Security Policy

Data Network

Security for access to the data network and to files or applications on a server is implemented via user ID and password systems. Each user is responsible for all e-mail transactions made under the authorization of his or her ID and password, and for all network activity originating from that connection. Users are personally responsible for the security of the ID and password assigned to them. Viewing, copying, altering or destroying any file, or connecting to a computer on the network without explicit permission of the owner is prohibited. Users may not use the Pomona data network to attempt to circumvent protection schemes or exercise security loopholes in any computer or network, system component.

User IDs and Passwords

Passwords should be known only to the person responsible for the account and user ID. Ways to ensure this include avoiding storing passwords or any other information that could be used to gain access to other computing resources on your workstation, never sharing passwords, and never taping passwords to a wall, under a keyboard, or in other easily discoverable areas. Access to user IDs may not be loaned or sold and any suspected breach of password security should be immediately reported to the ITS Service Desk (18061). For security purposes, ITS will regularly monitor the strength of passwords. Users with a weak, i.e. potentially hackable, password will be required to change his/her password.

Strong Passwords

Your Pomona password must contain 3 out of 4 of the following:

  • A lower-case letter
  • An upper-case letter
  • A number
  • A symbol (e.g. !, @, #, $, %, {, ‘, etc.)

In addition, it must be at least 8 characters in length, cannot contain any part of your name or username, and cannot be a password that you have used within the last year.

For more information, see our Password page.

Protecting Files

Backups and protection of files stored on desktop equipment are the responsibility of the user of that equipment. Users are encouraged to use their network space for the storage of files since this network resource is regularly backed up by ITS. Backups are done nightly with a full six month back up being stored offsite and reused every 12 months.

Confidentiality and Privacy

Pomona takes reasonable steps to protect users from unauthorized entry into their accounts or files, whether by other users or by system administrators, except in instances where a system-related problem requires such entry. A limited number of authorized Pomona personnel must occasionally monitor information on the network and/or computer systems to maintain the integrity of the systems. This access is required for reasons that include, but are not limited to, trouble-shooting hardware and software problems; preventing unauthorized access and system misuse; providing for the overall efficiency and integrity of the systems; protecting the rights and property of the College; ensuring compliance with software and copyright, distribution, and other College policies concerning the use of the computer network; and complying with legal and regulatory requests for information.

System monitoring is a mechanism for keeping track of computer system activities, rather than a method for accessing private information. ITS personnel also take reasonable steps to prevent the dissemination of information concerning individual user activities. It is the policy of ITS to disclose neither the contents of electronic mail and data files stored in or transmitted via the College computer system nor the activities of individuals on the campus network to other individuals within or outside the College community in the absence of a court order, or other legal mandate, or permission of the owner.

Private communication via computer is treated with the same degree of protection as private communication in other media. However, due to limits of current technologies, which are inadequate to protect against unauthorized access, the confidentiality of e-mail and other system files can not be assured. All users should be aware of this and use reasonable caution when transmitting confidential materials.

Central Computer Operations

Access to computer operations areas is restricted to those responsible for operation and maintenance of these systems. Computing facilities on campus are secured when not open for business. ITS takes action to provide reasonable protection against environmental threats such as flooding, lightning, extreme temperatures, and loss or fluctuation of electrical power for central server and network facilities. ITS maintains procedures for protecting critical data that reside on central servers. While Pomona provides security for files stored on central computing facilities, Pomona cannot be responsible for protection against earthquakes, fires, and catastrophic events of this type. Backup files from central servers are kept for 12 months. ITS does not guarantee the availability of backups for the restoration of files deleted through user error.