Policies Governing Technology Resources at Bentley

Code for Ethical Use of Computing Resources Remote Access
Limitations on Use of Computing Resources Electronic Mail Policy
Information Privacy Internet Use Policy
Use of Institutional Information Handheld Device Policy

Code for Ethical Use of Computing Resources

All members of the Bentley community make use of technology – for example, personal computers, smartphones, application software, Bentley’s network and server infrastructure and the Internet – in pursuing their primary academic and administrative endeavors at the university. Using the university's technology resources for incidental purposes is also permitted, but all usage use must comply with state and federal laws, as well as with Bentley’s own policies governing appropriate use of technology. Bentley requires that technology resources are not 1) used in a way that consumes excessive network resources; 2) abused or wasted; 3) employed in a way that interferes with, damages or harms a person; 4) employed in a way that intentionally interferes with the business operations of the university or any other company; 5) used for commercial gain; 6) used for dishonest or personal advantage; or 7) used to publicly convey what would reasonably be considered a private matter concerning another employee or student. With the exception of employment-related endeavors, excessive use of network resources is defined as individual consumption of bandwidth that is greater than 10 times the average. Computing resources may not be used to promote or facilitate illegal or inappropriate activities or to facilitate actions that violate academic integrity (these may include, but are not limited to, harassment, theft, child pornography, sending or receiving pornographic images, selling papers or other course work, or copyright violation (including the distribution and reception of copyright protected music, movies and games which are obtained illegally). Please be aware that Bentley will cooperate with internal and external authorities in the investigation of illegal activities. Bentley is also obligated to report any instances of child pornography to the appropriate authorities.

Bentley has a legitimate interest in protecting its investment in technology. Toward this end, the university reserves the right to require the registration of all technology-related devices used on campus, regardless of whether the device is owned by the institution or an individual; to prevent or restrict the use of technology brought on campus by faculty, staff and students; to identify and quarantine devices suspected of adversely affecting the network; to employ tools to monitor (at the port level) network-related activity, including bandwidth consumption and point-to-point file transfers; to monitor bandwidth consumption and restrict or eliminate bandwidth allocation to specific devices; to monitor the transmission and storage of confidential information; and to terminate without notice individual network and Internet access upon detecting activities that violate the law or university policies. Violations of this policy may result in temporary or permanent loss of technology-related privileges including Internet, network and e-mail access, fines, assignment of financial responsibility, discipline up to and including immediate termination of employment, expulsion as a student, and legal action. For contractors and other external vendors, sanctions may also include immediate dismissal, termination of contract, and legal action. Employee violations will be handled by the employee's supervisor, in conjunction with the divisional vice president and the Department of Human Resources. Student violations will be referred to the Student Affair’s judicial process or Bentley’s academic integrity process, or both. In cases where individuals are uncertain about whether or not a violation has occurred, students should consult the dean of student affairs; faculty should consult their respective dean; and administrative staff should consult their divisional vice president.

Certain kinds of computer abuse and computer-related fraud are not only prohibited by this policy, but are illegal and punishable by any or all of the following: civil sanctions, criminal fines or imprisonment. Copies of Fraud and Related Activity in Connection with Computers (18 U.S.C. § 1030) and the Wiretap and Electronic Communications Privacy Acts (18 U.S.C. §§ 2510-2520, 2701, 2710) are available from Bentley's Human Resources Department or the Computing Services Desk. The university may report suspected illegal conduct to the appropriate authorities.

top of page

Limitations on Use of Computing Resources

Individual Access | Hacking | Commercial Use | Policy Violations


Individual Access

All members of the community are obliged to act responsibly in the use of technology. 

Faculty, staff and students are expected to provide and maintain accurate data about themselves (i.e. date of birth, address, Social Security number, etc.) when updating personal information on any of Bentley's administrative and academic systems.

An individual may access only those accounts, files, software, and other computing resources authorized under his or her particular username and password and for which a legal license exists. Individuals must take reasonable precautions to protect his or her account(s) information, including passwords, usernames and PINs. Sharing individual IDs and passwords is expressly prohibited. All members of the Bentley community are expected to exercise care in logging out of network resources and applications, in regularly changing their individual password(s), and in maintaining the confidentiality of their password. It is also a violation of Massachusetts law to access a password protected file without proper authorization.

Hacking

Hacking is the intentional, unauthorized access to hardware or software. A hacker is a person who breaks into computers, usually by gaining access to administrative controls, with the intent to take over, read, modify, or cause damage. With the exception of specific course-based activities designed to educate students which are conducted under the aegis of the CIS Department, Bentley will not tolerate hacking by students, employees, contractors, consultants, volunteers, visitors, or any other person or device. Responsible parties include those who instigate, plan, initiate, participate in, or perform hacking offenses.

Students, employees, volunteers, consultants and contractors suspected of engaging in hacking are expected to cooperate fully with Bentley and legal authorities in the investigation of such incidents. In investigating complaints of possible violation of university policy, Bentley reserves the right to examine the contents of personal computers used by faculty, staff and students or other computers attached to our network, without prior consent or knowledge of the individual being investigated. Bentley also reserves the right to confiscate computers used by faculty, staff and students. Cooperation may include, but is not limited to, providing transaction logs, copies of electronic mail messages, data files, usage records, hardware, account and password information, or other information as required by those authorities. Those who are financially responsible for the perpetrators, such as parents or guardians, may also be held accountable.

Commercial Use

For-profit activities may be conducted on the Bentley network only under the auspices of officially recognized and sanctioned campus organizations or academic and administrative programs (i.e., service-learning, scholarship fundraising, etc.). Independent businesses may not be developed or cultivated using university technology resources. Bentley reserves the right to remove, without warning, unapproved commercial sites. To seek approval for officially recognized and sanctioned programs, students should consult the dean of student affairs; faculty should consult their respective dean; and employees should consult their divisional vice president.

Policy Violations

Those who violate policies on individual access, hacking, or commercial use may incur temporary or permanent loss of technology-related privileges, fines, assignment of financial responsibility, discipline up to and including immediate termination of employment, expulsion as a student, and legal action. For contractors and other external vendors, sanctions may include immediate dismissal, termination of contract and legal action. An individual who intentionally shares their user ID and password with another person, where the primary intent is to provide access where it would otherwise be unavailable, may be subject to disciplinary action up to and including expulsion and immediate termination.

top of page

Information Privacy

Web Site Privacy | Permission to Record

Web Site Privacy

Please see the Bentley University Information Privacy Statement for details on the data that are collected through the university's official web sites.  This privacy statement applies to the www.bentley.edu domain and administrative applications used for e-commerce linked to www.bentley.edu.  It does not apply to internal and/or external web sites that might be linked to or from this domain. 

Many academic and administrative department web pages can be found on www.bentley.edu. Department web sites that collect data of any type are required to abide by, and provide a link to Bentley's information privacy statement. Failing to do so may result in removal of the web site, without prior warning.

Web sites created by individuals using Bentley resources may not collect personal information from visitors without abiding by and linking to Bentley's information privacy statement. In addition, individuals may not post images of any member(s) of the Bentley community, or provide personal information about them, without their prior written permission. Web sites that violate the policy may be removed without advance warning. Federal, state and local laws, regulations, and judicial decisions may also apply in cases where a person's privacy is violated.

top of page

Permission to Record

Faculty, staff and students may not use any technology resources on campus, especially those available on personal devices, to record conversations, lectures, or classroom interactions without the express consent of those individuals being recorded.  Such actions may also violate state and federal law. Faculty, at their sole discretion, may elect to make their lectures available for recording. Members of the Bentley community who intentionally record other students, faculty and staff without their prior written consent may form the basis of a civil libel action and may be subject to disciplinary action up to and including immediate termination and expulsion.

top of page

Use of Institutional Information

Information technology and data constitute valuable Bentley assets. In order to protect the security, confidentiality and integrity of Bentley data from unauthorized access, modification, disclosure, transmission or destruction, as well as to comply with applicable state and federal laws and regulations, all Bentley data are now classified within security levels, with guidelines on the usage of data at different levels.

The following definitions and recommended guidelines for usage delineate types of data and provide guidelines for usage of that data.

1. Level 1: Highly Confidential, Requires Notification: This includes data that is highly confidential and requires notification to subjects and various state and federal entities if breached.  Level 1 data includes:

A person's first and last name, or first initial and last name in combination with any one or more of the following data elements relating to that person:

  1. Social Security Number;
  2. Driver's License Number or state-issued identification card number, including passports; 
  3. Financial account number (bank, investment, 403B), or credit or debit card number;
  4. Health care information, including patient billing or medical records, information about physical or psychological state of health, counseling records, disease, medical history, medical treatment, drugs, therapies, genetic test results, family health or morbidity history;
  5. Biometric data including fingerprints, voice prints, retina image, iris image, or other unique physical representation, with the exception of the fingerprints associated with individual fingerprint readers used for securing laptop or desktop computers.

Recommendations for Usage of Level 1 Data
Highly confidential data should be stored on institutionally supported applications residing in the Bentley Data but not in Word, Excel or Access. Level 1 data can also reside in approved third party hosted applications, but those applications must be approved by the COO, General Counsel and Chief Security Administrator. Hard copy data should be stored in locked receptacles and rooms. Access to this electronic data should only be gained through authenticated access on the Bentley network or approved VPN access. Hard copy data should only be accessed when business requires such use and all storage receptacles and rooms should be appropriately designed to allow for authorized access only.

To this end, employees should not store or copy this data to laptop or desktop computers (whether institutionally-owned or personally owned), smart phones, USB devices or other portable media. In addition, this data should not be transmitted via e-mail, with the exception of approved third party vendors with appropriate encryption in place. If data is transmitted on a recurring basis to external vendors, it should be sent via a secure transmission, such as secure FTP (SFTP). 

Electronic and hard copy data should be destroyed in accordance with Bentley’s Data Retention Policy, and should be rendered unreadable in paper or electronic form.  All departments should have policies in place and periodically review electronic storage areas (the ‘M’ or ‘N’ drive) and their hard copy storage areas to insure that data is being destroyed in a timely and effective manner. 

2. Level 2: Confidential: This includes data protected by state or federal law, contractual agreements and proprietary information against unauthorized use, disclosure, modification and destruction. Confidential data includes, without limitation, the following:

  1. Student records, including date of birth, place of birth, mother’s maiden name, official grades recorded on a student’s permanent record, academic information, race, judicial information and other information relative to a student’s permanent record (i.e. official grades, judicial records, etc.). 
  2. Human Resources data including employment records, salary, benefits, personnel evaluations, date of birth, place of birth, mother’s maiden name, race and other records pertaining to personnel files (i.e. payroll reports, yearly merit increase data, etc.).
  3. Academic Affairs information relating to non-public research and promotion and tenure files (i.e. notes relating to tenure decisions).
  4. Alumni or donor information, including date of birth, place of birth, mother’s maiden name, donation amount and assets (i.e. Daily Giving Reports, Donor Profiles, etc.). 
  5. Corporate records including Board of Trustee minutes, Board of Trustee votes and other confidential information dispersed at Board meetings and/or shared with Board members. 
  6. Sensitive Personal Information including credit checks, criminal background checks, visa numbers, passport numbers, sexual behavior and criminal convictions (i.e. CORI/SORI reports).
  7. Information security data, including passwords, and other data associated with security-related incidents occurring at the university.
  8. Research data involving human subjects that are subject to the Common Rule (Federal Policy for the Protection of Human Subjects, 46 CFR 101 et seq).

Recommendations for Usage of Level 2 Data
Confidential data should be stored in institutionally supported applications located in the Bentley Data Center, institutionally supported shared drives (i.e., Excel spreadsheets on N, M, G), or approved third party hosted applications. Third Party hosted applications that store Level 2 data must meet Bentley’s Third Party Assurance standard. Confidential data can be stored on university-owned laptop or desktop computers, but should not be copied to non-university computers, smartphones, USB devices or other portable media with the exception of Blackberry devices using Bentley’s internal BES server. Hard copy data should be maintained in as few receptacles and rooms as business dictates. Copies of this data should not generally be made unless business requires it.

To this end, employees are permitted to store data on institutionally-owned laptop or desktop computers and shared drives; however, the dissemination of this data should be done securely.  Data should not be transferred via e-mail unless encrypted. If data is transmitted on a recurring basis to external vendors, it is preferable to send this data through secure transmissions such as secure FTP (SFTP). 

Electronic data should be destroyed in accordance with Bentley’s Data Retention Policy, and should be rendered unreadable in paper or electronic form. All departments should have policies in place and periodically review electronic storage areas (the ‘M’ or ‘N’ drive) and their hard copy storage areas to insure that data is being destroyed in a timely and effective manner. 

3. Level 3: Internal Use Only: This includes information that requires protection from unauthorized use, disclosure, modification, or destruction, but is not subject to any of the items listed in the Level 1 or 2 definitions above. Internal Use Only data includes: 

  1. BentleyID and AdvanceID
  2. Data related to Bentley operations, finances, legal matters, audits, or other activities that are not public in nature, but not classified as Level 1 or 2. 
  3. Faculty grade worksheets (i.e. Excel files used to track student grading prior to submitting to the Registrar’s Office). 
  4. Personal white page, business white page or professional employment information for students, alumni or donors. This includes name, business name, business address, home address, e-mail, cell phone numbers, business phone numbers, home phone numbers, occupations and titles, but not classified as Level 1 or 2.  
  5. Personal white page information for faculty and staff. This includes home address, cell phone, home phone, home fax and personal e-mail, but not classified as Level 1 or 2.
  6. Personal characteristics such as gender, height, weight, marital status, nationality, personal interests, photographs and names of children and other demographic information that is not classified as Level 1 or 2.
  7. Bentley Network Diagrams which display IP Addresses.
  8. Internal Bentley data, the distribution of which is limited by intention of the author, owner, or administrator, but not classified as Level 1 or 2.

Recommendations for Usage of Level 3 Data
Internal Use data can be stored in institutionally supported applications located in the Bentley Data Center, institutionally supported shared drives (i.e. N, M, G), third party hosted applications and laptop or desktop computers (both Bentley issued and personally owned). This data can be copied to smartphones, USB devices or other portable media. Hard copy data should be maintained in as few receptacles and rooms as business dictates. Copies of this data should not generally be made unless business requires it.

To this end, employees are permitted to transmit this data via unencrypted e-mail. Electronic data can be destroyed using traditional application delete functionality. Hard copy information can be destroyed in accordance with an employee’s personal or departmental policy.

4. Level 4: Unrestricted: This includes data that can be disclosed to any individual or entity inside or outside of Bentley. Security measures may or may not be needed to control the dissemination of this type of data. Unrestricted data includes:

  1. Content and images on Bentley’s public web sites (i.e., www.bentley.edu
  2. Publically released press statements
  3. Course catalogue
  4. Business White Page information for faculty and staff, unless otherwise restricted. This includes name, title, department, office location, office phone and Bentley e-mail.  

Recommendations for Usage of Level 4 Data
All information, whether in paper or electronic form, can reside in the public domain and is available to all students, faculty and staff; but, it is subject to Bentley’s Policies Governing Technology Resources and federal copyright laws.

top of page

Remote Access

Remote Access to Files, Servers, Applications or Records Residing on the Bentley Network | File Sharing Applications and Copyright Law | Blogging, Social Networking and other Forms of Personal Expression in Public Forums

Remote Access to Files, Servers, Applications or Records that Reside on the Bentley Network

In an effort to keep sensitive data secure, while also understanding that our changing culture requires work to be performed remotely, Bentley employs Virtual Private Network (VPN) software to enable faculty, staff and a limited number of contractors to access certain technology resources remotely with appropriate approval. Faculty and staff are responsible for protecting confidential data and therefore should not downloaded confidential data to laptop computers or portable storage devices. VPN allows faculty and staff members to work with confidential data in a secure manner.

Faculty may request VPN access (through the Academic Technology Center) to enable them to remotely access files stored on their M and N network drives. Faculty may at times also require temporary access to specific research servers to support their scholarly endeavors. In these cases the faculty member must complete the “Faculty Remote Access Request Form” that is reviewed and approved by their respective dean, the executive director of academic technology and the COO.

Administrative staff may request remote access to secured administrative servers and applications by completing the “Administrative Staff Remote Access Request Form” that must be approved by the employee’s supervisor, the divisional vice president and the COO.

Employees are reminded that they assume full responsibility for the files they access remotely from their personal and departmental network drive space.

Please also note that VPN software is not made available for customer installation and must be loaded on a Bentley owned computer. Faculty and staff using the VPN to access Bentley resources must not allow other individuals or family members to use the computer on which the VPN software has been installed and enabled. The university reserves the right to terminate such access at any time.

Third party software vendors may request temporary access to their application software to perform maintenance and upgrades and to resolve software bugs. In these cases, the key user responsible for supporting the applications should complete the “Contractor Remote Access Request Form” and provide the following information:

  1. Written approval from the Bentley sponsor for the request (the employee at Bentley with whom the contractor has the primary business relationship).
  2. A formal letter, signed by the contractor on company letterhead, specifying the server and application to which access is needed, the employee(s) who will be accessing it, the start and stop date for such access, and agreement that access will be used solely for the purpose stated.
  3. A copy of the confidentiality agreement that is on file or a new signed confidentiality agreement if one is not already on file.

Contractor Remote Access forms should be submitted to the director of systems, networks and telecommunication (SN&T). This type of access is granted for short durations only and must be conducted during normal business hours. Access will be temporarily granted at a pre-arranged date and time for specific activities monitored by SN&T.

top of page

File Sharing Applications and Copyright Law

Person-to-person (P2P) applications allow individuals to electronically exchange music, movies, videos, software, games and other kinds of copyright-protected and non-copyright-protected information. While some owners of music, movies and software explicitly allow their products to be copied, many do not. It is best to assume that these materials are copyright protected, unless explicitly stated otherwise. Downloading and making available to other individuals copyrighted material, such as music, movies, videos, text and software, without permission of the rightful owner, violates the United States Copyright Act and Bentley policy. Moreover, using these programs may contribute to an excessive consumption of bandwidth and create a potential security risk, all of which are violations of Bentley policy. Individuals should be aware of potential liability for damages under the U.S. Copyright Act [1]

The copyright law of the United States (Title 17, United States Code) governs reproduction of copyrighted material (including photocopies of printed works) regardless of the material's format. Copyright violations breach criminal and civil law, as well as university policy. Violations of copyright law may result in temporary or permanent loss of access rights, fines, assignment of financial responsibility, disciplinary action up to and including immediate termination of employment, expulsion as a student, and legal action.

The Digital Millennium Copyright Act (DMCA) specifies procedures that organizations must follow when notified of allegations that an individual using the network is violating copyright laws. If the copyright holder, or its agent, contacts Bentley about an alleged violation, the university reserves the right to terminate network access for that individual and provide relevant information relating to the IP address and the name of the individual associated with that IP address. Similarly, if Bentley receives a subpoena requesting information about a student or employee, the university reserves the right to terminate network access for that individual and provide relevant information relating to the IP address and the name of the individual associated with that IP address. The individual will be notified of the subpoena once its legitimacy is verified, as well as informed of the specific information that was provided. Bentley will not provide legal counsel or protection to alleged violators. Bentley cooperates fully with investigations into copyright-related complaints from companies or from federal, state or local authorities.

[1] The guidelines for this policy were adapted, with permission, from a similar policy at Cornell University.

Blogging, Social Networking and other Forms of Personal Expression in Public Forums

Bentley University is committed to maintaining an environment in which opposing views on issues of the day may be fully and freely aired. Such an environment requires all community members to tolerate expressions of opinion that differ from their own and that, in some instances, some people may find unpalatable; however, activities that violate the university’s policy against harassment, or that constitute an invasion of another’s privacy, do not promote free expression and undermine the environment that the university seeks to maintain. They also may result in the imposition of sanctions for violation of university policy. Additionally, untrue statements of fact that harm another’s reputation may be defamatory and may subject the individual making such statements to civil action by the person harmed by such statements.

Employees and students who choose to engage in Internet blogs, chat rooms, discussion groups, Facebook, bulletin boards and other forms of social networking should do so with the understanding that they may inadvertently pose a threat to their own or others personal safety and personal privacy. Publishing personally identifiable content (i.e., photos, addresses, phone numbers, banking information, health information, etc.) can lead to identity theft, stalking and other potentially dangerous outcomes. Employees and students who engage in activities that compromise the privacy of others, or disclose or discuss confidential or proprietary information, are violating institutional policy and will be subject to appropriate sanctions.

Bentley reminds students and employees of their obligation to clearly state that opinions expressed are their own and not those of Bentley University.

top of page

Electronic Mail Policy

E-mail is the communication medium of choice for the Bentley community. It is an official vehicle by which the members of the university communicate with each other. Students, faculty and staff are all expected to read e-mail regularly to glean the critical information that is routinely conveyed.

Bentley provides electronic mail services to the campus community, at the university's expense, in support of academic and administrative pursuits. Incidental personal use is also permitted, so long as the use does not violate federal or state laws, or university policy. These guidelines apply to electronic mail sent or stored on servers, on personal computers, on personal devices such as Blackberries or other smartphones, on PDA devices, and to all archived and backup e-mail files and folders created using Bentley technology resources, regardless of where they reside. The university reserves the right to change these policies at any time as may be reasonable under the circumstance.

Privacy of E-Mail | Prohibited Uses | Backup and File Deletions | Internal/External Confidentiality | Distribution lists |
File Size and Disk Quotas | Removal of E-Mail Accounts
 

Privacy of E-Mail

Electronic mail created or distributed using Bentley resources are considered university property, regardless of content. Employees and students should be aware that e-mail sent and received using the university's computer resources is neither confidential nor private. Individuals who send an e-mail message should note that any recipient of their e-mail could potentially forward the message to others without your permission. The university itself may, upon reasonable grounds, access your e-mail files at any time, without prior notice to the student or employee, but with approval from two vice presidents.

As a general rule, the university will not read or make available the contents of any individual's electronic mail unless there are reasonable grounds to do so. Reasonable grounds for doing so may include but are not limited to:

  • ensuring system integrity (such as tracking viruses or corrupt messages) 
  • complying with legal obligations (such as subpoenas) 
  • maintaining the continuity of business operations (such as when employees are terminated or leave the university) 
  • investigating complaints of possible violation of university policy 
  • resolving disputes or grievances between individuals at the university 
  • performing certain system-management functions (such as resolving quota issues, disabling agents, troubleshooting reported problems or migrating data to alternate servers)  
  • conducting judicial review cases
  • continuing business after a person is terminated from their position or leaves Bentley


Prohibited Uses of E-Mail

No person may use the university's electronic mail system to send a harassing or threatening e-mail message, or an e-mail message that would be considered offensive by a reasonable person. Individuals who engage in such behavior may be subject to disciplinary action. If the recipient of a harassing e-mail message files a complaint with their manager, Campus Safety or Human Resources, and provides evidence of such a message, the university reserves the right to fully investigate the matter by reviewing the logs of both recipient and sender; the university also may pursue disciplinary actions including, but not limited to, termination or expulsion.

Prohibited uses of e-mail may include but are not limited to:

  • Soliciting for fundraising, political, religious or business ventures not directly affiliated with official university activities 
  • Transmitting information that is false, derogatory, profane or sexually explicit manner 
  • Using e-mail to publicly convey what would reasonably be interpreted as personal information regarding another employee 
  • Sending harassing materials (i.e., threats or offensive remarks about race, ethnicity or sexual orientation) 
  • Attempting to disguise the identification or origin of the e-mail 
  • Including copyrighted or trademarked materials without authorization from the person or business holding the copyright or trademark, with the exception of fair use 
  • Sending e-mail chain messages (i.e., those sent with the expectation that the recipient will forward the message to a group of people) 
  • Sending e-mail that contains viruses or Trojan horses 
  • Using another person's email password and address 
  • Sending unwanted, uninvited spam e-mail to others

Backup and File Deletions

The university maintains backup copies of e-mails. Please be aware that deleting e-mail messages from a mail folder or in-box does not delete a previously archived or backup copy of that message.

The university is under no obligation to provide students or employees with copies of their e-mails.

Internal versus External Confidentiality

The university's ability to reasonably secure (encrypt) e-mail messages between parties is limited to messages sent to and from Bentley e-mail accounts. Bentley has no ability to secure email that is sent or forwarded from a Bentley account to another e-mail account (i.e., Yahoo, Gmail, etc.). Consequently employees may not send or forward e-mail that contains confidential or personally identifiable information from their Bentley account to a non-Bentley e-mail account.

Distribution Lists

E-mail distribution lists are university property. They may be furnished to an external third party only in conjunction with a legitimate academic or administrative initiative, approved in writing by a vice president. In such cases, contractual arrangements with the external party must include language that prevents the vendor from furnishing, duplicating or selling the distribution list to another party.

Under no circumstances may university distribution lists be sold to an external party, nor may employees use these lists for individual gain or to express unsolicited personal views and opinions (for example, marketing a product or service or conveying a grievance). Creating for any purpose self-constructed distribution lists comprised of faculty or staff e-mail addresses is strictly prohibited. Violations of this policy may result in temporary or permanent loss of access rights, fines, assignment of financial responsibility, disciplinary action up to and including immediate termination of employment, expulsion as a student, and legal action. For contractors and other external vendors, sanctions may include termination of contract and legal action.

Faculty, staff and students must exercise caution in using e-mail distribution lists to conduct internal surveys, as most recipients find unsolicited surveys tantamount to spam. Employee use of distribution lists for surveying is allowed only for legitimate academic or administrative purpose and only when approved by their divisional vice president. Use of distribution lists by students to solicit participation in surveys relating to course work is prohibited unless the faculty member has requested and received approval from their respective dean or vice president and the survey instrument makes clear that participation in the survey is voluntary.  Student organizations and their members should seek approval from the Office of Student Activities for surveys and announcements.

File Size and Disk Quotas

Individuals should exercise restraint in the use of e-mail, especially when it comes to storing large files such as graphic images, pictures and videos. If you no longer need them, e-mail messages and attachments should be deleted. The university reserves the right to implement e-mail quotas for both employee and student accounts. Individuals are responsible for regularly deleting old files from in-boxes and mail folders; failure to do so may result in temporary loss of e-mail privileges until the cumulative total of files can be reduced below individual e-mail quotas.

Removal of E-Mail Accounts

Bentley reserves the right to immediately terminate e-mail access for employees who have left the university. Student e-mail accounts are deleted when the individual is no longer registered for a course at the university. Student accounts are removed twice a year: in late October for the previous spring registration period, and in late April for the preceding fall registration period. For example, the e-mail accounts of graduating seniors are removed during the October cycle following May commencement.

top of page

Internet Use Policy

Internet users are bound by university policies regarding limitations on use, information privacy, file sharing and copyright law, electronic mail, Bentley's Honor Code and related policies. The unique capabilities of the Internet impose these additional responsibilities on faculty, students and staff.

Principles Supporting Open Access | Acknowledging Sources | Handling Potentially Offensive Material

Principles Supporting Open Access

The Internet is a powerful tool for education and research; however, certain Internet services contain material that may be controversial. In principle, Bentley University is opposed to censoring such material, in the belief that the institutional mission is best served by free and open exchange of information. Although Internet access is given to all, the individual is responsible for deciding how to use the multitude of electronic resources. Bentley will hold individuals accountable for their own behavior.

This principle is consistent with Article 2 of the Library Bill of Rights: Libraries should provide books and other materials presenting all points of view concerning the problems and issues of our times; no library materials should be proscribed or removed from libraries because of partisan or doctrinal disapproval.

Acknowledging Source(s)

Documents and other information accessed through the Internet that are used in compiling reports, term papers, journal articles and the like, must be cited with a proper footnote and bibliographic reference as if the source were a book or other printed work. Doing otherwise constitutes plagiarism and will be disciplined as such.

Handling Potentially Offensive Material

Employees must exercise judgment and discretion in choosing information to access. University policy prohibits access to pornography and sexually explicit material, as well as material that a reasonable person would consider offensive, unless there is a legitimate academic or administrative purpose for accessing such information. If pornography or offensive material or images are found on an employee's computer, the university reserves the right to terminate the employee.

Pornographic and sexually explicit material may not be viewed or downloaded to computers located within employee offices, computer labs, classrooms, or common facilities. Neither may the material be directed to public printers. Individuals who engage in such behavior may be subject to disciplinary action up to and including termination and expulsion.

It is strictly forbidden to use Internet resources to view, display or transmit child pornography; material protected by copyright, including but not limited to music, videos or software; and information that is considered proprietary.  

Handheld Device Policy

This policy defines usage requirements for handheld devices accessing Bentley’s Online Resources, including e-mail. The intent of this policy is twofold: 1) to ensure that access to Bentley Online Resources is facilitated in a secure manner; and 2) to minimize risks inherent with handheld devices. A handheld device is defined as a smartphone, cell phone or Personal Digital Assistant (PDA). Handheld devices can be personally owned or Bentley-owned. Both scenarios are described below. Bentley Online Resources are defined as e-mail and any other Bentley resource requiring a user account and password for access. 

Bentley-Owned Handheld Device 
A handheld device and associated plan purchased by or for an employee with Bentley University funds.

The university implemented a Blackberry Enterprise Server (internal BES) and standardized on Blackberry for all smartphone purchases. Benefits of the internal BES include enhanced security management along with the ability to automatically synchronize e-mail, calendar, contacts, and tasks over the network. Students do not have access to Bentley’s internal BES.

Divisional vice presidents identify employees requiring a device in order to perform their job.  The Purchasing Office facilitates the acquisition of handheld devices and associated plans for identified employees.

Personally-Owned Handheld Device
A handheld device and associated plan used by an employee or student with no reimbursement from Bentley University. 

The university recognizes that some employees, for matters of convenience and access rather than job-related functional requirement, may elect to purchase a device and plan independent of the university. 

Employees considered likely to regularly access sensitive Bentley University data as part of their day to day job function, are discouraged from accessing Bentley Online Resources via a personally-owned handheld device. Examples include, but are not limited to, information relating to human resources, alumni development, health services, financial data, and information pertaining to students (beyond grade submission) and employees that is reasonably considered confidential.

When an employee purchases a Blackberry device to access Bentley Online Resources, they are required to utilize the internal BES and are prohibited from accessing Bentley e-mail via a wireless carrier or other Blackberry Internet Service (BIS). This requirement ensures security policies are downloaded to Blackberry devices. When an employee purchases a Windows Mobile or Apple iPhone to access Bentley Online Resources, it is our intention to provide the necessary mechanism for accessing these online resources, including e-mail, so long as the employee follows the policies herein, established to minimize institutional risk. 

POLICIES

  1. Divisional vice president approval is required for purchase of a handheld device and associated plan with Bentley University funds. Bentley University provides handheld devices to faculty and staff (employees) identified by divisional vice presidents as requiring such devices to perform the duties of their position.  
  2. All handheld devices provided by Bentley University remain the property of Bentley University. Any information stored on Bentley-owned devices remains the property of Bentley and can be subject to review by the university.
  3. All employees utilizing a Blackberry device to access Bentley Online Resources are required to connect to the Bentley University Blackberry Enterprise Server (internal BES) and accept Bentley University security policies downloaded onto the device. These include policies 7, 8, and 9 noted below, as well as the policy allowing Bentley University to remotely erase all data from the device (reset to factory defaults) in the case of reported loss or theft. Effective September 1, 2009 employees using Blackberries are prohibited from accessing Bentley e-mail accounts via a wireless carrier (such as Verizon) or other Blackberry Internet Server (BIS) hosted by a carrier. This requirement prevents unauthorized access to Bentley e-mail, since the university cannot download security policies to Blackberry devices not connected to our internal BES. Students will continue to access Bentley e-mail accounts via a Blackberry Internet Server (BIS), as Bentley’s internal BES server is not available to students.
  4. All employees utilizing a Windows Mobile or Apple iPhone device to access Bentley Online Resources are required to connect via owa.bentley.edu and accept the Bentley University security policies downloaded onto the device.  These include the policy enabling Bentley University to remotely erase all data from the device (reset to factory defaults) in the case of reported loss or theft.
  5. Users of handheld devices must adhere to all policies set forth in the “Policies Governing Technology Resources at Bentley” online document.  If discrepancies exist between the “Policies Governing Technology Resources at Bentley” document and policies specific to handhelds, the handheld policy take precedence.
  6. Employees using a Bentley issued or personal handheld device to access Bentley Online Resources must configure the device to lock via password after 60 minutes or less of idle time.  The password must be a minimum of four digits. While inconvenient, this prevents unauthorized access to the contents of the device.
  7. Employees using a Bentley issued or personal handheld device to access Bentley Online Resources must restrict the amount of e-mail on the device to e-mail that is no older than 3 weeks.
  8. Employees using a Bentley issued or personal handheld device to access Bentley Online Resources must configure the device to erase all Bentley University data after five consecutive failed login attempts. The Bentley University Help Desk will provide restoration assistance if this occurs.
  9. Employees must immediately notify the Bentley University Help Desk at 781-891-2854 if a handheld device containing Bentley Online Resources is lost or stolen.

top of page