Policy for Responsible use of CMAA Computers and Information Systems
It is the purpose of this Policy to set forth CMAA’s administrative policy and provide guidance relating to responsible use of CMAA's electronic information systems.
CMAA strives to maintain access for its members (the "users") to local, national and international sources of information, and to provide an atmosphere that encourages sharing of knowledge, the creative process and collaborative efforts within the scope of CMAA’s mission.
Access to electronic information systems at CMAA is a privilege, not a right, and must be treated as such by all users of these systems. All users must act honestly and responsibly. Every user is responsible for the integrity of these information resources. All users must respect the rights of other computer users, respect the integrity of the physical facilities and controls, and respect all pertinent license and contractual agreements related to CMAA information systems. All users shall act in accordance with these responsibilities and relevant local, state and federal laws and regulations. A user’s failure to conduct himself in compliance with the Policy may result in disciplinary action, up to and including expulsion for member users.
CMAA is a provider of a means to access the vast and growing amount of information available through electronic information resources. CMAA is not a regulator of the content of that information and takes no responsibility for the content of information, except for that information CMAA itself and those acting on its behalf create. Any persons accessing information through CMAA information systems must determine for themselves and their subordinates whether any source is appropriate for viewing.
Accepting any account and/or using CMAA’s information systems shall constitute an agreement on behalf of the user or other individual accessing such information systems to abide and be bound by the provisions of this Policy.
CMAA may restrict or prohibit the use of its information systems in response to complaints presenting evidence of violation of CMAA policies, local, state or federal laws. When it has been determined that there has been a violation, CMAA may restrict or prohibit access by an offending party to its information systems through CMAA-owned or other computers, remove or limit access to material posted on CMAA-owned computers or networks, and if warranted, institute other disciplinary action, up to and including expulsion for member users. Other persons may be prosecuted under applicable local, state or federal laws or regulations.
For purposes of this Policy the following definitions shall apply:
a. "Electronic communications" shall mean and include the use of information systems in the communicating or posting of information or material by way of electronic mail, bulletin boards, the World Wide Web (internet) or other such electronic tools.
b. "Information systems" shall mean and include the computers, networks, servers and other similar devices that are administered by CMAA and for which CMAA is responsible.
c. "Networks" shall mean and include video, voice and data networks, routers and storage devices.
d. "Software" shall mean and include computer software installed on CMAA servers for use by users.
e. "SPAM" shall mean and include electronic communications directed to more than one user simultaneously whose content is not CMAA mission- or business-related, and which an average user applying contemporary community standards would find the electronic communication objectionable.
The CEO, in consultation with the Senior Director of Information & Technology Systems, shall have the sole authority to determine whether an electronic communication is SPAM under this policy.
f. "Member user" shall mean and include those members of CMAA in good standing as defined in the CMAA Bylaws.
g. "Staff user" shall mean and include employees or agents of CMAA acting on CMAA’s behalf.
4. PERMITTED USE
a. CMAA Business Use and Limited Personal Use. CMAA information systems are to be used predominately for CMAA-related business. Personal use is permitted, however, so long as it conforms to this Policy and CMAA Bylaws, and does not interfere with CMAA operations or a staff user’s performance of duties as a CMAA employee. As with permitted use of telephones for local calls, limited personal use of information systems does not ordinarily result in additional costs to CMAA and may actually result in increased efficiencies. Personal use may be denied when such use requires an inordinate amount of information systems resources (e.g., storage capacity, administrative workload, hardware and/or software maintenance, etc.).
b. Prior Approval Required for Personal use for Outside Consulting, Business or Employment. Personal use of CMAA information systems resources or equipment by any member user for personal financial gain in connection with outside (non-CMAA) consulting, business or employment is prohibited.
a. Unauthorized access to information systems is prohibited. No user shall use the identification (ID or User Name) or password of another user. No member user shall provide his password to another user, except in cases necessary to facilitate computer maintenance and repairs.
b. When any user terminates his relationship with CMAA, his ID and password shall be denied further access to CMAA information systems.
6. MISUSE OF INFORMATION SYSTEMS
Misuse of CMAA information systems is prohibited. Misuse includes, but is not limited to the following:
a. Attempting to modify or remove computer equipment, software, or peripherals without proper authorization.
b. Accessing without proper authorization computers, software, information or networks to which CMAA belongs, regardless of whether the resource accessed is owned by CMAA orthe abuse takes place from a non-CMAA site.
c. Taking actions without authorization that interfere with the access of other users to information systems.
d. Circumventing logon or other security measures.
e. Using information for any illegal or unauthorized purpose.
f. Personal use of information systems or electronic communications for non-CMAA consulting, business or employment, except as set forth in Section 4 of this Policy.
g. Sending any fraudulent electronic communication.
h. Violating any software license or copyright, including copying and redistributing copyrighted software, without the written authorization of the software owner.
i. Using electronic communication to violate the property rights of authors and copyright owners.
j. Using electronic communications to harass or threaten users in such a way as to create an atmosphere that unreasonably interferes with a member user’s enjoyment of CMAA membership, or a staff user’s employment experience. Similarly, electronic communications shall not be used to harass or threaten other information recipients, in addition to users.
k. Using electronic communications to disclose proprietary information without the explicit permission of the owner.
l. Reading of other user’s files or electronic communications without permission.
m. Forging, fraudulently altering or falsifying, or otherwise misusing CMAA or non-CMAA records (including computerized records, identification cards, or other documents or property).
n. Using electronic communications to hoard, damage, or otherwise interfere with resources available electronically.
o. Using electronic communications to steal another individual’s works, or otherwise misrepresent one’s own work.
p. Launching a computer worm, computer virus, or other rogue program.
q. Downloading or posting illegal, proprietary or damaging material to a CMAA computer. This includes material containing computer viruses or worms. Users shall seek competent technical advice before downloading any questionable material.
r. Transporting illegal, proprietary or damaging material or information across a CMAA network.
s. Violation of any local, state or federal law or regulation in connection with the use of any information system.
a. User Privacy Not Guaranteed. When CMAA information systems are functioning properly, a user can expect the files and data he generates to be private information, unless the creator of the file or data takes action to reveal it to others. Users should be aware, however, that no information system is completely secure. Persons both within and outside of CMAA may find ways to access files and data. ACCORDINGLY, CMAA CANNOT AND DOES NOT GUARANTEE USER PRIVACY and users should be continuously aware of that fact.
b. Repair and Maintenance of Equipment. Users should be aware that on occasion duly authorized CMAA information systems technological personnel have authority to access individual user files or data in the process of performing repair, maintenance, or upgrade of computing equipment CMAA deems reasonably necessary. Information systems technological personnel are prohibited by law from exceeding their authority of access for repair, maintenance and upgrade purposes, or from making any use of individual user files or data for any purpose other than repair, maintenance or upgrade services performed by them.
c. Response to a Public Records Request, Administrative or Judicial Order or Request for Discovery in the Course of Litigation. Certain records, such as proprietary information or personal information in personnel and member records are protected from disclosure to sources outside CMAA. However, other records may require disclosure if a public record request is made. Users should remember this when creating any electronic communication. Also, users must be aware that CMAA will comply with any lawful administrative or judicial order requiring the production of electronic files or data stored in CMAA’s information systems, and will provide information in electronic files or data stored in CMAA’s information systems in response to legitimate requests for discovery of evidence in litigation in which CMAA is involved.
d. CMAA reserves the right, in its sole discretion, to review any user’s files, data and usage to the extent necessary to ensure that information systems are used in compliance with local, state and federal law and regulations, this Policy and other applicable CMAA policies.
8. ELECTRONIC MAIL (E-mail)
a. ALL PROVISIONS OF THIS POLICY ARE APPLICABLE TO E-MAIL. E-mail should reflect careful, professional and courteous drafting, particularly since it is easily forwarded to others. Never assume that no one other than the addressee will read your e-mail.
b. CMAA maintains e-mail broadcast addresses for the convenience of users, for which one e-mail address is designed to reach all users of an administrative unit of CMAA, or users engaged in an e-mail discussion of mutual interest. Use of these broadcast addresses for dissemination of SPAM is specifically prohibited.
c. Authorized users of the e-mail broadcast address firstname.lastname@example.org are to be determined by the Board of Directors and the CEO in accordance with Subsection d. below.
d. Access to and use of the broadcast address email@example.com will be granted to individual users for limited periods of time as determined by the Board of Directors and CEO.
e. Be careful about attachments and broad publication of messages, particularly messages addressed simultaneously to more than one user.
f. SPAM, as defined by this Policy, is prohibited.
g. For purposes of timely response, e-mail will be treated the same as any other written communication received by a user. E-mail will be responded to in a manner consistent with other received written correspondence. A shorter response period for e-mail is specifically excluded by the Policy.
h. E-mail may be responded to in any manner the responder deems appropriate. E-mail may be responded to by e-mail, written correspondence, telephone, or other means as determined by the responder.
i. Users should be aware that even when an e-mail message is deleted or erased, it may still be possible to recover the message; therefore, the ultimate privacy of e-mail is not ensured to anyone.
9. WEB PAGES
The CEO of CMAA may establish standards for information published on the World Wide Web (Web Pages) considered official CMAA information, consistent with CMAA Bylaws. All official Web Pages shall include a copyright notice to identify them as official CMAA Web Pages. No other Web Pages shall be allowed to use the CMAA logo, except as provided in the CMAA Bylaws and other policies.
Originators of Web Pages using information systems associated with CMAA shall comply with CMAA policies and Bylaws and are responsible for complying with all local, state and federal laws and regulations, including copyright laws, obscenity laws, laws relating to libel, slander and defamation, and laws relating to piracy of software.
The users creating a Web Page are responsible for the accuracy of the information contained in the Web Page. Content should be reviewed on a timely basis to assure continued accuracy. Web Pages should include a phone number or e-mail address of the person to whom questions and/or comments may be addressed.
This Policy shall be published on the World Wide Web to fully notify users of its existence.
11. APPLICATION AND ENFORCEMENT
This Policy applies to all administrative units of CMAA. Each unit shall be responsible for enforcing this Policy in a manner best suited to its own organization. It is expected that enforcement will require cooperation between administrative units and CMAA departments such as Information and Technology Systems, Chapter/Member Services, Legislative and Regulatory Resources and Executive Offices.