VLGS IT Acceptable Use Policy
This Acceptable Usage Policy covers the security and use of all ÌÀÍ·ÌõÔ´´â€™s information and IT equipment. It also includes the use of email, internet, voice and mobile IT equipment. This policy applies to all ÌÀÍ·ÌõÔ´´ faculty, staff, students, contractors and agents (hereafter referred to as ‘individuals’).

This policy applies to all information, in whatever form, relating to ÌÀÍ·ÌõÔ´´â€™s academic and business activities, and to all information handled by ÌÀÍ·ÌõÔ´´ relating to other organizations with whom it deals. It also covers all IT and information communications facilities operated by ÌÀÍ·ÌõÔ´´ or on its behalf.
Computer Access Control – Individual’s Responsibility
Access to the ÌÀÍ·ÌõÔ´´ IT systems is controlled by the use of user IDs and passwords. All user IDs and passwords are to be uniquely assigned to named individuals and consequently, individuals are accountable for all actions on the ÌÀÍ·ÌõÔ´´ IT systems.
Individuals must not:
- Allow anyone else to use their user ID and password on any ÌÀÍ·ÌõÔ´´ IT system.
- Leave their user accounts logged in at an unattended and unlocked computer.
- Use someone else’s user ID and password to access ÌÀÍ·ÌõÔ´´â€™s IT systems.
- Leave their password unprotected (for example writing it down).
- Perform any unauthorized changes to ÌÀÍ·ÌõÔ´´â€™s IT systems or information.
- Attempt to access data that they are not authorized to use or access.
- Exceed the limits of their authorization or specific business need to interrogate the system or data.
- Store Vermont Law & Graduate School data on any non-authorized ÌÀÍ·ÌõÔ´´ equipment.
- Give or transfer ÌÀÍ·ÌõÔ´´ data or software to any person or organization outside ÌÀÍ·ÌõÔ´´ without the authority of ÌÀÍ·ÌõÔ´´.
Internet and email Conditions of Use
Use of ÌÀÍ·ÌõÔ´´ internet and email is intended for academic and business use. ÌÀÍ·ÌõÔ´´ email is the official form of communication for the VLGS community. Personal use is permitted where such use does not affect the individual’s business performance, is not detrimental to ÌÀÍ·ÌõÔ´´ in any way, not in breach of any term and condition of employment and does not place the individual or ÌÀÍ·ÌõÔ´´ in breach of statutory or other legal obligations.
All individuals are accountable for their actions on the internet and email systems.
Individuals must not:
- Â Send FERPA protected information.
- Use the internet or email for the purposes of harassment or abuse.
- Use profanity, obscenities, or derogatory remarks in email communications.
- Access, download, send, or receive any data (including images), which ÌÀÍ·ÌõÔ´´ considers offensive in any way, including sexually explicit, discriminatory, defamatory, harassing, or libelous material.
- Promotion of or participation in illegal activities.
- Use the internet or email to make personal gains or conduct a personal business.
- Use the internet or email to gamble.
- Send items of a political nature or having to do with political activities.
- Use the email systems in a way that could affect its reliability or effectiveness, for example distributing chain letters or spam.
- Send unprotected sensitive or confidential information externally.
- Use of a disguised identity when sending email messages.
- Use of, or access to, another person’s email account without permission.
- Configure automatic forward of ÌÀÍ·ÌõÔ´´ mail to personal non-ÌÀÍ·ÌõÔ´´ email accounts (for example a personal Gmail account).
- In any way infringe any copyright, database rights, trademarks or other intellectual property.
- Make official commitments through the internet or email on behalf of ÌÀÍ·ÌõÔ´´ unless authorized to do so.
- Place any information on the Internet that relates to ÌÀÍ·ÌõÔ´´, alter any information about it, or express any opinion about ÌÀÍ·ÌõÔ´´, unless they are specifically authorized to do this.
- Download copyrighted material such as music media (MP3) files, film and video files (not an exhaustive list) without appropriate approval.
- Download any software from the internet without prior approval of the IT Department.
- Connect ÌÀÍ·ÌõÔ´´ devices to the internet using non-standard connections.
Information Security
In order to reduce the risk of unauthorized access or loss of information, ÌÀÍ·ÌõÔ´´ enforces security policy as follows:
- Personal or confidential business information must be protected using security features provided, for example, secure print on printers.
- Computers must be logged-off or locked.
- Care must be taken to not leave confidential material on printers or copiers.
- All business-related printed matter must be disposed of using confidential waste bins or shredders.
Remote Work (Work from Home)
It is accepted that laptops and mobile devices will be taken off-site. The following controls must be applied:
- Working away from the office must be in line with ÌÀÍ·ÌõÔ´´ remote work policy.
- Equipment and media taken off-site must not be left unattended in public places and not left in sight in a car.
- Laptops must be stored as carry-on luggage when traveling.
- Information should be protected against loss or compromise when working remotely (for example at home or in public places).
- Particular care should be taken with the use of mobile devices such as mobile phones, smartphones, and tablets. They must be protected at least by a password or a PIN.
Mobile Storage Devices
Mobile devices such as memory sticks, CDs, DVDs, and removable hard drives must be used only in situations when network connectivity is unavailable or there is no other secure method of transferring data.
Software
Mobile devices such as memory sticks, CDs, DVDs, and removable hard drives must be used only in situations when network connectivity is unavailable or there is no other secure method of transferring data.
Individuals must not:
Store personal files such as music, video, photographs, or games on ÌÀÍ·ÌõÔ´´ IT equipment.
Viruses
The IT Department has implemented centralized, automated virus detection and virus software updates within the ÌÀÍ·ÌõÔ´´. All computers have antivirus software installed to detect and remove any virus automatically.
Individuals must not:
- Remove or disable anti-virus software.
- Attempt to remove virus-infected files or clean up an infection, other than by the use of approved Vermont Law & Graduate School anti-virus software and procedures.
Telephony (Voice) Equipment Conditions of Use
Use of ÌÀÍ·ÌõÔ´´ voice equipment is intended for business use. Individuals must limit their use of ÌÀÍ·ÌõÔ´´â€™s voice facilities for sending or receiving private communications on personal matters.
Individuals must not:
- Use ÌÀÍ·ÌõÔ´´â€™s voice for conducting private business.
- Make hoax or threatening calls to internal or external destinations.
- Accept collect calls from domestic or international operators, unless it is for business use.
Actions upon Termination of Contract
All ÌÀÍ·ÌõÔ´´ equipment and data, for example, laptops and mobile devices including telephones, smartphones, USB memory devices, and CDs/DVDs, must be returned to ÌÀÍ·ÌõÔ´´ at termination of contract.
All ÌÀÍ·ÌõÔ´´ data or intellectual property developed or gained during the period of employment remains the property of ÌÀÍ·ÌõÔ´´ and must not be retained beyond termination or reused for any other purpose.
Data Monitoring
All data that is created and stored on ÌÀÍ·ÌõÔ´´ computers is the property of ÌÀÍ·ÌõÔ´´ and there is no official provision for individual data privacy; however, wherever possible, ÌÀÍ·ÌõÔ´´ will avoid opening personal emails.
IT system logging will take place where appropriate, and investigations will be commenced where reasonable suspicion exists of a breach of this or any other policy. ÌÀÍ·ÌõÔ´´ has the right (under certain conditions) to monitor activity on its systems, including internet and email use, in order to ensure systems security and effective operation, and to protect against misuse.


It is your responsibility to report suspected breaches of security policy without delay to your Department Head or Supervisor, the IT Department, or the IT Helpdesk.
All breaches of information security policies will be investigated. Where investigations reveal misconduct, disciplinary action may follow in line with ÌÀÍ·ÌõÔ´´ disciplinary procedures.