INFORMATION SECURITY POLICY. Contents. Introduction 2. Policy Statement 3. Information Security at RCA 5. Annexes

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "INFORMATION SECURITY POLICY. Contents. Introduction 2. Policy Statement 3. Information Security at RCA 5. Annexes"

Transcription

1 INFORMATION SECURITY POLICY Ratified by RCA Senate, February 2007 Contents Introduction 2 Policy Statement 3 Information Security at RCA 5 Annexes A. Applicable legislation and interpretation 8 B. Most recent Conditions of Use for Computing Facilities 11-1

2 Introduction Why Information Security? The access, availability, confidentiality and integrity of the College s information is essential to the success of its academic and administrative activities. Effective information security can only be achieved by working with proper discipline, in compliance with legislation, JANET and College Policies and by adherence to approved College Codes of Practice and Guidelines. Purpose The purpose of the IS Policy is to identify risks and introduce measures to protect the RCA from internal and external threats to its information systems and assets and to ensure compliance with UK and EU legislation and JANET and RCA regulations. Standards This policy, procedures and guidelines are based on the British security standard BS 7799, adapted for use in Higher Education by UCISA (Universities and Colleges Information Systems Association) as the UCISA Information Security Toolkit 2005 Edition 2.0: - 2

3 1. Policy Statement 1.1 The College will ensure that the information assets it manages are appropriately secured to protect it against breaches of confidentiality, failures of integrity or interruptions to availability, and that information assets are adequately protected against loss, misuse or abuse. 1.2 This policy provides direction and support for information security across the College. Codes of Practice for information managers and User Guidelines for staff are considered part of this information security policy and have equal authority. This policy is applicable to all staff, students and approved visitors. 1.3 This Policy has been approved by the Rector and ratified by the College Senate in February 2007 and forms part of its policies and procedures. 1.4 This policy shall be reviewed and monitored regularly to ensure that it remains appropriate in the light of any relevant changes to the law, organisational policies or contractual obligations. 1.5 The college will carry out risk assessments of the business value of the College s information assets and the IS security controls currently in place, taking into account changes to operating procedures or technologies, changing business requirements and priorities and any changes to relevant legislation and revise security arrangements accordingly. 1.6 A committee, to include one senior manager, will be established to give clear direction and visible management support for security initiatives and to promote security through appropriate commitment and adequate resourcing. 1.7 The Information Security Working Group (ISWG), comprising management representatives from all relevant parts of the organisation, will devise and coordinate the implementation of information security controls. 1.8 Information Security will be managed and enforced by Heads of College academic and administrative departments. 1.9 Specialist advice on information security shall be made available throughout the organisation The College will establish and maintain appropriate contacts with other organisations, law enforcement authorities, regulatory bodies, and network and telecommunications operators in respect of its Information Security policy The College will ensure that all staff are aware of the policy and understand their own responsibilities for protecting the confidentiality and integrity of the data they manage, and ensure that staff and students are sensitive to new or unsuspected risks to information assets, and engender a natural caution in using information systems. - 3

4 1.12 The College will ensure that its staff, students and approved visitors comply with this Policy and are aware of, and operate in accordance with relevant UK and European Community legislation. - 4

5 Information Security at the RCA 1. Scope 1.1 This policy covers all information assets (documents, software and hardware) used by the College, including data files, workstations, servers, connectivity devices, peripherals, applications, data, storage, security and communication systems. 1.2 The Policy applies to all staff and students of the College and any other users authorised by the College. The policy relates to anyone s use of IT devices, when connected to the College network directly or indirectly, to all College-owned information assets or those on private systems, and to all information services provided to or by the College, by or for external agencies. 2. Responsibilities 2.1 The Director of Administration is responsible for approving Information Security (IS) policies and for ensuring that they are discharged to the whole College through the relevant departments and channels. The Rector or Director of Administration has the authority to take whatever action is deemed necessary to protect the College against breaches of this Policy. 2.2 Heads of department are responsible for ensuring the protection of information assets and ensuring that specific security processes are carried out by the department staff managing that information asset. 2.2 Information and Learning Services are responsible for the regular review, drafting updating and re-issue of the IS Policy and for the provision of support and advice on IS to College staff and students. 2.3 The Information Security Working Group (ISWG) is responsible for advising the College on effective compliance with this Policy, and its promotion throughout the College and for maintaining records of Information Security incidents in the College. 2.4 IS policy is drafted, reviewed and maintained by the ISWG, chaired by the Computing Services Manager (CSM) with technical advice from the Systems Administrator and UCISA/JISC Legal. 2.5 Suspected security incidents and breaches are reported to Computing Services, who will then report to the Head of ILS. Requests for information on who to inform and how to deal with security matters will be managed by the Head of ILS. 2.6 Investigation of breaches, special measures and sanctions will be initiated and determined by Director of Administration. 2.7 ISWG will establish effective Contingency Plans appropriate to the outcome of any risk assessment. - 5

6 3. Sanctions 3.1 Anyone who is found to have breached the Information Security Policy may be subject to disciplinary proceedings. Where there is evidence that, in breaching the policy a criminal act has been committed, this will be reported to the police. 3.2 Sanctions will depend on the severity, frequency, impact and context of Information Security incidents, as determined by the CSM and the Head of ILS. Sanctions will be based on precedent at similar institutions or on previously effective actions. 4. Information Security Working Group 4.1 This group will meet twice a year with representatives from: ILS, Estates, the Rectorate, Registry, Finance, the Students Union, Academic Departments and Personnel. 5. Acceptance and Enforcement 5.1 Upon signing the RCA Conditions of Use (CoU Annexe B), staff, students and visitors accept all CoU current and future clauses and JANET Acceptable Use policy. The CoU provides the opportunity to notify users that their use of RCA s computing facilities is bound by UK government legislation such as the Computer Misuse Act 1990, Data Protection Act. 6. Reviews 6.1 Regular reviews of the Policy and testing of compliance with JANET and government regulations are carried out by the Head of ILS and CSM, in consultation with ISWG, reporting to SMT. Informal reviews and discussion may take place at any time throughout the year between the CS Manager and IT technical staff. CoU and guidelines will be reviewed and updated as necessary by Computing Services in the light of new risks and usage. 7. Communication and Awareness 7.1 The primary method is the issuing of RCA Conditions of Use (CoU), which is signed by users as they are issued with an RCA network account. This is a prerequisite for any use of the RCA network. The CoU defines the types of user, their responsibilities and describes acceptable use with reference to all relevant legislation and JANET policies. The CoU also states that ANY usage binds users to these conditions. 7.2 The CoU, Policy, Codes of Practice and Guidelines are published on the College Intranet. Significant changes are notified via and memo. Staff, students, alumni and visitors are referred to these online documents when they start working or studying at RCA. - 6

7 8 Policy Awareness and Disciplinary Procedures 8.1 A copy of this Policy Statement will be given to all new members of staff by the Personnel Office and to all new students by the Registry. Existing staff and students of the College, authorised third parties and contractors given access to the College network will be advised of the existence of this Policy Statement and the availability of the associated policies, codes of practice and guidelines which are published on the College Intranet. 8.2 Failure of an individual student or member of staff to comply with this policy may lead to the instigation of the relevant disciplinary procedures as set out in the College Statutes for staff and College Regulations for students. Failure of a contractor to comply could lead to the cancellation of a contract. Under certain circumstances, legal action may be taken. 9 Compliance with Legislation 9.1 The College has an obligation to abide by all UK legislation and relevant legislation of the European Community. Of particular importance in this respect are: The Computer Misuse Act 1990, The Regulation of Investigatory Powers Act 2000, The Human Rights Act 1998, The Data Protection Act 1998, The Lawful Business Practice Regulations 2000 and various copyright laws. 9.2 Summaries and interpretation of the legislation most relevant to the College s IS Policy may be found in the Annexes. 10 Supporting Policies, Codes of Practice and Guidance Notes 10.1 Codes of Practice and User Guidelines are published in conjunction with the IS policy and are available on the College Intranet. All users of the College network and information systems are required to familiarise themselves with these and to work in accordance with them. - 7

8 Annexe A 1. Interpretation of The Regulation of Investigatory Powers Act (RIP) RIP establishes a legal framework to govern the interception of electronic communications. It sets the rules regarding activities such as recording, monitoring or diverting communications in the course of their transmission over a public or private telecoms system. It establishes a basic principle that communications may NOT be intercepted without consent. A person who intercepts communications will need to be certain that their actions are authorised under the Regulation of Investigatory Powers Act and comply with the requirements of the Data Protection Act. The Act brings the interception of electronic communications in organisations within the scope of the regulations. If an organisation intercepts a communication without legal authority, the sender or the recipient of the communication will be able to seek an injunction or, if they can show that they suffered a loss as a result of the interception, sue for damages. The Act also establishes the circumstances in which it is lawful to intercept communications. It authorises interception in cases where the interceptor has reasonable grounds to believe that both the sender and intended recipient have consented. It also provides the Secretary of State (CHECK) to make "Lawful Business Practice" Regulations setting out the circumstances in which businesses can lawfully intercept communications without consent. 2. Interpretation of The Telecommunications (Lawful Business Practice) (interception of Communications) Regulations The Lawful Business Practice Regulations make an exception to the rule established in the RIP that consent is needed before an interception can take place. If a business intercepts a communication in accordance with the Regulations, it will not risk civil liability under the RIP for unlawful interception. These allow businesses to intercept, without consent, for purposes such as recording evidence of transactions, ensuring regulatory compliance, detecting crime or unauthorised use and ensuring the effective operation of their telecommunications systems. Businesses will not need to gain consent before intercepting for these purposes, although they must have informed the users of the systems that interceptions may take place. Interception which involves obtaining, recording or otherwise processing personal data (for example recording calls or filtering s) also falls within the scope of the - 8

9 Data Protection Act So too does the holding or processing of personal data after the interception has taken place. The purposes for which the College will be able to intercept electronic communications without consent under the Regulations are shown below. Depending on circumstances RCA may make use of some or all of these purposes. a) Establishing the existence of facts relevant to the business, for example keeping records of transactions and other communications in cases where it is necessary or desirable to know the specific facts of the communication. b) Ascertaining compliance with regulatory or self-regulatory practices or procedures relevant to the business, for example monitoring as a means to check that the business is complying with regulatory or self-regulatory rules or guidelines. c) Ascertaining or demonstrating standards which are or ought to be achieved by persons using the system, for example monitoring for purposes of quality control or staff training. d) Preventing or detecting crime, for example, monitoring or recording to detect fraud, computer misuse or other illegal activities. e) Investigating or detecting the unauthorised use of the systems, for example monitoring to ensure that employees do not breach College rules e.g. as listed in the Conditions of Use of IT and the College IT Security Policy. Monitoring and inspecting packet content to detect misuse. f) Ensuring the effective operation of the system, for example monitoring for and deleting viruses, checking for and stopping other threats to the system e.g. hacking or denial of service attacks, monitoring automated processes such as net flow logs, s logs, caching activity and load distribution. g) Determining whether or not the communications are relevant to the business, for example checking accounts to access business communication in staff absence. 3. The Data Protection Act These policies satisfy the Data Protection Act s requirement for a formal statement of the College s security arrangements for personal data. The requirement for compliance devolves to all users, who may be held personally responsible for any breach of the legislation. 4. The Human Rights Act 1998 Article 8 This part of the Act covers the issue of personal privacy in relation to personal electronic communications that are made on and held by the College s information systems such as telephone calls, and weblogs. The College, as far at it allows - 9

10 personal use of its communication systems, has a duty to protect this information from accidental or operational damage, deletion or disclosure. Article 8: RIGHT TO RESPECT FOR PRIVATE AND FAMILY LIFE 1) Everyone has the right to respect for his private and family life, his home and his correspondence. 2) There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others. - 10

11 Annexe B Conditions of Use of Computing Facilities To use Royal College of Art ("the College") computing facilities requires that you comply with the following conditions. Contravention of any of these conditions may result in immediate withdrawal of your access to all IT services and possible legal action. 1. I may only use those College computing facilities for which I have permission, and by using these facilities, I agree to comply with these Conditions of Use. 2. College computing facilities are to be used solely for purposes authorised by the College: coursework, research, teaching and associated administration and communication. 3. I am bound by the conditions of use and codes of conduct for any external computing facilities and services, including the JANET Acceptable Use Policy, and agree that my use of such facilities and services must not bring the College into disrepute. 4. I am bound by all current UK legislation, including the Computer Misuse Act 1990, and agree not to misuse, cause damage to, or make unauthorised use of College or external computing facilities. 5. I am bound by all current UK legislation relating to libel, pornography and harassment, including: storing or propagating libellous and/or offensive information; using computing facilities to distribute defamatory information. 6. I am entitled to a single user account only, for and other network-based services, and agree not to access another user's account or computer without authorisation, or disclose to others my password, or facilitate unauthorised access by others. 7. I must not send unsolicited electronic communications to multiple recipients, unless authorised by the College. 8. I must not attempt to conceal or falsify the authorship of any electronic communication. 9. I agree, in accordance with the Copyright, Designs and Patents Act 1988, not to undertake or facilitate the illegal copying or distribution of software, licenses or data. 10. I agree to abide by the Data Protection Act 1998, and agree that stored data about living individuals must be authorised by a Head of Department, and secured and used in accordance with the Act. - 11

12 11. I am bound by all agreements and contracts made by the College concerning use of software, data and hardware that I use. This includes full cooperation with the software, data and hardware audits. I agree to notify my department of any software or hardware purchase and agree to make available for inspection by authorised personnel any computing equipment used by me within the College. 12. The College may, if necessary monitor computer and network device usage, electronic files and communications, to prevent, test or investigate breaches of College regulations or UK legislation, in accordance with the Regulation of Investigatory Powers Act (RIP) 2000 and The Telecommunications Interception of Communications Regulations The College cannot guarantee the security, confidentiality or integrity of data, and therefore will not be liable for any inaccuracies, damages or losses arising from the use of College or external facilities. 14. My name, photograph, status and related information will be stored in computerised form for administrative purposes. 15. I agree that access to College facilities is restricted to holders of ID cards, issued by Buildings & Estates. My ID card must be carried at all times while at the College, and be used only by myself, and will be surrendered if requested by College staff. Replacement of ID cards is subject to a 5 charge. 16. These Conditions are subject to change at any time. Changes will be reported on the Intranet at /computing/ under 'Computing Services Policies and Procedures'. For applicable laws and policies see: /computing/legislation/: Last updated: 11 June 2008 Computing Services - 12

Monitoring and Logging Policy. Document Status. Security Classification. Level 1 - PUBLIC. Version 1.0. Approval. Review By June 2012

Monitoring and Logging Policy. Document Status. Security Classification. Level 1 - PUBLIC. Version 1.0. Approval. Review By June 2012 Monitoring and Logging Policy Document Status Security Classification Version 1.0 Level 1 - PUBLIC Status DRAFT Approval Life 3 Years Review By June 2012 Owner Secure Research Database Analyst Change History

More information

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction LEEDS BECKETT UNIVERSITY Information Security Policy 1.0 Introduction 1.1 Information in all of its forms is crucial to the effective functioning and good governance of our University. We are committed

More information

STFC Monitoring and Interception policy for Information & Communications Technology Systems and Services

STFC Monitoring and Interception policy for Information & Communications Technology Systems and Services STFC Monitoring and Interception policy for Information & Communications Technology Systems and Services Issue 1.0 (Effective 27 June 2012) This document contains a copy of the STFC policy statements outlining

More information

Information Services. Regulations for the Use of Information Technology (IT) Facilities at the University of Kent

Information Services. Regulations for the Use of Information Technology (IT) Facilities at the University of Kent Scope Information Services Regulations for the Use of Information Technology (IT) Facilities at the University of Kent 1. These regulations apply to The Law All students registered at the University, all

More information

INFORMATION SECURITY POLICY

INFORMATION SECURITY POLICY Information Security Policy INFORMATION SECURITY POLICY Introduction Norwood UK recognises that information and information systems are valuable assets which play a major role in supporting the companies

More information

Harper Adams University College. Information Security Policy

Harper Adams University College. Information Security Policy Harper Adams University College Information Security Policy Introduction The University College recognises that information and information systems are valuable assets which play a major role in supporting

More information

RULES FOR THE USE OF INFORMATION TECHNOLOGY SERVICES (ITS)

RULES FOR THE USE OF INFORMATION TECHNOLOGY SERVICES (ITS) RULES FOR THE USE OF INFORMATION TECHNOLOGY SERVICES (ITS) Policy Owner: ITS Manager Drafted/Amended: March 2013 Approved by: Academic Resources Committee Ratified by: Academic Board Next Review Date:

More information

Conditions of Use. Communications and IT Facilities

Conditions of Use. Communications and IT Facilities Conditions of Use of Communications and IT Facilities For the purposes of these conditions of use, the IT Facilities are [any of the University s IT facilities, including email, the internet and other

More information

Dene Community School of Technology Staff Acceptable Use Policy

Dene Community School of Technology Staff Acceptable Use Policy Policy Overview Dene Community School of Technology The school provides computers for use by staff as an important tool for teaching, learning, and administration of the school. Use of school computers,

More information

St. Peter s C.E. Primary School Farnworth Email, Internet Security and Facsimile Policy

St. Peter s C.E. Primary School Farnworth Email, Internet Security and Facsimile Policy Learn, sparkle & shine St. Peter s C.E. Primary School Farnworth Email, Internet Security and Facsimile Policy Adopted from the LA Policy April 2015 CONTENTS Page No 1. Introduction 1 2. Guiding Principles

More information

UNIVERSITY OF ST ANDREWS. EMAIL POLICY November 2005

UNIVERSITY OF ST ANDREWS. EMAIL POLICY November 2005 UNIVERSITY OF ST ANDREWS EMAIL POLICY November 2005 I Introduction 1. Email is an important method of communication for University business, and carries the same weight as paper-based communications. The

More information

Rules for the use of the IT facilities. Effective August 2015 Present

Rules for the use of the IT facilities. Effective August 2015 Present Rules for the use of the IT facilities Effective August 2015 Present INFORMATION MANAGEMENT GUIDE RULES FOR THE USE OF THE UNIVERSITY S IT FACILITIES ( The Rules ) 1. Introduction 2. Interpretation 3.

More information

information systems security policy...

information systems security policy... sales assessment.com information systems security policy... Approved: 2nd February 2010 Last updated: 2nd February 2010 sales assessment.com 2 index... 1. Policy Statement 2. IT Governance 3. IT Management

More information

INFORMATION SECURITY MANAGEMENT POLICY

INFORMATION SECURITY MANAGEMENT POLICY INFORMATION SECURITY MANAGEMENT POLICY Security Classification Level 4 - PUBLIC Version 1.3 Status APPROVED Approval SMT: 27 th April 2010 ISC: 28 th April 2010 Senate: 9 th June 2010 Council: 23 rd June

More information

How to Monitor Employee Web Browsing and Email Legally

How to Monitor Employee Web Browsing and Email Legally WHITEPAPER: HOW TO MONITOR EMPLOYEE WEB BROWSING AND EMAIL LEGALLY How to Monitor Employee Web Browsing and Email Legally ABSTRACT The Internet and email are indispensable resources in today s business

More information

Service Schedule for Business Email Lite powered by Microsoft Office 365

Service Schedule for Business Email Lite powered by Microsoft Office 365 Service Schedule for Business Email Lite powered by Microsoft Office 365 1. SERVICE DESCRIPTION Service Overview 1.1 The Service is a hosted messaging service that delivers the capabilities of Microsoft

More information

and Internet Policy

and Internet Policy Email and Internet Policy Responsible Officer Authors Date effective from July 2008 Ben Bennett, Business Planning & Resources Director Policy Development Group Date last amended December 2012 Review date

More information

If you have any questions about any of our policies, please contact the Customer Services Team.

If you have any questions about any of our policies, please contact the Customer Services Team. Acceptable Use Policy (AUP) 1. Introduction Blue Monkee has created this Acceptable Use Policy (AUP) for hosting customers to protect our resources and the resources of our other customers and hosting

More information

Caedmon College Whitby

Caedmon College Whitby Caedmon College Whitby Data Protection and Information Security Policy College Governance Status This policy was re-issued in June 2014 and was adopted by the Governing Body on 26 June 2014. It will be

More information

West Lothian College. E-Mail and Computer Network Responsible Use Policy. September 2011

West Lothian College. E-Mail and Computer Network Responsible Use Policy. September 2011 West Lothian College E-Mail and Computer Network Responsible Use Policy September 2011 Author: Steve Williams Date: September 2011 Agreed: Computer Network & Email Policy September 2011 E-Mail and Computer

More information

Transforming business through technology. Acceptable Use Policy & Data Centre Policies

Transforming business through technology. Acceptable Use Policy & Data Centre Policies Acceptable Use Policy & Data Centre Policies September 2015 Princess Gemici Contents PART A: ACCEPTABLE USE POLICY ("AUP")...2 1. POLICIES REGARDING ACCEPTABLE USE...2 2. GENERAL...2 3. RIGHTS OF CORE...2

More information

Internet Use Policy and Code of Conduct

Internet Use Policy and Code of Conduct Internet Use Policy and Code of Conduct UNIQUE REF NUMBER: AC/IG/023/V1.1 DOCUMENT STATUS: Agreed by Audit Committee 18 July 2013 DATE ISSUED: July 2013 DATE TO BE REVIEWED: July 2014 1 P age AMENDMENT

More information

KEELE UNIVERSITY IT INFORMATION SECURITY POLICY

KEELE UNIVERSITY IT INFORMATION SECURITY POLICY Contents 1. Introduction 2. Objectives 3. Scope 4. Policy Statement 5. Legal and Contractual Requirements 6. Responsibilities 7. Policy Awareness and Disciplinary Procedures 8. Maintenance 9. Physical

More information

Information Systems Acceptable Use Policy for Learners

Information Systems Acceptable Use Policy for Learners Information Systems Acceptable Use Policy for Learners 1. Introduction 1.1. Morley College is committed to providing learners with easy access to computing and photocopying facilities. However it needs

More information

HUMAN RESOURCES POLICIES & PROCEDURES

HUMAN RESOURCES POLICIES & PROCEDURES HUMAN RESOURCES POLICIES & PROCEDURES Policy title Application IT systems and social networking policy All employees and students CONTENTS PAGE Introduction and scope 2 General points 2 Authorisation to

More information

Institute of Education University of London Computer Security Policy

Institute of Education University of London Computer Security Policy Institute of Education University of London Computer Security Policy Contents 1 Information Security Policy Statement... 3 1.1 Introduction... 3 1.2 Regulatory compliance environment... 4 1.3 Usage monitoring...

More information

Senior School 1 PURPOSE 2 SCOPE 3 SCHOOL RESPONSIBILITIES

Senior School 1 PURPOSE 2 SCOPE 3 SCHOOL RESPONSIBILITIES Senior School 1 PURPOSE The policy defines and describes the acceptable use of ICT (Information and Communications Technology) and mobile phones for school-based employees. Its purpose is to minimise the

More information

Strathfield Girls High School Bring your Own Device User Charter

Strathfield Girls High School Bring your Own Device User Charter Strathfield Girls High School Bring your Own Device User Charter The Strathfield Girls High School Bring Your Own Device program aims to improve student learning experiences both in and beyond the classroom.

More information

Corporate Information Security Policy

Corporate Information Security Policy Corporate Information Security Policy. A guide to the Council s approach to safeguarding information resources. September 2015 Contents Page 1. Introduction 1 2. Information Security Framework 2 3. Objectives

More information

Bring Your Own Device Program: User Charter

Bring Your Own Device Program: User Charter Bring Your Own Device Program: User Charter Turramurra High School Bring Your Own Device program aims to improve student learning experiences both in and out of the classroom. The wireless network and

More information

Sydney Technical High School

Sydney Technical High School Sydney Technical High School Bring Your Own Device Program: User Charter The Sydney Technical High School s Bring Your Own Device program aims to enhance student learning experiences both in and out of

More information

TONBRIDGE & MALLING BOROUGH COUNCIL INTERNET & EMAIL POLICY AND CODE

TONBRIDGE & MALLING BOROUGH COUNCIL INTERNET & EMAIL POLICY AND CODE GENERAL STATEMENT TONBRIDGE & MALLING BOROUGH COUNCIL INTERNET & EMAIL POLICY AND CODE 1.1 The Council recognises the increasing importance of the Internet and email, offering opportunities for improving

More information

ICT Acceptable Use Policy. August 2015

ICT Acceptable Use Policy. August 2015 ICT Acceptable Use Policy August 2015 Document title ICT Acceptable Use Policy August 2015 Document author and department Responsible person and department Robbie Walker, Information Security Architect,

More information

TERMS OF SERVICE TELEPORT REQUEST RECEIVERS

TERMS OF SERVICE TELEPORT REQUEST RECEIVERS TERMS OF SERVICE These terms of service and the documents referred to in them ( Terms ) govern your access to and use of our services, including our website teleportapp.co ( our site ), applications, buttons,

More information

The potential legal consequences of a personal data breach

The potential legal consequences of a personal data breach The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.

More information

2.0 Emended due to the change to academy status Review Date. ICT Network Security Policy Berwick Academy

2.0 Emended due to the change to academy status Review Date. ICT Network Security Policy Berwick Academy Version History Author Approved Committee Version Status date Eddie Jefferson 09/15/2009 Full Governing 1.0 Final Version Body Eddie Jefferson 18/08/2012 Full Governing Body 2.0 Emended due to the change

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

NHS Business Services Authority Information Security Policy

NHS Business Services Authority Information Security Policy NHS Business Services Authority Information Security Policy NHS Business Services Authority Corporate Secretariat NHSBSAIS001 Issue Sheet Document reference NHSBSARM001 Document location F:\CEO\IGM\IS\BSA

More information

Bring Your Own Device Program: 2015 User Agreement

Bring Your Own Device Program: 2015 User Agreement Bring Your Own Device Program: 2015 User Agreement Asquith Girls High School Bring Your Own Device program aims to improve student learning experiences both in and out of the classroom. Asquith Girls High

More information

Acceptable Use Policy

Acceptable Use Policy Acceptable Use Policy 1. General Interoute reserves the right to modify the Acceptable Use Policy ( AUP ) from time to time. Changes to this Acceptable Use Policy will be notified to Customer in accordance

More information

COMPUTER USAGE - EMAIL

COMPUTER USAGE - EMAIL BASIC BELIEF This policy relates to the use of staff email at Mater Dei and is designed to provide guidelines for individual staff regarding their use. It encourages users to make responsible choices when

More information

ICT Student Usage Policy

ICT Student Usage Policy ICT Student Usage Policy Document status Document owner Vice Principal Finance and Resources Document author IT Manager Document type Policy Date of document January 2015 Version number 04 Review requirements

More information

STRATEGIC POLICY REQUIRED HARDWARE, SOFTWARE AND CONFIGURATION STANDARDS

STRATEGIC POLICY REQUIRED HARDWARE, SOFTWARE AND CONFIGURATION STANDARDS Policy: Title: Status: ISP-S9 Use of Computers Policy Revised Information Security Policy Documentation STRATEGIC POLICY 1. Introduction 1.1. This information security policy document contains high-level

More information

BLOOMFIELD COLLEGE ACCEPTABLE USE POLICY

BLOOMFIELD COLLEGE ACCEPTABLE USE POLICY - 1 BLOOMFIELD COLLEGE ACCEPTABLE USE POLICY Summary of Acceptable Use Policy Bloomfield College provides technology resources to the College Community, including students, faculty, administration, alumni,

More information

USE OF INFORMATION TECHNOLOGY FACILITIES

USE OF INFORMATION TECHNOLOGY FACILITIES POLICY CI-03 USE OF INFORMATION TECHNOLOGY FACILITIES Document Control Statement This Policy is maintained by the Information Technology Department. Any printed copy may not be up to date and you are advised

More information

Information Security and Electronic Communications Acceptable Use Policy (AUP)

Information Security and Electronic Communications Acceptable Use Policy (AUP) Policy No.: AUP v2.0 Effective Date: August 16, 2004 Revision Date: January 17, 2013 Revision No.: 1 Approval jwv / mkb Information Security and Electronic Communications (AUP) 1. INTRODUCTION Southwestern

More information

RESPONSIBLE COMPUTER USE POLICY (ADOPTED AUGUST 3, 2006)

RESPONSIBLE COMPUTER USE POLICY (ADOPTED AUGUST 3, 2006) RESPONSIBLE COMPUTER USE POLICY (ADOPTED AUGUST 3, 2006) on-line at www.ccc.edu I. INTRODUCTION All users shall abide by the following provisions contained herein, or otherwise may be subject to disciplinary

More information

Acceptable Use Policy

Acceptable Use Policy Acceptable Use Policy PLEASE READ THIS AGREEMENT CAREFULLY BEFORE ACCESSING THE SERVICE. BY ACCESSING THE SERVICE YOU AGREE TO BE BOUND BY THE TERMS AND CONDITIONS BELOW. IF YOU DO NOT WISH TO BE BOUND

More information

Acceptable Use Policy - NBN Services

Acceptable Use Policy - NBN Services OASIS TELECOM ABN: 31 155 359 541 P: 1300 734 399 F: 03 9011 9644 care@oasistelecom.com.au www.oasistelecom.com.au PO Box 6153, Point Cook, VIC - 3030 Acceptable Use Policy - NBN Services Important Note:

More information

Data Protection Breach Management Policy

Data Protection Breach Management Policy Data Protection Breach Management Policy Please check the HSE intranet for the most up to date version of this policy http://hsenet.hse.ie/hse_central/commercial_and_support_services/ict/policies_and_procedures/policies/

More information

The Bishop s Stortford High School Internet Use and Data Security Policy

The Bishop s Stortford High School Internet Use and Data Security Policy Internet Acceptance Use and Data Security Policy Last Updated: 08/10/2012 Date of Next Review: 08/10/2015 Approved by GB: 10/10/2012 Responsible Committee: Student Welfare and Development Internet Acceptable

More information

UGANDA REVENUE AUTHORITY TERMS AND CONDITIONS FOR WEB PORTAL USE

UGANDA REVENUE AUTHORITY TERMS AND CONDITIONS FOR WEB PORTAL USE 1. DISCLAIMER NOTICE UGANDA REVENUE AUTHORITY TERMS AND CONDITIONS FOR WEB PORTAL USE The information provided by UGANDA REVENUE AUTHORITY (URA) on the web portal relating to products and services (or

More information

The Wellcome Trust Sanger Institute IT Acceptable Use Policy (AUP) Version 1.8

The Wellcome Trust Sanger Institute IT Acceptable Use Policy (AUP) Version 1.8 The Wellcome Trust Sanger Institute IT Acceptable Use Policy (AUP) Version 1.8 Introduction The IT systems must be used in a reasonable manner and in such a way that does not affect their efficient operation,

More information

Information security policy

Information security policy Information security policy Issue sheet Document reference Document location Title Author Issued to Reason issued NHSBSARM001 S:\BSA\IGM\Mng IG\Developing Policy and Strategy\Develop or Review of IS Policy\Current

More information

Dundalk Institute of Technology. Acceptable Usage Policy. Version 1.0.1

Dundalk Institute of Technology. Acceptable Usage Policy. Version 1.0.1 Dundalk Institute of Technology Acceptable Usage Policy Version 1.0.1 1 Document Location..\DkIT_Policy_Documents\Policies Revision History Date of this revision: Date of next review: Version Revision

More information

Employee Monitoring Prepared for SurfControl by Hammonds

Employee Monitoring Prepared for SurfControl by Hammonds The Legal Guide to Employee Monitoring Prepared for SurfControl by Hammonds UK Edition T H E L E G A L G U I D E T O E M P L O Y E E M O N I T O R I N G Prepared for SurfControl by 1 Notice: This document

More information

Service Schedule for BT Business Lite Web Hosting and Business Email Lite powered by Microsoft Office 365

Service Schedule for BT Business Lite Web Hosting and Business Email Lite powered by Microsoft Office 365 1. SERVICE DESCRIPTION 1.1 The Service enables the Customer to: set up a web site(s); create a sub-domain name associated with the web site; create email addresses. 1.2 The email element of the Service

More information

E Safety Policy. 6 th March 2013. Annually. 26 th February 2014

E Safety Policy. 6 th March 2013. Annually. 26 th February 2014 E Safety Policy This e safety policy was approved by the Governing Body on: The implementation of this e safety policy will be monitored by: Monitoring will take place at regular intervals: Reporting to

More information

Online Research and Investigation

Online Research and Investigation Online Research and Investigation This document is intended to provide guidance to police officers or staff engaged in research and investigation across the internet. This guidance is not a source of law

More information

Acceptable Use Policy

Acceptable Use Policy Acceptable Use Policy TABLE OF CONTENTS PURPOSE... 4 SCOPE... 4 AUDIENCE... 4 COMPLIANCE & ENFORCEMENT... 4 POLICY STATEMENTS... 5 1. General... 5 2. Authorized Users... 5 3. Loss and Theft... 5 4. Illegal

More information

ATHLONE INSTITUTE OF TECHNOLOGY. I.T Acceptable Usage Staff Policy

ATHLONE INSTITUTE OF TECHNOLOGY. I.T Acceptable Usage Staff Policy ATHLONE INSTITUTE OF TECHNOLOGY I.T Acceptable Usage Staff Policy Table of Contents 1. Purpose... 2 2. Terminology... 2 3. Scope... 2 4. Acceptable Usage Policy... 3 5. Policy Acceptance... 6 6. Policy

More information

Our Customer Relationship Agreement HOSTING & DOMAINS SERVICE DESCRIPTION

Our Customer Relationship Agreement HOSTING & DOMAINS SERVICE DESCRIPTION Our Customer Relationship Agreement HOSTING & DOMAINS SERVICE DESCRIPTION iinet Limited ACN 068 628 937 Phone: 13 22 58 Westnet Pty Ltd ACN 086 416 908 Phone: 1300 786 068 Adam Internet Pty Ltd ACN 055

More information

Corporate Information Security Management Policy

Corporate Information Security Management Policy Corporate Information Security Management Policy Signed: Chief Executive. 1. Definition of Information Security 1.1. Information security means safeguarding information from unauthorised access or modification

More information

Mike Casey Director of IT

Mike Casey Director of IT Network Security Developed in response to: Contributes to HCC Core Standard number: Type: Policy Register No: 09037 Status: Public IG Toolkit, Best Practice C7c Consulted With Post/Committee/Group Date

More information

Acceptable Usage Policy

Acceptable Usage Policy Version 2.1 20141230 Acceptable Usage Policy Acceptable Usage Policy Contents 1. PURPOSE OF THIS POLICY... 2 2. GENERAL... 2 3. APPLICATION... 2 4. UNREASONABLE USE... 2 5. UNACCEPTABLE USE... 3 6. SPAM...

More information

TECHNOLOGY USAGE POLICY

TECHNOLOGY USAGE POLICY TECHNOLOGY USAGE POLICY Computer Usage Policy (CUP). 2 Aims/Objectives. 2 General.. 2 Student Responsibilities 2 Monitoring 3 Access Violations... 3 Personal Devices 3 Internet Safety: Acceptable Usage

More information

Ulster University Standard Cover Sheet

Ulster University Standard Cover Sheet Ulster University Standard Cover Sheet Document Title IT Monitoring Policy 1.5 Custodian Approving Committee Deputy Director of Finance and Information Services (Information Services) Information Services

More information

GENERAL CONDITIONS OF USE OF COMPUTING AND NETWORK FACILITIES

GENERAL CONDITIONS OF USE OF COMPUTING AND NETWORK FACILITIES GENERAL CONDITIONS OF USE OF COMPUTING AND NETWORK FACILITIES Version 3.0 17/05/2012 CONTENTS 1. Introduction and Scope... 3 2. Data Protection Act 1998... 4 3. Licence Registration and Prevention of Piracy...

More information

Service Description: Dell Backup and Recovery Cloud Storage

Service Description: Dell Backup and Recovery Cloud Storage Service Description: Dell Backup and Recovery Cloud Storage Service Providers: Dell Marketing L.P. ( Dell ), One Dell Way, Round Rock, Texas 78682, and it s worldwide subsidiaries, and authorized third

More information

ECSA EuroCloud Star Audit Data Privacy Audit Guide

ECSA EuroCloud Star Audit Data Privacy Audit Guide ECSA EuroCloud Star Audit Data Privacy Audit Guide Page 1 of 15 Table of contents Introduction... 3 ECSA Data Privacy Rules... 4 Governing Law... 6 Sub processing... 6 A. TOMs: Cloud Service... 7 TOMs:

More information

GENERAL REGULATIONS Appendix 10 : Guide to Legislation Relevant to Computer Use. Approval for this regulation given by :

GENERAL REGULATIONS Appendix 10 : Guide to Legislation Relevant to Computer Use. Approval for this regulation given by : GENERAL REGULATIONS Appendix 10 : Guide to Legislation Relevant to Computer Use Name of regulation : Purpose of regulation : Approval for this regulation given by : Responsibility for its update : Regulation

More information

Acceptable Use of Information. and Communication Systems Policy

Acceptable Use of Information. and Communication Systems Policy Use of Information Purpose of this document This document describes what is acceptable and what is unacceptable use of the company s systems. It has been prepared to help Intu Properties plc employees,

More information

Electronic Messaging Policy. 1. Document Status. Security Classification. Level 4 - PUBLIC. Version 1.0. Approval. Review By June 2012

Electronic Messaging Policy. 1. Document Status. Security Classification. Level 4 - PUBLIC. Version 1.0. Approval. Review By June 2012 Electronic Messaging Policy 1. Document Status Security Classification Level 4 - PUBLIC Version 1.0 Status DRAFT Approval Life 3 Years Review By June 2012 Owner Secure Research Database Analyst Retention

More information

Acceptable Usage Policy

Acceptable Usage Policy Contents 1. INTRODUCTION... 2 2. PURPOSE... 2 3. APPLICATION... 2 4. YOUR OBLIGATIONS AND PROHIBITED USE... 2 5. SPAM... 3 6. EXCESSIVE USE... 3 7. SECURITY... 4 8. COPYRIGHT... 4 9. CONTENT... 4 10. REGULARTORY

More information

Embedded Network Solutions Australia Pty Ltd (ENSA) INTERNET ACCEPTABLE USE POLICY

Embedded Network Solutions Australia Pty Ltd (ENSA) INTERNET ACCEPTABLE USE POLICY T: 1300 00 ENSA (3672) F: 03 9421 6109 (ENSA) INTERNET ACCEPTABLE USE POLICY 1 ABOUT THIS POLICY... 2 2 GENERAL... 2 3 ILLEGAL ACTIVITY... 2 4 SECURITY... 2 5 RISKS OF THE INTERNET... 3 6 CONTENT PUBLISHING...

More information

AP 417 Information and Communication Services

AP 417 Information and Communication Services AP 417 Information and Communication Services Background Access and use of information and communication services (ICS) are an integral component of the learning and working environment. The ability for

More information

Sample Employee Network and Internet Usage and Monitoring Policy

Sample Employee Network and Internet Usage and Monitoring Policy CovenantEyes Internet Accountability and Filtering Sample Employee Network and Internet Usage and Monitoring Policy Covenant Eyes is committed to helping your organization protect your employees and members

More information

APPROVED BY: DATE: NUMBER: PAGE: 1 of 9

APPROVED BY: DATE: NUMBER: PAGE: 1 of 9 1 of 9 PURPOSE: To define standards for appropriate and secure use of MCG Health electronic systems, specifically e-mail systems, Internet access, phones (static or mobile; including voice mail) wireless

More information

Email Services Policy

Email Services Policy Email Services Policy CONTENTS Page 1 Introduction 3 2 Scope 3 3 Review and Evaluation 3 4 General Principles 4 5 Responsibilities 4 6 Business Use and Continuity 4 7 Personal Use 6 8 Managing Email Messages

More information

Acceptable Use Policy

Acceptable Use Policy Acceptable Use Policy TERMS & CONDITIONS www.tagadab.com INTRODUCTION Tagadab has created this (AUP) for our customers to protect our resources, our customer s resources, and to ensure that Tagadab Ltd

More information

STATE UNIVERSITY OF NEW YORK AT BROOKLYN DOWNSTATE MEDICAL CENTER COMPUTER and NETWORK USAGE POLICY I. INTRODUCTION

STATE UNIVERSITY OF NEW YORK AT BROOKLYN DOWNSTATE MEDICAL CENTER COMPUTER and NETWORK USAGE POLICY I. INTRODUCTION STATE UNIVERSITY OF NEW YORK AT BROOKLYN DOWNSTATE MEDICAL CENTER COMPUTER and NETWORK USAGE POLICY I. INTRODUCTION Access to modern information technology is essential to the state university mission

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY Approval date: June 2014 Approved by: Board Responsible Manager: Executive Director of Resources Next Review June 2016 Data Protection Policy 1. Introduction Data Protection Policy

More information

Information Security Policies. Version 6.1

Information Security Policies. Version 6.1 Information Security Policies Version 6.1 Information Security Policies Contents: 1. Information Security page 3 2. Business Continuity page 5 3. Compliance page 6 4. Outsourcing and Third Party Access

More information

ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY

ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY Originated by: Data Protection Working Group: November 2008 Impact Assessment: (to be confirmed) Recommended by Senate: 28 January 2009 Approved by Council:

More information

Information Management and Security Policy

Information Management and Security Policy Unclassified Policy BG-Policy-03 Contents 1.0 BG Group Policy 3 2.0 Policy rationale 3 3.0 Applicability 3 4.0 Policy implementation 4 Document and version control Version Author Issue date Revision detail

More information

Email Policy and Code of Conduct

Email Policy and Code of Conduct Email Policy and Code of Conduct UNIQUE REF NUMBER: CCG/IG/011/V1.2 DOCUMENT STATUS: Approved by Audit Committee 19 June 2013 DATE ISSUED: June 2013 DATE TO BE REVIEWED: June 2014 1 P age AMENDMENT HISTORY

More information

Advice leaflet Internet and e-mail policies

Advice leaflet Internet and e-mail policies Advice leaflet Internet and e-mail policies Introduction Electronic communications have revolutionised business communications, although the huge increase in use has taken some organisations by surprise.

More information

BOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy

BOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy BOARD OF DIRECTORS PAPER COVER SHEET Meeting date: 22 February 2006 Agenda item:7 Title: Purpose: The Trust Board to approve the updated Summary: The Trust is required to have and update each year a policy

More information

ELECTRONIC MAIL (E-MAIL) September 2014. Version 3.1

ELECTRONIC MAIL (E-MAIL) September 2014. Version 3.1 ELECTRONIC MAIL (E-MAIL) September 2014 Version 3.1 Western Health and Social Care Trust Page 0 of 6 E-mail Policy V3.1 Policy Title ELECTRONIC MAIL (E-MAIL) POLICY Policy Reference Number CORP09/006 Original

More information

Digital Device LOAN CHARTER

Digital Device LOAN CHARTER Digital Device LOAN CHARTER for use with 2015 Surface RT Loans Student name Family name Given name Parent/Carer name Family name Given name A Digital Device Loan Charter must be signed and provided to

More information

PROGRAM R 2361/Page 1 of 12 ACCEPTABLE USE OF COMPUTERS NETWORKS/COMPUTERS AND RESOURCES

PROGRAM R 2361/Page 1 of 12 ACCEPTABLE USE OF COMPUTERS NETWORKS/COMPUTERS AND RESOURCES R 2361/Page 1 of 12 R 2361 ACCEPTABLE USE OF COMPUTER NETWORKS/COMPUTERS AND RESOURCES The school district provides computer equipment, computer services, and Internet access to its pupils and staff for

More information

Delaware State University Policy

Delaware State University Policy Delaware State University Policy Title: Delaware State University Acceptable Use Policy Board approval date: TBD Related Policies and Procedures: Delaware State University Acceptable Use Policy A Message

More information

ACCEPTABLE USAGE PLOICY

ACCEPTABLE USAGE PLOICY ACCEPTABLE USAGE PLOICY Business Terms - February 2012 ACCEPTABLE USAGE POLICY Business Terms Version February 2012 Acceptable Usage Policy Feb12.Docx 1 Contents 1. INTRODUCTION... 3 2. PURPOSE... 3 3.

More information

SMS SERVICE PROVISION

SMS SERVICE PROVISION SMS SERVICE PROVISION Terms and Conditions and Privacy Policy Version 2.01 Aug 2015 Page 1 Contents TERMS & CONDITIONS... 3 Registration... 3 Your Personal Information... 3 Our Obligations to SMS Service

More information

TERMS & CONDITIONS FOR INTERNET ACCESS. Service Provided by Fast Telecommunication Company W.L.L. (hereinafter referred to as FAST Telco )

TERMS & CONDITIONS FOR INTERNET ACCESS. Service Provided by Fast Telecommunication Company W.L.L. (hereinafter referred to as FAST Telco ) TERMS & CONDITIONS FOR INTERNET ACCESS Service Provided by Fast Telecommunication Company W.L.L. (hereinafter referred to as FAST Telco ) These are the Terms & Conditions upon which Fast Telco will provide

More information

Information Incident Management Policy

Information Incident Management Policy Information Incident Management Policy Change History Version Date Description 0.1 04/01/2013 Draft 0.2 26/02/2013 Replaced procedure details with broad principles 0.3 27/03/2013 Revised following audit

More information

Use of ESF Computing and Network Resources

Use of ESF Computing and Network Resources Use of ESF Computing and Network Resources Introduction: The electronic resources of the State University of New York College of Environmental Science and Forestry (ESF) are powerful tools, shared among

More information

Computer Network & Internet Acceptable Usage Policy. Version 2.0

Computer Network & Internet Acceptable Usage Policy. Version 2.0 Computer Network & Internet Acceptable Usage Policy Version 2.0 April 2009 Document Version Control Version Date Description 1.0 Sept 2003 Original Version (adopted prior to establishment of BoM) 2.0 March

More information

Recommendations. That the Cabinet approve the withdrawal of the existing policy and its replacement with the revised document.

Recommendations. That the Cabinet approve the withdrawal of the existing policy and its replacement with the revised document. Report to: Cabinet Date: 14 th October 2004. Report: of Head of Corporate Personnel Services Report Title: USE of INTERNET POLICY Summary of Report. The use of the Internet is growing rapidly. Over the

More information

ELECTRONIC TRADING FACILITIES SUPPLEMENTAL TERMS AND CONDITIONS OF TRADING

ELECTRONIC TRADING FACILITIES SUPPLEMENTAL TERMS AND CONDITIONS OF TRADING ELECTRONIC TRADING FACILITIES SUPPLEMENTAL TERMS AND CONDITIONS OF TRADING This Supplemental Terms and Conditions of Trading is supplemental to and forms part of the terms and conditions set out in the

More information