Logo of Butler Community College

Information Systems and Technology Policies

    IS-100.1.0 Acceptable Use of College Information Systems and Technology Policy

    Policy Title:  Acceptable Use of College Information Systems and Technology Policy 
    Policy Number: IS-100.1.0 
    Effective Date:  1/2023 
    Revision Date:  11/2022 
    Division:  Information Services 
    Category: Technology and Information Systems 

    Purpose:

    Butler Community College information systems and technology provide critical support to our students, faculty, staff, and partners, and are provided for the purpose of promoting College educational activities and conducting business on behalf of BCC. Using College information resources for inappropriate, unauthorized, or unlawful activities can seriously undermine the ability to accomplish the College’s mission. Users shall make every effort to employ College information resources in an appropriate and acceptable manner, according to the guidelines and procedures referenced in this policy. 

    Policy:

    Users must comply with all applicable federal, state, and local laws and regulations, copyright and licensing regulations, and procedures established by Butler Community College governing access or use of Information Systems, Technology, and BCC Data. To maintain the integrity of the Information systems and technology, and to ensure compliance with applicable policies and operating procedures, BCC has the ability to monitor and manage access and use of the College’s Information Systems, Technology, and BCC Data, and may do so in accordance with this Policy and the Use of Information Systems and Technology Operating Procedure IS-100.1.1. Any User who violates this Policy or the Use of Information Systems and Technology Operating Procedure IS-100.1.1 may have User’s account or privileges revoked and such violation may result in disciplinary and legal action. 

    Applicability:

    This Policy applies to the Butler Community College (“BCC” or the “College”) campus community, including all students, personnel, and visitors or other individuals using BCC Information systems, technology, or BCC Data (“Users”), regardless of whether the access or use is from a BCC device or occurs on campus. 

    Definitions:  

    “Information Systems” include, without limitation, BCC sponsored or provided: e-mail (i.e. butlercc.edu e-mail accounts) other messaging tools and their associated systems, phone, Internet, Intranet, MyButlercc, and other internal and external employee and student portals. 

    “BCC Data” is BCC related information accessed, created, input, stored, copied, sent, received, or downloaded by Users on or through the Information Systems, Technology, and BCC Data Systems, regardless of whether it is viewed, accessed, or created on a personal, password-protected, web-based email account or technology. BCC Information includes, but is not limited to: all documentation, e-mails and e-mail attachments, postings on any BCC sponsored Internet-based forums or social media accounts, charts, student records, statistics, and strategies, working papers, manuals, correspondence, notes, contracts, agreements and software that BCC or its employees use in BCC operations. 

    “Technology” includes, without limitation, BCC sponsored or provided: network use and access (whether wired or wireless or remote or on-campus), and all associated infrastructure, equipment, hardware, software, services, and access to data.  

    Cross-Reference:  

    Acceptable Use of College Information Systems and Technology Operating Procedure IS-100.1.1 

    IS-100.1.1 Acceptable Use of College Information Systems and Technology Operating Procedure

    Procedure Title: Acceptable Use of College Information Systems and Technology Operating Procedure IS-100.1.1 
    Procedure Number: IS-100.1.1
    Effective Date: 1/2023 
    Revision Date: 11/2022 
    Referenced Policy: IS-100.1.0 
    Division: Information Services 
    Category: Information Systems and Technology 

    Applicability:

    This Operating Procedure applies to the Butler Community College (“BCC” or the “College”) campus community, including all students, personnel, and visitors or other individuals using BCC Information Systems, Technology, and BCC Data (“Users”), regardless of whether the access or use is from a BCC device or occurs on campus

    Purpose:

    This Operating Procedure addresses the appropriate access and use of College Information Systems, Technology, and BCC Data, as defined in Acceptable Use of College Information Systems and Technology Policy IS-100.1.0 

    Procedures:  

    I. Property of Butler Community College

    A. College Information Systems, Technology, and BCC Data. 

    College Information Systems, Technology, and BCC Data are owned and controlled by Butler Community College. Butler Community College reserves the right, in its sole discretion, to determine whether a User is entitled to establish, access, or maintain a particular College Information System, Technology, or BCC Data, such as an e-mail account. Users should not access or transmit BCC Information by personal email or other, non-college approved messaging tools to ensure that it can be appropriately protected and secured by Butler Community College’s Office of Information Services. 

    B. Equipment, Hardware, and Software 

    All Butler Community College Technology, including any equipment, hardware or software provided by BCC, shall remain the property of the College and must be returned upon demand. Users must report lost or stolen BCC Technology as soon as discovered to the Information Services Division’s Office of Information Security at infosec@butlercc.edu . Users shall use reasonable care with all BCC Technology and may be held financially responsible for BCC Technology that is damaged or not returned. Users must not attempt unauthorized modification or repair to any BCC Technology. User should contact the Butler Community College IT Service Desk at servicedesk@butlercc.edu if repair of BCC Technology is needed. 

    Personal technology (i.e. equipment, hardware, and other devices) should not be attached to BCC Information Systems Infrastructure, including the network, except when used for BCC business purposes. Users should be aware that attaching personal technology to BCC Communications Systems may allow the personal technology or information to be viewable by Butler Community College. Information Services (“IS”), in its sole discretion, can require a User to disconnect personal technology from BCC Communications Systems at any time. 

    Software installed on a BCC computer or other device must either be licensed to Butler Community College or to the User (with the license readily available to be produced for inspection during a software audit), except for software in the public domain. All other software is licensed to BCC and is not to be copied for personal use. Unless otherwise indicated in the applicable license, Users may not copy or modify third-party software, or use licensed software on more than one machine at a time. 

    1. Appropriate Useof Information Systems, Technology, and College Data 
    2. Information Systems, Technology, and College Dataare provided to Users for the purpose of supporting BCC educational activities and operations.  Personnel are limited to minimal and incidental personal use of the Information Systems, Technology, and College Data Systems, and such use is at the sole risk of the personnel and must not interfere with job responsibilities. 
    3. Butler Community Collegereserves the right to set priorities on the use of Information Systems, Technology, and College Data, such as bandwidth. Any personal electronic information accessed, created, input, stored, copied, sent, received, or downloaded from the Information Systems, Technology, and College Data infrastructure is not confidential, will be accessible by BCC, and Users shall have no expectation of privacy in such information.  
    4. UsingButler Community CollegeInformation Systems, Technology, and College Data for any illegal activity is strictly prohibited.  
    5. Users mustcomply withall applicable College policies and operating procedures when using Butler Community College Information Systems, Technology, and College Data, including but not limited to the following: 
      • Student Code of Conduct XXX.X.X 
      • Web Guidelines and Procedures XXX.X.X 
      • Secure Handling of Social Security Numbers Policy XXX.X.X and Operating Procedure XXX.X.X 
      • Copyright Guidelines and Operating Procedures 100.1.2 
      • Data Classification and Security Policy XXX.X.X and Operating Procedures XXX.X.X 
      • Records Retention Policy XXX.X.X and Guidelines Operating Procedure 
      • Identity Theft Prevention – Red Flag Policy XXX.X.X and Operating Procedure XXX.X.X 
      • Social Media Policy XXX.X.X and Guidelines Operating Procedure XXX.X.X 
    6. Users may not reverse engineer, decompile, disassemble, or dispose of third-party software licensed toButler Community College, without first obtaining written approval from InformationServices regarding legal and contractual limitations. Users may not disclose or distribute any BCC software or BCC licensed software to anyone outside BCC. Unauthorized copying or distribution of software (including associated media, such as user manuals or software data) can be both a violation of applicable license agreements and a violation of federal law. Individual Users, as well as Butler Community College, can be held liable for violations and can be required to pay substantial damages, depending on the circumstances. 
    7. Computer accounts and passwordswith accessto BCC Information Systems, Technology, and College Data may not be shared. Users may not attempt to gain access to another’s BCC account. 
    8. Users should be aware that someInformation Systems, Technology, and College Dataare controlled by third parties (e.g., a third-party cloud storage service). Therefore, Users should exercise appropriate caution in using those Systems as they may be modified, restricted, or shut down without prior notice and content may be lost or damaged. 

    III. Privacy with Respect to Information Systems, Technology, and College Data 

    1. Users should be aware thatInformation Systems, Technology, and College Data, as those terms are defined in theAcceptable Use of College Information Systems and Technology Policy IS-100.1.0, are the property of BCC (subject to any ownership, access, and control rights of Users and third parties), and therefore are monitored and secured by BCC in accordance with Information Services standard operating procedures. Further, information that is outside the scope of College Data but accessible on Information Systems, Technology, and College Infrastructure will also be monitored by BCC in accordance with Information Services standard operating procedures.  As set forth above, Users shall have no expectation of privacy in the Information Systems, Technology, and College Data, with respect to both BCC Information and non-BCC Information. 
    2. Backup systems, which are part of theButler Community CollegeInformation Systems, Technology, and College Data, may save information and communications that can later be forensically retrieved and read by BCC or others, even after they have been deleted. In accordance with Information Services standard operating procedures, BCC may be required (e.g. for business reasons or by law) to utilize backup systems and other methods to search and view Information Systems, Technology Infrastructure, and College Data systems, and any information passing through them. This use may result in incidental access and viewing of personal information that Users have accessed, stored or transmitted over the Information Systems, Technology, and College Data Systems, and therefore Users should exercise appropriate caution when accessing, storing and transmitting personal information on the Information Systems, Technology, and College Data Systems. 
    3. Users must not attempt to gain access to another User’s data or programs without appropriate authorization.Users should take reasonable steps to ensure sensitive information and files (such as personnel information or student data) are protected and should notdisclose their passwords to anyone. 
    4. Use ofInformation Systems, Technology, and College DataSystems to transmit or store data must comply with privacy laws and guidelines such as the Family Educational Rights and Privacy Act (FERPA), the Health Insurance Portability and Accountability Act (HIPAA) and the Gramm-Leach-Bliley (GLB) Act. Disclosure of sensitive or protected personal information for any other purpose is strictly prohibited.  
    5. Violation of Policy

    Users who violate College policies and operating procedures concerning Butler Community College Information Systems, Technology, and College Data may have User’s accounts or privileges revoked, and such misuse may result in disciplinary and legal action. All Users, including personnel, students, and College Trustees, are required to report any suspected violation of the Acceptable Use of College Information Systems and Technology Policy IS-100.1.0 and this Operating Procedure to the Office of the Vice President of Digital Transformation / Chief Information Officer

    Cross-Reference:  

    Acceptable Use of College Information Systems and Technology Policy IS-100.1.0 

    IS-100.1.2 Copyright Guidelines and Operating Procedures

    Procedure Title:  Copyright Guidelines and Operating Procedures 
    Procedure Number:  IS-100.1.2
    Effective Date:  1/2023
    Revision Date: 11/2022 
    Referenced Policy: IS-100.1.0 
    Division:  Information Services 
    Category: Information Systems and Technology 

    Applicability: 

    This Operating Procedure applies to the Butler Community College (“BCC” or the “College”) campus community, including all students, personnel, and visitors or other individuals using BCC Information Systems, Technology, and BCC Data (“Users”), regardless of whether the access or use is from a BCC device or occurs on campus

    Purpose: 

    This Operating Procedure addresses the appropriate interaction and use of materials as related to state, local, and federal copyright laws, as well as licensing regulations, in the use of College Information Systems, Technology, and BCC Data, as defined in Acceptable Use of College Information Systems and Technology Policy IS-100.1.0 

    1. The U.S. Copyright Act of 1976

      1. Definitions

        1. Under U.S. law, a work is copyrighted at the instant of creation when it is fixed in a tangible medium of expression for a period of more than a transitory duration. The author of a work is given certain exclusive rights to do or to authorize the following:
        2. To reproduce the copyrighted work
        3. To prepare derivative works
        4. To distribute copies of the copyrighted work publicly
        5. To perform the copyrighted work publicly
        6. To display the copyrighted work publicly
        7. In the case of sound recordings, to perform the copyrighted work publicly by means of a digital audio transmission

      2. Procedures

        1. As Butler Community College and its users intend to comply with the U.S. Copyright Act of 1976, all Butler Community College faculty, staff, and students are expected to act as responsible users of others’ copyrighted works, which includes making informed decisions based on the fair use exemptions to the copyright laws.
        2. This procedure extends to all works of authorship and creativity covered by federal copyright law. These works include print and electronic documents, software, databases, multimedia and audio-visual materials, photographs, music, works of drama, works of art (sculpture), motion pictures and sound recordings among other types of creative works. (17 U.S.C 102)
        3. If a person or entity does not own the copyright in a work, does not have permission to do the above rights, and does it anyway that person or entity is infringing. There are many statutory exemptions to these rights. The major exemption is fair use.
          1. Fair Use: The fair use exemption (Section 107, U.S. Copyright law) permits limited reproduction of copyrighted works for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship or research, without permission of the copyright owner. However, nonprofit educational use does not automatically establish a condition of fair use. Determination of fair use is evaluated on an individual, case-by-case basis. The four factors to consider are:
            1. The purpose and character of the use, including whether such use is of a commercial nature or is for a nonprofit educational purpose.
            2. The nature of the copyrighted work (creative or factual)
            3. The amount and substantiality of the portion used in relation to the copyrighted work as a whole.
            4. The effect of the use upon the potential market for a value of the copyrighted work.
        4. Statutory damages for willful infringement are significant. If a person or entity can demonstrate that evaluation of the four factors took place and lead to the belief of fair use, statutory damages can be considerably reduced. (17 U.S.C 107)

      3. Compliance/Responsibilities

        1. College faculty and staff desiring to use copyrighted materials are responsible for compliance with federal copyright laws, including decisions on the utilization of fair use exemptions. If questions occur, the L.W. Nixon Library will aid the Butler faculty and staff in the understanding, applying, and complying with copyright law.
        2. The College does not assume legal responsibility for any independent application of copyright principles made by College faculty or staff that do not meet the terms of the Copyright Act or this College’s copyright policy.
        3. Permissions must be obtained in all instances where the employee determines that the desired use exceeds fair use or other limitations on the rights of copyright owners.

    2. Displaying Media on Campus

      1. Classroom Use
        1. Showing copyrighted audio-visual materials (VHS, DVD, Blu-ray) is permissible under the following conditions:
          1. The use must be by instructors or by students
          2. The use is part of mediated instructional activities
          3. The showing takes place in a classroom or other instructional venue. For online, the showing must be for a specific number of students enrolled in a particular class
          4. The video is lawfully made, the person responsible has no reason to believe that the video was not lawfully made (17 U.S.C. 110)

    3. Public Performance

      Any screening outside the classroom sponsored by any Butler persons, organizations, committees, or departments is considered a public performance. Unless a film has public performance rights attached, it should be assumed that permission is required for a public screening of the film. The screening of the film is not excused from the “public” designation just because it is an “educational film”, it is being advertised only on campus, or admission is not being charged. The person, organization, committee, or department is responsible for acquiring permission and performance fees.

    4. Additional Information

      For more detailed copyright information or to contact someone from the library with questions, go to the Copyright Guide on the Butler Libraries webpage.

    5. Digital Millennium Copyright Act Policy

      It may be a violation of copyright law to copy, distribute, display, exhibit or perform copyrighted works without authority of the owner of the copyright. It is Butler Community College policy that users of Internet services and equipment provided by Butler Community College are responsible for their compliance with all copyright laws pertaining to information they place on or retrieve from the Internet.

      1. Notice and Takedown Procedure

        1. Upon the Designated Agent’s receipt of proper notification of claimed copyright infringement, as set forth in the Digital Media Millennium Copyright Act (DMCA), 17 U.S.C. 512 (3), the Designated Agent will attempt to notify the user. Information Services shall respond expeditiously by removing, or disabling access to, the material that is claimed to be infringing or to be the subject of infringing activity. Butler Community College will comply with the appropriate provisions of the DMCA in the event a counter notification is received.

      2. Repeat Infringers

        1. Under appropriate circumstances, Information Services may, at its discretion, terminate authorization of users of its system or network who are found to violate the copyright rights of others intentionally or repeatedly.

      3. Enforcement

        1. The Vice President of Information Technology/Chief Information Officer is responsible for monitoring and reporting compliance with this procedure.

      4. Designated Agent

        Butler Community College’s Designated Agent to receive notifications of alleged infringement under DMCA is:

        1. Vice President of Digital Transformaiton/Chief Information Officer

          Butler Community College
          901 S. Haverhill Rd.
          El Dorado, KS 67042
          Voice 316-323-6363
          Email: wyoung@butlercc.edu

    6. Software Copyright and Licensing Guideline

      1. Butler Community College purchases software on a regular basis for use in college classrooms, labs and offices.
      2. Software titles are licensed for use for college purposes only, and the college only purchases enough licenses for an exact number of machines.
      3. You should assume that under no circumstances that software can be copied for personal use or for use on machines other than the computer of original installation.
      4. With the exception of the Microsoft Campus Agreement, or unless you know of a specific example of some educational software title, installation of any college purchased software on a personal computer is not allowed.

    Cross-Reference:  

    Acceptable Use of College Information Systems and Technology Policy IS-100.1.0 

    IS-100.2.0 Full Data and E-Mail Account Termination Policy

    Policy Title:  Full Data and E-Mail Account Termination Policy 
    Policy Number:  IS-100.2.0 
    Effective Date:  1/2023 
    Revision Date:  11/2022 
    Division:  Information Services 
    Category:  User Account Management 

    Purpose:

    This policy covers the disposition of email and other files stored on an individual’s college-owned computer or assigned space on the campus network when an individual’s employment with Butler Community College is terminated.  

    Policy: 

    Upon termination, voluntary or involuntary, appropriate, and defined measures will be taken to secure and maintain Butler Community College Information Systems, Technology, and College Owned BCC Data.  

    Applicability: 

    This Policy applies to the Butler Community College (“BCC” or the “College”) campus community, including all students, personnel, and visitors or other individuals using BCC Information systems, technology, or BCC Data (“Users”), Who are using a College assigned account to access the College Information Systems, Technology, and BCC Data Systems, regardless of whether the access or use is from a BCC device or occurs on campus. 

    Definitions:  

    “Information Systems” include, without limitation, BCC sponsored or provided: e-mail (i.e. butlercc.edu e-mail accounts) other messaging tools and their associated systems, phone, Internet, Intranet, MyButlercc, and other internal and external employee and student portals. 

    “BCC Data” is BCC related information accessed, created, input, stored, copied, sent, received, or downloaded by Users on or through the Information Systems, Technology, and BCC Data Systems, regardless of whether it is viewed, accessed, or created on a personal, password-protected, web-based email account or technology. BCC Information includes, but is not limited to: all documentation, e-mails and e-mail attachments, postings on any BCC sponsored Internet-based forums or social media accounts, charts, student records, statistics, and strategies, working papers, manuals, correspondence, notes, contracts, agreements and software that BCC or its employees use in BCC operations. 

    “Technology” includes, without limitation, BCC sponsored or provided: network use and access (whether wired or wireless or remote or on-campus), and all associated infrastructure, equipment, hardware, software, services, and access to data.  

    “Voluntary Termination” is characterized by mutual agreement between the employee and their supervisor or manager about the terms and timing of the departure, and by a determination by the supervisor/manager that they can work cooperatively with the departing employee to follow appropriate and defined procedures. 

    “Involuntary Termination” usually involves little or no notice on the part of the employee and/or the supervisor/manager, under circumstances that warrant prudent measures to protect the business interests of the college

    Cross-Reference:  

    Email and Account Termination Guidelines and Operating Procedure IS-100.2.1 

    IS-100.2.1 Acceptable Use of College Information Systems and Technology Operating Procedure

    Procedure Title: Acceptable Use of College Information Systems and Technology Operating Procedure IS-100.1.1 
    Procedure Number:  IS-100.2.1 
    Effective Date: 1/2023 
    Revision Date: 11/2022 
    Referenced Policy: IS-100.2.0 
    Division:  Information Services 
    Category: User Account Management 

    Applicability: This Procedure applies to the Butler Community College (“BCC” or the “College”) campus community, including all students, personnel, and visitors or other individuals using BCC Information systems, technology, or BCC Data (“Users”), Who are using a College assigned account to access the College Information Systems, Technology, and BCC Data Systems, regardless of whether the access or use is from a BCC device or occurs on campus. 

    Purpose: While Butler Community College does not normally review the content of an employee’s electronic communication, these files are stored on College computer systems and the College reserves the right to retain and access them as part of its responsibility for maintaining the College’s technology infrastructure or when deemed necessary for business reasons. It is important, therefore, that when an individual leaves the employ of the College the following procedures are followed to ensure that all necessary files are transferred from these individual spaces to the appropriate person in the College. The “appropriate person” will be identified by the departing individual’s supervisor and approved by the divisional Vice President. 

    This Operating Procedure addresses the appropriate steps to be taken, by Butler Community College Information Services Division, upon user’s termination or separation of employment, with regards to the disposition of e-mail and other files stored on BCC’s Information Systems, Technology, or BCC Data Systems. 

    Procedures:  

    1. Voluntary Termination
      In all good-will or Voluntary termination cases, the following procedures shall apply:
      1. Upon notice of termination, an individual’s supervisor should work with the departing employee to arrange for the preservation of all business-related files both from the employee’s network space and email box. 
      2. It is the responsibility of the manager to submit to Information Services any requests that relate to the transfer of email or other processes that need to be migrated from the departing employee to a different individual in the department, even if this is on a temporary basis. 
      3. It is the responsibility of the departing employee to delete or transfer all files and email messages that are of a personal nature.
      4. The supervisor and employee may request assistance from Information Services Service Desk in this process. 
      5. The Supervisor should complete the Supervisor Termination Checklist provided by Human Resources. Data is to be transferred to a college managed data store location. 
      6. In terms of email the manager may opt to have a message put in place that goes to future senders of messages to the departed employee’s @butlercc.edu email address indicating that the person is no longer in the employ of the College and indicating to whom messages should be sent if the message pertains to College business. This process would bounce the original message back to the sender along with the new Butler Community College contact information. 
      7. The overall goal of these procedures is to disable ALL of the accounts of the departed employee within 24 hours of his/her last day of work.
    2. Involuntary Termination
      In all cases of involuntary termination, the following procedures shall apply:
      1. As part of the termination process, the supervisor of the individual being terminated should arrange with the designated staff person in Information Services to secure all data stored on the employee’s college owned devices, e-mail, and managed data storage. 
      2. It is the responsibility of the manager or the Human Resources Department to inform the Vice President of Digital Transformation / Chief Information Officer or the Chief Information Security Officer in advance of any involuntary termination so that appropriate arrangements may be made for the transfer of data and the timely closing of the account of the person to be terminated. 
      3. If so desired, Information Services will arrange to transfer all data and email messages of the terminated employee as part of the process of closing the account.
      4. The Human Resources Office and/or the respective manager shall make certain that the designated person in Information Services is involved in the involuntary termination at the appropriate time. 
      5. At the discretion of the manager, a copy of some or all of the data may be given to the terminated employee. 
      6. In terms of email the manager may opt to have a message put in place that goes to the sender of messages to the departed employee’s @butlercc.edu email address indicating that the person is no longer in the employ of the College and indicating to whom messages should be sent if the message pertains to College business. This process would bounce the original message back to the sender along with the new Butler Community College contact information. 
      7. The overall goal is to disable ALL the accounts of the terminated employee immediately upon termination.

    Cross-Reference:  
    Full Data and E-Mail Account Termination Policy IS-100.2.0 

    IS-100.3.0 Records Retention Policy

    Policy Title:  Records Retention Policy 
    Policy Number:  IS-100.3.0 
    Effective Date: 1/2023 
    Revision Date: 11/2022 
    Division:  Information Services 
    Category:  Technology and Information Systems 

    Purpose: 

    Butler Community College is committed to effective records retention to meet business needs, preserve its history, comply with legal requirements, optimize the use of space, minimize the cost of record retention, and ensure that outdated and useless records are destroyed

    Policy:  

    All Butler Community College departments and employees will comply with federal and state laws and regulations, to eliminate accidental destruction of records and to promote efficiency with valuable storage space. Department supervisors should consult this policy and the related Records Retention Guidelines and Procedures IS-100.3.1 in forming their departmental records retention guidelines. Department procedures should strive to classify records by type and offer retention schedules for those records. 

    Applicability: 

    This Policy applies to the Butler Community College (“BCC” or the “College”) campus community, including all students, personnel, and visitors or other individuals using BCC Information systems, technology, or BCC Data (“Users”), regardless of whether the access or use is from a BCC device or occurs on campus. This policy applies to all departments and employees of Butler Community College. 

    Definitions:  

    Cross-Reference:  

    Records Retention Guidelines & Procedures IS-100.3.1 

    IS-100.3.1 Records Retention Guidelines & Procedures

    Procedure Title:  Records Retention Guidelines & Procedures 
    Procedure Number:  IS-100.3.1 
    Effective Date: 1/2023 
    Revision Date: 11/2022 
    Referenced Policy:  IS-100.3.0 
    Division:  Information Services 
    Category: Information Systems and Technology 

    Applicability: 

    These Guidelines & Procedures apply to the Butler Community College (“BCC” or the “College”) campus community, including all students, personnel, and visitors or other individuals using BCC Information systems, technology, or BCC Data (“Users”), regardless of whether the access or use is from a BCC device or occurs on campus, as well as all departments and employees of Butler Community College

    Purpose: 

    These Records Retention Guideline and Procedures are designed to ensure compliance with federal and state laws and regulations, to eliminate accidental destruction of records and to promote efficiency with valuable storage space.

    All faculty and staff have responsibility for identifying and retaining college records-paper and electronic-in accordance with the Records Retention Guidelines and Procedures. Records are to be archived or destroyed after the retention period, subject to the exceptions stated in this policy regarding retention for audit and litigation purposes. 

    Records Retention Guidelines: 

    Generally, records are to be destroyed when the minimum retention period has been met, unless they are needed to meet specific legal requirements or are to be designated for permanent (archival) retention. All faculty and staff have responsibility for identifying and retaining college records-paper and electronic-in accordance with the Records Retention Guidelines and Procedures. Records are to be archived or destroyed after the retention period, subject to the exceptions stated in this policy regarding retention for audit and litigation purposes. 

    1. Unless otherwise defined in departmental procedure, the minimum retentionperiod for documents at Butler is one year.
    2. Departments are encouraged to destroy records at the end of theirminimum retention period. Obsolete records should not occupy office,storage, or electronic space. 
    3. Retention periods apply to information regardless ofdigital orphysical form or other medium. 
    4. All retention periods are based on the fiscal year, from July 1 throughJune 30, and are in addition to the current year. For example, aone-year retention period means a document created this year should be kept until June 30th and then one additional year after the June 30th date. 
    5. Each supervisor over areas in which covered records are produced, managed, orretainedis responsible for ensuring their areas comply with the defined guidelines and procedures, the Records Retention Policy IS-100.3.0 and all applicable law. 

    Definitions 

    Record: Information created or received and retained, in any format, in the course of transacting Butler business activities. Examples of record formats include paper documents, photographs, video recordings, and electronically stored mail, data and documents. 

    Record Custodian: Designated Butler official charged with the responsibility for management of a specific record type, usually an employee in the record’s office of origin. 

    Record Guardian: Designated Butler entity charged with responsibility for care and oversight of a stored record, ensuring its safety and availability. A major example is Information Services, the record guardian of all electronically stored documents on Butler Community College managed storage devices. 

    Official Record: The “official record” of any record type is the one record used by Butler for decision-making or other official purposes. It does not include any copies made for convenience, personal notations, desk files, or similar documents. 

    Minimum Retention Period: 

    The shortest amount of time that a record must be kept before it is destroyed. Some records need to be retained permanently, while others can be destroyed once they have reached the minimum retention period. 

    Department Retention Procedures 

    Because of differing laws, rules, and regulations, Butler departments and employees will develop their own retention procedures guided by retention requirements of the records they manage and record the retention requirements utilizing a common template. They shall request advice and counsel from Butler Legal Counsel, Information Services, and other appropriate offices as needed. In forming its procedure, each unit shall consider what records require retention, the proper location of stored records (physical and Digital storage), the retention period, and the disposal method once the record’s retention period has expired. Each unit shall have a continuing duty to remain current on record retention requirements for their areas and update their programs as appropriate. Departments will review and update the department records retention requirements annually. 

    Litigation Holds 

    Butler Legal Counsel, Human Resources, Executive Council, or College President may issue a litigation hold notice based on anticipated or pending litigation. Such notices are directed to the Record Custodian of any Butler department that may have records retained which are relevant to the litigation. Any records subject to a litigation hold in the possession of any department must be retained and destroyed only upon clearance of the Legal Counsel. The Record Custodian shall ensure a reasonable process exists within their areas to ensure that documents subject to litigation holds are preserved until cleared by the Legal Counsel. 

    Destruction of Records 

    To help ensure that information entrusted to Butler custody and control does not end up in improper hands, the Record Custodian shall ensure that records eligible for destruction that contain confidential information are timely shredded, erased, or otherwise safely destroyed. Electronic records shall be destroyed in a manner approved by the Vice President of Digital Transformation/Chief Information Officer. Nonconfidential paper records may be recycled. All copies of records eligible for destruction shall not be retained in the unit of origin but shall be destroyed in accordance with applicable policy, procedure, and protocol. Unofficial files should be similarly destroyed. 

    IS-100.4.0 Software and Technology Approval Policy

    Policy Title:  Software and Technology Approval Policy 
    Policy Number:  IS-100.4.0 
    Effective Date: 8/2025 
    Revision Date:  
    Division:  Information Services 
    Category:  Technology and Information Systems 

    Purpose: 

    The purpose of this policy is to establish clear understanding for the approval and vetting of software applications and technology to ensure Butler Community College complies with applicable state and federal laws, data privacy regulations, appropriately reviews and approves end-user license agreements, and conducts comprehensive risk assessments to mitigate potential security, legal, and operational risks. 

    Policy: 

    This policy applies to all forms of technology including hardware, software, systems and related tools purchased, licensed, or used by the Butler Community College, whether on-premises, cloud-based, or website for faculty, staff, students, or stakeholders. This policy covers new software and hardware acquisitions, renewals, and modifications to existing contracts for software, hardware, or related technologies. All software applications, hardware devices, and related technologies must receive prior approval from the Information Services Division before installation or use, ensuring compliance with safety, security, and legal standards. Information Services will conduct monthly software scans across all devices to verify compliance, and any unauthorized software or hardware will be removed. The list of approved software is available in MyButlerCC. Butler Community College employees are required to follow the Software and Technology Approval process as defined in the Software and Technology Approval Guidelines & Procedure IS-100.4.1

    Applicability: 

    This Policy applies to the Butler Community College (“BCC” or the “College”) campus community, including all students, personnel, and visitors or other individuals using BCC Information systems, technology, or BCC Data (“Users”), regardless of whether the access or use is from a BCC device or occurs on campus. This policy applies to all departments and employees of Butler Community College.  

    Cross-Reference:  

    Software and Technology Approved Guidelines & Procedures IS-100.4.1 

    IS-100.4.1 Software and Technology Approval Guidelines & Procedure

    Procedure Title:  Software and Technology Approval Guidelines & Procedure 
    Procedure Number:  IS-100.4.1 
    Effective Date: 8/2025 
    Revision Date:  
    Referenced Policy:  IS-100.4.0 
    Division:  Information Services 
    Category:

    Applicability: 

    This Procedure applies to the Butler Community College (“BCC” or the “College”) campus community, including all students, personnel, and visitors or other individuals using BCC Information systems, technology, or BCC Data (“Users”), Who are using a College assigned account to access the College Information Systems, Technology, and BCC Data Systems, regardless of whether the access or use is from a BCC device or occurs on campus

    Purpose:

    This procedure applies to all technology including software applications, hardware and related tools used within Butler Community College, including those used by students, faculty, staff, or stakeholders. 

    Each user must ensure compliance with the Acceptable Use Policy for Generative AI Tools IS-100.5.0, in conjunction with the Software and Technology Approval Policy IS-100.4.0, and the Acceptable Use of Information Systems and Technology Policy IS-100.1.0. 

    Procedures:  

    Software, hardware and Technology Approval Process: 

    All technology including software and hardware, must be approved by the Information Services Division prior to installation and use. Requests for new software or hardware must be submitted through the Software Request Form, or related technology form available in the Butler Service Desk ticketing system. The Information Services Division will assess each request based on factors such as security, compliance, functionality, and compatibility with existing systems. Additionally, software with similar features to applications already approved may be denied to avoid redundancy and ensure efficient use of resources. 

    Security and Compliance: 

    All technology including software and hardware must comply with Butler Community College's security policies, including the Payment Card Industry Data Security Standard (PCI DSS) and the Identity Theft Red Flag policy. Additionally, all software and hardware must have the latest security updates and patches installed to maintain a secure environment. Multi-factor authentication (MFA) and strong password policies must be enforced for all software applications to enhance security measures and protect sensitive data. 

    1. Functionality and Compatibility:
      Alltechnology including hardware and software must be compatible with existing systems and infrastructure to ensure smooth operation and integration. The Information Services Division will conduct thorough testing to verify that the hardware or software functions as intended and does not interfere with other applications or systems already in place at the college. This ensures minimal disruption to operations and supports seamless user experience. 
    2. Vendor Assessment:
      The Information ServicesDivision will perform a vendor assessment to evaluate each vendor’s security practices, financial stability, and support capabilities. Vendors must provide detailed documentation on their security measures, data protection policies, and compliance with relevant regulations. This assessment helps ensure that the software vendor can meet the College’s security and operational needs. 
    3. User Training and Support:
      Approvedenterprise software applications will be accompanied by comprehensive user training and support resources. The Information Services Division will offer training sessions and provide documentation to ensure that users are well-informed about the software's features and best practices. This will ensure that users can effectively utilize the software while adhering to security protocols. 
    4. Review and Monitoring:
      TheInformation Services Division will periodically review and monitor approved hardware and software applications to ensure continued compliance with security and operational standards. If any hardware or software is found to be non-compliant with these standards, it will be subject to removal or remediation to protect the integrity of the College’s systems and data. 

    Responsibilities: 

    The Information Services Division is responsible for evaluating, approving, and monitoring all technology including hardware and software applications used within the College. Users are responsible for submitting Service Desk requests in accordance with the guidelines outlined in this document.  

    Enforcement: 

    Violations of the Software and Technology policy may result in disciplinary action, including revocation of software access and other appropriate measures. 

    Cross-Reference:  

    Software and Technology Approval Policy IS-100.4.0 

    IS-100.5.0 Acceptable Use Policy for Generative AI Tools

    Policy Title: Acceptable Use Policy for Generative AI Tools 
    Policy Number:  IS-100.5.0
    Effective Date:  8/2025
    Revision Date: 
    Division:  Information Services 
    Category: Technology and Information Systems 

    Applicability: 

    This Policy applies to the Butler Community College (“BCC” or the “College”) campus community, including all students, personnel, and visitors or other individuals using BCC Information systems, technology, or BCC Data (“Users”), regardless of whether the access or use is from a BCC device or occurs on campus. This policy applies to all departments and employees of Butler Community College. 

    Purpose: 

    The purpose of this policy is to establish a clear understanding for the proper use of generative AI tools within Butler Community College. The landscape of Generative AI is rapidly changing and will change the way Butler conducts business on all levels. Butler encourages the exploration and use of AI tools in a safe an effective manner as defined in this policy, Acceptable Use Procedures for Generative AI Tools IS-100.5.1, and the Software and Technology Approval Policy IS-100.4.0. This policy aims to ensure that all AI tools and applications are used in a manner that promotes security, efficiency, and compliance with legal and regulatory requirements. By defining acceptable use, security protocols, and responsibilities, this policy seeks to protect the organization's digital assets, maintain the integrity of Butler’s information systems, and support the overall goals of Butler’s digital transformation initiatives. 

    Policy:

    All Butler Community College departments and employees will comply with federal and state laws, regulations, Acceptable Use Procedures for Generative AI Tools IS-100.5.1, Software and Technology Approval Policy IS-100.4.0, and this policy to eliminate accidental exposure of institutional data. Butler Community College employees are required to follow the same software approval process as defined in the Software and Technology Guidelines and Procedures IS-100.4.1.for all AI tools, AI applications, and AI web tools. 

    Definitions:  

    Data Classifications 

    Public:Public data is information that can be freely shared with the general public without any restrictions. This type of data does not pose any risk to the organization if disclosed. Examples of public data include press releases, marketing materials, and publicly available financial reports 

    Private:Private data is information that is intended for internal use within the organization and should not be disclosed to the public. This type of data might not cause significant harm to the organization if disclosed, but it is still important to keep it confidential for various reasons. Examples of private data include human resources information, internal memos, and non-sensitive business plans. 

    Restricted:Restricted data is highly sensitive information that, if disclosed, could cause significant harm to the organization or individuals. This type of data requires the highest level of protection and access control. Examples of restricted data include student records subject to FERPA, proprietary or unpublished research, and any information classified as restricted under legal or regulatory requirements. 

    Allowable Use by Data Classification 

    Information that is classified as Public, per the definitions above, can be used in generative AI tools. Butler has agreements relating to AI tools, which may allow for use with more sensitive information. It is important to be sure all Butler employees, students, and stakeholders are using approved tools rather than individual consumer accounts, to benefit from Butler’s contractual protections and integrity of data. Limitations of use under Butler’s contracts are noted in the approved software list located in MyButlerCC. For more information about AI tools availability and contractual obligations please review the approved software list or contact the Service Desk at servicedesk@butlercc.edu. 

    Prohibited Use 

     Unless specifically stated in the "Allowable Use" section above, public, private, or restricted information may not be entered into or generated as output from models or prompts. Student records subject to FERPA, and any other information classified as restricted should not be used unless specifically allowed under Butler's contracts (see list in "Allowable Use by Data Classification" section above). This includes: 

    • Creation of non-public instructional materials 
    • Proprietary or unpublished research 

    Some generative AI tools, such as OpenAI, explicitly forbid their use for certain categories of activity, including harassment, discrimination, and other illegal activities. An example of this can be found in found in OpenAI's usage policy. This is also consistent with Butler’s acceptable use Acceptable Use of Information Systems and Technology Policy IS-100.1.0. 

    Additional Consultation Needed 

    If a user is considering a new use of Generative AI in studies or work, it is the user’s responsibility to consider the ethics and risks involved and obtain approval from the user’s department supervisor and the Vice President of Digital Transformation / CIO. Use of AI that involves highly consequential automated decision-making requires extreme caution and should not be employed without prior consultation with appropriate entities, including the responsible Department supervisor, as such use could put the System and individuals at significant risk. 
     
    Examples include, but are not limited to: 

    • Legal analysis or advice 
    • Recruitment, personnel, or disciplinary decision-making 
    • Seeking to replace work currently done by represented employees 
    • Security tools using facial recognition 
    • Grading or assessment of student work 

    Please note that certain generative AI tools use click-through agreements. Click-through agreements, including OpenAI’s ChatGPT terms of use, are contracts. Individuals who accept click-through agreements without delegated signature authority may face personal consequences, including responsibility for compliance with terms and conditions. 

    For questions regarding privacy with AI tools, contact the Servicedesk@butlercc.edu. For questions regarding appropriate use of AI tools, the Acceptable Use Procedures for Generative AI Tools IS-100.5.1.. 

    IS-100.5.1 Acceptable Use Procedures for Generative AI Tools

    Procedure Title: Acceptable Use Procedures for Generative AI Tools
    Procedure Number:  IS-100.5.1 
    Effective Date:  8/2025 
    Revision Date:  
    Referenced Policy: IS-100.5.0 
    Division:  Information Services 
    Category:  User Account Management 

    Applicability: 

    This Procedure applies to the Butler Community College (“BCC” or the “College”) campus community, including all students, personnel, and visitors or other individuals using BCC Information systems, technology, or BCC Data (“Users”), Who are using a College assigned account to access the College Information Systems, Technology, and BCC Data Systems, regardless of whether the access or use is from a BCC device or occurs on campus. 

    Purpose: 

    These guidelines primarily address the use of AI in the operations of Butler Community College (the “College”). This is intended to be a living document that will evolve over time as the technology and common uses evolve. 

    As the use of generative AI tools continues to grow, it's important to understand how to use these tools safely and appropriately. Generative AI can create new content (text, images, video, and more) based on user input, but like any new technology, it has its benefits and its limitations. It's essential to understand that generative AI is not infallible and can sometimes generate incorrect information. It is also important to consider the ethical and privacy implications of using these tools, and to use them in a manner that is respectful and compliant with college policies. We are committed to protecting the privacy of Butler’s students, staff, and faculty. 

    Each user of AI must ensure that their AI use conforms to the Acceptable Use Policy for Generative AI Tools, in conjunction with the Software and Technology Approval Policy IS-100.4.0, and the Acceptable Use of Information Systems and Technology Policy IS-100.1.0. 

    Procedures:  

    Limitations on Data provided to AI Tools 

    Be careful about the type of information and data provided to AI systems as prompts or for analysis. This is especially true for any personally identifiable information. Some of these systems do not provide adequate privacy protection for nonpublic data or intellectual property. At present, any use of ChatGPT or similar AI tools should be with the assumption that no personal, confidential, proprietary, or otherwise sensitive information may be used with it. In general, student records subject to FERPA, and any other information classified as private or restricted should not be used. 

    Never share your login credentials with AI tools and always be aware of phishing schemes. Remember, depending on the AI tool, the information entered could become public. If the AI user is not sure about a tool’s privacy and security, one should assume that the information entered will become public. This is true for the output that AI tools generate, as well. 

    If there is any doubt about the security or privacy of an AI tool, or would like to use any nonpublic data with an AI tool, please consult with the Service Desk at servicedesk@butlercc.edu 

    Use of Output from AI Systems 

    Errors and Hallucinations 

    When using generative AI tools like ChatGPT, Google Gemini, Grok, and similar technologies for business purposes, be vigilant about errors, also known as "hallucinations"—moments when the AI generates unverified or incorrect information. Always cross-check the tool's output for accuracy before incorporating it into College-related tasks. While generative AI is potent, it can occasionally produce false or misleading content. Ensure all facts and figures generated by these tools are independently verified through non-AI sources before use. In other words, don't simply copy and paste what is produced into your work. 

    Bias 

    It is important to recognize that the datasets used to train the models may be trained on incomplete or biased data. Implicit and systemic biases can inadvertently be built into AI systems therefore it is critically important to monitor the output of AI systems for bias. This “human in the loop” practice will help avoid many of the risks and drawbacks of using AI. Humans, working with AI, can be powerful if the strengths of each are leveraged. 

    College policies governing workplace behavior continue to apply when an employee uses AI in their College work. The employee generating output from AI is responsible not only for the output but also for the appropriate use of that output. It is also important to acknowledge and/or cite the use of AI-generated content or analysis when it has been used to create, edit, or enhance work in any way. 

    Use cases 

    The section that follows categorizes the associated risks of using AI tools with specific use cases. If you have questions about a use case that is not described below, please contact the Service Desk at servicedesk@butlercc.edu prior to using an AI tool. 

    Low Risk: Includes use cases that are unlikely to cause significant issues and can be considered safe for most applications, provided the use case meets the general guidelines and is compliant with College policies. 

    Medium risk: Includes use cases that could present challenges or require careful management to mitigate potential problems. Many of these are situationally dependent and may be considered an acceptable or unacceptable use depending on the details. Data and intellectual property protection are especially important to consider in these cases, along with general guidelines and College policies. 

    High Risk: Includes use cases that could lead to serious legal, compliance, or ethical complications or require substantial oversight and precautions. 

    General Use Cases 

    Can I use AI to write things for me, such as an event announcement, cover letter or letter of reference? 

    (Low Risk) – In general, content generation is a low to medium-risk use of generative AI tools. The initial draft can be generated by AI to help save time, just be sure to review the final output to make sure that it is accurate and appropriate before you use it. As with anything AI, double and triple-checking facts is critical. In addition, you should avoid submitting nonpublic data, e.g. personal identifying information or student information protected by FERPA, into the AI system unless you are certain about its data security and privacy policies. 

    Can I use AI to refine or edit something I’ve written? 

    (Low Risk) – In general, this is an effective and safe use of generative AI tools. It is important to review the revision to make sure the AI did not change the meaning of what you were trying to say, and to follow the College's general guidelines and applicable policies. When entering text for this purpose, remove any identifying information or details that would not otherwise be publicly available. 

    Can I use AI to help brainstorm a list of ideas? 

    (Low Risk) – In general, this is a productive use of generative AI tools. Just make sure to follow College's general guidelines and applicable policies. 

    Can I use AI to summarize a document? 

    (Low Risk) - Depending on the situation's specific details and the document's privacy requirements, this can be a beneficial use case for AI. This can be helpful when used to gain a general introduction to a text or subject area. Please be mindful that AI-generated summaries may not be comprehensive or fully accurate. Therefore, users are strongly encouraged to refer to the primary documents before making any critical decisions related to College. In addition, primary documents put into an AI tool in order to create a summary will no longer be confidential. 

    Can I use AI to analyze data? 

    (Low Risk), (Medium Risk), (High Risk) – Unless you are analyzing publicly available data, you should use extreme caution when using AI tools to analyze data. The permissibility of this use depends on data classification and the privacy protection offered by the system being used to analyze the data. As a general rule, protected data should not be entered into an AI tool unless you are certain that there is an agreement in place to protect the College’s institutional data. Even when the AI system offers privacy protection, all identifying information should be removed from a dataset before it is uploaded into any AI data analysis tool (contact the CIO for guidance on de-identification). Similar considerations apply when non-public output is expected to be generated, even if the data being analyzed is publicly available. 

    Can I use AI to analyze or combine survey responses? 

    (Low Risk), (Medium Risk), (High Risk) – This depends on data classification and the privacy protection offered by the system being used to analyze the data. As a general rule, protected data should not be entered into an AI tool unless there is a College or agreement allowing use for that protection level. [If we document the list of approved tools and if there is a contractual agreement a link to it should go here.] 

    Can I use AI to record, transcribe and/or summarize meetings? 

    (High Risk) - There are many complications regarding consent, privacy and confidentiality when recording, transcribing and summarizing meetings using any AI tool. The system office is considering experimenting with these tools to better understand them. 

    Can I use AI to practice my Interviewing skills? 

    (Low Risk) – This can be a good use of AI. Here are some sources for advice on how to use AI as a tool to help you prepare for interviewing. 

    Administrative Use Cases 

    Can I use AI to evaluate competitive bid responses? 

    (High Risk) – This is not an appropriate use of AI. AI can introduce bias and be factually incorrect so it should not be used to review vendor proposals in the competitive bid process. Additionally, there may be proprietary/protected information in RFP responses that should not be entered into AI systems. 

    Can I use AI for market research? 

    (Medium Risk) – This is not recommended as it doesn’t play to the strengths of current AI systems. Any market research performed by AI should be rigorously fact-checked. AI might be used as a complimentary set of information, but anything AI generated should be verified by human analysis. 

    Can I use AI to evaluate applications for admissions? 

    (High Risk) – AI systems are known to demonstrate bias, so reviewing student admission applications is not an appropriate use of AI. 

    Human Resources Use Cases 

    Can I use AI to write a performance appraisal? How can I use AI in performance management? 

    (Medium Risk) – AI can be helpful in the writing process, but in this case, all of the ideas and concepts should come from the supervisor who is responsible for the performance appraisal. AI can be used to help summarize multiple sources of input and data; this helps formulate thoughts without duplications. AI can, with the proper prompts, aid in providing language that is more constructive or that provides clearer guidance. It can also help with creating personalized development plans based on content in the narrative of the performance review. Using key points from bulleted lists or notes, AI can streamline a narrative by providing clear, concise feedback, action items, and goals. Again, this is based on the supervisor’s findings and evaluation and should NOT be generated by AI. When utilizing AI for performance reviews, confidential, organizational, or personally identifiable information should not be entered into the AI tool. Be aware of the potential for AI to produce content that may introduce bias or produce inaccurate or false information. It is critical to keep the human in the loop and all material should be reviewed and verified by the supervisor authoring the review. 

    Can I use AI to review job applicants' resumes? 

    (High Risk) – Not at this time. Current AI systems are known to demonstrate bias, so reviewing job applicants' resumes is not an appropriate use of AI. This process should be done by humans (for example, the recruiter, hiring manager, hiring committee). AI might inadvertently discriminate based on protected characteristics given the AI tool’s source data. The Equal Employment Opportunity Commission expects employers who use AI to take reasonable measures to test the algorithm's functionality in real-world scenarios to ensure the results are not biased. 

    Can I use AI to write a position description or advertisement? 

    (Medium Risk) – AI can be used to help articulate the language needed to make your job description more concise and inclusive, keeping in mind that some AI systems show bias that would be especially inappropriate in the recruitment process. All job descriptions should be in accordance with the College’s job description requirements. 

    Can I use AI to generate policies or office procedures? 

    (Medium Risk) – While generative AI can be a good place to start with generating outlines and starting text for policies and procedures, all output - just like with non-AI output, must be submitted for review by the appropriate committee/governance structure before enactment. 

    Can I use AI to develop job training aids? 

    (Low Risk) – This can be a good use of AI. GenAI software that observes a task being completed and then develops training content for others to learn to complete the same task. You should not use "live/real data" in the session used to develop the training aid. 

    Technical Use Cases 

    Can I use AI to write code? 

    (Medium Risk) – Some standard portions of routine code blocks can be written using AI as there are not unique techniques in these smaller code blocks, but it should not be used to write entire programs. As always, use caution when including these programming blocks and test thoroughly. 

    Where is it appropriate to use AI in the software development process? 

    (Medium Risk) – The increased "intellisense" functionality of tools like GitHub Copilot can enable AI to generate the “routine” or boilerplate code blocks for basic functions more quickly as it predicts what you need to accomplish in code. While AI automates certain tasks, it cannot replace human creativity, intuition, or problem-solving abilities. Always use caution when including these programming blocks and test thoroughly. 

    Can I use AI as a Stack Overflow alternative? 

    (Medium Risk) – This can be an effective way to more efficiently manage large amounts of Stack Overflow posts, but be careful when writing your prompt to generate the desired search results and always verify code before putting it to use on College/systems. 

    Can I use AI to do automated testing? 

    (Low Risk) – AI-driven testing tools can execute test cases, identify defects, and validate software functionality. They can accelerate testing cycles and improve software reliability. Human involvement and review are critical to review the testing parameters

    Cross-Reference:  

    Acceptable Use Policy for Generative AI Tools IS-100.5.0