IT ACCEPTABLE USE POLICY
The College seeks to promote and facilitate the proper and extensive use of Information Technology (IT) for the sole purpose of supporting the teaching, learning, research and business activities of the College; and may be used for any legal activity that further the aims and policies of the College.
Whilst the traditions of academic freedom will be fully respected, this also requires responsible and legal use of the technologies and facilities made available to the learners and staff of the College.
It is the responsibility of all Users of the College’s IT services to read and understand this policy. This policy may be updated from time to time, in order to comply with legal and policy requirements.
This Acceptable Use Policy is intended to provide a framework governing the use of all IT resources across all sites on which the College operates. It should be interpreted such that it has the widest application and so as to include new and developing technologies and uses, which may not be explicitly referred to.
This policy applies to all Users including staff, students, visitors, contractors, partners, tenants and others, of the IT facilities provided by the College, are bound by the provisions of its policies in addition to this Acceptable Use Policy. It also addresses the use of the College’s IT facilities accessed via resources not fully owned by the College, such as partner resources and the use of personal BYOD (‘bring your own device’) equipment.
The IT facilities include hardware, software, data, storage, network access, telephony, printing, back office systems and services and service provided by third parties including online, Cloud and hosted services.
Definitions of Unacceptable Use
The College network is defined as all computing, telecommunication, and networking facilities provided by the College, with particular reference to all computing devices, either personal or College owned, connected to systems and services supplied on-premises or remotely.
The conduct of all Users when using the College’s IT facilities should always be in line with the institution’s values, including the use of online and social networking platforms.
Unacceptable use includes:
4.1. Creation or transmission, or causing the transmission, of any offensive, obscene or indecent images, data or other material, or any data capable of being resolved into obscene or indecent images or material.
4.2. Creation or transmission of material which is subsequently used to facilitate harassment, bullying and/or victimisation of a member of the College or a third party or which promotes discrimination on the basis of race, gender, religion or belief, disability, age or sexual orientation.
4.3. Creation or transmission of material with the intent to defraud or which is likely to deceive a third party or which advocates or promotes any unlawful act.
4.4. Unlawful material, or material that is defamatory, threatening, discriminatory, extremist or which has the potential to radicalise themselves or others.
4.5. Unsolicited or bulk email (spam), forge addresses, or use mailing lists other than for legitimate purposes related to College’s activities.
4.6. Material that infringes the intellectual property rights or privacy rights of a third party, or that is in breach of a legal duty owed to another party.
4.7. Material that brings the College into disrepute.
4.8. Deliberate unauthorised access to networked facilities or services or attempts to circumvent College security systems.
4.9. Pursuance of commercial activities for personal gain.
4.10. Deliberate activities having, with reasonable likelihood, any of the following characteristics:
Wasting staff effort or time unnecessarily on IT management.
Corrupting or destroying other users’ data.
Violating the privacy of other users.
Disrupting the work of other users.
Denying service to other users (for example, by deliberate or reckless overloading of access links or switching equipment).
Continuing to use an item of networking software or hardware after a request that use should cease because it is causing disruption to the correct functioning of the network.
Other misuse of network resources, such as the introduction of computer viruses, malware, or other harmful software.
Any breach of industry good practice that is likely to damage the reputation of the JANET network will also be regarded as unacceptable use of the College Network.
Introduce data-interception, password-detecting or similar software or devices to the College’s Network.
5.1. The College records and monitors the use of its IT facilities, under the Regulation of Investigatory Powers Act (2000) for the purposes of:
The effective and efficient planning and operation of the IT facilities;
Investigation, detection and prevention of infringement of the law, this policy or other College policies;
Investigation of alleged misconduct by staff or students;
5.2. The College will comply with lawful requests for information from government and law enforcement agencies.
5.3. Users must not attempt to monitor the use of the IT facilities without explicit authority to do so.
5.4. Access to workspaces, email, and/or individual IT usage information will not normally be given to another member of staff unless authorised by the Head of IT, or nominee, who will use their discretion, normally in consultation with the Director of Human Resources.
5.5. Where there is a requirement to access the account of another member of staff, authorisation must be obtained in writing from the Director of Human Resources.
5.6. If the request for access is related to a HR investigation, this should be managed wholly through the HR advisor who will work with IT if approved by the Director of Human Resources or their nominee.
Consequences of Breach
In the event of any failure to comply with the conditions of this Acceptable Use Policy by a User, the College may in its sole discretion:
Restrict or terminate a User’s right to use the College IT facilities.
Withdraw or remove any material uploaded by that User in contravention of this Policy.
Where appropriate, disclose information to law enforcement agencies and take any legal action against a User for breach of this Policy, including but not limited to claiming all costs, fees and disbursements (including but not limited to legal fees) connected therewith.
Any disciplinary action, arising from breach of this policy, shall be taken in accordance with the College’s Disciplinary Policy. Disciplinary action may ultimately lead to dismissal.
Deviations from Policy
Unless specifically approved, any deviation from this policy is strictly prohibited. Any deviation from or non-compliance with this policy shall be reported to the Head of IT Services.
The use of College IT systems and resources are subject to the following statutes and regulations:
The Copyright, Designs and Patents Act 1988
Computer, Copyright Software Amendment Act 1985
The Computer Misuse Act 1990
The Data Protection Act 1998
General Data Protection Regulation (GDPR) (EU) 2016/679
The Electronic Communications Act 2000
The Freedom of Information Act 2002
The Regulation of Investigatory Powers Act 2000
Trade Marks Act 1994
Criminal Justice and Public Order Act 1994