Background
These Terms of Service (“Terms”) apply to all individuals (“End Users”) using Alturas LLC’s network, technology services, computing equipment, telecommunications systems, and other technology or communications platforms (“Services”). Unless otherwise stated, the Terms apply to all Alturas LLC (“Alturas”) End Users and Services.
Purpose
These Terms summarize the expected and appropriate use of Alturas Services. In some cases the Terms reference other applicable Alturas policies. End Users must comply with all applicable Alturas codes of conduct and policies when using the Services, including any Alturas policies not referenced here.
By using Alturas Services, End Users agree to these Terms, including the policies referenced herein.
If you have questions about these Terms, contact Alturas IT
208-242-2511
Policy
Terms for All End Users
1) Purpose of Services
All Services are intended for business, administrative, and non-commercial purposes related to the mission, objectives, and operations of Alturas LLC. Accordingly, End Users should use Alturas Services in a manner appropriate for their intended use and in accordance with any Alturas Statement of Purpose.
2) Requesting Exceptions to the Terms
These Terms include restrictions on the uses of Services to ensure that all Services are available for all End Users to the greatest extent possible. However, Alturas’ business mission may from time to time contemplate uses of Services that would not comply with these Terms. Alturas IT is committed to working with End Users to find alternative means of supporting such needs wherever possible. End Users concerned about a conflict between their desired uses of Services and these Terms should contact Alturas IT in advance to discuss any needed exceptions to these Terms or other policies.
3) Inappropriate Use of Services Prohibited
End Users must not use Alturas Services:
•For unethical, illegal or criminal purposes;
•For personal economic gain or unauthorized commercial purposes;
•In any manner that violates Alturas’ codes of conduct or policies, including those on discrimination and harassment.
4) Examples of Inappropriate Use of Services
Inappropriate uses of Services include, but are not limited to:
•Creating, viewing, publishing, transmitting, recording, or storing any content or data that violates federal, state or local laws;
•Sending deceptive and false emails or electronic communications, or engaging in activities to defraud or trick someone;
•Sending “spam,” chain letters, or any other type of unauthorized widespread distribution of unsolicited email;
•For employees, using Alturas Services to support or oppose any candidate, party, or issue in an election for office or party nominations;
•Accessing, deleting, or modifying content including files and information to which the End User is not authorized;
•Gaining unauthorized access to or interfering with the operation of Alturas Services;
•Interfering with the normal and reasonable use of Alturas Services by others whether via Alturas-owned or personally-owned devices;
•Using Alturas services (such as Alturas’ network or computers) to gain unauthorized access to or interfering with non-Alturas or non-Alturas systems, websites and other Internet-accessible resources;
•Except where explicitly authorized by Alturas IT, probing or scanning Alturas Services for security vulnerabilities or taking actions that may compromise the data or privacy of others (such as network packet captures) without the explicit authorization of T&I (see Section 11 below for more information);
•Copying or stealing computer software or proprietary information, or violating the copyrights of others (for more information, see the College Copyright Policy and guidelines);
•Deliberately altering or damaging Alturas Services, Alturas-owned devices, or the personally-owned devices of others.
5) Limited Personal Use Permitted
Reasonable personal use of Alturas-owned Services (such as computers and phones) with the approval of an employee’s supervisor is permitted, as long as it is performed in a safe, secure manner that otherwise complies with these Terms and other College policies.
6) Services Ownership and Privacy Expectations
Content on the Services may include Alturas-owned information (like company records and data) as well as information Alturas does not own. In either case, Alturas Services are owned, operated and controlled by Alturas, and authorized staff including third-party service providers (authorized by Alturas IT) may inspect and monitor Services including their content when necessary to responsibly manage and secure the Services or in response to authorized requests.
•Alturas employees and Alturas IT do not routinely inspect the content of emails, files and other content on the Services, but as the owner and operator of the Services, Alturas does reserve the right to do so without advance notice to or the consent of End Users. End Users should have no expectation that any information created, transmitted, recorded, stored or posted on the Services will remain private.
•Alturas implements and uses automated security services to detect and block Internet sites, email messages, and other content that are known or likely to contain malware or other information security threats.
•Alturas maintains activity logs on Alturas Services in accordance with technology and security best practices.
•For more details, contact Alturas IT.
7) End User Credentials
Access to most Alturas Services requires a username/email address and multiple security factors (such as a password and a cell phone or security key). End Users may never post or share their credentials with other persons, including parents and family members, and must contact Alturas IT if they believe their account or credentials have been lost, stolen or compromised. Some Services are available to college guests or parents using separate login methods.
•Alturas IT may temporarily suspend End User accounts, devices or access to Services if we suspect or detect evidence of password or account compromise or other threats to the security of our Services.
8) Security and Configuration of Connected Devices
Alturas provides network, internet and related telecommunications services to End Users, including to Alturas-owned devices assigned to or used by them, and to End Users’ personal devices. Devices should be connected to the appropriate wireless or wired network for that type of device.
•Alturas-owned devices are managed and secured by authorized Alturas staff. End Users are not permitted to disable, circumvent or change security and management settings on these devices.
•End Users may connect personally-owned devices to network services, and are responsible for ensuring the devices have the latest security updates provided by the manufacturer or software vendor and, where appropriate, updated anti-virus and security software. For any questions about this, contact Alturas IT.
•End Users may not connect devices running end-of-life, unsupported, or insecure software to the Alturas network or Services. Alturas may disconnect or deny network access and other Services to such devices. For any questions about this, contact Alturas IT.
•While Alturas staff make every effort to deliver network services that are secure, Alturas cannot guarantee that malicious users or other parties are unable to intercept electronic communications. All users of network services should use secure, encrypted protocols and technologies for communications and applications, particularly those where End Users or Alturas are at risk if communications are breached or intercepted.
9) Telecommunications Services
Alturas works with mobile providers and Alturas IT for cellular/mobile phone connectivity services, and End Users should be aware that there is no guarantee of uninterrupted coverage. Areas of no cellular coverage may exist in some places. Alturas recommends that End Users enable “WiFi calling” or equivalent features on their mobile phone if supported by the carrier.
•Employees who are issued a company telephone number and/or desk phone are responsible for updating their E911 location when they change office/work locations by contacting Alturas IT or updating their location in the phone system through self-service means, if available.
•Alturas reserves the right to contact End Users by phone, SMS or similar methods to verify or restore End User access to Services or for other operational purposes as appropriate.
10) Reporting Security Issues or Malicious Content
End Users who receive a potentially malicious or dangerous email (such as one seeking to steal Alturas credentials) or emails or other content containing viruses or malware should immediately report the event to Alturas IT. End Users who encounter a vulnerability or security issue in a Alturas Service must cease using the Service immediately and contact Alturas. Abuse or exploitation of vulnerabilities on Alturas Services is explicitly prohibited.
11) Compliance with Export Control Laws
Alturas provides Services primarily for our business. Employees who access Services outside the United States or transport Alturas-owned technology equipment internationally are responsible for understanding and complying with export and import regulations, including those that prohibit transporting or using encryption or other regulated technologies in prohibited countries. Contact your manager or Alturas IT for more information.
12) Non-Compliance with These Terms
Alturas may temporarily or permanently suspend End User access to some or all Services for actual or potential violations of these Terms or other Alturas policies, or as required by law. End Users in violation of these Terms or Alturas policy may also be subject to further disciplinary action by Alturas LLC, as well as legal action by the proper authorities where violations of state or federal law are involved.
Additional Terms for Alturas
The following Terms apply to Alturas employees and contractors:
13) Responsibility for the Security of Alturas Information
Information, data and other content that is owned by Alturas is intended solely for the authorized use of employees to conduct Alturas business. All employees are responsible for ensuring they are accessing, using and storing data in accordance with Alturas policy.
•Some Alturas information is protected by law, regulation, contract, or Alturas policy in ways that restrict its use, access, download and sharing.
•All employees who may access or create non-public information or information about persons other than themselves are expected to read, understand and comply with local laws.
•Alturas employees with access to Restricted and Confidential information must transmit and store such data only on approved, encrypted Services and encrypted Alturas-managed devices only; may not store such data on personally-owned devices; and should use additional security such as encryption or VPN (when possible) when transferring or accessing such information over public networks;
•All employees or students who are responsible for maintaining or managing information systems (including IT systems, servers, applications or other technology services that use Alturas Services including hosting and the campus network) are expected to read, understand and comply with these Terms of Service.
14) Responsibility for the Security of Alturas Services including Computers/Devices
All employees with access to Alturas Services are responsible for exercising appropriate caution and following best practices to ensure the security of such Services, including but not limited to any laptop, desktop or other computer issued to them. This includes:
•Physically securing computers and devices, including securing one’s workspace and taking special care with portable devices to avoid their theft or loss;
•Returning any devices or removable media to Alturas IT when no longer needed or at end of employment to ensure it is securely erased or destroyed in accordance with Alturas standards;
•Accepting and installing operating system, software and other updates on devices and other Services in a timely manner to minimize security vulnerabilities and protect device and Services from compromise;
•Not circumventing any cybersecurity and backup software implemented by Alturas IT on devices and Services;
•Requesting approval from Alturas IT before implementing any technologies allowing devices on the network or other Services to be accessed from outside the network (e.g. remote control software);
•Logging off Services and devices when no longer in active use, and locking devices when stepping away from an office or workspace so that others may not access them;
•Reporting any security concerns in a Service or device in a timely fashion.
15) Alturas Purchases of Technology
Alturas is responsible for all technology purchases at Alturas.
•All Alturas-owned technology devices (including computers, servers, tablets, phones) must be purchased by Alturas IT regardless of funding source (unless given an Alturas IT exception), and must be returned to Alturas IT at the end of its service lifespan or when its assigned End User is no longer affiliated with Alturas.
•All other Services (including software applications hosted at Alturas as well as IT services provided and hosted by a third-party or vendor) must be reviewed and approved by Alturas IT. No contract involving technology may be signed without review of the IT Director or their designee.
16) Termination of Access Upon Departure
All access to Alturas Services ordinarily ends automatically following the end of employment at Alturas. Accounts are deactivated and later deleted according to policy based on role and date of departure; contact Alturas IT for details. It is the responsibility of the departing employee and their manager to arrange the orderly transition of files, emails and other content from the employee’s account for ongoing departmental or company use.
•Employees who are granted emeriti status may be eligible to retain access to select Services including their email account and a computer. During the transition to the applicable emeriti status, the employee must work with Alturas IT to ensure that any confidential company data is transferred securely or erased and no longer accessible, and any Alturas software is removed from computers that are used outside of designated Alturas areas or buildings. Additionally, any technology products or services (such as websites, apps or other services) developed or maintained by retiring employees should be transitioned to another responsible employee or department for ongoing maintenance, or should be archived during the transition process.
•Managers who wish to maintain departing employees’ access beyond their last day worked may request guest access, but should contact Human Resources to ensure that any needed contractor agreements, non-disclosure agreements, etc. have been signed.
17) Guest Access
External Users may request access for guests, contractors, vendors and others requiring credentials to access Alturas Services. The End User who approves and sponsors such access (“External”) is responsible for ensuring that External Users comply with all Alturas policies including these Terms, and for terminating credentials and all access to Services when no longer needed.
18) No Unauthorized Third Party Disclosure
Employees receiving subpoenas, legal demand letters, law enforcement requests, or other inquiries for data or information from Alturas Services may take no action on such requests without the approval of their division head and/or General Counsel.
Alturas IT shall oversee this policy and review it at least once every year. Changes to this policy shall be made in accordance with Alturas’ input and related policy change from Alturas IT.