Richard Bland College of William & Mary Logo - Black, With White Background
Request Info Apply

3000 Information and Technology Services Policies

Acceptable Use of Information Technology Resources

Policy Number: 3010
Policy Name: Acceptable Use of Information Technology Resources
Responsibility for Maintenance: Chief Strategy & Innovation Officer

1. Policy Statement 

Administrative data, third party proprietary information, and College information systems are critical business assets. Misuse or damage of administrative data, third party proprietary information, or College information systems may be as costly to the College as misuse or damage of physical property. College employees are responsible for the protection and proper use of College administrative data, third party proprietary information, and information systems according to the policy provisions set forth below.

Definitions:

Information technology resources include any of the following that are owned or supplied by Richard Bland College: usernames or computer accounts, hardware, software, mobile devices, audio visual equipment, communication networks and devices connected thereto, electronic storage media, and related documentation in all forms. Also included are data files resident on hardware or media owned or supplied by Richard Bland College regardless of their size, source, author, or type of recording media, including e-mail messages, document repositories, system logs, web pages, and software.

  • II. Reason for Policy

Richard Bland College considers information technology as a critical enabler in meeting its mission and has made significant investments in information technology assets and capabilities. Compliance with this policy contributes to the availability, protection, and appropriate use of the information technology resources of Richard Bland College.

III. Applicability of the Policy

This policy applies to all College employees and other persons that access, manage, and/or utilize Richard Bland College information technology resources.

IV. Related Documents

None

V. Contacts 

OfficeTitleTelephone NumberEmail
Information and Technology ServicesChief Strategy & Innovation Officer(804) 862-6237office.its@rbc.edu
  1. Procedures
    1. Restricted College administrative data and third-party proprietary information (e.g., licensed software and designated portions of vendor contracts) in the custody of College staff members shall be used only for official College business and as necessary for the performance of assigned duties. Restricted College information includes student records that are confidential under the Family Educational Rights and Privacy Act (FERPA), personnel records, and other data to which limited access is subject to prior administrative approval.
    2. College administrative data or third-party proprietary information shall not be altered or changed in any way except as authorized in the appropriate performance of assigned duties.
    3. College administrative data or third-party proprietary information shall not be divulged to anyone unless their relationship with the College as an employee, customer, vendor, or contracted temporary employee warrants disclosure and disclosure is authorized by College policy or required by law.
    4. Unless publicly available, College administrative data shall only be accessed by staff members who are specifically authorized to do so.
    5. College information systems shall not be used for personal economic benefit or for political advocacy. Occasional use (e.g., email, web) of College information systems for personal use is acceptable if it does not interfere with a staff member’s job performance.
    6. Any user IDs and passwords assigned to a staff member shall be used only by that staff member and shall not be divulged to persons not authorized by the College.
    7. The College strictly prohibits illegal use of copyrighted software and materials, the storage of such software and materials on College information systems, and the transmission of such software and materials over Richard Bland College network facilities.
    8. The College is providing staff members with access to shared resources. Staff members shall not knowingly engage in any activity harmful to the College’s information systems, administrative data, or third-party proprietary information. (e.g., creating or propagating viruses, overloading networks with excessive data, instituting or promulgating chain letters, or instigating unauthorized mass postings of any type).
    9. Richard Bland College information systems shall not be used to engage in any activity prohibited by College policies, or by state or federal law.
    10. College staff members shall not circumvent or subvert any College system or network security measures. They shall not use College email services to harass or intimidate another person. They shall not send email using or impersonating someone else’s user ID or password.
    11. The College does not routinely inspect, monitor, or disclose electronic mail. However, Richard Bland College may access electronic messages, documents, and other information for purposes including, but not limited to:
    12. Satisfying the requirements of the Freedom of Information Act or other laws or regulations;
    13. Allowing institutional officials to fulfill their responsibilities when acting in their assigned capacities;
    14. Protecting the integrity of the institution’s information technology resources and the rights and other property of the institution;
    15. Allowing system administrators to perform routine maintenance and operations and security reviews, and respond to emergency situations; or
    16. Protecting the rights of individuals working in collaborative situations where information and files are shared;
    17. The College will investigate and may pursue appropriate internal or external civil or criminal proceedings when misuse of College administrative data, third party proprietary information, or College computing resources is suspected.
    18. Failure to comply with any of the above stated policies may result in an RBC employee being disciplined or terminated from his or her position, in accordance with general employment policies and procedures that apply to respective categories of employees.
  2. Additional Background, Related Policies, and other References
    In addition to the general principles set forth in this policy statement, the use of information technology resources may be affected by a number of other legal requirements and ethical principles. While it is not possible to list all potentially applicable laws and regulations, the following are particularly likely to have implications for the use of RBC information technology resources:

    • The federal Family Educational Rights and Privacy Act (FERPA) – restricts access to personally identifiable information from students’ education records.
    • United States Code, Title 18, § 1030: Fraud and Related Activity in Connection with Computers – Federal law specifically pertaining to computer crimes. Among other stipulations, prohibits unauthorized and fraudulent access to information resources.
    • Computer Fraud and Abuse Act of 1986 (Part of 18 U.S.C. § 1030) – Makes it a crime to access a computer to obtain restricted information without authorization; to alter, damage, or destroy information on a government computer; and to traffic in passwords or similar information used to gain unauthorized access to a government computer. 8. The Computer Abuse Amendments Act of 1994 (Part of 18 U.S.C. § 1030) – Expands the Computer Fraud and Abuse Act of 1986 to address the transmission of viruses and other harmful code.
    • Freedom of Information Act
    • Federal Copyright Law – Recognizes that all intellectual works are automatically covered by copyright. The owner of a copyright holds the exclusive right to reproduce and distribute the work.
    • Code of Virginia, 2.2-2827: Restrictions on state employee access to information infrastructure
    • DHRM Policy 1.75, Use of Electronic Communications and Social Media
    • DHRM Policy, Standards of Conduct Policy 
    • Digital Millennium Copyright Act – Signed into law on October 20, 1998, as Public Law 105-304. Created to address the digitally networked environment, the DMCA implements the WIPO Internet Treaties; establishes safe harbors for online service providers; permits temporary copies of programs during the performance of computer maintenance; and makes miscellaneous amendments to the Copyright Act, including amendments that facilitate Internet broadcasting.
    • Electronic Communications Privacy Act of 1986 – Prohibits the interception or disclosure of electronic communication and defines those situations in which disclosure is legal.
    • Computer Software Rental Amendments Act of 1990 – Deals with the unauthorized rental, lease, or lending of copyrighted software.
    • Health Insurance Portability and Accountability Act – Public Law 104-191, August 21, 1996. The final standards were published in February, 2003 and emphasize security management principles and broad management controls as primary vehicles for protecting patient health information.
    • Federal Information Security Management Act of 2002 (FISMA), 44 U.S.C. § 3541, Public Law 107-296. Provides a framework for ensuring the effectiveness of information security controls over information resources that support federal operations and assets.

Students, faculty, and staff are responsible for understanding and complying with these and all other applicable policies, regulations, and laws in connection with their use of RBC’s information technology resources.

Policy History
Approved November 20, 2015
Updated January 11, 2017
Revised August 1, 2019
Updated July 1, 2020


Return To Top

3020 Employee Computing and Communications Networks Usage

Policy Number: 3020
Policy Name: Employee Computing and Communications Networks Usage
Responsibility for Maintenance: Chief Strategy & Innovation Officer

  1. Policy Statement
    Computer and communications network resources of the College are provided to support and enhance the educational objectives of the College.Computing Resources

    • Computers are restricted to student and employee use unless designated as public use.
    • RBC-issued laptops and other computing devices are for official use ONLY by authorized staff.
    • Access to computer and network resources is restricted to authorized individuals as defined by the appropriate organizational unit unless designated as public use. Public wireless networks are available to anyone on campus.
    • Accounts and passwords, when required, are assigned to specific individuals and may not, unless properly authorized by Information Technology Services, be shared with, or used by, other persons within or outside the College.
    • Bandwidth-intensive or disruptive activities that access the campus network or the on-campus Internet connection may be prohibited or blocked in computer labs, classrooms, and public areas when they consume scarce resources or otherwise disrupt operations.
    • Limited personal use of the College’s computer and network resources for other purposes is permitted when it does not interfere with the performance of the user’s job or other College responsibilities, and otherwise is in accordance with this policy. However, College-related uses take priority over personal uses when resources are inadequate to meet both demands. Further limits may be imposed upon personal use in accordance with accepted management principles and in accordance with all applicable laws and regulations.
    • All employees are reminded not to store institutional data, especially those containing personally identifiable information or tax identification numbers, on their wireless communication devices. And, use of any such information must be for legitimate College business reasons and must be temporary. Any device for which the College provides an allowance is subject to all College data access, management, and privacy policies and must be protected to the maximum extent when College data is involved. All devices that are used to connect to the College’s network or technological assets (on premise and cloud) are bound by all applicable College network and computer policies, RBC Acceptable Use Policy, and the Social Media Policy.

    RBC Email for Official Communications

    • All College employees are required to use RBC email accounts when conducting business via email on behalf of the College.
    • RBC official use only email shall be marked confidential in Outlook.
    • When sending email communications to students, faculty and staff must use official student college email accounts (rbc.edu).
    • Confidential or private information should not be sent via email.

    In addition, the following activities are specifically prohibited:

    • Transmitting unsolicited messages that contain obscene, indecent, lewd or lascivious material, or other material that explicitly or implicitly depicts, encourages, or solicits illegal or indecent sexual conduct;
    • Transmitting unsolicited messages that contain profane language or that pander to bigotry, sexism, or other forms of discrimination;
    • Transmitting unsolicited messages that constitute harassment or threats;
    • Communicating any information concerning any password, identifying code, personal identification number, or other confidential information without the permission of the controlling authority of the computer facility to which it belongs;
    • Gaining or attempting to gain unauthorized access to, or making unauthorized use of, a computer facility or software. This includes creating, copying, modifying, executing, or retransmitting any computer program or instructions with the intent to gain unauthorized access to, or make unauthorized use, of a computer facility or software.
    • Creating, copying, modifying, executing, or retransmitting any computer program or instructions intended to obscure the true identity of the sender of electronic mail or electronic messages, collectively referred to as “messages,” including, but not limited to, forgery of messages and/or alteration of system and/or user data used to identify the sender of messages;
    • Accessing or intentionally destroying software in a computer facility without the permission of the owner of such software or the controlling authority of the facility;
    • Making unauthorized copies of licensed software;
    • Communicating any credit card number or other financial account number, or any social security number without the permission of its owner;
    • Effecting or receiving unauthorized electronic transfer of funds;
    • Using College information systems for commercial gain;
    • Using the computer facilities in a manner inconsistent with the College’s license agreements or contractual obligations to suppliers or with any published policy;
    • Illegally using copyrighted software and materials, storing such materials on College information systems, or transmitting such materials over Richard Bland College network facilities;
    • Knowingly engaging in any activity harmful to the information systems (e.g., creating or propagating viruses, overloading networks with excessive data, instituting or promulgating chain letters, or instigating unauthorized mass postings of any type);
    • Circumventing or subverting any system or network security measures.
    • Using college computing devices or communications networks in the violation of any laws or participating in the commission or furtherance of any crime or other unlawful or improper purpose;

    Policy Violation Response
    Enforcement and application of these policies shall normally be handled by Information and Technology Services personnel in conjunction with the Director of Human Resources and/or other appropriate College officials. In addition, cases may be referred to the Department of Campus Safety and Police.

    Guidelines for Attempted Violations
    The following guidelines will be used when employees are accused of violating computer policies:

    • An attempt to violate policy will be considered the same as an actual policy violation.
    • An “attempt” is any act beyond mere preparation carried out with the intent to engage in conduct that is in violation of policies.

    Disciplinary Actions
    Depending on the nature and severity of the violation, the College may take one or more of the disciplinary actions listed below. The College may also temporarily deny access to the server and/or may refer the case to the Department of Campus Safety and Police for further disposition.

    1. Written warning.
    2. Restitution for damages.
    3. Loss of computer privileges for a period of time specified by college officials.
    4. Dismissal from employment.
    5. Other sanctions as deemed appropriate by College officials.
    6. Referral to the judicial system: This could include local, state, or federal authorities, as determined by the RBC Department of Campus Safety and Police.

    Privacy and Data Searches
    Communications, data, and information initiated by College employees using College systems are the property of the College. The College may monitor, inspect, or search electronic activities, data files, and communications of employees.

    Electronic information and data transmitted by employees using College systems or communications networks or kept on College servers or systems may be searched by College authorities for violation of College rules and regulations if there is a reason to believe that an employee is using the College’s computer resources in a manner that violates rules or regulations and written authorization has been issued and signed by the Director of Human Resources and the Chief Strategy & Innovation Officer. Such written authorization shall state the source of the information, the violation, the material to be searched, and the name(s) of the person(s) authorized to conduct the search. The foregoing does not apply to searches conducted by local or Campus Police or other authorized law enforcement agencies. All such law enforcement searches are governed by state law.

    Employees: All full- and part-time RBC employees, including but not limited to classified and administrative staff, full-time faculty, and adjunct faculty.
    Computer Systems: The term ‘computer systems’ includes all computing devices as defined below.

    Computing devices: Any and all devices and systems used to access, retrieve, store, or manipulate information, such as traditional computers, tablet computers, telephones, smartphones, or other such devices whether or not Internet-enabled.

    Communications Networks: Communications networks include College provided or maintained wired and wireless voice and data networks. These include data networks, cellular and traditional telecommunications networks, and all media and devices, protocols, and services required to access, connect, monitor, or maintain such networks.

    Routine security scans: Security scans, audits, or processes performed by the College as required by federal or state law and regulations, College security policies, or industry best practices. Examples include anti-virus scans, anti-malware scans, intrusion detection/prevention systems, vulnerability scanners, security monitoring devices, botnet trackers, anti-spam and anti-phishing systems, and security procedures/audits, etc.

    In addition, electronic records may be searched in order to respond to requests for records under the Virginia Freedom of Information Act, or in order to perform or respond to an investigation by an authorized official or agency, or in the course of litigation (e.g., responding to a subpoena).

  2. Reason for Policy
    Richard Bland College provides both wired and wireless network access to its students, staff, and faculty in classrooms, offices, and common areas. The purpose of this policy is to govern the rights and responsibilities of employee use of College computing devices and electronic communications (1) on school networks, (2) using school-provided email accounts or other applications such as the course management system, and (3) using school-provided technology such as computers, tablets, and phones.
  3. Applicability of the Policy
    This policy applies to all Richard Bland College employees and official College computing devices and communications networks.
  4. Related Documents
    Copyright policy
    Policy on Records Retention
  5. Contacts 

OfficeTitleTelephone NumberEmail
ITSChief Strategy & Innovation Officer(804) 862-6237office.its@rbc.edu
  1. Procedures 
    Department supervisors and academic department chairs are responsible for providing information regarding RBC’s policies and procedures regarding use of the College’s computing devices and communications networks to all full-time and part-time employees and to encourage and monitor compliance.Employee Network Accounts:
    Department supervisors and chairs are responsible for requesting network accounts and system/network access for new RBC employees. The office of Information and Technology Services creates the approved accounts and provides new employees with account login information for network access, email, and other systems as required by job function such as: network file shares and printers, student and financial information systems (Banner), learning management systems (Canvas), and any other systems to which access is required.
    Account Security
    Employees are responsible for safeguarding their login information and passwords and any subsequent activity using their accounts. As a result, account sharing of any kind is a violation of College policy and expressly forbidden. If an employee forgets his/her password, it must be reset. This activity will only be performed if the identity of the account owner is verified with a valid ID number. To reset a password, an employee may access the Statesman Account Management self-service website  http://www.rbc.edu/my-rbc/stac/sam/. SAM enables faculty, staff, and students to unlock their accounts and/or reset their passwords. An employee may also contact the Statesman Technical Assistance Center at stac@rbc.edu.

    1. Website:  http://www.rbc.edu/my-rbc/stac/
    2. Location:  McNeer Hall 110
    3. Telephone:  804-862-6401

    Employees may log into various technology services on computing devices. However, employees must lock or log off before leaving the device. Unscrupulous persons may take advantage of unwary users, accessing their email or Banner account information.

    Account Privacy
    No computer security system, no matter how elaborate, can provide 100% security. Therefore, while ITS makes every effort to provide a reasonable level of confidentiality for information stored on the network, we cannot guarantee the privacy or confidentiality of that stored information. Therefore, users should not store confidential, financial, or personal information on a computer network whenever possible.

    Email Privacy
    It is important to understand that email has no inherent mechanisms to ensure privacy. Therefore, employees should have no expectation of privacy and be aware that the system is not private. Information passing through or stored on Richard Bland College email servers (including cloud-based, externally hosted systems) may be monitored using routine security best practices to prevent security incidents and to ensure adherence with Richard Bland College policies and guidelines. RBC reserves the right to monitor, access, and disclose email information as appropriate and to prevent certain protocols to maintain security, prevent unauthorized access, and protect the system from viruses and other potential risk factors.

    Retiree Continued Access to RBC Email
    Upon request, RBC may grant retirees in good standing the privilege and benefit of using the RBC email system. This is extended to employees retiring from full-time, permanent positions and who have worked for RBC for at least ten years unless otherwise authorized by the RBC President. Retirees who meet these qualifications must sign a Retiree Email Account Request Form and comply with the procedures specified on the form.

    General Guidelines for Email Usage
    Electronic mail (email) is a widely used communications tool to facilitate College business. The following guidelines are intended to help ensure productive use of this technology:

    1. Email users should exercise good housekeeping techniques on their mailbox in accordance with the Virginia Records Retention Act and the College’s Policy on Records Retention.
    2. Email is not private and is easily forwarded on to others. Do not send unencrypted, confidential information by email.
    3. Laws, regulations, and policies that apply to copyright, discrimination, harassment, defamation, and privacy for written communication apply to email as well.
    4. Do not forward chain messages or reply to spam email. Be wary of hoaxes and phishing attempts.
    5. The email system has the capability to automatically append a “signature” at the end of each email. Your signature contact data should include name, institution (Richard Bland College), position/title, phone number, and email address.
    6. Consider whether email is the correct medium for your message as opposed to face-to-face meeting, telephone, regular mail, etc.
    7. RBC Faculty and Staff shall regularly review messages in the Junk Email folder, and use junk mail features to release legitimate messages and/or senders that were incorrectly classified as junk.

    Accessing Electronically Stored Information of a Deceased Person
    The College will not grant access to data from a deceased user’s electronically stored information in the custody of the College without the prior written consent of the deceased individual concerned or unless allowed or required by law (e.g., Uniform Fiduciary Access to Digital Assets Act).

    Mass Electronic Mailings

    Policy Purpose: To ensure the appropriate use of College electronic mailing capabilities by limiting mailings to large numbers of individuals or groups—either within or outside the College—only to communications that are essential and relevant to the mission of the College and do not adversely affect normal performance of the College’s email delivery system. Although Richard Bland College does provide specific distribution lists for the convenience of approved senders, the policy included herein applies to all such communications, regardless of whether defined lists are used.

    Definition of Mass Electronic Mailing: Either (1) a single electronic mailing received by 50 or more email addresses; or (2) multiple electronic mailings of the same content received by a total of 50 or more email addresses.

    Policy Statement:

    1. Mass electronic mailings must be used only for the distribution of information and not as a forum for discussion, unless prior written approval is obtained from the Director of Information and Technology Services authorizing such discussions.
    2. Mass electronic mailings must comply with relevant federal and state laws, regulations, and policies, as well as College policies, including those governing public computing resources, security considerations, and ethics in computing
    3. Mass electronic mailings sent to individuals or groups within or outside the College by faculty, staff, enrolled students, and others assigned College email accounts using college-owned or contracted resources must be related to the College’s mission.
    4. Mass electronic mailings may be approved and sent by any active member of the President’s Council (http://www.rbc.edu/why-rbc/faculty-staff/presidents-council/) or authorized designee(s).
    5. Emergency or alert notifications sent by delegated agents as defined by the Department of Campus Safety are exempt from approval.

    General Guidelines:

    Email is a powerful business and communication tool.  To ensure its effective use, Richard Bland College recommends the following guidelines for sending mass electronic messages:

    1. Do not include attachments when possible because unsolicited messages with attachments are always considered suspect no matter the source. Documents, pictures, and video files are often very large, slow to deliver, and resource intensive.
    2. Ensure that the subject line is unique and meaningful and properly represents the message content.
    3. Be clear and concise in content by placing the substance of the message in the first few lines; this will ensure maximum effectiveness.
    4. Include an active point of contact to receive questions and verify that contact information is correct.
    5. Always place email addresses, including distribution list addresses, in the BCC field to mitigate unnecessary Reply to All responses.
  2. Forms/Online Processes
    Technology Access Request Form

Policy History
Approved November 20, 2015
Updated January 11, 2017
Revised August 1, 2019
Revised July 1, 2020


Return To Top

3030 Access Control Policy

Policy Number: 3030
Policy Name: Access Control Policy
Responsibility for Maintenance: Chief Strategy & Innovation Officer

  1. Policy Statement
    It is the end user’s responsibility to ensure he/she is accessing/utilizing the latest version of the Technology Resources Information Security Standard. Questions should be directed to the Richard Bland College Information Security Officer / Enterprise Architect.Information and technology related systems owned and maintained by the College are vital assets that need to be available for authorized users with a legitimate need. These assets must be maintained in a consistent, accurate state; preserved and protected by all appropriate means. In order to ensure reliable and accurate data is provided to the College community, information resources must be protected from natural and human hazards.  Policies and practices are hereby established to ensure risks are eliminated or mitigated using the best practices validated by security professionals.  Employees accessing data must observe requirements for confidentiality and privacy, must comply with protection and control procedures, and must accurately present the data in use.It is the policy of Richard Bland College to use all reasonable technology resources and security control measures to:

    1. Protect College information resources against unauthorized access, manipulation, modification, use, or destruction;
    2. Maintain the integrity of College data;
    3. Ensure College data residing on any Technology Resources system is available when needed; and
    4. Comply with the appropriate federal, state, legislative, regulatory, and industry requirements;

    Protecting information resources includes:

    1. Physical protection of information processing and storage facilities, equipment, and media
    2. Assurance that application and data integrity are maintained
    3. Assurance that information systems perform their critical functions correctly, in a timely manner, and under adequate controls
    4. Protection against unauthorized access to protected data through logical access controls
    5. Protection against unauthorized disclosure of information
    6. Assurance that systems continue to be available for reliable and critical information

    Additionally, information entered, processed, stored, generated, and/or disseminated by Richard Bland College information systems must be protected from internal data or programming errors and from misuse by individuals inside or outside the College.  Specifically, the information must be protected from unauthorized or accidental modification, destruction, or disclosure.  Proper account management procedures are required to provide this type of protection of data.

    The entire campus community must comply with the requirements found in the Access Control Procedures.

    Definitions The definitions found in the Access Control Procedures shall apply to this policy.

  2. Reason for Policy
    The Richard Bland College (RBC) Information and Technology Services (ITS) Access Control Policy (ITS-ACP) defines RBC ITS compliance with Commonwealth of Virginia (COV) Information Security Control Family: Access Control (AC). The function of this policy is to enhance and define the policies and procedures of the Richard Bland College Information Security Program to protect technology and information systems and data from credible threats, whether internal or external, deliberate or accidental.
  3. Applicability of the Policy
    This policy documents the formal access control policy for RBC Information Technology. This policy applies to all academic and operational technology at Richard Bland College. The policies and procedures provided herein apply to all College faculty, staff, students, visitors, and contractors.This policy governs all elements and levels of the Access Control Family, including, but not limited to the physical and logical access to all College systems and applications that protect the privacy, security, and confidentiality of College systems; especially highly sensitive systems, and the responsibilities of institutional units and individuals for such systems.
  4. Related Documents
    Access Control Manual
  5. Contacts

OfficeTitleTelephone NumberEmail
ITSInformation Security Officer/Enterprise Architect(804) 862-6259office.its@rbc.edu
  1. Procedures
    The compliance procedures found in the Access Control Procedures shall apply to this policy.

Policy History
Approved February 26, 2018
Updated August 1, 2019
Updated July 1, 2020


Return To Top

3040 Information & Technology Services Document Retention and Destruction Policy

Policy Number: 3040
Policy Name: Information & Technology Services Document Retention and Destruction Policy
Responsibility for Maintenance: Chief Strategy & Innovation Officer

  1. Policy Statement
    All College employees, including faculty and part-time personnel, shall comply at a minimum with applicable state requirements regarding records retention for emails and other electronic documents, as well as for paper and other forms of documents. The specific requirements are located at the following websites: http://www.lva.virginia.gov/agencies/records/sched_state/GS-111.pdf https://www.lva.virginia.gov/agencies/records/sched_state/GS-113.pdf and https://www.lva.virginia.gov/agencies/records/sched_state/GS-101.pdf.The RBC ISO/Enterprise Architect will review email and other electronic accounts semi-annually to determine if the state’s record retention policy authorizes an account to be purged. Email and other electronic document accounts will not be deleted until the Director of Information & Technology Services certifies that any retention periods have passed and there is no litigation, audit, investigation, or request for records pursuant to the Virginia Freedom of Information Act (§2.2-3700 et seq.). The Director of Information & Technology Services will consult with College Counsel and any applicable supervisors prior to any such deletions.
  2. Reason for Policy
    This policy provides guidance for retention and destruction of electronic documents, including email. It is designed to comply with federal and state policies and guidelines, including but not limited to Library of Virginia GS-113, GS-111, and GS101.
  3. Applicability of the Policy
    This Policy applies to all RBC employees.
  4. Related Documents
    Commonwealth of Virginia E-Mail Management Guidelines: https://www.lva.virginia.gov/agencies/records/electronic/email-management-guidelines.pdf
  5. Contacts

OfficeTitleTelephone NumberEmail
ITSChief Strategy & Innovation Officer(804) 862-6237office.its@rbc.edu

Policy History
Approved February 26, 2018
Updated August 1, 2019
Updated July 1, 2020


Return To Top

3050 Telephone and Voice Mail Usage

Policy Number: 3050
Policy Name: Telephone and Voice Mail Usage
Responsibility for Maintenance: Chief Strategy & Innovation Officer

  1. Policy Statement
    Telephone and voicemail systems are resources and tools provided by RBC for the facilitation of communication in order to conduct College business. All employees must behave in a responsible, professional, ethical, and legal manner when using these resources and tools. Appropriate use, in general, means respecting the rights of other users and the integrity of the physical facilities, as well as all pertinent license and contractual agreements. Employees must use good judgment in personal use of these tools, and such use must not interfere with work.The College telephone and voicemail systems are to be used for College business. Personal calls and personal voicemail messages are permitted, so long as such personal use is reasonable in duration and frequency, does not interfere with an employee’s work performance, does not reflect poorly on the College (such as use of phones and voicemail to gossip, slander, or speak negatively about RBC or its employees), and does not result in violations of law, regulations, or other College policies.Use of College telephones or voicemail in a manner inconsistent with the requirements below may result in disciplinary action up to and including termination for employees and expulsion for students if such misuse is repeated, chronic, excessive, or in violation of law, regulations, or other College policies.
  2. Reason for Policy
    To ensure that telephone and voicemail resources are consistently used in an effective manner for conveying accurate and timely information both internally and externally in support of the College’s enterprise, as well as a community-relations tool that helps to promote the College’s character, mission, and priorities.
  3. Applicability of the Policy
    This Policy applies to all RBC employees.
  4. Related Documents
    Richard Bland College Acceptable Computer Use PolicyRichard Bland College Email Usage Policy
  5. Contacts

OfficeTitleTelephone NumberEmail
ITSChief Strategy & Innovation Officer(804) 862-6237office.its@rbc.edu
  1. Procedures
    Department supervisors and academic department chairs are responsible for providing information regarding RBC’s policies and procedures regarding telephone and voicemail systems usage to all full-time and part-time employees and encouraging and monitoring compliance.Examples of misuse of College telephone and voicemail facilities include:

    • Inappropriate use of voicemail as a substitute for human contact;
    • Failure to update voicemail greetings to better assist those we serve;
    • Inappropriately lengthy voicemail greetings;
    • Other uses or misuses of communication technologies that compromise the effectiveness and efficiency of College operations.

    Telephone and Voicemail Usage Guidelines

    A phone conversation may be the first contact a person has with Richard Bland College. A professional attitude on the telephone or voicemail reflects a positive image of the College.

    Telephone Guidelines

    The following guidelines should be used when using the telephone:

    • Answer your phone when you are available to take calls.
    • Always identify yourself and your department.
    • Speak clearly; put a smile in your voice.
    • If the caller has not identified him/herself, ask, “To whom am I speaking?” and use his/her name during the conversation.
    • Focus your full attention on the caller.
    • Be as helpful as possible. Personally handle as much of the transaction as you can. If you can’t address the caller’s needs, connect the caller to the appropriate individual.
    • Always return calls within 24 hours. Failure to return calls is unprofessional and harmful to College relations.

    Speakerphone Etiquette
    Always ask permission of the other person before talking to him/her on the speakerphone, and always identify other people in the room.

    Transferring Calls
    You own the call placed on your line until you find the right party who can handle the caller’s request. When transferring calls observe the following:

    • Transfer callers only if you are certain that you cannot help the caller, and you are reasonably sure the person to whom the caller is being transferred can help the caller. Become familiar with the functions of other departments and individual responsibilities to aid in a correct transfer the first time.
    • Always give the caller the phone number and name (person and/or department) of the person to whom you are transferring him/her.
    • Do not blindly transfer calls. Stay on the line until someone answers and advise that person about the name and nature/reason of the call transfer. If that person cannot handle the caller’s query, then ask for the caller’s name and contact information so you can call back with the correct department and contact within that department.
    • If the caller seems annoyed about being transferred, suggest a callback rather than risk poor customer service.

    Voicemail Guidelines
    To utilize voicemail as an effective means of communications, be succinct when recording your personal greeting and when leaving a message in another mailbox. Proper use of the telephone and voicemail system can result in a more productive working environment.

    • Check voicemail messages regularly. Return calls within 24 hours.
    • Voicemail should not be used to screen calls.
    • Calls should not be forwarded to voicemail unless absolutely necessary.

    Voicemail Greeting

    When recording a greeting, the following guidelines are suggested:

    • Identify yourself and your department.
    • Indicate whom to call for immediate assistance. This should be a live person and not another voicemail box. Please indicate your name and the hours of operation for the department.
    • Notify callers when on vacation or on extended leave. When appropriate, let the caller know whom to contact in your absence.
    • Greetings should not include personal “tag” lines containing messages of a spiritual, philosophical, or a personal (non-business related) nature.
    • To achieve a uniform presentation to the public, voicemail greetings should begin with:
      “You have reached (your name) in the (department) of Richard Bland College of William & Mary.”
    • The remainder of the greeting can be tailor-made for each individual employee/department. The following is a suggested greeting:
      “I am not available to take your call right now, but your message is important to me. Please leave your name and number with a brief message (that will help me to handle your request or to reply more quickly, etc.).”

    If it’s a recording for a department function, i.e. transcript request, faculty questions about report deadlines dates, etc., then a customized message should be made to give callers more information or direct callers to another extension, or perform another step to accomplish their goals.

    To maximize the features of our voicemail system and keep us in a positive light, no caller should be left in doubt about the disposition of his/her call. Reassurance should be given that each call to this campus is being taken seriously and handled efficiently.

    To withstand scrutiny, voicemail should be accessed each day and acted upon quickly. If one is on vacation, or away from the phone for an extended period of time, a clear message to that effect should be placed on the phone and then changed immediately upon your return.

    Leaving a Message
    When leaving messages (voicemail or otherwise) consider the following:

    • Speak clearly and identify yourself (name and department).
    • Keep messages brief. Requests for information that are complete and concise allow the recipient to quickly and accurately respond to your call.
    • When leaving a voicemail message, keep content of the voicemail appropriate for business.
    • State the date and time the message is left.
    • Always leave a direct call back number and repeat numbers slowly. This will allow the recipient to more easily and correctly return the call.

Policy History
Approved November 20, 2015
Updated January 11, 2017
Updated August 1, 2019
Updated July 1, 2020


Return To Top

3060 Internet Privacy Policy

Policy Number: 3060
Policy Name: Internet Privacy Policy
Responsibility for Maintenance: Chief Strategy & Innovation Officer

  1. Policy Statement 
    It is the policy of the Commonwealth of Virginia that personal information about citizens will be collected only to the extent necessary to provide the service or benefit desired; that only appropriate information will be collected; and that the citizen shall understand the reason the information is collected and be able to examine their personal record which is maintained by a public body. As a public college in the Commonwealth, Richard Bland College adheres to this policy.The Richard Bland College website:

    • Does not require that any personal information be supplied in order to download publicly available files or reports.
    • Does not collect personal information without the knowledge and consent of the visitor. Any information collected will be used only for the purpose indicated and will not be shared with any other organization.
    • Will only use “cookies” to collect traffic data on the RBC website site. None of this information is associated with you as an individual and is used strictly for statistical reporting purposes in order to assess demands and usage for planning purposes.
    • Does not make available any personally identifying information relating to students, except as authorized by the Family Educational Rights and Privacy Act, 20 U.S.C. § 1232g, and companion regulations, 34 C.F.R. Part 99.

    The RBC Enrollment and Communications departments use email addresses and IP addresses to communicate and send announcements, materials, and re-targeting advertisements.

    Though personal information may be required in order for RBC to provide a requested service, in doing so we shall comply with the Government Data Collection and Dissemination Practices Act, Chapter 38 of Title 2.2 of the Code of Virginia (https://law.lis.virginia.gov/vacode/title2.2/chapter38/).

    Accessing Electronically Stored Information of a Deceased Person:
    The College will not grant access to data from a deceased user’s electronically stored information in the custody of the College without the prior written consent of the deceased individual concerned or unless allowed or required by law (e.g., Uniform Fiduciary Access to Digital Assets Act).

  2. Reason for Policy
    This policy is intended to ensure that the College’s website is consistent with Commonwealth of Virginia laws and regulations pertaining to websites run by state agencies. The policy is further intended to ensure users of the College website are aware of the way in which personal information is collected and used.
  3. Applicability of the Policy
    This policy applies to the College’s public-facing websites: www.rbc.edu and http://www.rbcathletics.com. This policy does not apply to other Internet-facing or accessible sites, systems, forms, or data stored on or retrieved from third-party sites or systems linked to or from the main rbc.edu site.All College employees must comply with the requirements of this policy in the performance of their duties.
  4. Related Documents
    Family Educational Rights and Privacy Act, 20 U.S.C. § 1232g
    Family Educational Rights and Privacy Act regulations, 34 C.F.R. Part 99
    Department of Human Resource Policy 1.75 – Use of Electronic Communications and Social Media
  5. Contacts 

OfficeTitleTelephone NumberEmail
ITSChief Strategy & Innovation Officer(804) 862-6237office.its@rbc.edu
  1. Definitions
    College websites: Richard Bland College’s public-facing websites located at: http://www.rbc.edu and http://www.rbcathletics.com.

 

Policy History
Approved November 20, 2015
Updated February 26, 2018
Updated August 1, 2019
Updated July 1, 2020


Return To Top

3070 Software Usage Policy

Policy Number: 3070
Policy Name: Software Usage Policy
Responsibility for Maintenance: Chief Strategy & Innovation Officer

  1. Policy Statement 
    Violations of authorial integrity, including plagiarism, invasion of privacy, defamation, unauthorized access, and trade secrets and copyright violations may be grounds for sanctions against students or employees of Richard Bland College.

    1. Richard Bland College licenses the use of computer software from a variety of outside companies. Richard Bland College does not own this software or its related documentation and, unless authorized by the software developer, neither the College nor its students has the right to reproduce it.
    2. Regarding use on local area networks or on multiple machines, Richard Bland College students and employees shall use the software only in accordance with the license agreement.
    3. Richard Bland College students and employees learning of any misuse of software or related documentation within the College shall notify the Director of Information and Technology Services.
    4. According to the U.S. Copyright Law, persons involved in the illegal reproduction of the software or related documentation can be subject to substantial civil damages and criminal penalties, including fines and imprisonment. Richard Bland College prohibits the illegal duplication of software or related documentation. Richard Bland College students or employees, who make, acquire, or use unauthorized copies of computer software or related documentation shall be disciplined as appropriate under the circumstances.

    Respect for intellectual labor and creativity is vital to academic discourse and enterprise. This principle applies to all works of all authors and publishers in all media. It encompasses the right to acknowledgment, right to privacy, and right to determine the form, manner, and terms of publication.

    Because electronic information is easily reproduced, respect for the work of others is especially critical in computer environments.

  2. Reason for Policy
    Respect for intellectual labor and creativity is vital to academic discourse and enterprise. This principle applies to all works of all authors and publishers in all media. It encompasses the right to acknowledgment, right to privacy, and right to determine the form, manner, and terms of publication.Because electronic information is easily reproduced, respect for the work of others is especially critical in computer environments.
  3. Applicability of the Policy
    This policy applies to all College employees and students.
  4. Contacts 

OfficeTitleTelephone NumberEmail
Information and Technology Services Chief Strategy & Innovation Officer(804) 862-6237office.its@rbc.edu

Policy History
Approved November 20, 2015
Updated January 11, 2017
Updated August 1, 2019
Updated July 1, 2020


Return To Top

3080 Virtual Private Network (VPN) Policy

Policy Number: 3080
Policy Name: Virtual Private Network (VPN) Policy
Responsibility for Maintenance: Chief Strategy & Innovation Officer

  1. Policy Statement 
    Approved Richard Bland College employees and authorized third parties (customers, vendors, etc.) may utilize the benefits of VPNs, which are a “user managed” service. This means that the user is responsible for selecting an Internet Service Provider (ISP), coordinating installation, installing any required software, and paying associated fees.Additionally,

    1. All Richard Bland College staff shall access the VPN on Richard Bland College owned equipment ONLY.
    2. It is the responsibility of employees and/or authorized contractors with VPN privileges to ensure that unauthorized users are not allowed access to Richard Bland College internal networks.
    3. VPN credentials are issued to a single individual and may not, under any circumstances, be shared.
    4. When actively connected to the corporate network, VPNs will force all traffic to and from the PC over the VPN tunnel: all other traffic will be dropped.
    5. Dual (split) tunneling is NOT permitted; only one network connection is allowed.
    6. VPN gateways will be set up and managed by Richard Bland College Information & Technology Services (ITS) Information Security Officer or assigned designee.
    7. All computers connected to Richard Bland College internal networks via VPN or any other technology must use the most up-to-date anti-virus software that is the corporate standard, this includes personal computers.
    8. VPN users will be automatically disconnected from Richard Bland College’s network after thirty minutes of inactivity. The user must then logon again to reconnect to the network. Pings or other artificial network processes are not to be used to keep the connection open.
    9. The VPN concentrator is limited to an absolute connection time of 24 hours.
    10. Preauthorized Users of computers that are not Richard Bland College-owned equipment must configure the equipment to comply with Richard Bland College VPN and Network policies.
    11. By using VPN technology with non-College owned equipment, users must understand that their machines are a de facto extension of Richard Bland College’s network, and as such are subject to the same rules and regulations that apply to Richard Bland College-owned equipment, i.e., their machines must be configured to comply with all state and local Information Security Policies.
    12. While connected to the Richard Bland College VPN, the authorized user will limit their activity to mission related traffic, refraining from personal email or web traffic.

    VPN Type

    Richard Bland College provides two types of VPN Clients:

    • VPN User:
      • VPN client will have access to the same technical resources as on campus connection, and
      • VPN client requires renewal annually.
    • Elevated Privilege VPN User:
      • VPN client with elevated privileges dedicated to authorized system administrators,
      • VPN client requires renewal semi-annually, and
      • VPN client requires Director of Information & Technology Services AND RBC ISO approval.

     

    Quarterly Global Protect VPN Client Updates

    VPN Client software is updated quarterly, as needed. Each VPN Client user will be notified of scheduled updates. Upon notification of a VPN client update, the VPN user will contact STAC to schedule their laptop upgrade within five (5) business days of the notification.

    During this upgrade process, STAC will complete a VPN device check.

    Failure to comply with this update requirement will result in VPN access termination.

    Enforcement

    Any employee or authorized VPN account holder found to have violated this policy may be subject to disciplinary action up to and including termination of employment or contractual relationship.

    Richard Bland College provides a secure remote access method for staff and authorized contractors that need to connect to certain secure resources and applications from outside of the Richard Bland College network. The VPN technology discussed here is client based and can be used from any remote location. The VPN is not necessary for access to systems such as RBC Statesman Email or to Canvas Learning Management System.

  2. Reason for the Policy
    The purpose of this policy is to provide requirements for use of Virtual Private Network (VPN) connections to the Richard Bland College network.
  3. Applicability of The Policy
    This policy applies to all Richard Bland College employees, contractors, consultants, temporaries, and other workers including all personnel affiliated with third parties utilizing VPNs to access the Richard Bland College network. This policy applies to implementations of VPN that are directed through the Richard Bland College Firewall.
  4. Related Documents
    Request for Virtual Private Network (VPN) Access
  5. Contacts

OfficeTitleTelephone NumberEmail
Information and Technology Services Chief Strategy & Innovation Officer(804) 862-6237office.its@rbc.edu

Policy History
Approved February 26, 2018
Updated August 1, 2019
Updated July 1, 2020


Return To Top

Policy Manual

close modal

Explore Our Campus Now

Let's Go

Ready to Create Your Journey?