Information Technology Policy

The College makes certain computing and network resources available to its students. Currently, these resources include, but are not limited to: wired and wireless network connections, shared computer labs and devices, software for educational use, and services for email, printing, storage, and information access. This policy for the College computing and network resources also applies to the information held on any computers and storage devices provided by the College or connected to its network. These resources and information are to be used in a manner consistent with College policy and the law.

Students may only use information resources for which they have authorization. Students may not use another individual’s account or attempt to acquire other user’s passwords. You may not attempt to access, alter, deface, destroy, or remove restricted portions of the network, computing equipment, an operating system, security software, applications, or databases without authorization. You may not scan or monitor network transmissions.

Students may only connect devices (e.g., desktop and laptop computers or printers) to the network at approved points. Equipment that extends or modifies the network, such as routers, switches, or hubs, must not be connected unless specifically approved by the IT Department. You must not use hardware, software, or processes that disrupt the College system or other computer or network users, or that degrade performance of any part of a system.

Students must abide by all applicable federal, state, and local laws including, but not limited to: those concerning copyright, the protection of intellectual property, and illegal pornography. You may not use, copy, or distribute copyrighted works, including but not limited to, music, videos, games, images, or software unless you have the legal right to do so. You are required to comply with all contractual and licensing agreements that apply to resources the College has purchased and made available for your use.

Students may not use the computing and network resources for any activity that would jeopardize the tax-exempt status of the College, for political purposes, or for personal economic gain. You may not use computing and network resources to libel, slander, harass, or threaten any other person.

Students are expected to respect the privacy of others, and you are prohibited from accessing another user’s email, data, or programs without explicit permission from that user. The College reserves the right to access and review information transmitted on the network or stored in its systems without prior notice. Students found in violation of any part of the Information Technology Policy will be subject to the student conduct process.

In Compliance with the 2002 Gramm-Leach-Bliley Act, Bennington College does not share any nonpublic personal information (PNI) with unaffiliated third parties. Increasingly, all of our core business services are moving to a Software-as-a-Service metaphor, and our vetting and implementation process for all cloud-based business services includes a rigorous evaluation of data security and compliance practices vis-a-vis, among others, FERPA, HIPAA (as appropriate), PCI DSS (as appropriate), EUGDPR, CCPA, and NYPA, among others. For the few remaining systems of record that collect PNI data that are hosted on our network, we have established clear and robust data security protocols. Data at rest is encrypted and stored in Amazon Web Services (AWS).  Automated daily, weekly and monthly backups are also stored and encrypted in AWS in separate systems. Data flow, both ingress and egress, are encrypted over our direct network connection to AWS, which is managed on redundant servers off-site. There are a few onsite databases that are managed on a serve with a proactive, routine patching protocol. Our network is protected by state-of-the art Palo Alto firewalls with Threat Prevention and DarkTrace (AI-powered cyber analyst). This data is backed up on the same schedule onsite and to AWS over our encrypted direct connect.