• General Information
  • Mission & Commitments
  • Institutional Committees
  • Legal Compliance
• Board Governance
  • 1.1 Board of Trustees
    • 1.1.1 Operations of the Board
  • 1.2 Policy Development
  • 1.3 Philosophy on Admin Support
    • 1.3.1 Administrative Structure
    • 1.3.2 Institutional Committees
  • 1.4 Selection of the President
  • 1.5 Hiring of New Personnel
  • 1.6 Acceptance of Resignations
  • 1.7 Property and Buildings
  • 1.8 Naming of Facilities
    • 1.8.1 Naming of Facilities
  • 1.9 Substantive Change
    • 1.9.1 Substantive Change Procedure
  • 1.10 Investment Policy
• General Policies
  • 2.0 Policy Enforcement
    • 2.0.1 Policy Enforcement
  • 2.1 Use of College Facilities/Equipment
    • 2.1.1 Guidelines for Use of Facilities
    • 2.1.2 Use of College Facilities for Personal Gain
    • 2.1.3 Student Lockers
  • 2.2 Solicitation
  • 2.3 Free Speech & Public Assembly
    • 2.3.1 Distribution of Printed Materials
    • 2.3.2 Public Assembly
  • 2.4 Drug & Alcohol Policy
    • 2.4.1 Drug & Alcohol Procedures
  • 2.5 Live Project Policy
    • 2.5.1 Live Project Procedures
  • 2.6 Sexual Assault Policy
    • 2.6.1 Sexual Assault Procedure
  • 2.7 Sexual Harassment Policy
    • 2.7.1 Sexual Harassment
  • 2.8 Americans with Disability Act
    • 2.8.1 Americans with Disabilities Act
  • 2.9 Tobacco Free Campus
  • 2.10 Copyright
    • 2.10.1 Copyright
  • 2.11 Intellectual Property
  • 2.12 College Closings, Class Cancellations, & Delayed Openings
  • 2.13 Diversity Statement
  • 2.14 Compliance with Title IX of the Educational Amendments Act of 1972
  • 2.15 Establishment of SCC Foundation
  • 2.16 Contributions to the SCC Foundation
  • 2.17 Employee Cell Phone
  • 2.18 Staff Association Membership
    • 2.18.1 Staff Association Membership
• Educational Progs & Services
  • 3.1 Instructional Planning
    • 3.1.1 Advisory Committees
    • 3.1.2 Continuing Education Courses
    • 3.1.3 Curriculum Courses
    • 3.1.4 Scheduling Curriculum Courses
    • 3.1.5 Selection of Instructors
    • 3.1.6 Course Site Selection
    • 3.1.7 Marketing of Courses
    • 3.1.8 Graduate Guarantee
    • 3.1.9 Continuing Education Student Registration
    • 3.1.10 Curriculum Student Registration
    • 3.1.11 End of Class Procedures
    • 3.1.12 Repetition of Continuing Education Courses
    • 3.1.13 Repetition of Curriculum Courses
    • 3.1.14 Accountability & Credibility Internal Audit Plan for Continuing Education
    • 3.1.15 Curriculum Faculty Workload
    • 3.1.16 Minimum Continuing Education Class Size
    • 3.1.17 Minimum Curriculum Class Size
    • 3.1.18 Continuing Education Course Outlines
    • 3.1.19 Curriculum Course Syllabi
    • 3.1.20 Selection of Textbooks for Continuing Education
    • 3.1.21 Curriculum Textbook Adoption
    • 3.1.22 First Day of Classes
    • 3.1.23 tests and Final Exams
    • 3.1.24 Grading for Curriculum Classes
    • 3.1.25 Children on Campus
    • 3.1.26 Student Withdrawals Continuing Education
    • 3.1.27 Warning & Withdrawal Notice Curriculum Classes
    • 3.1.28 Records & Reports
    • 3.1.29 Curriculum Faculty Office Hours
    • 3.1.30 Schedule Changes for Continuing Education Classes
    • 3.1.31 Notification of Curriculum Faculty Absences/Late Arrival
    • 3.1.32 Advising Students
    • 3.1.33 Professional Development
    • 3.1.34 Participation in Committees, Division Meetings or Other Group Activities
    • 3.1.35 Criteria for Book Signings
    • 3.1.36 Student Absence from Curriculum Courses & Official College Events
  • 3.2 Clinical Agreements with Health Care Agencies
  • 3.3 Development of Courses
  • 3.4 New Curriculum Programs
  • 3.5 Academic Freedom
    • 3.5.1 Artistic Expression
    • 3.5.2 Challenge to Academic Feedom
  • 3.6 Faculty Senate
    • 3.6.1 Faculty Senate Membership
  • 3.7 Religious Observances
    • 3.7.1 Religious Observances for Curriculum Classes
    • 3.7.2 Religious Observances for Continuing Education Classes
  • 3.8 Admission to BLET
    • 3.8.1 Admission to BLET Procedure
  • 3.9 Institutional Review Board
    • 3.9.1 Institutional Review Board Procedure
• Student Progs & Services
  • 4.1 Intercollegiate Sports Program
  • 4.2 Financial Obligations & Business Relationships
    • 4.2.1 Financial Obligations & Business Procedures
  • 4.3 Student Insurance
  • 4.4 Due Process
    • 4.4.1 Grievances & Appeals
  • 4.5 Student Code of Conduct
  • 4.6 Discipline
    • 4.6.1 Discipline Procedures
  • 4.7 Financial Aid
    • 4.7.1 Satisfactory Academic Progress Requirements for Financial Aid Recipients
    • 4.7.2 Professional Judgment Procedure
  • 4.8 Deferred Payments
  • 4.9 Admissions
    • 4.9.1 Academic Fresh Start
    • 4.9.2 Admission Procedures
  • 4.10 Admissions for Basic Law Enforcement Training
    • 4.10.1 Admissions for Basic Law Enforcement Training
  • 4.11 Access to Student Records
    • 4.11.1 Access to Student Academic Records
    • 4.11.2 Placement Assessment Procedure
• Human Resources
  • 5.1 Conflict of Interest
  • 5.2 Employment Contracts
    • 5.2.1 Employment Contracts
  • 5.3 Equal Employment Opportunity
    • 5.3.1 Equal Employment Opportunity
    • 5.3.2 Equal Employment Opportunity ADA
  • 5.4 Affirmative Action (Trustee Manual)
  • 5.5 Political Activities
  • 5.6 Privacy of Employee Personnel Records
    • 5.6.1 Privacy of Employee Personnel Records
  • 5.7 Background Checks
    • 5.7.1 Background Checks
    • 5.7.2 Employment Reference Checks
  • 5.8 Contents of the Personnel File
    • 5.8.1 Contents of Personnel File
  • 5.9 Employment
    • 5.9.1 Employment Regular Full Time
    • 5.9.2 Employment Part Time
    • 5.9.3 New Employee Orientation
  • 5.10 Illegal Conduct
    • 5.10.1 Illegal Conduct
  • 5.11 Nepotism
  • 5.12 Outside Employment
    • 5.12.1 Outside Employment
  • 5.13 Rehire of Former Employees
  • 5.14 Transfer of Employees & Promotion
    • 5.14.1 Transfer of Employees & Promotion
  • 5.15 Veterans Preference
    • 5.15.1 Veterans Preference
  • 5.16 Classification of Position
    • 5.16.1 Classification of Position
  • 5.17 Leaves of Absence
  • 5.18 Annual Leave
  • 5.19 Civil Leave
    • 5.19.1 Civil Leave
  • 5.20 Educational Leave
  • 5.21 Family & Medical Leave
    • 5.21.1 Family & Medical Leave
  • 5.22 Military Leave
  • 5.23 Parental Involvement Leave
    • 5.23.1 Parental Involvement Leave
  • 5.24 Personal Leave
  • 5.25 Sick Leave
  • 5.26 Voluntary Shared Leave
    • 5.26.1 Voluntary Shared Leave
  • 5.27 Leave Without Pay
  • 5.28 Leave Transfer
  • 5.29 Disciplinary Action, Suspension & Dismissal
    • 5.29.1 Disciplinary Action, Suspension & Dismissal
  • 5.30 Employee Grievance
    • 5.30.1 Employee Grievance & Appellate Procedure
  • 5.31 Non-Renewal of Contract
  • 5.32 Release from Contract
  • 5.33 Reduction in Force
    • 5.33.1 Reduction in Force
    • 5.33.2 Resignation & Departures
    • 5.33.3 Minimum Notice
  • 5.34 Unemployment Compensation
  • 5.35 Compensatory Time
    • 5.35.1 Compensatory Time
    • 5.35.2 Faculty Compensation During Semester Breaks
    • 5.35.3 Payment of Part Time Instructors
  • 5.36 Salary Determination
    • 5.36.1 Salary Determination
  • 5.37 Salary Increase
  • 5.38 Longevity Pay
    • 5.38.1 Longevity Pay Procedure
  • 5.39 Payroll
    • 5.39.1 Payroll Process
  • 5.40 Employee Development
    • 5.40.1 Employee Development Assistance
  • 5.41 Evaluation of Personnel
• Business Operations
  • 6.1 Appearance of Buildings & Grounds
    • 6.1.1 Appearance of Buildings & Grounds
    • 6.1.2 Maintenance Service Request
  • 6.2 Personal Equipment
  • 6.3 Use of Self-Supporting Funds
  • 6.4 budget Responsibilities with the Board of County Commissioners
  • 6.5 Financial Commitments
  • 6.6 Sales of Surplus Property
  • 6.7 Investment
  • 6.8 Debt Collection from Employees
  • 6.9 Refunds
    • 6.9.1 Refunds
  • 6.10 Use of Profits from Vending Machines & Other Convenience Concessions
  • 6.11 Use of Profits from Bookstore Operations
  • 6.12 Travel
    • 6.12.1 Travel
    • 6.12.2 Use of College Vehicles
  • 6.13 Assignment of College Car to the President
• Technology Services
  • 7.1 Information Systems Access
    • 7.1.1 Information Systems Access
  • 7.2 Remote Network Access
    • 7.2.1 Remote Network Access
  • 7.3 Information Systems Network Security
    • 7.3.1 Information Systems Network Security
  • 7.4 Information Systems Security
    • 7.4.1 Information Systems Security
  • 7.5 Contractor Non-Disclosure Agreement
    • 7.5.1 contractor Non-Disclosure Agreement
  • 7.6 Allocation of Information Systems
    • 7.6.1 Allocation of Information Systems
  • 7.7 Use of Information Systems
    • 7.7.1 Use of Information Systems
    • 7.7.2 Electronic Communication
  • 7.8 Information Network Access for College Visitors
    • 7.8.1 Information Network Access for College Visitors
  • 7.9 GroupWise Space Usage
    • 7.9.1 GroupWise Space Usage
  • 7.10 Email Retention
    • 7.10.1 Email Retention
  • 7.11 Instant Messaging
    • 7.11.1 Instant Messaging
  • 7.12 Information Systems Hardware & Software
    • 7.12.1 Information Systems Hardware & Software
  • 7.13 Use of Personal Equipment
    • 7.13.1 Use of Personal Equipment
  • 7.14 Risk Assessment & Management
    • 7.14.1 Risk Assessment & Management
  • 7.15 Disaster Prevention & Recovery
    • 7.15.1 Disaster Prevention & Recovery
• Safety and Health
  • 8.1 Safety Policy
    • 8.1.1 Identification Cards
  • 8.2 Weather Related Emergencies
  • 8.3 Unlawful Carrying of Firearms or Other Weapons
  • 8.4 Accident Control
    • 8.4.1 Accident Control
  • 8.5 Accident Reporting
    • 8.5.1 Accident Reporting
  • 8.6 Communicable Disease
    • 8.6.1 Communicable Disease Procedure
    • 8.6.2 Pandemic Event Preparedness & Response Plan
    • 8.6.3 Student Pandemic Event

Information Systems Security Procedure

Guidelines

User Access Authorization

Each Southeastern Community College Information Systems Network (SCCNET) user/object must have an approved Access Authorization record, which is obtained through the following procedure:

1. For all new access, the supervising vice president/president electronically submits an IS Access Request Form, which defines all of the access requested for the new user. 
2. Current IS access changes can be submitted by the supervising vice president /president through email to the director of information technology.  The email is electronically filed in the corresponding IS Access Authorization record. Current IS access can also be changed on the Annual IS Authorization Form submitted and signed by the supervising vice president/president.
3. The IS Access Authorization database will be maintained and shows a current detailed record of each users’/objects’ authorized access.

Login/Password Protection

The IT staff builds each employees access on the system(s) for which the supervising vice president/president has authorized use. They also build or provide the information necessary to build student access. Users will be required to enter a unique username and password in order to gain access to the college’s information systems services/resources.

1. The standard for an employee’s login identification (ID) is the initial of the first name and the full last name.  If that ID already exists on the SCCNET, then the next letter of the first name is added until a unique ID is created. If a unique ID cannot be created with this method, then a sequential number will be added starting at the number 1.
2. The standard for student login identification (ID) is the first, middle, and last name initial plus the last four (4) digits of the student’s Datatel ID number. Their initial password is the first, middle, and last name initial plus their two (2) digit birth month and their two (2) digit birth day. The password should be set to change upon the first login.
3. he employee’s name as it appears on the administrative software payroll record is used to create and maintain user identification on the SCCNET.
4. The employee may request, through their vice president/president, that a different name be used to create their user identification on the SCCNET.
5. Users are required to enter unique passwords the first time the data services are utilized.  For the following services, users are encouraged to use unique passwords that include alphanumeric, upper and lower case, and special characters rather than common predictable passwords such as the names of pets and family members, addresses, birthdates, or social security numbers.
   1. Novell Directory Services (NDS) network access
   2. CIS Administrative Software access
   3. GroupWise email access
   4. Voice Mail access
   5. Windows access
6. A password life of 90 days is in effect on the NDS and the Administrative Software services.  Both services require a new, never-before-used password.  When the 90 days have expired, the user must change the password to maintain access.
7. The GroupWise, Windows, and voice mail passwords are set during the user's initial training and are not configured to expire. However, users are encouraged to change them periodically and especially when they suspect their passwords have been compromised.
8. All system level administrative login passwords are changed at least every 45 days.
9. Additional layers of security exist in the Administrative Software.
   1. CIS security is controlled through the specific security system built into the Colleague software.
   2. The break parameter is disabled in all applications.
10. No authorized users should provide anyone with their IDs or passwords, and no authorized or unauthorized users should use the IDs and passwords of another authorized user.
11. Users who think their passwords may have been compromised should change them immediately.
12. Multiple logins on any of the SCCNET services are discouraged.  However, multiple sessions may be opened within the Administrative Software services with each requiring authentication.

Inactivity Protection

Any workstation inactivity for 10 minutes will have a password-protected screensaver invoked. Any workstation with a CIS session inactive for an hour is automatically logged out of that session by the system. Inactive VPN connections will be automatically terminated after 30 minutes.

Physical Security

High tensile steel cables and Master locks physically secure IS hardware in public high traffic areas.

1. All CPU’s, flat panel monitors, and printers are secured in instructional labs.
2. All administrative network printers are secured.
3. Computers designated for general use in public areas, e.g., the Internet, are secured.
4. Telecommunication closets are secured by locks to which only the IT staff, the vice president of student development and technology services, and the maintenance manager have keys.
5. The campus telecommunications demarcation room houses all outside SCCNET connections, servers, and server consoles access.  Access to this area is restricted to the IT staff and maintenance manager only.  The demarcation room has a combination lock that is changed periodically.

Private Data Security

It is critical that we protect the privacy of our customers whether they are students, patrons, vendors, or employees.  The essential element in maintaining the privacy of our customers’ information is vigilance on part of those employees entrusted with that information. The employees’ vigilance can best be supported by continuous reminders to that effect. Southeastern will provide privacy guideline reminders through its shared email folder at least quarterly.

Southeastern will also use appropriate technology to help assure that our customers’ information stays private. This technology will include such things as encrypting network data packets to assure that the information is unreadable if hijacked while in transit. The college will also utilize technology to encrypt data housed on mobile media such as laptop hard drives and USB Flash Drives.

All administrative laptops will have a fully encrypted hard drive that requires a boot password before loading the Windows environment. This will prevent the data, potentially our customers’ private information, from being accessed if the laptop is lost or stolen. All administrative laptops will also have a unique username that must be entered prior to accessing the Windows environment. If the laptop is stolen or lost, the user must immediately report it to the IT Department.

All USB Flash Drives used for administrative purposes (such as student, employee, financial, and other confidential information) will be provided by the IT Department. The provided USB Flash Drives will include at least 128bit password protected encryption that will be pre-set. A user with employee network access must request a USB Flash Drive through their vice president. The IT Department will provide the user with a fully encrypted USB Flash Drive and password when they receive the request from the vice president. The user is then responsible for the safe-keeping of the USB Flash Drive.  If the USB Flash Drive is stolen or lost, the user must immediately report it to the IT Department. The user must return the USB Flash Drive to the IT Department when they no longer need it or as part of their checkout when leaving the college’s employment.

Console Protection

The system consoles, housed in the campus demarcation room, are used only by IT staff. Off-campus access to the servers is occasionally necessary for support and maintenance purposes.  Access is gained through a VPN connection or through a secure remote control session. The VPN creates a very secure encrypted tunnel between the client’s computer and specific IP addresses on the inside network. The secure remote control session is setup through a secure tunnel via the Internet. The session must be accepted by the IT staff and monitored throughout the connection.

Once the VPN challenges are met, the user must enter valid Administrative Software or Novell NDS usernames and passwords.  In the case of accessing a Novell server, the user must know the server’s IP address, the secure port number, and the password set on that secure port. In the case of the CIS server, remote access by root is disabled.

Unauthorized Access

Any instance of unauthorized access or attempted access discovered by employees should be immediately reported to the IT staff.

User Termination

IS Access removal is part of the IS Access Policy.  The IT staff removes the user access from all systems at 5:00 p.m. on the user’s last day of employment unless otherwise requested by the supervising vice president.