1 Policy Title ID Number Scope Status Reviewed By IT Security Policy P04001 All Users Policy Assistant Director of Facilities Reviewed Date January 2011 Last Reviewed Due for Review January 2013 Impact Assessment Completed Initial Assessment Completed January 2011, Approved By SLT Page 1 of 6
2 Policy Title: IT Security Policy Policy Statement To be issued to all users of the Petroc s IT Systems. To be highlighted at both staff and student induction. Acceptance of this policy is acknowledged on all enrolment forms and contracts of employment that are signed as part of any engagement with Petroc. This policy to be freely accessible at identified locations including the learning centres. Users will be reminded each time they log into any of the colleges systems of their obligations to this policy by means of a pop up with a brief text relating to this policy. This policy is to be considered in parallel to the Joint Academic Network (JANET) "Acceptable Use Policy" to which all users of the services provided by JANET must comply. National and International Law apply to activities carried out using computers and networks just as they do in any other sphere of life. The UK has a number of laws which apply particularly to computers. This policy is derived from and must be considered alongside these laws, in particular: The Computer Misuse Act (1990) creates offences of unathorised access and unauthorised modification of computers and data. A draft Amending Bill has been published to extend the Act to cover denial of service attacks. The Regulation of Investigatory Powers Act (2000) controls the interception of traffic on networks. Interception for business purposes, for example the enforcement of acceptable use policies, is covered by the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations Other Statutory Instruments and Codes of Practice relating to these Acts and further information needed to support these areas may be found on the Home Office web page. The Data Protection Act (1998) establishes requirements on anyone holding personal data on a computer or any other organised filing system. The Anti-Terrorism, Crime and Security Act (2001) creates a code of practice for retention of communications data. There are also European laws regarding computer misuse, electronic commerce, data protection, human rights and privacy etc. January 2011, Approved By SLT Page 2 of 6
3 Electronic Communications Petroc maintains Internet access, a voic system, a telephone system, Video Conferencing System, electronic-mail ( ) system and supports other developing services to assist in the conduct of business within Petroc. These systems, including the equipment and the data stored in them, are and remain at all times, the property of Petroc. As such, all content generated, messages created, sent, received or stored in the system are and remain, the property of the College as laid out in Petrocs Policy and can be found under Petrocs Policy section online. Voic , and instant messaging should not be used for the conduct of personal business as laid out in the policy. Petroc reserves the right to retrieve and review any message or Internet derived content composed, sent, or received. Please note that even when a message or Internet derived content is deleted or erased, it is still possible to recreate it; therefore, ultimate privacy of communications is not ensured to anyone. While voic and may accommodate the use of passwords for security, confidentiality cannot be guaranteed. Messages and Internet content may be reviewed by someone other than the intended recipient. Whilst passwords must not normally be revealed to anyone, they may be made known to a College authority if required. There is a password policy in force and can be found under Petrocs Policy section online. Internet content and communications may not contain content that may reasonably be considered offensive or disruptive to any employee. Offensive content would include, but would not be limited to, sexual comments, or images, racial slurs, gender-specific comments, or any comments that would offend someone on the basis of their age, sexual orientation, religious or political beliefs, national origin, or disability. This is in support of Petrocs communications policies. The following disclaimer must be included with all communications from Petroc. The following disclaimer will be added to each outgoing DISCLAIMER - Any opinions expressed in this communication are those of the individual and not necessarily Petroc. This communication and any files transmitted with it, including replies and forwarded copies (which may contain alterations) subsequently transmitted from the College are solely for the use of the intended recipient. It may contain material protected by attorney-client privilege. If you are not the intended recipient or the person responsible for delivering to the intended recipient, be advised that you have received this communication in error and that any use is strictly prohibited. If you have received this communication in error please notify the College by telephone on +44 (0) or via to including a copy of this message. Please then destroy this and any copies of it. User Agreement (Acceptable Use) To be acknowledged on all enrolment forms/learning contracts, employment contracts and included in the Student Handbook, Staff Handbook and emphasised in Student and Staff Induction Programmes. At least the following statement January 2011, Approved By SLT Page 3 of 6
4 must be included in the standard document provided to each user of the Petroc IT systems. Access to services which present material, which might offend the public sense of decency, is considered an inappropriate use of this college's resources. Users are warned that such access is seen as a disciplinary offence. No communication is to be created or sent which may constitute intimidating, hostile or offensive material on the basis of race, colour, creed, religion, national origin, age, sex, marital status, lawful alien status, non job related physical or mental disability, veteran status, sexual orientation or other basis prohibited by law. This college's policy against sexual or other harassment applies fully to all communications, including same sex harassment. If you use the system in ways that are judged excessive, wasteful, or unauthorised, you may be subject to loss of access and appropriate disciplinary procedures. Employees learning of any misuse of the Internet, voic , or instant messaging systems or violations of this policy shall notify the Principal immediately. All users must acknowledge acceptance of these guidelines before their account is activated. Petroc s policies regarding Employee Standards of Conduct, Conflict of Interest, Equal Opportunity and Data Protection also apply to electronic messages, telephone messages including voic , and other internal and external electronic communications, including, but not limited to, computer Bulletin Boards, Newsgroups, the Intranet, Internet and instant messaging. Transmitted communications are to be created, handled, distributed, and stored with the same care as any other business document. This includes complying with information-access rules, accessing information only for legitimate business purposes, and protecting information from access by unauthorised persons. Users must be aware that these systems, and the information stored within them, are the property of Petroc and are to be used only for Petrocapproved activities. Petroc maintains the right to monitor the operation of these systems, while respecting privacy, either in response to information about a specific threat, or generally because of a perceived situation Users are advised that Petroc may have a legal obligation to both obtain evidence and pass on information derived from the college s computer systems, as necessary in order to assist an investigation by a law enforcement agency Users of Petroc s computer systems must appreciate that confidentiality cannot be assured when transmitting information. Users must acknowledge that in order for Petroc s computer systems to be maintained and supported effectively, Systems Administrators will have access to individual user s directories, folders and files. Such access is regulated by the Petroc's Systems Administrator s Charter. A hard copy of this charter is available for users to view online. The Petroc's prohibition of derogatory and offensive comments also applies to messages communicated through these systems. Special care should be given to ensure that the style and tone of messages are appropriate. January 2011, Approved By SLT Page 4 of 6
5 Every effort should be made to send messages only to those who "need to know." Employees are responsible for using these systems appropriately. Inappropriate use could result in disciplinary action. Unauthorised access to, copying, alteration or interference with computers and computer programs or data is prohibited. Users must not make or use unauthorised copies of copyrighted software. (see footnote: software piracy) The use of one user s computer system account by another user is expressly forbidden! Misuse of this college's computer systems by a user which results in cost to this college will result in those costs being charged to the user. Such costs will be a minimum of and have no upper limit. Users must never divulge any personal or college security information by irrespective of who requests it. Users who are responsible for other staff, line managers for example, must never request personal security information of their staff by . Users responding to web sites that request usernames and passwords must check carefully that the URL (address) is that of the web site they believe it to be. Users must only respond to trusted web sites with personal security information where the URL (address) is prefixed https:// to ensure a secure transaction. Abbreviated statement The following is an abbreviated version of Petroc s IT Security Policy for issue to all student users: Your Responsibilities when using Petroc s IT Systems: Petroc has invested a considerable amount of money in the IT facilities available to students. Responsibility accompanies access to these facilities. On the enrolment form that you signed, you agreed to a number of responsibilities including: "I agree to take personal responsibility for computer security and use as set out in Petroc s IT Security Policy". Some of the key points of this policy are listed below: Petroc s computer systems are to be used only for college-approved activities. Users may not interfere with college computer systems in any way Passwords must not be disclosed to anyone other than a college authority The use of one user s computer system account by another user is expressly forbidden! All student user data will be removed from Petroc s computer system at the end of the academic year, unless a request in writing is made to IT Services. Access to services which present material which might offend the public sense of decency is considered an inappropriate use of this Petroc's resources. No communication is to be created or sent which may constitute intimidating, hostile or offensive material on the basis of race, colour, January 2011, Approved By SLT Page 5 of 6
6 creed, religion, national origin, age, sex, marital status, lawful alien status, non job related physical or mental disability, veteran status, sexual orientation or other basis prohibited by law. This college s policy against sexual or other harassment applies fully to electronic mail and instant messaging including same sex harassment. Misuse of this Petroc's computer systems by a user which results in cost to this college will result in those costs being charged to the user. Such costs will be a minimum of and have no upper limit Monitoring of Petroc s systems will be carried out, therefore privacy and confidentiality is not guaranteed. Users are warned that a breach of this policy is a disciplinary offence. Unauthorised access to, copying, alteration or interference with computer programs or data is prohibited. Users must not make or use unauthorised copies of copyrighted software. (see footnote: software piracy) Petroc s IT Security Policy can be viewed on-line at: https://oncampus.ndevon.ac.uk/misc/securitypol.htm Software piracy Software Piracy is the act of using illegally copied software without the permission of the copyright owners and contrary to their licensing arrangements. Petroc s policy with regard to software is as follows: Only software which has been purchased or licensed in some other way by the college, albeit through Petrocs department's normal purchasing arrangements on behalf of the Petroc, may be installed and used on Petroc s equipment. Only software which meets the above criteria and which has been procured with a multi-user licence may be installed on Petroc s networks, multi-terminal mini computers or copied to be used by more than one user simultaneously. User s own software may not be loaded on to any of the college systems. Petroc s software may not be copied or moved from Petroc s computer media by any means, in any form other than for the purposes of security backups unless the college is licensed by the software licensor to permit such action. Users must obtain the permission of IT Services before making copies or moving software from Petroc s media. (In the case of security backups it is prudent to store backup media in a different location to the original i.e. another college room or building). January 2011, Approved By SLT Page 6 of 6
Information Security Policy The purpose of this Policy is to describe the procedures and processes in place to ensure the secure and safe use of the federation s network and its resources and to protect
Technology Department 1350 Main Street Cambria, CA 93428 Technology Acceptable Use and Security Policy The Technology Acceptable Use and Security Policy ( policy ) applies to all CUSD employees and any
Internet & Cell Phone Usage Policy The Internet usage Policy applies to all Internet & Cell phone users (individuals working for the company, including permanent full-time and part-time employees, contract
Version 2.0 This policy maybe updated at anytime (without notice) to ensure changes to the HSE s organisation structure and/or business practices are properly reflected in the policy. Please ensure you
The Archbishop s Seminary Information Security Policy 1 Contents PURPOSE... 4 SCOPE... 4 POLICY STATEMENTS... 5 INFORMATION SECURITY POLICY... 5 THE SCHOOL S RIGHT TO ACCESS ITS PROPERTY... 5 THE SCHOOL
Information and ICT Security Policy Care Excellence Partnership Updated May 2011 Due for review July 2012 Senior Information Risk Owner (SIRO) P. Tilson I:drive/Policies/Information and ICT Security Status
Jefferson County School District Information Technology Policies and Procedures 575 S. Water Street Monticello, FL 32344 (850) 342-0100 www.jeffersonschooldistrict.org June 2014 Table of Contents 1.0 Overview...
Redland Christian Migrant Association (RCMA) Internet Security and Safety Policy I. Overview RCMA supports instruction through the use of educational and administrative computers. The responsible use of
Information Technology Policies and Procedures Wakulla County School District March 2014 Table of contents TABLE OF CONTENTS... 1 1.0 OVERVIEW... 2 2.0 PURPOSE... 2 3.0 SCOPE... 2 4.0 ACCEPTABLE USE POLICY...
Bringing Your Acceptable Use Policy Up to 2013 Standards Bringing Your Acceptable Use Policy Up to 2013 Standards Organizations of all sizes rely on their employees to be good stewards of company time,
Data Security Policy Member of Staff Responsible ICT Team Author: Sunil Pindoria Dated 03/02/2015 Date of next review 03/02/2016 Page 1 CONTENTS INTRODUCTION... 3 MONITORING... 4 BREACHES... 5 DATA SECURITY...
NORTHWEST OHIO COMPUTER ASSOCIATION PROGRAM OF THE NORTHERN BUCKEYE EDUCATION COUNCIL NETWORK MANAGEMENT SECURITY POLICY The Board of Directors and staff of the Northwest Ohio Computer Association Program
Policy Document Information and Communication Technology and E-Safety Acceptable Use Policy Mission Statement The school is committed to the use of ICT across the curriculum and to providing all students
Pasadena Unified School District (PUSD) Acceptable Use Policy (AUP) for Students The Board of Education recognizes that the Technology, Assessment and Accountability (TAA) Department's resources (computers,
Pur pose The purpose of this policy is to establish direction, procedures, requirements, and responsibilities to ensure the appropriate protection of the Lisbon Public Schools computer and telecommunication
Poplar Street Primary School ICT Security and Acceptable Use Policy E-Safety policy 2013/14 Working Together Aiming High! 1 Contents 1. Introduction... 3 2. Policy Objectives... 3 3. Application... 3 4.
Policy Overview Dene Community School of Technology The school provides computers for use by staff as an important tool for teaching, learning, and administration of the school. Use of school computers,
Internet Acceptance Use and Data Security Policy Last Updated: 08/10/2012 Date of Next Review: 08/10/2015 Approved by GB: 10/10/2012 Responsible Committee: Student Welfare and Development Internet Acceptable
Residential and Small Business Dial-up Internet Service Terms and Conditions of Service and Customer Agreement*: NOTICE - BY APPLYING FOR SERVICE, USING THE MATERIALS INCLUDED IN THIS PACKAGE, OR ACCESSING
Delgado Community College Information Technology Security Policy Approved: *November 5, 2010 ) Delgado Community College IT Security Policy Page 2 *November 5, 2010 Table of Contents Title Page 1.0 Introduction
NETWORK SECURITY POLICY 1. GENERAL Henry County Board of Education (Board) provides employees appropriate electronic access, consisting of e- mail communication, network connectivity, student information
Terms and Conditions of Use For BlackBerry Community Forum Important: These Terms and Conditions of Use ( Terms and Condition of Use ) govern your use of the BlackBerry Community Forum located at http://supportforums.blackberry.com
E Safety Policy This e safety policy was approved by the Governing Body on: The implementation of this e safety policy will be monitored by: Monitoring will take place at regular intervals: Reporting to
Berwick Academy Policy on E Safety Overview The purpose of this document is to describe the rules and guidance associated with E Safety and the procedures to be followed in the event of an E Safety incident
Location: The Juilliard School Irene Diamond Building Main Office Room: 248 Phone: 212-799-5000 ext. 7121 Email: email@example.com Website: Information Technology Computer Labs There are two computer
1.0 BACKGROUND AND PURPOSE Information Technology ( IT ) includes a vast and growing array of computing, electronic and voice communications facilities and services. At the Colorado School of Mines ( Mines
FREDERICK BREMER SCHOOL E SAFETY POLICY 2015-6 Date of Issue: June 2015 Ratified: For review: Index Contents Page Number Introduction 3 Aim of the policy 3 Roles and Responsibilities 4 Frederick Bremer