Access to Information Technology Resources
Purpose
This policy establishes guidelines for accessing and using Hamilton College's Information Technology (IT) resources. These resources - including computers, software, networks, data systems, and telecommunications - support the College's teaching, research, and administrative activities. The policy outlines who can access IT resources, how access privileges are assigned, and basic responsibilities for using these resources.
The College reserves the right to modify or update this policy at any time at the College’s discretion.
Definition of IT Resources
Information Technology resources include any technology systems, services, data, or infrastructure owned, operated, contracted, or licensed by Hamilton College, whether located on campus or accessed remotely. This comprises College-owned hardware, software, and network infrastructure; cloud-based systems and services managed by the College; third-party vendor systems and services contracted by the College; data stored or transmitted through College systems; College-provided telecommunications and audiovisual services; IT security tools and monitoring systems; and user accounts and access credentials. Access to and handling of College data through these resources is governed by Hamilton College's Data Classification Policy and Data Handling documents.
Scope
This policy applies to all users of Hamilton College IT resources, including employees, students, alumni, retirees, contractors, guests, visitors, and any external parties seeking to access College systems or data. It governs all use of Hamilton College IT resources regardless of user affiliation or location of access.
Hamilton College must occasionally monitor and access network and computer systems to maintain system integrity, address technical issues, and fulfill legal obligations. Access to user data and monitoring of system activities is restricted to authorized personnel and limited to specific purposes:
Privileged Access
Select Hamilton College personnel in LITS and other authorized departments may have elevated access privileges to IT systems and data as required by their roles. This privileged access is limited to the minimum necessary to perform job functions, following the principle of least privilege. Access levels are regularly reviewed, adjusted, and subject to monitoring and auditing. These controls exist to protect and maintain the confidentiality, integrity, and availability of College IT resources.
Authorization for Access
Hamilton College may need to access user accounts and data under various circumstances. Authorization for access follows these general categories:
Legal Requirements
Hamilton College must comply with various legal obligations that may require access to IT resources and data. These requirements arise from federal and state laws, court orders, subpoenas, warrants, regulatory compliance, and other legal mandates.
All legal requests for access will be documented, including the nature of the request, authorization process, scope of access granted, and actions taken.
Legal Process
When the College receives a court order, subpoena, warrant, or other legal demand for information, the VP for Libraries and IT will immediately consult with College legal counsel to evaluate the request's validity, scope, and urgency. Only authorized LITS personnel will access and collect the required data under strict confidentiality protocols.
Regulatory Compliance
The College must maintain compliance with various regulations governing higher education, financial records, student privacy (FERPA), health information (HIPAA), and information security. This may require system access for auditing, reporting, or verification purposes.
Law Enforcement Cooperation
In cases involving law enforcement investigations, the College will cooperate as required by law while protecting the privacy rights of our community members. All law enforcement requests must be properly documented and reviewed by College legal counsel before any access is granted.
Information Preservation
When legally required, the College may need to preserve electronic information relevant to pending or reasonably anticipated litigation or investigation. This preservation process will be managed by LITS under the direction of College legal counsel.
College Operations
Hamilton College may require access to IT resources and data to maintain essential operations, ensure policy compliance, and manage institutional risk. Such access is governed by strict protocols to protect user privacy while enabling necessary college functions.
The following represent examples of situations requiring operational access, though other circumstances may arise that require evaluation on a case-by-case basis: internal investigations of policy violations, emergency response for health and safety, business continuity during extended absences, personnel role changes and departures, and system maintenance or security incidents.
Access requests for college operations must be initiated through appropriate channels - typically Senior Staff, Human Resources, or the Dean of Students - and approved by the VP for Libraries and IT. All operational access is subject to monitoring and auditing, with actions documented and reviewed regularly. Access is granted only to authorized personnel under confidentiality requirements and limited to the minimum necessary to accomplish the specific operational need.
Approved Hamilton College personnel will evaluate each access request based on business necessity, scope of access required, and potential privacy implications. Novel situations not previously encountered will be assessed using these same principles, with consultation from College legal counsel when needed.
User Authorization
Hamilton College respects the privacy of user accounts and data. Account holders may explicitly authorize access to their IT resources through documented consent. The College maintains protocols to verify and implement authorized access while protecting user privacy and system security.
Account holders may grant access to their resources for various purposes, such as collaboration, delegation of duties, research, or personal need. However, such authorization does not override College policies, data classification requirements, or system security controls.
Authorization may be revoked at any time by the account holder, or by the College if the access is deemed to pose security risks or violate College policies. All authorized access remains subject to College monitoring and standard security controls to maintain system integrity and security.
Access Request Process
When access to IT resources is required beyond standard user privileges, requests must be directed to the VP for Libraries and IT or their delegate, the Director of Information Security and Privacy. The request must clearly state the justification, scope, and duration of access needed, along with relevant authorization documentation.
In addition to a legitimate access request, permission must be secured from an appropriate member of leadership designated for each constituency before disclosure of email content. They are as follows:
| Constituency | Authorized Leader |
|---|---|
| All Groups | VP of LITS Backup: Director of Information Security* |
| Faculty | Dean of Faculty Backup: Associate Dean of Faculty* |
| Students | Dean of Students Backup: Associate VP for Student Affairs* |
| Staff | Human Resource Director Backup: VP of Admin and Finance* |
| All Others | VP of LITS Backup: VP of Admin and Finance* |
*In situations where the authorizers listed above are unable to perform this duty in the manner or time frame needed, an Officer of the College will assume decision authority.
Each request will be evaluated by:
- Reviewing submitted documentation
- Consulting with appropriate authorities as needed
- Determining if access is warranted and appropriate
- Designating authorized LITS personnel for implementation
- Ensuring proper documentation throughout the process
- Authorized personnel will implement approved access according to specified parameters while maintaining strict confidentiality. All actions will be documented and monitored, with access terminated when no longer required.
All access to IT resources, regardless of circumstance or situation, must follow this process to ensure proper oversight, documentation, and protection of College data. The VP for Libraries and IT maintains final authority over access decisions, in consultation with appropriate College authorities.
IT infrastructure and resources, including networking equipment and audio-visual equipment, are provided throughout campus to deliver data, telecommunications, and multimedia services. Installed IT infrastructure may not be modified, tampered with, or extended beyond their intended use. This includes, but is not limited to, network jacks, wireless access points, switches, servers, audio visual equipment, and telecommunications equipment.
Users must not install unauthorized network equipment or modify College IT infrastructure. Only LITS-approved equipment may be connected to the College network. Damages to College IT infrastructure resulting from unauthorized modification or tampering will be charged to the responsible parties. The College reserves the right to disconnect any unauthorized equipment or modifications to protect network integrity and security.
Personal devices connected to the Hamilton College network must meet security standards and comply with College policies. Users are responsible for maintaining current antivirus protection and security updates on their devices. LITS monitors network activity and reserves the right to disconnect devices that pose security risks or violate College policies.
Personal devices may not be used as servers or to provide network access to unauthorized users. Commercial use of network resources is prohibited. LITS may restrict network access for maintenance, security, or performance reasons, providing advance notice when possible.
Email attachments are automatically scanned for malware through College security systems. Failure to maintain required security standards will result in network access suspension until compliance is restored.
Hamilton College provides secure remote access to institutional information resources, including on-premises systems and cloud-based platforms, for employees, contractors, and consultants.
Remote users must connect to on-premises IT resources through approved methods, which may include Virtual Private Network (VPN), institutional single sign-on, or other authorized authentication mechanisms. When accessing college IT resources from off-campus locations, users are responsible for the security of their personal devices, and must adhere to the college’s VPN Policy.
Automated connection methods or attempts to circumvent connection security protocols are strictly prohibited. Connection sessions will terminate after a period of inactivity to minimize potential risks.
All remote access is subject to existing college policies.
Hamilton College LITS may suspend or terminate all computing privileges of any individuals without notice who engage in improper computing activities. Serious cases, as determined by the Vice President for Libraries and Information Technology, may result in disciplinary action against the individual including the suspension, expulsion, or termination of the offending individual, as appropriate and as determined at the sole discretion of Hamilton College. Criminal activities or violations of state or federal law will be referred to appropriate legal authorities. The College will cooperate fully with law enforcement investigations while protecting the legal rights of community members.
Last Updated January 2026
