working on projects that require concentration. Unsupervised children creating disruption will be asked to leave.
The library may be open 24 hours a day for students to study at the end of the semester and during exams. Students may not "live" in the library during that time. During such periods, library users must follow any specially posted rules regarding access and use of the library facilities.
Responsible Use of Computing and Network Service and Facilities
Information technology is vital to the mission and function of Middlebury College; the College's computer networks and central computing facilities are common resources upon which the whole community depends. Responsible citizenship in the Middlebury community obliges users of these facilities to maintain responsible and ethical use of computing and communications resources, awareness of the impacts of one's actions, and respect for the rights of others. While technology makes available new educational, social, and recreational possibilities, we must recognize that the ethical and legal issues relating to technology are similar to those in our daily lives.
LIS does not actively police or monitor computers or networks in search of illicit or inappropriate activities. We prefer to assume that all members of our community will behave in a proper and responsible manner. However, if illegal or inappropriate activities are brought to our attention, we are obligated to investigate and act, including cooperating with legal authorities, if necessary.
Middlebury College has implemented a firewall at the connection to the public Internet for security reasons. While not intended to disallow legitimate traffic to and from the Internet, there may be situations where a specific application fails due to an unknown port being blocked. If you have legitimate need for certain ports to be open to the outside world, simply let us know the port and application, and we will make every effort to accommodate these requests.
1. Responsible use of our computing resources and network infrastructure comprises three main themes: (a) ethical and law-abiding behavior, (b) conservation of our common resources, and, (c) respect for others.
1a. Ethical and Law-Abiding Behavior: Inappropriate actions using computers can involve violation of the law, with resulting prosecution and criminal penalties. Theft, plagiarism, "breaking and entering," fraud, invasions of privacy, harassment, or distribution of illegal material are just as serious when committed with a computer as by any other means.
Theft includes the unauthorized copying of copyrighted software, reproduction or distribution of copyrighted music or video recordings without the purchase of legal copies or the explicit permission of the artist or publisher (including downloading and sharing music via popular peer-to-peer systems), and other forms of copyright violation. Unauthorized use and/or distribution of others' intellectual property (including, but not limited to, copyrighted text, images, sound, and software) violates federal or state laws or regulations and can result in civil or criminal penalties, even if the material is distributed for free, with no monetary gain to the distributor (the student, faculty, or staff member). Middlebury College intends to comply fully with the Digital Millennium Copyright Act of 1998 [DMCA].
"Break and enter" includes unauthorized attempts to gain access or circumvent security features of computer systems or networks. Access to our systems/servers, networks, and any information contained on them or transported by them is for authorized users only.
Fraud includes misrepresenting yourself or falsifying your identity to gain use of computers, sending electronic messages under a false address, and using others' accounts without permission.
Violations of privacy include accessing other people's data or electronic mail, or spying on their communications. Abusive or threatening messages to others can be prosecuted as harassment. Offering illegal material by electronic means can be prosecuted in the same manner as offering illegal material on the street or a conventional market.
Should LIS receive a formal complaint of illegal activity involving a personal computer on our network (for example, a violation of copyright by unauthorized file-sharing under the terms of the Digital Millennium Copyright Act), LIS staff will make every effort to identify and inform the owner of the machine of the problem. The offending machine may be blocked from Internet access until the situation is rectified, in order to stop the alleged illegal activity and/or to try to protect the owner from further liability.
1b. Conservation of Our Common Resources: As members of the Middlebury College community, we must be aware of the impact that our actions have on others and avoid activities that undermine or damage the integrity and efficient functioning of the network and computing infrastructure. Deliberate interference with the functioning of any computing or communications equipment will be regarded as vandalism and result in quick and decisive action.
In addition, we must avoid other actions that impair the performance of the network and computer systems for others. The communications infrastructure is finite, as are all resources. Those who use network bandwidth, CPU utilization, or memory allocation for personal activities, such as games and chain-mail lists, or use programs that digitally distribute music and/or video for personal recreation, etc., hamper the activities of others engaged in educational and scholarly activities that are the priorities of the College. Improperly or inappropriately configured or malfunctioning personal computers or communications electronic gear may similarly degrade performance. Many "home networking" appliances, such as wireless devices or hubs, can cause serious problems if attached to our campus network; their use is prohibited without prior approval from LIS.
Individuals should maintain their computers with up-to-date operating system patches and virus protection to avoid contracting and spreading computer viruses or other malicious software. Malfunctioning, misconfigured, or infected machines whose behavior or traffic is significantly degrading performance of the network may be blocked from network access until the problem can be rectified. LIS also may prioritize traffic to ensure optimum performance of mission-critical applications.
1c. Respect for Others: As citizens in our community, we must respect the rights and privacy of one another. We are obliged to avoid actions that create a public nuisance, such as inappropriate postings to topic-specific bulletin boards and mailing lists or unwarranted mass mailings. The same standards of civilized discourse and etiquette that govern our face-to-face interactions should apply in cyberspace. All users of our computing and networking facilities bear the responsibility to avoid libel, obscenity, undocumented allegations, attacks on personal integrity, and harassment.
2. In turn, our community is entitled to, and can expect, responsible behavior from those charged with managing and maintaining the computing and communications systems.
2a. Library and Information Services (LIS) will respect the privacy and confidentiality of users' files and messages. LIS will not look at private information, unless authorized by an individual to perform work on his or her behalf or extraordinary circumstances require it to maintain the functioning of the system. Extraordinary circumstances include, but are not limited to the following: reading the header of an incorrectly addressed e-mail message to try to send it to the intended recipient, investigations of suspected violations of LIS policies, medical or need-to-know emergencies, financial or legal audits, or when required to comply with law enforcement authorities. LIS will not monitor the activities of those that use the campus network or the Internet, unless allegations of improper behavior are brought to our attention by others, or we discover inappropriate activities in the course of investigating problems with network performance. We do routinely monitor traffic levels on portions of the network, to maintain optimal performance, and take note of which individual machines may be generating large volumes of traffic. Routine monitoring is concerned only with load on the network resources and does not seek to eavesdrop on the nature of the information being transmitted. (See Privacy of Electronic Files and Communications policy statement for further details.)
2b. LIS will endeavor to protect users from the unauthorized activities of others and will educate users about how they can protect themselves from breaches of their privacy or the security of their computers.
2c. LIS will strive to maintain the systems and networks in optimal performance for the good of the community and will address and correct situations that impair their efficient functioning or hamper users' appropriate activities.
We all must recognize that our actions as network-linked computer users have consequences. Users whose activities or malfunctioning equipment undermine the performance of common resources may be disconnected from the network or denied access to central systems until the problem is corrected. Irresponsible or unethical activities may result in penalties or the loss of privileges. Additionally, deliberate abuse or activities in violation of the rules and regulations of the College may result in penalties consistent with the judicial procedures and policies of the College. Users should be aware that activities that may seem benign to them (like sharing pirated music recordings) or harmless pranks (like gaining unauthorized access to remote computers) are increasingly being aggressively prosecuted and litigated by the wronged parties.
The laws and policies governing acceptable use of computer networks and the Internet are rapidly evolving; pending legislation and court cases may have major impacts. Users who have specific questions about responsible and acceptable use are encouraged to seek guidance from LIS.
Computing Policies - General
Computing Environment
Library & Information serivces (LIS) Help and Support web pages include information about College computing facilities, supported software applications, accounts, email services, computer configuration and repair.
It is your responsibility to back up and to protect your data. LIS encourages all faculty, staff, and students to store files in personal folders provided for them on our central file servers, where they will be backed up by LIS, and/or to back up files yourself. You must install and use virus protection software. Please contact the Helpdesk for assistance.
No fees are charged by the College for Internet use, and we do not monitor the details of individuals' activities except under extraordinary circumstances. (See also these policies: Responsible Use of Computing and Network Services and Facilities; Web Page Policies; Network Policies; Privacy and Security of Data, Files and Communications.)
Computing Labs at Middlebury College
Computing labs at Middlebury College are for the exclusive use of the Middlebury College community (faculty, staff and students) with priority given to Middlebury College students. Those using the labs should be prepared to present their College ID card, if asked.
Researchers and members of the community may use library computer workstations for research needs and online information access. A special guest login may be required; check at the library information and branch library circulation desk to obtain login passwords. Middlebury College student, faculty, and staff access to library workstations is given precedence over all other use. Non-College community members may be asked at any time to relinquish the workstation to Middlebury College students, who are encouraged to approach any LIS staff member if they need access to a computer, or to raise concerns about the appropriateness of computer use. All use of these workstations by non-College community members are governed by the same policies that govern the College community. These policies can be found below under Responsible Use of Computing and Network Services and Facilities. Those using the workstations should be prepared to present proper identification, if asked. Those who abuse this privilege or violate the College's Responsible Use Policy will be asked to leave, and will no longer be permitted to use College library and computing facilities.
Plans call for students to have printing quotas in computer labs and the libraries, as recommended by Community Council. Once the quota is exceeded, students may be charged for each page printed. Campus visitors will be charged or restricted in using public printers.
For the safety and well-being of our students, all public computing labs are only accessible via Middlebury ID Access Card after normal business hours.
Family members of faculty and staff are welcome to use the computing facilities, as outlined above. Parents should be present to supervise children and remind them that those around them may be studying or working on projects that require concentration. Unsupervised children creating exceptional disruption will be asked to leave.
Limitation of Liability
LIS and Middlebury College disclaim all warranties, including all implied warranties of merchantability and fitness for a particular purpose. Neither LIS nor Middlebury College shall be liable to a user or any other person for any loss or damage of any kind related to configuration and operation of any computing equipment, including but not limited to, out-of-pocket expenses, consequential damages, inconvenience, loss of data, loss of profits, loss of use, emotional stress, physical injury, or damage to software or hardware. LIS will endeavor to perform timely assistance, but LIS will not be liable for failure to do so. LIS makes no warranty, express or implied, that it will be able to configure or repair equipment.
Computing Policies - Faculty and Staff
Faculty and Staff Computing
Library and Information Services (LIS) provides a single office computer to each faculty and staff member who requires one for performance of job responsibilities. This is a College-owned computer and remains at the College when the faculty or staff member leaves Middlebury. LIS does not provide desktop computers for use at home. Windows-based PCs are deployed for most faculty and staff use unless there are specific needs for other computing systems. A laptop is encouraged for faculty members with long-term appointments to expedite a computing environment in which faculty may use the computer in the office, at home, and in the classroom. Printing is done via the network to departmental office laser printers. Individual office printers are obtained through department or grant funds.
Special software for curricular use is purchased with LIS funds, within budgetary limitations, and after review by our staff to ensure its functionality in public computing labs. Software requests should be submitted at least four weeks prior to the start of each semester. Software solely for research applications should be obtained through departmental or grant funds. All departmental software and hardware orders should be verified with LIS to ensure best pricing and compatibility with existing College systems and licensing arrangements.
Faculty and staff may not register their own domain names with commercial Internet domain registration service providers pointing to office computers on the College network. Similarly, registration of personal domain names for individual faculty or staff accounts is not supported. Under normal circumstances, when employment is terminated, an employee's e-mail account, file server accounts, and personal web pages are deactivated six months following the last date of work. Emeriti faculty may retain e-mail accounts upon request. In situations of involuntary termination, accounts may be immediately terminated by LIS upon direction of College administration. It is an employee's responsibility to copy for personal retention all personal files from his/her computer and file server space prior to departure.
Online Course Material Retention
LIS will retain online course materials for a minimum of two years from the end of the course. Materials may be available after the two-year period, but instructors should not depend on their availability. Instructors who need help moving their materials to longer-term storage may contact LIS at helpdesk@middlebury.edu. Faculty may request that their course materials be deleted earlier than specified by this policy.
This policy covers online course materials stored on disk space managed by LIS and created by or managed through applications supported by the College including Segue, central course folders and web space; stand-alone discussion forums; email distribution lists; documents; discussions; etc. Some applications do not currently allow deletion based on term; these may be modifeid as necessary by LIS to allow enactment of this policy. This policy does not cover materials stored in an individual's home directory, personal web space, or departmental or program-based space.
Guiding principles for this policy:
1. To comply with any federal or state laws related to online course material retention.
2. To comply withany fair use policies related to online course material content.
3. To retain centrally-stored online course materials for a period of time that instructors will find helpful.
4. To guide instructors in developing their own procedures for long-term storage of their online course materials.
5. To ensure that online storage space funded by LIS is used efficiently, and to minimize the financial impact of using constantly increasing disk space.
This retention policy shall be reviewed by the dean of library and information services and College administration at the dean's discretion annually at a minimum, and at other times as needed.
Computing Policies - Students
Student Computers
Students may purchase a computer system or bring their own computer to campus (see Computer Purchase Program below). Students may connect a single computer to the campus network from their residence hall room. See Network Policies for details.
LIS will provide free support, to the best of its staff members' ability, with configuration of a student's computer so it will function successfully on the Middlebury College campus network. Difficulties with an operating system, software applications, and printing will be handled on an as-time-permits basis if LIS staff members have sufficient expertise with the product and system. LIS will exercise care with student computers and software, but we cannot guarantee we can fix operating system or software problems, and we are not responsible for random hardware failures. Students are required to stay with their computers or to sign a work order/waiver form when LIS staff or student consultants are working on them. LIS may cease configuration of computing equipment if it determines that configuration is impractical or would require extraordinary efforts, or that equipment is not in good working order. If LIS determines that a computer requires professional repair, it will be the user's responsibility to arrange for such repairs. Authorized service should be arranged through the supplier or manufacturer of the user's equipment. Upon request, LIS staff may be able to arrange commercial service, but this is not neceessarily available for all makes and models. The user will be responsible for any charges incurred for outside professional service.
Computer Purchase Program
Information about special pricing on recommended computer models for personal purchase are available on the LIS website. Students are strongly encouraged to purchase one of the designated models. If students bring their own systems to campus, LIS will assist in configuration of the computer for network connections, provided the computer meets minimum hardware and operating system requirements. Computers not meeting those standards may be configured by a local computer store, with configuration costs for non-standard systems paid by the student.
Network Policies
Residential Network
Students may connect a single computer to the campus network from their residence hall room. Connection instructions are available at the computing Helpdesk. The network connections in student residences are either 10Mb/s or 100 Mb/s Ethernet; an Ethernet network adapter card and RJ45 cable are required to connect. Students desiring network cables longer than 12 feet to accommodate unique room/furniture arrangements should consult with LIS; in some buildings, the length of the in-the-wall wiring limits the permissible length of extension cables. Modem connections from student rooms are not supported: do not attempt to plug a modem into a network jack. Many new computers come with Ethernet cards built in, or cards may be purchased as add-ons.
Network fan-out devices, such as "hubs," to allow students to connect more than one computer to a single network jack, are prohibited without permission from LIS. They can cause serious malfunction of the local network in certain residence halls. Discovery of an unauthorized network hub may result in the disconnection of the student's network jack. Where possible, LIS will activate a second network jack to accommodate students who have more than one computer.
No student computer may be configured as a router or set up with modems and software to permit dial-in access to College networks from off-campus. Students wishing to configure their machines as servers, have fixed IP addresses, or run other operating system software than the conventional Microsoft Windows or Macintosh network client systems must first consult with LIS staff. Incorrectly configured machines can cause serious disruptions of the campus network.
Home networking devices, such as DSL or cable-modem devices, home routers, wireless routers and wireless access points, etc., can cause serious disruption of campus network services. The default, "out of the box" configurations of many of these are such that, if connected directly into the campus network, they can disable network access for an entire subnet. No such device may be connected to the campus network without prior consultation and approval of LIS network management staff. Discovery of unauthorized devices may result in immediate disconnection of network service. If a device is found to be disrupting network services, it will immediately be disconnected from the network while LIS staff members attempt to contact the owner.
Students may NOT register their own domain names with commercial Internet domain registration service providers pointing to computers on the College network. Network services to a student room will be terminated if such activity is discovered.
Communications Infrastructure Maintenance
Improperly configured or malfunctioning computer or communication equipment can seriously degrade the operation of the College's communication networks. It may be necessary for LIS personnel to enter a student room to confirm the location of such a device, and, if necessary, disconnect it from the network until the situation can be resolved. LIS will attempt to contact the student before entering the room, but time-critical situations, where significant network services are impacted, may require entry without prior approval. Students' computers will not be touched without their prior consent; room entry will be only for the purpose of confirming that the misbehaving computer has been properly identified. For the protection of the student, the Department of Public Safety and/or the Commons office will be notified if entry is made without prior approval. Any temporary disconnection will be made in the network equipment closet, without directly handling students' property.
If students request assistance from LIS to repair a problem with their network connection, they may give LIS permission to enter the room and disconnect equipment for testing and troubleshooting in their absence.
Similarly, telephone services personnel may enter student rooms in the residents' absence to effect repairs to voice telephone equipment or infrastructure.
Network Security Policy
In order to maintain the best possible computing environment for students and faculty, as well as to maintain the stability of the Middlebury College computer network, Library and Information Services (LIS) expects members of the College community to abide by policies and procedures regarding the use of computing resources on campus and the interaction between on-campus resources and the outside world. Although the Internet is a useful tool, malicious users and software programs from outside the College's computer network may negatively affect the experience of network users if not actively dissuaded.
Peer-to-Peer (P2P) traffic is one medium to exchange information over the network. Priority is given to academic and administrative non-P2P traffic both leaving and entering the college's network. Otherwise, P2P traffic would easily consume the college's Internet bandwidth.
Viruses and worms, if allowed on the network, can cause considerable computer system damage and downtime. Attachments of all electronic mail sent through the Middlebury network are scanned automatically by anti-virus programs for malicious content and blocked when found to be infected. To protect the network from the automatic proliferation of worms, all student, faculty, and staff computers must be correctly patched and protected from common threats, as described in the "Responsible Use of Computing and Network Service and Facilities" section of the College Handbook.
LIS reserves the right to block all traffic and services deemed malicious, through the use of firewall rule sets that protect Middlebury's computing resources from the Internet. Firewall policies will not affect or impair the use of the College network, Internet, or off-campus resources by most users. Students, faculty, and staff with systems that require Internet access beyond that granted by our standard rules must submit those systems to a full security review by appropriate LIS personnel. Such systems and any unfiltered systems will also be subject to additional reviews required by LIS. Privileges will be removed from any systems unable to pass a review. Such systems may, by decision of LIS, be restricted from internal network services or protection for the duration of their outside exposure.
With new attacks and vulnerabilities commonly discovered in a wide range of systems, LIS cannot predict what malicious network use may surface. To defend our community against new or emerging network security threats, LIS reserves the right to respond immediately by imposing network restrictions upon any computer system at the College without prior notice.
Standards for Remote Access
Before accessing Middlebury College's network remotely, either via dial-up or Virtual Private Network (VPN), users must ensure that the computer they are using to connect to the Middlebury network is clean of all spyware, malware and viruses, whose existence can be the most direct way of compromising network security and passwords. If spyware, malware or viruses are seen emanating from a computer that is remotely connected, the user's account will be locked until the password is changed and the user's remote access permissions will be revoked until their computer is serviced.
A
utomated network management and remediation
The campus network employs an automated network management system that forces all unregistered network devices (computers, game consoles – anything that plugs into the network) into a private portion of the campus network. In order to gain access to the College's servers and the Internet, all users must first register their computers (or network aware devices). Part of the registration process involves automatically scanning the user's computer for potential virus risks that could threaten the campus network and other computers on the network; while this scan is passive (and requires no user interaction), if a vulnerability is found, the computer will be automatically placed in a quarantined portion of the network until remediation of the vulnerability occurs. Registered computers are automatically scanned periodically for new vulnerabilities as they are released and, as such, users' computers may be placed in quarantine until appropriate patches are applied.
If a computer is found exhibiting viral or malicious activity it will be placed in an area of the network where it poses no threat to other computers on the network. While LIS network management staff does not inspect data directly, we do employ automated measures to look for signatures of malicious activity that might pose a threat to the campus network and others.
Telephone Services
Telephone Services provides all voice services to the College. Faculty, staff, and residential students are offered local and long distance service and voice mail boxes. Off-campus students may use voice mail boxes using their assigned College extensions.
Please consult the Telephone Services webpages for service descriptions, how-to guides for the telephone and voice mail systems, prepaid long-distance services for students, and sources for additional information.
Password Policy
All Middlebury College students, faculty, and employees (including contractors and vendors with access to Middlebury College systems) are responsible for taking the appropriate steps, as outlined below, to select and secure their passwords. Passwords are an important aspect of computer security. They are the front line of protection for user accounts. A poorly chosen password may result in the compromise of Middlebury College's entire computer network.
This policy defines standards for creation of strong passwords, their protection, and required frequency of change. The policy applies to all individuals who have, or are responsible for, an account (or any form of access that supports or requires a password) on any system that resides at any Middlebury College facility, has access to the Middlebury College network, or stores any non-public Middlebury College information.
Standards for Creating Strong Passwords
All user-level and system-level passwords must conform to the Middlebury's Guidelines for Construction of Strong Passwords, described below.
Guidelines for Construction of Strong Passwords
Passwords are used for various purposes at Middlebury College. Some of the more common uses include: user level accounts, web accounts, email accounts and Banner logins. Since it is very easy to guess or crack certain types of passwords, everyone should be aware of how to select strong passwords.
Users must construct strong passwords with all these characteristics:
a. contain both upper and lower case characters and digits(e.g., a-z, A-Z, 0-9)
b. contain punctuation characters (listing updated 15-May-2008)
the following are acceptable:
~ ^ * _ ? \ . / ! + - { } [ ]
the following are not be used for Middlebury's systems:
@ $ & " : ( ) , < > ` ; = | # % (and blank spaces)
c. are at least eight alphanumeric characters long
d. are not a word in any language, slang, dialect, jargon, etc.
e. are not names of famous people, characters in TV shows or movies
f. are not based on personal information, names of family, etc.
Users must avoid poor, weak passwords with any these characteristics:
a. less than eight characters long
b. a word found in a dictionary (English or foreign)
c. a common usage word
d. any representation of the user's birthday
e. the name of family, pets, friends, co-workers, fantasy characters, etc.
f. the words "Middlebury College", "middlebury", or any derivation
g. an alphabetic or numerical pattern such as aaabbb, qwerty, zyxwvuts, 123321, etc.
h. any of the above spelled backwards
i. any of the above preceded or followed by a digit (e.g., secret1, 1secret)
j. other personal information such as addresses, social security and phone numbers
A suggested way to create a password is to devise a mnemonic on a song or book title, affirmation, or other phrase. For example, passwords based on the phrase "This May Be One Way To Remember" could be "TmB1w2R!" or "Tmb1W>r~" or some other variation. NOTE: Do not use either of these examples as passwords!
Standards for Password Protection
All passwords are to be treated as sensitive, confidential Middlebury College information. Passwords must be changed on a regular basis (see Standards for Frequency of Changing Passwords).
Passwords MUST remain confidential. Users must NEVER:
a. reveal a password in an email message, instant messaging software, or other forms of electronic communication
b. reveal a password over the phone to anyone
c. reveal a password on questionnaires or security forms
d. reveal a password to anyone, including other employees or students, supervisors, administrative assistants, student workers, friends, or family members
e. reveal or talk about a password in front of others
f. hint at the format of a password (e.g., "my family name")
g. write down passwords and store them anywhere in your office or room
h. store passwords in a file on any computer system (including Palm Pilots or similar devices) without encryption
i. use the same password for Middlebury College accounts as for non-Middlebury College access (e.g., personal internet account, option trading, electronic banking, benefits, etc.)
j. use the "Remember Password" feature of applications (e.g., Outlook, Internet Explorer, Netscape Messenger), whenever possible
No Middlebury College student or employee should ever request another member the community for a password. If someone demands a password for a College computer or account, refer them to this policy, or have them contact the LIS Help Desk helpdesk@middlebury.edu.
If an account or password is suspected to have been compromised, report the incident by sending an email to helpdesk@middlebury.edu and then change ALL passwords. Passwords may be changed by visiting http://go.middlebury.edu/password.
Standards for Frequency of Changing Passwords
Passwords for Middlebury College computer and network accounts must be changed at least every six months (for user access to the College network, e-mail, Banner, file servers, Segue and course management systems, special College web applications).
Users with administrative or system-level access (e.g. root, local or domain administrator and enable) must change passwords at least every three months.
When possible, College computer systems will be programmed to notify users in advance that passwords are due to expire and will prompt the users to select new passwords.
Privacy and Security of Files, Data and Communications
CONFIDENTIALITY OF LIBRARY RECORDS
Borrower records maintained by the libraries, which contain information relating to the identity of a library borrower or the borrower's use of books or other materials at the library are confidential. Middlebury College ID holders may access their library accounts via a protected account on the library's Web page.
These records may only be released with the express written permission of the borrower involved, or as the result of a subpoena, warrant or court order. Under terms of the USA PATRIOT legislation, the College may not be permitted to inform you if information has been released as part of a terrorist or criminal investigation.
PRIVACY OF ELECTRONIC FILES AND COMMUNICATIONS
The following guidelines shall serve to protect the privacy of the Middlebury College community.
1. College computing resources are provided for educational and administrative purposes. We recognize that computing resources will be used for storing and communicating many types of information, including that of a personal nature. Members of the College community are expected to be judicious in their use of computing resources. These resources should never be used for personal for-profit gain, theft, fraud, invasions of privacy, distribution of illegal materials, or distribution of copyrighted or licensed materials without appropriate approval. Individuals bear the responsibility to avoid libel, obscenity, undocumented allegations, attacks on personal integrity, and acts of harassment.
2. Files stored on an individual's computer or on a shared central system or file server are considered private, to be viewed only by the original creator of the files, unless otherwise so designated by the creator. Access to files by others is prohibited without just cause. (See section 5 below.)
2a. Faculty and staff should take steps to assure that documents necessary to the operation of the College are available to those that may require them.
3. Electronic communications and messages (such as e-mail) are considered private, to be viewed only by the original sender and designated recipient(s). Access to messages by others is prohibited without just cause or permission. (See section 5 below.) We encourage individuals to reinforce this for sensitive files and messages by flagging them as confidential.
3a. As a matter of principle and ethics, individuals bear the responsibility for assuring that e-mail messages, including attachments and previous appended messages, are forwarded only to parties whose interest is consistent with the purpose of and intent of the previous correspondents. If in doubt, obtain the consent of the original correspondents before forwarding.
4. Members of the Middlebury College community should be aware of the following considerations:
4a. Data storage and communications are not perfectly secure. There are software and physical limitations that can compromise security. LIS tries to minimize such exposures, but the risks exist.
4b. Mail delivered outside of the College is notably insecure and should be treated like a postcard. Individuals may redirect (forward) their electronic mail to another Internet site off-campus. Unless you know that the intended recipient of an e-mail message has not redirected mail to an off-campus site, you should assume the possibility that others may see the content of the message.
4c. Deletion of files or e-mail messages does not guarantee the inaccessibility of those files and messages. Centrally maintained file-storage devices and mail systems are archived to magnetic tape regularly. These archive tapes are kept for 60 days.
4d. Privacy depends upon individuals keeping their password secure. Anyone using Middlebury College systems must have difficult-to-guess passwords and must not share his or her password with others.
4e. Many off-campus Internet sites may record information you provide and divulge this to others without your prior consent. In some circumstances, information about you, your activities on the remote site, and information about your computer, may be recorded without your knowledge. Some remote Web sites may store information on your computer in the form of hidden files or "cookies." Caution and prudence are advised when providing any information you would consider confidential to unknown third parties.
5. Access to another individual's electronic files and e-mail is permissible only if there is just cause in the following situations:
5a. If the creator of files, or the sender/recipient of electronic mail messages, has granted specific permission for another individual or individuals to view designated files and messages.
5b. In the event of a significant electronic mail system software problem that prevents automatic delivery of electronic mail, e-mail message headers must be read by authorized LIS staff to direct e-mail to the intended recipients.
5c. In cases of suspected violations of LIS policies, especially unauthorized access to LIS systems, the administrator of the LIS system may authorize detailed session logging and/or limited searching of user files to gather evidence on a suspected violation. Illegal, irresponsible, or unethical activities may result in loss of privileges or penalties consistent with the judicial procedures and policies of the College.
5d. In the event of a medical emergency involving a member of the College community which renders them unable to access files or messages considered essential for the continuation of College business, another individual may access the individual's electronic files and communications under the procedures set forth in section 6 below.
5e. In the event of a need-to-know emergency (suicidal or homicidal threat), access to an individual's files or messages is permitted, following the procedures outlined in section 6 below.
5f. In the event that a local, state, or federal law-enforcement authority in the investigation of a crime, civil litigation, or regulatory proceeding produces a subpoena, discovery request, or warrant granting access to files or messages, following the procedures outlined in section 6 below.
5g. In the event of a financial or legal audit, following the procedures outlined in section 6 below.
5h. In any other instance, no access is granted to an individual's electronic files or messages without prior review and approval by the appropriate body as indicated in section 6a below.
6. Emergency access to another individual's electronic files and messages is granted only under conditions noted in section 5 above.
6a. Before invoking any such procedure, the circumstance creating the need for access shall be reviewed in a timely fashion, access shall not take place without approval, and specific procedures and strictures may be recommended for each circumstance. The persons involved in the review and approval process will vary depending upon the individual involved:
- Human Resources will assume review and approval responsibility in cases involving a faculty or staff member.
- The dean of of the College or the appropriate Commons dean will assume review and approval responsibility in cases involving a student.
- LIS will work with the departments mentioned above to determine if the needs of the College or third party requesting access outweigh the privacy needs of the individual.
6b. A neutral third party (not the person's supervisor, adviser, or teacher) shall examine files and messages on the individual's computer, mailbox, or file-server space and provide only the specifically requested file(s) or message(s) to the requester.
6c. The student, staff, or faculty member will be notified that access has been granted to his/her files or messages unless there is sufficient and compelling reason not to have done so.
6d. No other files or messages may be copied, transferred, or forwarded.
7. The LIS personnel charged with the administration of the College's computing systems and file servers take their obligations to protect individuals' privacy very seriously. The professional standards consistent with positions that require select individuals to have access to personal and sensitive information are strictly enforced. In accordance with general College policy, inappropriate use, access, or sharing of confidential information is grounds for summary discharge of employment. (see the section on summary discharge in the Employee Handbook entitled Leaving Middlebury College.)
8. Middlebury College has procedures, protocols and training programs for employees to optimize privacy and security of financial transactions and personal information in compliance with the Gramm-Leach-Bliley Act. (see also Banner Security Procedures below).
9. These policies are subject to change only as may be reasonable under the circumstances.
BANNER SECURITY PROCEDURES
Banner information systems are an integral part of the mission of Middlebury College. The college has made a substantial investment in human and financial resources to obtain and manage these systems. The following procedures have been established to protect this investment and the good reputation of the college; to develop data stewardship to safeguard the information contained in these systems; and to enhance the fulfillment of the mission of the college.
LIS staff members in the Systems and Infrastructure area and the Web services workgroup, the database administrator (DBA), and the Banner systems administrator are responsible for the administration of these security procedures, in accordance with all college information policies dealing with security, access, and confidentiality of college records.
Statement of responsibility
All users of Banner, BannerWeb, and applications that depend on Banner data (such as Hyperion and Resource25) are required to comply with these security procedures.
Systems and Infrastructure (S&I) responsibilities
S&I shall be responsible for the administration of all access controls for Banner. S&I will process adds, changes, and deactivations to user accounts upon receipt of a written request from the end user's supervisor or manager. (See sections titled Request for user access process and Access deactivation process.) Requests to add or change access must include all required approvals for the appropriate level of access. Requests to deactivate access may be processed by an oral request from Human Resources prior to the receipt of the written request. The DBA and the systems administrator will maintain records of all processed access requests in a secure area.
Employee responsibilities
An employee who uses Banner or applications that depend on Banner data shall:
- Ensure that all Banner access requested and used is for professional reasons and they are required for their productivity.
- Use and protect their own account passwords and privileges, and not share those with other employees or non-employees.
- Be responsible for the content of all Banner data that is placed over the Internet or sent through email.
- Know and abide by all college information policies dealing with security and confidentiality of college records.
- Avoid transmission of nonpublic Banner information. If it is necessary to transmit nonpublic information, employees are required to take steps reasonably intended to ensure that information is delivered securely to the proper person who is authorized to receive such information for legitimate college use.
Supervisor and manager responsibilities
Supervisors and managers shall:
- Ensure that all appropriate personnel are aware of and comply with these security procedures.
- Provide appropriate data stewardship in their areas of responsibility.
- Work with the DBA and the systems administrator to create and validate proper authorizations for Banner data access for current and new employees.
- Create appropriate control practices, standards, and methods designed to provide reasonable assurance that all employees observe these security procedures.
- Provide appropriate support and guidance to assist employees in fulfilling their job responsibilities under these security procedures.
HR (Human Resources) responsibilities
HR will notify S&I of employee transfers and terminations biweekly, or as soon as necessary. Involuntary terminations will be reported concurrent with the termination.
Data stewardship
Data stewardship has as its main objective the management of the college's data assets in order to improve their usability, accessibility and quality. This is accomplished through the role of the data steward. The primary data stewards are the department heads, or their designates, who have planning and policy level responsibility for data within their areas, and management responsibilities for defined segments of the institutional data. In the simplest terms, the data stewards could be said to be the owners of the data. Currently, data stewardship is the responsibility of the Banner functional leads and their designates, and the Data Integrity Group members.
It is the data stewards' responsibility to develop consistent data definitions, develop and adhere to data standards created by the institution, document the business rules of their area, monitor the quality of the data input and output from the Banner systems they use, define security requirements, work with other data stewards on integration requirements, and communicate critical uses of data on which other departments depend. As data are developed, the data stewards assure that storage and access of the data is appropriately managed. This shall include the classification of all forms, views, reports and all other forms of access in which this data is expressed.
The data stewardship function shall have one or more data stewards assigned to each major data subject area. These subject areas consist of the major Banner modules, comprised of Finance: Controller's Office, Accounts Payable, Accounts Receivable, Purchasing, Budget Office; Human Resources: Payroll and Position Control; College Advancement and Development; Student Systems: Admissions and Recruiting, Catalog, Schedule and Location Management, Registration, Academic Records and History, Fees and Billing, Faculty Load, and Housing; and Financial Aid. The College also maintains and develops custom applications that are designed and integrated with Banner which also require data stewardship, including Vehicle Registration and Ticketing, and College Driver License systems for Public Safety.
Oracle security requirements for Banner
Security classes and class ownership
Banner security is designed and implemented based on inherent characteristics of Oracle database security, including password management, object privileges, security roles, and grants. Banner maintains security classes that enable Oracle roles containing specific object privileges. These security classes allow the college to implement a distributed security model based on security class ownership of specific Banner functionality and data. The functional lead or a designated data steward shall be the security class owner who controls all access requests for the security class.
Each Banner module and functional area shall design a set of security classes which define all forms used within their module or area and the access type of either Query (view only) or Maintenance (adds, changes, inserts, and deletes). In addition to Oracle database security implemented in Banner security, some of the modules provide system specific security at the form level. This allows the college to maintain security by fund and organization code, employee class code, and/or salary range. Details on the design and definition of Banner security are available in the Banner Technical Reference Manuals.
Security classes can be designed based on the following access types:
- Administrator, Maintenance access—an administrator with global access to tables and forms for administration purposes in a given module, allows view and change (updates, inserts, and deletes)
- Internal user, Query access—a selection of relevant forms, allows view only
- Internal user, Maintenance access—a selection of relevant forms, allows view and change
- External user, Query access—a selection of relevant forms for individuals outside of a given functional area, allows view only
- External user, Maintenance access— a selection of relevant forms for individuals outside of a given functional area, allows view and change
- Student user, Maintenance access—a limited selection of relevant forms for data input
In general, a user may have multiple security classes assigned to him/her, rather than developing a custom security class to meet the needs of an individual, or sporadically adding individual forms to a given user account to create a completely custom profile for each person. For example, the gift processing department manager in Advancement may need the External user, Query access type for budget forms to review the department's budget; the Internal user, Maintenance access type for Advancement gift processing to assist with inputting gift data; and the Internal user, Query access type for Advancement for donor-related information to see but not modify relevant information related to donors.
User accounts
To use the Banner client software or BannerWeb a user must have an Oracle user account in the appropriate databases in accordance with their job function. During the implementation phase of any Banner module, a user may have multiple user accounts in the Production, Pre-Production, Practice, Training, and Development databases. All Oracle user accounts for Banner are created by the DBA or the systems administrator.
Access control
The data access type and security classes appropriate to the user shall be approved by the functional lead or the data steward of the functional area before the user account can be established or maintained. In some areas the security class maintenance function is performed by the technical or functional lead in accordance with special administration rights granted by the DBA and Systems Administrator. Questions about the different data access types for security classes should be directed to the DBA and systems administrator.
Oracle security requirements for Hyperion and other applications using Banner data
Security roles and role ownership
Each Banner module and functional area shall design a set of Oracle security roles that define object privileges on all tables, views, object access views, and custom views used within the module and the access type of either Select—allows query for reporting only; or Update, Insert, and Delete—allows data to be changed and is restricted to Technical Leads for conversion and special purposes. These security roles allow the college to implement a distributed security model based on security role ownership of specific Banner data. The functional lead or a designated data steward shall be the security role owner who controls all access requests for the security role. In addition to Oracle database security, some of the Banner views provide system specific security at the view level using functions that filter the data so that only the appropriate data is shown to the user. This allows the college to maintain security by fund and organization code, employee class code, cashiering, and/or salary range.
To use other applications such as Toad and SqlPlus a user must have an Oracle user account, or an authorization to an existing Banner schema account such as is needed for system or application development. All authorizations to existing Banner schema accounts are granted by the DBA or the Systems Administrator.
User accounts
To use Hyperion applications, a user must have both an Oracle user account with security role grants and an Hyperion account. The Oracle user account is granted the appropriate security roles by the DBA or the Banner systems administrator.
Access control
The Hyperion product type and security roles appropriate to the user shall be granted by the functional lead or the data steward of the functional area. Questions about the different data access types for security roles for Hyperion products can be directed to the reporting specialist for the area, the Hyperion system administrator, the DBA, or systems administrator.
Request for user access process
A basic form is provided to all functional leads which they submit for each new employee, or changes in positions/responsibility for existing employees. If an employee leaves one area and begins working in another, a termination form MUST be submitted by the original area, and a new employee form submitted by the new area to guarantee that permissions from one don't "linger" into the new area.
Steps to create user access:
- if new employee, network access created first
- must have written request
- create Oracle user account
- grant security classes
- if Hyperion needed, must have written request
- grant access to user account to Hyperion
- Functional Lead grants security roles
- if employee needs system level security (Fund/Org, Eclass, etc.) send to appropriate data steward for setup
Access deactivation process
HR will send a written request to S&I for an employee's access to be deactivated due to transfer or termination with the effective date. On the effective date, and within 24 hours of the employee's official separation from the college, the Oracle user account and BannerWeb access will be expired and disabled. Some level of access detail information is retained for audit purposes. Timeliness is essential to prevent any unauthorized access to data, therefore HR also submits this information to S&I to guarantee that both internal and external users of a Banner module are also removed from the system in a timely manner.
Security assessment
Each functional area has a clearly defined set of Banner security classes that is readily available for review and stored in a location that is available to said area, as well as appropriate systems management staff. Each area reviews the definition of their classes at least annually, and at the time of a system upgrade, to guarantee definitions are still appropriate, and that newly delivered forms are assigned to appropriate classes. Each functional area is required to review and sign off on their Banner security classes each year.
At least twice a year, the functional lead representing each module of Banner receives from the DBA or systems administrator a printed report of all users who currently have access to some portion of their data and the roles assigned. Functional users are REQUIRED to review this information, sign off, and return this to the DBA and systems administrator to keep on file. Receipt of this report is the final "catch all" particularly for users perhaps outside of the functional lead's primary area. Before returning to the systems administrator, the functional lead determines that those external to their primary area are still employed similarly and need access similar to what had been originally granted. Changes are typically fairly limited, as the termination protocol should capture these changes immediately. Non-receipt of this important documentation may result in user account terminations.
Web and Email
WEB PAGES AND ELECTRONIC MAIL
Web Page Policies
The content of Middlebury College's web sites results from contributions by institutional, departmental, and individual content providers who are responsible for the content of their postings. In some cases, the College's web sites provide access to personal information posted by individual members of the College community.
College Communications and Web Services provide oversight of the College's web sites by assuring a high level of accuracy, quality, and timeliness of information and ensuring proper use of the College's brand identity. In addition, the design and organizational structure of web sites are monitored so that these online presences reflect positively upon the College. To advance the use of the web as a resource for people seeking information both on and off campus, College Communications and Web Services encourage and remain aware of other groups who develop courseware content and academic, administrative, and library applications, and work to support and guide them in these efforts.
Departmental/Institutional web pages are created and maintained by academic and administrative departments and programs on campus, in coordination with College Communications. These pages provide official representation of Middlebury College and are expected to comply with the guidelines in this document and related policies available from College Communications and Web Services.
Curricular web pages are created by faculty and students with assistance provided by LIS. These pages are used in conjunction with courses taught at the College to encourage innovation in teaching and learning.
Personal web pages are created by individual members of the College community (students, faculty, and staff), and by student organizations. Further guidelines for personal pages are provided below.
Guidelines for All Web Pages
1. Materials and information created and posted on Middlebury College Web sites are the intellectual property of institutional, departmental, or individual information providers. These providers must comply with copyright and fair use laws such as the Digital Millennium Copyright Act of 1998 and all relevant College policies, including those governing use of computing resources, nondiscrimination, harassment, use of College facilities and services for commercial purposes, and student and employee conduct.
1a. Any use of Middlebury College's Web sites for illegal or inappropriate activities or harassment is prohibited. Illegal activities shall be defined as a violation of local, state, and/or federal laws. Inappropriate use shall be defined as a violation of the intended use of the College's computing resources and policies, and/or the purpose and goals of the College Web site. Harassment is defined and addressed in the Middlebury College Harassment/Discrimination Policy Statement found in the College Handbook .
1b. Unauthorized use of Middlebury College's Web sites for commercial purposes is prohibited. Personal or institutional Web pages may not be used for direct advertising for personal profit or gain. Direct links to non-College commercial entities, unless directly related to research or the curriculum, are prohibited unless approval is granted by College Communications.
1c. Unauthorized use and/or distribution of others' intellectual property (including but not limited to text, images, sound, and software) violates College policies and the Honor Code, and is prohibited. Middlebury College intends to comply fully with the Digital Millennium Copyright Act of 1998.
1d. Exploiting Middlebury College's Web sites for malicious purposes is prohibited. Discovered exploits should be reported to webmaster@middlebury.edu , immediately. Public disclosure of means to exploit the College's web sites is prohibited and is subject to disciplinary action.
2. As stated in the Middlebury College Harassment/Discrimination Policy Statement, Middlebury College recognizes that the protection of free and open speech and the open exchange of ideas are essential to any academic or artistic community and crucial for the activity of scholars and artists. Free, honest intellectual inquiry, debate, and constructive dialogue are vital to the academic mission of the College and must be protected, even when the views expressed are unpopular or controversial.
2a. Middlebury College also recognizes that contents of electronic publications or electronic communications can be used specifically to intimidate or coerce and to inhibit genuine discourse, free inquiry, and learning. Such abuses are unacceptable. As an educational institution, Middlebury College is committed to maintaining a campus environment where bigotry and intolerance, including discrimination on the basis of gender, sexual orientation, gender identity and expression, race, ethnicity, religious beliefs, physical ability, or age have no place, and where any form of coercion or harassment that insults the dignity of others and interferes with their freedom to learn or work is unacceptable.
Guidelines for Departmental/Institutional Sub-Sites
1. www.Middlebury.edu is the College's offical on-line presence. This web site is an integrated-information system which provides information about the College to external audiences and enables access to institutional services and resources for research and scholarship for faculty, staff, and students.
2. All appropriate departments at Middlebury College must have a presence in the College's www.Middlebury.edu web site. Departmental sub-sites will conform to the design and content standards as defined by College Communications.
3. Each department or office must designate a single individual who is the liaison to College Communications and Web Services, and who is primarily responsible for the content of that department's or office's sub-site. The liaison, generally referred to as Content Provider, must be a current member of the faculty or staff. The liaison may designate additional faculty, staff, or students that may be given appropriate security permissions necessary for editorial access to the files of that department or office only. College Communications and Web Services will review and process requests for editorial access on a regular and timely basis.
3a. The liaison is named on the department sub-site, along with e-mail and phone contact details. Suggestions for changes, additions, and corrections to the content of the sub-site should be sent to the Content Provider.
3b. Liaisons are responsible for keeping the contents of sub-sites current and accurate. Departmental sub-sites must be reviewed at least annually, prior to the beginning of the academic year or current program.
3c. Liaisons are also responsible for keeping departmental sites that do not live under
www.Middlebury.edu current and accurate, such as those hosted under cat.Middlebury.edu and web.Middlebury.edu.
Guidelines for Student Organization Sites
[updated August 17, 2007]
1. Currently registered student organizations may publish their own Web pages upon approval by the Center for Campus Activities and Leadership (CCAL). Each student organization must annually name a currently enrolled Middlebury College student as Web editor for its Web site. Pages shall be posted on the Web server designated by Library & Information Services.
1a. Pages are solely the responsibility of their creators as authors and publishers. Middlebury College will not regularly monitor or edit these pages.
1b. Middlebury College assumes no responsibility, legal or otherwise, for the content of student organization pages. Any claims asserted against a student organization or the Web editor of the student organization site for material contained student organization pages shall be the responsibility of the organization.
1c. Student organization sites may not be used for electronic commerce, nor as sites for personal political campaigns.
1d. The College will review complaints, questions, and concerns regarding allegations of copyright infringement, misuse of intellectual property, harassment, use of College Web resources for commercial purposes, and other legal issues. If the complaint is valid, the College will contact the student organization's Web editor and request immediate revision of the Web page and/or removal of inappropriate materials in compliance with College policies, intellectual property law, and guidelines for responsible use of computing resources. The College may shut down the Web site if there is inadequate or no response from the student organization. Illegal, irresponsible, or unethical activities may result in loss of privileges or penalties consistent with the judicial procedures and policies of the College.
Guidelines For Personal Pages
1. Middlebury College provides faculty and staff and currently enrolled students the opportunity to publish Web pages.
1a. These personal pages are solely the responsibility of their creators as authors and publishers. Middlebury College will not regularly monitor or edit these pages.
1b. Middlebury College assumes no responsibility, legal or otherwise, for the content of personal home pages. Any claims asserted against an individual author for material contained in his or her home page shall be the responsibility of that individual author. In general, the owner of a personal Web page may be contacted via e-mail. The username of the author is embedded in the URL of their Web page; e.g., jdoe@middlebury.edu is the mailing address for the owner of a Web page with the address http://community.middlebury.edu/~jdoe
1c. Faculty, staff, and students who are candidates for public office may not use their personal Web pages as campaign sites. Members of the College community who are seeking public office should arrange with other Internet service providers to host campaign Web pages.
1d. The College will review complaints, questions, and concerns regarding allegations of copyright infringement, misuse of intellectual property, harassment, use of College Web resources for commercial purposes, and other legal issues. If the complaint is valid, the College will contact the individual creator of the Web page and request immediate revision of the Web page and/or removal of inappropriate materials in compliance with College policies, intellectual property law, and guidelines for responsible use of computing resources. Illegal, irresponsible, or unethical activities may result in loss of privileges or penalties consistent with the judicial procedures and policies of the College.
Electronic Mail Policies
Electronic mail as official Middlebury College communication
E-mail is considered an official method for communicating with students at Middlebury College. Official e-mail communications are intended to meet the academic and administrative needs of the campus community. The College expects that such communications, many of which are time-critical, will be received and read in a timely fashion. To enable this process, the College ensures that all students are issued a standardized college e-mail account through their academic years at Middlebury College. Students who choose to forward e-mail from their College e-mail accounts are responsible for ensuring that all information, including attachments, is transmitted in its entirety to the preferred account.
Guidelines for Appropriate Use of All Campus Electronic Mail Messages
1. E-mail messages may be sent to groups comprising all faculty, all staff, and/or all students.
1a. Faculty and staff members may send e-mail messages to all faculty and all staff groups. Students may do so only upon receiving special permission from appropriate College administrative staff members.
1b. Electronic mailings to all students are possible only with permission of appropriate College administrative staff members. Contact LIS for guidance in seeking appropriate permissions.
2. These guidelines simply reflect common courtesy to help everyone's use of e-mail be most efficient:
2a. Messages must relate directly to College business. Announcements of non-college events should be handled through other channels (such as local newspapers). Advertisements for personal items may be accomplished through the staff and student newsletters or newspapers.
2b. E-mail messages should be avoided for College events already listed on-line or in publications, unless there is significant supplemental information or last-minute changes in location or time.
E-mail Retention Policy
Library and Information Services (LIS) creates electronic mail backups daily, solely for the purpose of restoring the entire electronic mail system in the event of a disaster. Backups are retained for a period of 60 days, and then the content is destroyed.
Backups are not available in order to retrieve deleted messages nor do they serve as a record for the purpose of retention. If you wish to retain a copy of a message, you should file the message in a folder under your electronic mailbox.
Each department should make provisions for retaining messages in accordance with departmental needs and craft appropriate departmental policies.