• AR 3725: Information and Communications Technology Accessibility & Acceptable Use


  • Chapter 3

    References: Section 504, Rehabilitation Act of 1973 (29 U.S. Code Section 701);
    Section 508, Rehabilitation Act of 1973 (Federal Electronic and Information Technology) (29 U.S. Code Section 794d);
    36 Code of Federal Regulations Parts 1194.1 et seq.
    ORS 659A.103

    Definitions 

    For the purposes of this regulation, the following definitions apply to the following words or phrases:

    • Accessible:  An individual with a disability is afforded the opportunity to acquire the same information, engage in the same interactions, and enjoy the same services as a person without a disability in an equally effective and equally integrated manner, with substantially equivalent ease of use.
    • Equally effective:  Alternative access for individuals with disabilities to instructional materials and information and communication technology that (1) is timely, (2) is accurate in translation, (3) is delivered in a manner and medium appropriate to the disability of the individual, and (4) affords the individual with a disability the opportunity to obtain the information as fully, equally and independently as a person without a disability with substantially equivalent ease of use.  Note, such alternative(s) are not required to produce the identical result or level of achievement but must afford individuals with disabilities equal opportunity to obtain the same result, to gain the same benefit, or to reach the same level of achievement in the most integrated setting appropriate to the person’s needs.
    • Individual with a disability: An individual who has one or more physical or mental impairments that substantially limit one or more major life activities.
    • Information and Communication Technology (ICT):  Encompasses electronic and information technology covered by Section 508 of the Rehabilitation Act of 1973, as well as telecommunications products, interconnected Voice over Internet Protocol (VoIP) products, and Customer Premises Equipment (CPE) covered by Section 255.  Examples of ICT include computers, information kiosks and transaction machines, telecommunications equipment, multifunction office machines, software, Web sites, and electronic documents.
    • Instructional materials:  Includes electronic instructional materials, such as syllabi, textbooks, presentations, and handouts delivered within the college’s learning management system, via email or via another electronic means for face-to-face classes as well as e-learning courses. It also includes electronic instructional activities such as instructional videos, online collaborative writing, Web conferencing, blogging, and any other instructional materials as technology evolves.
    • Timely:  As it relates to equally effective alternative access to instructional materials and ICT, timely means that the individual with a disability receives access to the instructional materials or ICT at the same time as an individual without a disability.

    ICT and Instructional Material Accessibility Standard Statement 

    The college is committed to ensuring equal access to instructional materials and ICT for all, particularly for individuals with disabilities, in a timely manner.  The college will comply with the accessibility requirements of Section 508 of the Federal Rehabilitation Act of 1973 by: 

    • Developing, purchasing, or acquiring, to the extent feasible, instructional materials and ICT products that are accessible to individuals with disabilities; 
    • Using and maintaining instructional materials and ICT that is consistent with this standard; and 
    • Promoting awareness of this standard to all relevant parties, particularly those in roles that are responsible for creating, selecting, purchasing, or maintaining electronic content and applications.

    Ensuring equal access to equally effective instructional materials and ICT is the responsibility of all college employees.

    College Web Sites 

    Mt. Hood Community College manages and maintains a primary college web site. This provides the ability for various departments and programs to maintain information about their areas. The college web site(s) and its pages must be maintained within ADA compliance, and the college will ensure that consistent marketing and style guidelines are utilized.

    Official college websites will be hosted on the college web servers and will be managed by the College within the Content Management System (CMS) under the www.mhcc.edu domain. Divisions, administrative units, departments, and programs are not permitted to host college-related websites on private web servers. The college will provide and host links to cloud services or non-college web servers if there is a college-approved, signed contract for specific college services. No links or information to private web servers will be provided on the college website or other electronic publications.

    Divisions, administrative units, departments, and programs are not permitted to acquire domains outside the www.mhcc.edu domain. Only mhcc.edu URLs will be used in communications regarding college information and services. For example, in brochures, mailings, and all print and electronic publications, only mhcc.edu URLs will be advertised.

    The college web site is constantly being updated and improved, and college marketing and web staff work with various departments to coordinate changes or add new information.    No new links will be provided to non-MHCC web sites.

    This regulation does not apply to the education of students in the area of multi-media and web design which requires students to create and maintain individual websites.  Instructors in this area must ensure that college guidelines, processes, and IT security requirements are followed (this may include documented exceptions based on instructional need).

    Instructional-Specific Web References 

    Mt. Hood Community College utilizes Learning Management Systems (LMSs) for the delivery of instructional content for both face-to-face instruction and Online Instruction.  Within the college's LMS, instructors may direct students to various external sites for instructional purposes.  In those instances, the college does not control, manage or own the content.  These references to external sites for instructional purposes do not fall within the scope of this regulation.  This regulation is not meant to infringe on faculty members' academic freedom.

    Instructional content delivered through the college's LMS must adhere to the college’s ADA requirements (which may include approved exceptions) and other applicable instructional policies and regulations.

    General Guidelines 

    • All users will report any irregularities found in the information or information systems to the Mt. Hood Community College IT department immediately upon detection. Employees must report any new programs or suspicious data files that appear on their workstations without their knowledge to the Mt. Hood Community College IT Department. 
    • Employees are responsible for the confidentiality, integrity, and availability of their files used for work purposes. Any changes made to their files without their consent are to be reported to the Mt. Hood Community College IT Department immediately. Shared files will be an exception to this guideline. 
    • Users agree to cooperate with Mt. Hood Community College management and/or any regulatory agency conducting an authorized reasonable internal security investigation. 
    • Leaving systems or applications unlocked when unattended is prohibited 
    • Connecting unauthorized hardware, systems, or devices to Mt. Hood Community College-owned enterprise networks or systems is prohibited 
    • Installing unauthorized software on Mt. Hood Community College-owned systems is prohibited 
    • Playing games or excessive streaming of audio or video material not beneficial or related to instruction or Mt. Hood Community College business is prohibited 

    Email  

    • Forwarding emails from unknown origins to Mt. Hood Community College employees or partner organizations except as part of a security investigation or when authorized by Mt. Hood Community College IT Department is prohibited 
    • Sending email anonymously or using aliases is prohibited 
    • Forging email content (i.e., identification, addresses, etc.) is prohibited 
    • Altering the content of original messages in a manner that changes the intent or the information when forwarding or replying to a message is prohibited 
    • Forwarding Mt. Hood Community College email containing confidential or highly confidential information to personal email accounts without documented permission from Mt. Hood Community College IT Department is prohibited 
    • Sending unencrypted confidential or highly confidential information using email is prohibited

    Internet Access  

    • Internet activities that can be attributed to Mt. Hood Community College domain address (such as posting news to newsgroups, using chat facilities, and participating in mail lists) must not bring disrepute to Mt. Hood Community College 
    • Sending sensitive information using unencrypted data transport mechanisms, e.g., FTP. Is prohibited  
    • Use of TOR browsers, private DNS servers, and/or private VPN Connections on college devices, unless explicitly approved by Mt. Hood Community College’s IT Security Officer/CIO, is prohibited

    Removable Media   

    • The use of removable media and mass storage devices, including, but not limited to, USB flash drives, SD cards, CD/DVDs, external hard drives, etc., to store confidential or highly confidential information is prohibited except when encrypted and approved by the Mt. Hood Community College IT Department

    File Share Website  

    • The college allows the use of authorized internet-based file-sharing solution(s) to facilitate information sharing as part of everyday business activities. The use of unauthorized file sharing/data repository services (e.g., Dropbox, iCloud, Google Drive, Box, etc.) to store, access, or transmit Mt. Hood Community College or partner information is strictly prohibited. It is permitted to access information owned by other organizations in their shared tool for the purpose of collaborating. For a list of authorized solutions, please contact the Mt. Hood Community College IT Department.

    Wireless Networking  

    • Wireless networks are provided to Mt. Hood Community College employees to conduct Mt. Hood Community College business. At times, employees will need to connect to non-Mt. Hood Community College wireless networks using Mt. Hood Community College-issued mobile devices and other hardware. Employees must adhere to the following requirements related to wireless network use anytime there is a connection to the college’s network, whether using a personal or college-owned device: 
    • It is prohibited to share Mt. Hood Community College wireless network access codes, including guest network access codes, with non-Mt. Hood Community College personnel, except for vendors, contractors, and legitimate third-party visitors. All exceptions to this Regulation require documented permission from Mt. Hood Community College IT Department.
    • When performing college work off campus and on unsecured public networks, it is required that all connectivity to the Mt. Hood Community College’s network be done through a VPN connection (coffee shops, airports, etc.) 
    • Personal devices must connect to the Mt. Hood Community College guest wireless network when on a college campus 
    • We strongly encourage employees who access Mt. Hood Community College systems or data on home networks using personal or college devices to utilize security best practices

    Remote Access  

    • Connecting to any other network while remotely connected to Mt. Hood Community College networks, systems, or applications, except for personal networks that are under the complete control of the user, is prohibited  
    • All systems used to remotely connect to Mt. Hood Community College networks, systems, and applications must have up-to-date antivirus/antimalware/antispyware software enabled and the latest security patches installed

    Mobile Devices  

    • Mobile Devices include, but are not limited to, laptop computers, MiFi devices, smartphones, tablets, cellular phones, and any other “smart device.” Employees must adhere to the following requirements related to accessing college data/systems/network on a mobile device, whether personally owned or college-owned:  
    • Mobile devices must have authentication configured to a minimum standard of:  
    • 6-character authentication code (smartphones, tablets)  
    • 12-character authentication passwords – complex (laptops)  
    • Unauthorized users are not allowed access to Mt. Hood Community College-owned mobile devices, including family members.  This includes personally owned devices while connected to college systems or data.
    • Mobile devices must not be left unattended unless properly secured. Vehicles are not considered secure areas, and as such, mobile devices must never be left visibly unattended in vehicles.  If a device must be left in a vehicle, it must be in a locked trunk or compartment  
    • Mobile device users must use caution when accessing mobile devices in public and be aware of social engineering and physical security threats, such as shoulder surfing, malicious wireless networks, pickpocketing, confrontational robbery, etc.  
    • Never store mobile devices in checked luggage at the airport  
    • Do not share mobile hotspot or MiFi authentication codes used to access College systems or data with unauthorized, non-Mt. Hood Community College personnel, unless authorized by Mt. Hood Community College IT Department 
    • Lost or stolen devices must be reported to the Mt. Hood Community College IT Department not more than 24 hours after discovery. Employees are responsible for notifying their mobile carrier immediately upon the loss of a personal device  
    • Mt. Hood Community College is not responsible for any costs associated with replacing employee-owned devices
    • The employee assumes full liability for risks including, but not limited to, the partial or complete loss of data due to an operating system crash, errors, bugs, viruses, malware, and/or other software or hardware failures, or programming errors that render the personal device unusable  
    • While every precaution is taken to prevent the employee’s personal data from being lost in the event of a remote wipe, it is the employee’s responsibility to ensure personally-owned data is backed up 

    Approved:       1/28/08, 9/24/19, 6/14/11, 1/22/16

    Revised:          9/22/09, 8/29/23