Electronic Resources Acceptable Use Policy

This Acceptable Use Policy (AUP) supplements existing standards and responsibilities that specifically apply to use of the College's "e-resources" (as defined below). Amherst College supports an extensive information-technology environment for faculty, staff, students, and other members of the College community. The College's general policies and codes of conduct apply to the electronic environment just as they apply in all other College settings. This Policy also explains the roles of those charged with maintaining, operating, and overseeing College e-resources.

Purpose

The College makes e-resources available to support its academic and administrative goals, and uses of e-resources to advance those goals take precedence over all other uses. 

This Policy defines how to use electronic resources (like computers and the internet) provided by the college to support school work, research, administrative responsibilities and other activities that are important to the college. These e-resources, like other services provided by the college, should be used in ways that do not cause harm to the systems or to others and do not let anyone use them without appropriate permission. This Policy also explains the roles of those charged with maintaining, operating, and overseeing College e-resources. 

While each person will have different purposes for using and accessing e-resources; each person also has a shared responsibility to utilize those e-resources appropriately and to protect the e-resources from unauthorized access or use. The standards and responsibilities enumerated in this policy ensure that the college can comply with its obligations and ensure that the e-resources remain available for the many endeavors of the College and its constituents. 

Scope

This policy applies to all persons who access, use, or maintain the College's e-resources (referred to in this policy as "users"), including without limitation the faculty, staff, students, alumni, and guests of:
  • Amherst College,
  • The Folger Shakespeare Library,
  • The Emily Dickinson Museum,
  • Other Five College institutions (Hampshire College, Mount Holyoke College, Smith College, and the University of Massachusetts Amherst), and
  • Five Colleges, Inc.

This policy applies to all information-technology and other electronic resources ("e-resources") of the College, including without limitation:

  • All computers, systems, equipment, software, networks, and computer facilities owned, managed, or maintained by the College for the handling of data, voice, television, telephone, or related signals or information;
  • Any access or use of the College's electronic resources from a computer or other system not controlled or maintained by the College; and,
  • The creation, processing, communication, distribution, storage, and disposal of information and IT equipment under the College's control.

In addition, members of the College community may have access to third-party e-resources through their affiliation with the College, including the e-resources of other Five College institutions (Hampshire College, Mount Holyoke College, Smith College, and the University of Massachusetts Amherst), of Five Colleges, Inc., or of any other contracting party of the College. Use of these resources by members of the College community is governed by this policy as well as any applicable policy or restriction defined by the third-party provider.

The staff of the Amherst College Information Technology department ("IT staff") is responsible for the administration of this policy.

Authorized Uses of E-Resources

E-resources may be used only for the purposes authorized by the College. These purposes generally comprise work, study, research, service, or student residential activities consistent with the College's mission and priorities.

The College recognizes that many users participate in outside academic and professional activities that naturally complement the users' on-campus commitments and enhance their contributions to the College. For example, faculty and staff are active in learned societies, professional associations, academic conferences, the preparation of scholarly publications, and other educational institutions' tenure or departmental reviews, occasionally with incidental compensation. Use of e-resources in connection with such activities is generally acceptable as long as the activities are otherwise consistent with the College's mission and policies. The College also acknowledges that limited personal use of e-resources is compatible with the type of community that the College fosters in support of its broader goals. Such personal use, except by enrolled Amherst College students, must be incidental at most and may not cause the College to incur additional costs. Above all, use of e-resources for outside or personal purposes is always a privilege, not a right, and may not interfere with use for College purposes.

All use of e-resources must comply with:

  • all College policies, procedures, and codes of conduct, including those found in the student, faculty, and employee handbooks;
  • all laws and regulations applicable to the user or the College; and,
  • all relevant licenses and other contractual commitments of the College, as modified from time to time.

E-resources may not be used, committed, or made available, without prior authorization of the provost and the dean of the faculty (in the case of faculty), the chief human resources officer (in the case of staff), or the chief student affairs officer (in the case of students), who will consult with the chief information officer, for:

  • any ongoing business or other commercial activity not administered by the College;
  • the benefit of persons or organizations other than the College; or
  • political or lobbying activities.

The College has sole authority to determine what uses of e-resources are proper and may prohibit or discipline use deemed inconsistent with this policy or other applicable standards of conduct.

Email

The College may send official correspondence to members of its community via electronic mail. Students, faculty, and staff, are expected to check their College issued email account (i.e., @amherst.edu) regularly and are responsible for College information sent there. College employees are expected to use their Amherst College email account for all College-related communications. If a student elects to forward his/her @amherst.edu email to another email account, the student remains responsible for any material not received because of any defect in the forwarding mechanism or the destination account.

College faculty and staff should not forward the entirety of their @amherst.edu email corpus to a personal or external email account.  Forwarding to an external account exposes you to multiple technical and legal risks including risks the college will be unable to defend you from and may result in the external or personal account being drawn into scope as part of a College legal matter.   

Accounts and Access Restrictions

User IDs and passwords are the primary methods used to authenticate users of the College's e-resources. These mechanisms help prevent unauthorized access to e-resources or any restricted information found within them. Users may not share their passwords with any other person and must protect their passwords from disclosure by, for example, monitoring access to their accounts, and contacting the College's IT staff if they suspect their passwords have been compromised. Users may be held responsible for all activity conducted using their IDs. Users must select strong passwords or passphrases composed of a mix of at least eight characters (i.e., numbers, letters, and symbols) or as required by the system at the time of creation. No person, including any member of the IT staff, is authorized to request any user's password.

In addition, certain systems containing College or sensitive information may require multi-factor authentication (MFA).  Users must maintain their MFA mechanisms as directed and should not attempt to avoid using MFA or sharing MFA devices. 

All users must do their part to protect the College's e-resources from unauthorized access. Specifically, all users need to:

  • Take responsibility for the security and integrity of information stored on any personal or assigned desktop, laptop, or handheld system;
  • Take care to access e-resources only from secure environments and to log out of sessions or lock their device before leaving any computer unattended;
  • Maintain software and apps and apply security patches, when available, on any devices used to access e-resources;
  • Take appropriate precautions when accessing or sharing confidential or restricted College data so that such data is protected from unauthorized disclosures and from threats to its accuracy or integrity;
  • Comply with requests from the IT staff and other authorized personnel to update or cease use of e-resources that compromise security; 
  • Report any sensitive data or e-resources, including personal devices, that may have been compromised by unauthorized access, loss, theft or other means to the IT Service Desk; and,
  • Cooperate with system administrators during investigations of improper use, data breach, or security incidents.

And, without authorization, no user may: 

  • Extend the network by introducing a hub, switch, router, wireless access point, or any other service or device to any College network;
  • Provide any other person with e-resources or access to them;
  • Contractually bind the college to services, license agreements, or software outside of defined procurement, grant, or licensing processes;
  • Send e-mail chain letters or mass mailings for purposes other than authorized College business;
  • Alter, remove, or forge email headers, addresses, or messages, or otherwise impersonate or attempt to pass oneself off as another;
  • Obtain e-resources beyond those allocated to the user, seek or gain access to data or user accounts for which the user is not authorized, or eavesdrop or intercept transmissions not intended for the user;
  • Use the College's Internet or other network access in a malicious manner or to obtain, alter or destroy any material which the user is not authorized to obtain, alter or destroy;
  • Tamper with, modify, damage, alter, or attempt to defeat restrictions or protection placed on accounts or any e-resources; or
  • Damage computer or network systems; create or intentionally introduce or propagate computer viruses, worms, Trojan Horses, or other malicious code to any e-resource; attempt to degrade the performance of the system or to deprive authorized users of e-resources or access to e-resources.

Copyright and other Intellectual Property

Users must respect intellectual property rights, including copyrights, in all use of College e-resources. All use of content, including text, images, music, and video, retrieved from e-resources or stored, transmitted or maintained using e-resources, need to comply with copyright and other applicable laws. Copied or generated material, used legally, must be given attribution in conformance with applicable legal and professional standards.

Software may be copied, installed, or used on College e-resources only as permitted by the software's owner or authorized licensor and by law. Use of proprietary software must be properly licensed, and users need to strictly adhere to all applicable license provisions (including those concerning installation, use, copying, and the number of simultaneous users).

Respect for Others

Users must honor the rights of others to privacy, academic freedom, and freedom from harassment. Users may not use e-resources to harass, bully, intimidate, or threaten any person or to create a hostile place to work or study (including doxing). In particular, users need to honor others' requests to stop sending unwanted communications of any kind.

Users may not do anything to interfere inappropriately with others' use of e-resources, including by consuming e-resources in excess.

Users' Expectation of Privacy

The College recognizes the importance of privacy in an academic setting and does not routinely monitor individual usage of e-resources, a current user's email, data, software, or other online activity details. However, normal operation and maintenance of e-resources requires logging of activity, backup and caching of data, and other activities necessary to provide services and ensure adherence to laws, regulations and College policies. The College may access, monitor, limit and/or disclose a user’s communications or other data on e-resources without the user’s permission under prescribed circumstances. These circumstances include the following:

  • To maintain the integrity of its systems, network or data;
  • When required by federal, state or local law, administrative rules, subpoena, court order or other legal authority;
  • To preserve the health and safety of individuals or the Amherst College community;
  • To investigate when there are reasonable grounds to believe that a violation of law or a significant breach of College policy may have taken place and access, inspection or monitoring may produce evidence related to the possible misconduct; or
  • To address a legitimate business need.

With the exception of legally-required access (e.g., responding to a subpoena), such College access to a current user’s communications or other data associated with e-resources without the user’s permission will occur only with the approval of these named roles as listed below for each data type or scenario: 

Approval

Data Type

President of the College AND 
Chief Information Officer

Any type of data 

Chief Financial and Administrative Officer AND Chief Information Officer 
ALONG WITH:

 

    Dean of Faculty

Faculty data

    Chief Human Resource Officer

Administrator and staff data

    Chief Student Affairs Officer

Student data or student conduct situations

Chief Information Officer

Any data in the event of an emergency, to preserve health and safety, or to respond to a cybersecurity incident.

     NOTE:  Any of these named roles above may be fulfilled by one of their respective designees.

In cases of emergency, to preserve health and safety, to respond to a cybersecurity incident, or to comply with laws or other legal authority, the College may access, monitor, limit and/or disclose a user’s communications or other data on e-resources. In these circumstances, the Chief Information Officer or their designee will approve and log any such emergency access and will consult with the Office of General Counsel as necessary to ensure such access and scope complies with applicable law(s).  

Logs related to any approved emergency access will be available for review by the President, Chief Financial and Administrative Officer, Dean of the Faculty, Chief Human Resources Officer, and/or Chief Student Affairs Officer, or their respective designees, as applicable.

Finally, the College cannot guarantee the security of any e-resources against unauthorized access or disclosure.

Oversight of E-resources

Authorized employees of the College, including the IT staff charged with the daily administration of the College's e-resources, are granted significant trust and must use their privileges only as required to complete duties assigned to them. In this role, these employees may:

  • Take all reasonable steps necessary to preserve the confidentiality, availability and integrity of e-resources, including blocking any user's access to e-resources;
  • Reject, remove, or destroy email messages, email attachments, and other files suspected of being spam, phishing, or containing malicious code, such as viruses, worms, and ransomware;
  • Exercise administrative authority over networks, systems, or software in order to grant users access to read, write, edit, or delete information in files or databases, to establish security controls and protection for information and e-resources, or to address claims that intellectual-property or other rights have been violated;
  • Employ a variety of security devices and tools to detect and respond to misuse or unauthorized use of e-resources;
  • With the approval of the Chief Information Officer or the Chief Information Security Officer, temporarily shut off the College's Internet connection, servers, or services, without prior notice, in order to protect College systems, data, and users or to protect other important interests of the College;
  • Temporarily or permanently terminate users' use of e-resources to investigate or remedy any threat to e-resources or violation of this policy; and,
  • Exercise administrative rights over certain e-resources, if those rights are delegated by the IT staff.

Disclaimers

The e-resources and anything accessible on or through them are made available "as is" and "as available."  The College makes no guarantee that any e-resource will be free of objectionable matter, errors, defects, bugs, viruses, worms, "Trojan horses," or other destructive features. The College is not responsible for any harm arising from e-resources or users' reliance on them, nor is it responsible for any third-party content accessed using College e-resources, including content made available by another College user or any third party.

This policy is not a complete statement of the College's rights or remedies, and nothing in this policy waives any of those rights or remedies, including any rights in or to the e-resources.

Non-compliance with this Policy

Violations of this policy are addressed according to the procedures defined in the Student Code of ConductFaculty Handbook, or Staff Handbook, as applicable, and may result in the removal of access to e-resources and/or more serious sanctions.

Changes to this Policy

The College may change this policy at any time. The College will post the most up-to-date version of the policy on the College web site and may, in its discretion, provide users with additional notice of significant changes.

Related Information 

Dealing with Doxing

Copyright and Fair use Policy

Student Code of Conduct

Faculty Handbook

Staff Handbook

Trustee Staff Appointed Handbook

Policy History

Last Revised: 5 Feb 2024

Effective: 19 Feb 2024