IT 4 Student Email Policy

POLICY STATEMENT

Official email communications are intended to meet student, faculty, and staff academic and administrative needs within the campus community. Unless otherwise prohibited by law, the College and its faculty may communicate with students officially by email and will expect that such email messages will be received and read in a timely manner. This policy stipulates that all formal communication will be sent to students using the official issued College email address.

DEFINITIONS

Academic Activity: Defined by registering for a course, submitting an application for admission, or getting student status set to active.

Alumni: Former students who have graduated from NSC.

Discontinued: A period in which a student’s academic record is deactivated following a period of one (1) year since the last instance of Academic Activity.

PROCEDURES

I. Email Account Creation

Upon admission to Nevada State College, students are provided with access to Microsoft Office 365, which includes an email account. Access to Office 365 is provided through the NSC Portal (https://my.nsc.edu). Student email addresses are in the format of (name)@students.nsc.edu.

II. College Communications with Students

 With the exception of course-related communications from faculty to enrolled students, all NSC communications to students will be sent to NSC-issued student email addresses only. This includes non-course-related communications from faculty, staff, departments (e.g., Admissions, Registrar, Cashier, Financial Aid), Canvas (WebCampus) notifications, related third parties, such as facilities and housing, and groups organizing NSC events.

NSC faculty, staff, and departments must only respond to communications sent from NSC student email addresses starting August 24, 2020.

Faculty will primarily use the messaging system with Canvas (WebCampus) to communicate with students enrolled in their courses about course-specific information.

III. Student Responsibilities

A. Students must ensure that there is sufficient space in their accounts to allow for delivery of official email communications. Email users should exercise extreme caution in using email to communicate confidential or sensitive matters and should not assume that email is private or secure. Users must be careful to send messages only to the intended recipients.

B. Students are expected to check their email on a frequent basis in order to stay current with NSC-related communications and to recognize that certain communications may be time-critical. Failure to check email, errors in forwarding mail, or email returned to the college with “Mailbox Full” or “User Unknown” or other similar reasons are not acceptable excuses for missing official College communications via email.

IV. Faculty and Staff Responsibilities

To comply with this policy and the Family Educational Rights and Privacy Act (FERPA), upon receiving an email from a student, all faculty and staff must verify that the email account from the sender is an official NSC student email address that uses the (name)@students.nsc.edu format. If a non-NSC email is used, employees will reply stating only that correspondence must come from an official NSC email address and reminding the student to use their NSC email to re-send their message. Failure to do so could lead to a violation of FERPA.

V. Forwarding

If students wish to have email redirected from their official NSC email to another email address, they may do so at their own risk. The College is not responsible for the handling of email by outside vendors or departmental/unit servers, none of which are considered official student email accounts. Having email redirected does not absolve a student of the responsibilities associated with official communications sent to the official NSC [name]@students.nsc.edu account.

VI. Post-Enrollment

NSC alumni may maintain access to their NSC email indefinitely. If at any point the College has a need to discontinue the College email account, appropriate notice will be given to allow the student/ alumni to transition.

a. We do not recommend using NSC email accounts as password recovery addresses on other sites or for any similar purpose. Should a student’s NSC email account be deleted according to this policy, they may not be able to recover/reset passwords on those other sites. Students should use a personal email account for password resets and recover and forward that account to their NSC email account if desired.

CONTACTS

UNIT CONTACT  PHONE  EMAIL 
Registrar Adelfa Sullivan 702-992-2110 registrar@nsc.edu
Information & Technology Services Support Desk (702) 992-2400 support@nsc.edu

APPROVALS

Approved by Dr. Vickie Shields, Provost, August 21, 2020.
Approved by Bart Patterson, President, August 21, 2020.

IT 3 Standards of Conduct for the Use of Computers in NSC-Related Activities

Proper Conduct in Use of Computers

It is the policy of Nevada State College that improper conduct regarding computers as set forth in this section is incompatible with the goals of honesty and academic freedom and is strictly prohibited. Improper conduct regarding computer use at the college falls into three categories:

  1. academic dishonesty;
  2. disruption and destruction of computer facilities; and
  3. violation of licenses and copyright agreements, college policy, and state or federal laws.

Academic Dishonesty Pertaining to the Use of Computers

Examples of this type of behavior regarding computers include, but are not limited to:

    1. Submitting another person’s programs, documentation, or program results as your own work;
    2. Obtaining or attempting to obtain unauthorized access to information stored in electronic form;
    3. Submitting false results of a program’s output for a class assignment or falsifying the results of program execution for the purpose of improving a grade.

Disruption or Destruction of Computer Facilities

Examples of this type of behavior include, but are not limited to:

    1. Damaging or stealing college-owned equipment or software;
    2. Causing the display of false system messages;
    3. Maliciously causing system slowdowns or rendering systems inoperable;
    4. Changing, removing, or destroying (or attempting the same) any data stored electronically without proper authorization;
    5. Gaining or attempting to gain access to accounts without proper authorization;
    6. Putting viruses or worms into a system

Violation of Licenses and Copyright Agreements

Most software used on college computers is covered by copyright, license or nondisclosure agreements. Violation of these agreements puts the college and the individual in jeopardy of civil penalties. Examples of such violations include, but are not limited to:

    1. Making copies of copyrighted or licensed software without proper authorization;
    2. Using software in violation of copyright, license or non-disclosure agreements;
    3. Using college computers for unauthorized private or commercial purposes;
    4. Use of computers or the internet in a manner that is against local, state, or federal laws.

IT 2 Information Security Plan

POLICY STATEMENT

This Information Security Plan describes Nevada State College’s safeguards to protect Sensitive Information in compliance with institutional, state, and federal guidelines. These safeguards are provided to:

  • Protect the security and confidentiality of Sensitive Information;
  • Protect against anticipated threats or hazards to the security or integrity of Sensitive Information;
  • Protect against unauthorized access to or use of Sensitive Information that could result in substantial harm or inconvenience to any student, employee, or customer.

The purpose of this plan is to:

  • Identify the risks that may threaten Sensitive Information maintained by Nevada State College;
  • Designate individual(s) responsible for coordinating the plan;
  • Establish and maintain a safeguards program;
  • Establish and maintain an incident response plan;
  • Adjust the plan to reflect changes in technology, sensitive information, or threats related to information security.

DEFINITIONS

Data Owner: An individual, entity, or office that is authorized to collect, view, or manage the data.

Sensitive Information: Any information or data associated with an individual that is considered personal or confidential, including but not limited to Social Security Numbers, individually-identifiable health information, education records, non-public information, and data that is protected by Board policy, state, or federal law.

Third Party: Any individual or entity contracted by Nevada State College.

PROCEDURES

I. Identification of Risk to Sensitive Information

Nevada State College recognizes that it faces both internal and external risks regarding Sensitive Information. These risks include, but are not limited to:

  • Unauthorized access of Sensitive Information by someone other than the Data Owner;
  • Compromised system security which can result in unauthorized access to Sensitive Information;
  • Interception of Sensitive Information during transmission;
  • Loss of data integrity;
  • Physical loss of Sensitive Information in a disaster;
  • Corruption of data or systems;
  • Unauthorized access of Sensitive Information by employees;
  • Unauthorized access of Sensitive Information through hardcopy files or reports;
  • Unauthorized transfer of Sensitive Information through a Third Party.

 II. Information Security Plan Coordinator

The appointed Information Security Officer, in cooperation with the Chief Information Security Officer at the Nevada System of Higher Education, is responsible for the implementation and maintenance of this policy.

III. Safeguards Program

A. Employee Management and Training: Upon selection for hire, background checks are conducted when deemed appropriate. During onboarding, each new employee who may handle or encounter Sensitive Information shall receive information security training highlighting the importance of confidentiality and protecting Sensitive Information.

B. Physical Security: Nevada State College has addressed physical security of Sensitive Information by limiting access to only those employees who have a business reason to know such information and requiring acknowledgement of the requirement to keep Sensitive Information private.

C. Information Systems: Information systems housing Sensitive Information shall be secured behind network firewalls, physically accessible only to key personnel, electronically accessible only via controlled access, kept up-to-date with security patches, backed up on a routine basis, and shall transmit Sensitive Information in a secured manner such as via encrypted channels. Additionally, Nevada State College will maintain systems to prevent, detect, and respond to attacks or intrusions. This includes maintaining anti-virus protection, a network intrusion detection/alert system, and tools to secure systems in the event of a breach.

D. Selection of Service Providers: In the process of selecting a service provider that will maintain or regularly access Sensitive Information, the evaluation process shall include the ability of the service provider to safeguard such data. Contracts with service providers should also include the following provisions:

    1. A stipulation that the Sensitive Information will be held in strict confidence and accessed only for the explicit business purpose of the contract;
    2. An assurance from the contract partner that the partner will protect any Sensitive Information it receives.

IV. Incident Response Plan

Nevada State College shall maintain an incident response plan. Per the incident reporting and response procedures, all suspected information security incidents must be reported as quickly as possible to the Office of Information & Technology Services. This includes, but is not limited to, security breaches, unintended exposure of Sensitive Information, suspected viruses or malware, or unauthorized requests for login information or Sensitive Information.

V. Evaluation and Adjustment

This information security plan will be subject to periodic review and adjustment due to constantly changing technology and evolving risks. The plan coordinator will recommend updates and revisions as necessary. It may be necessary to adjust the plan to reflect changes in technology, the definition of Sensitive Information, or internal/external threats to information security.

HISTORY

Revised 02/26/18