ICT Acceptable Use Policy

Transcription

1 ICT Acceptable Use Policy Document Control Information Reviewed by the Strategic Management Team 10 December 2015 Date of Next Review: December 2017 Approved by the Board of Management: 14 December 2015 The Board of Management (or any person/group with delegated authority from the Board) reserves the right to amend this document at any time should the need arise, following consultation with employee representatives.

2 Glasgow Kelvin College ICT Acceptable Use Policy Table of Contents Section ICT Acceptable Use Policy Page Number 1 Introduction 1 2 Scope and Principles 1 3 General Use and Ownership 1 4 Security and Proprietary Information 2 5 Unacceptable Use 3 6 System and Network Activities 4 7 and Information Communications 6 8 Web Activities Logs (Blogs), Social Networking, 7 9 Websites and Other Internet Resources Supporting Policies and Procedures 7

3 1. Introduction Glasgow Kelvin College s aim in this Acceptable Use Policy is to reflect its established culture of openness, trust and integrity. The purpose of this Policy is to outline the acceptable (and prohibited) use of College computer equipment and network access. Inappropriate use exposes the College to risks including virus attacks, compromise of network systems and services, and legal issues. 2. Scope and Principles The Policy covers all staff, learners and all Users. The Policy addresses the need to protect the College and its Users data, balanced with the need to protect the rights of learners, staff and partners. The Policy is intended to Users and the College as a whole from illegal or damaging actions by individuals, either knowingly or unknowingly. Inappropriate use will be managed in accordance with the College s policies and procedures and reported to external bodies when appropriate. 3. General Use and Ownership A copy of the Policy will be provided to new starts, staff and learners, and users are required to confirm their acceptance of the policy before logging on to a networked College system. While the College s ICT Department aims to provide a reasonable level of privacy, all users should be aware that the data they create on the College systems remains the property of the College. Use of College computing facilities should be for learning or work purposes. Personal use of and the Internet is acceptable as long as it does not affect the performance of your job or the performance of other College ICT Services. Private work for personal gain or for commercial use, under the College s licence with JISC, is not permitted. Members of staff and learners are responsible for exercising good judgement regarding the reasonableness of personal use. The College provides personal Cloud based storage (OneDrive for Business) for all Staff and Learners, and recommends using this facility over: Other cloud based storage providers, USB sticks and CD/DVDs; and Personal Network Drives.

4 However, staff or learners should not store any personal, sensitive or confidential data relating to the College, on a USB stick or other cloud based storage system. Further guidance can be obtained from the College intranet: s/file%20storage%20user%20guide.docx For security and maintenance purposes, authorised individuals within the College may monitor equipment, systems and network traffic at any time, as per the Auditing and Monitoring Procedure. Members of the College ICT Department abide by the JANET-CERT Charter for System and Network Administrators, which can be found here: Glasgow Kelvin College reserves the right to audit networks and systems on a periodic basis to ensure compliance with this Policy. Users must not perform any act, whilst using College computing facilities, which is illegal or would bring it into disrepute, or circulate any information of a kind likely to affect the its reputation. Users must not add any unauthorised hardware onto the College network unless using the Bring Your Own Device (BYOD) Wi-Fi system. Other than any statutory obligation, the College will not be liable for any loss, damage or inconvenience arising directly or indirectly from the use of, or prevention of use of, any ICT facility provided and/or managed by the College. 4. Security and Proprietary Information Users must not disclose their usernames or passwords to others and must keep them confidential. Users must not share user accounts or attempt to log on to any computer system using the user account of another person. A college wide password policy has been implemented to provide additional security for all users. Details of the policy can be found in the following document: /Password%20Change%20Procedure.docx All staff PCs, laptops and workstations should be secured by locking the Workstation (control-alt-delete then lock workstation for Windows

5 users) when the system will be unattended. Learners should always log off the workstation and not leave systems unattended. Online forum postings from a College address should contain a disclaimer stating that the opinions expressed are strictly the personal views of the user and not necessarily those of the College, unless posting is in the course of College duties. Staff and learners must use extreme caution when opening attachments received from unknown senders, which may contain viruses, bombs, or Trojan horse code. Users must inform the College ICT Department immediately if they suspect they may have received an infected Unacceptable Use The following activities are, in general, prohibited. Staff may be exempted from these restrictions during the course of their legitimate job responsibilities (e.g. ICT Department staff may have a need to disable the network access if access is disruptive to production services). Under no circumstances should staff or learners of the College engage in any illegal activity while utilising College ICT resources or services. It is the responsibility of the user to consider their own actions and to ensure they are complying with the legislation. Under no circumstances should staff or learners knowingly or willingly engage in the damaging of any College computer equipment. Damage (or theft) of College computer equipment is a very serious matter and may result in disciplinary proceedings against the perpetrator s and may be reported to the authorities for further action to be taken. The areas in sections 6 and 7 below are by no means exhaustive, but attempt to provide a framework for activities that fall into the category of unacceptable use. 6. System and Network Activities The following activities are strictly prohibited: the printing, displaying, storing, internet browsing or transmitting of images, videos or text that could be considered offensive: e.g. material of a pornographic, sexist, racist, libellous, threatening, defamatory, terrorist nature; unauthorised copying, including downloading from the internet, of copyrighted material including, but not limited to, digitisation and distribution of photographs from magazines, books or other

6 copyrighted sources, copyrighted music, and the installation of any copyrighted software for which the College does not have an active licence is strictly prohibited; the creation, transmission or receipt of material which is intentionally designed or likely to cause annoyance, inconvenience or anxiety. This includes cyber-bullying or harassment in any form; playing of network games is prohibited unless it forms part of approved curriculum content. This constitutes an inappropriate use of resources; exporting software, technical information, encryption software or technology, in violation of international or regional export control laws, is illegal; introducing malicious programs into the network or server (e.g. viruses, worms, Trojan horses, bombs); using College computing facilities to actively engage in procuring or transmitting material that constitutes harassment including but limited to sexual, racial, homophobic or other forms of harassment; making fraudulent offers of products, items, or services originating from any College account; excessive or inappropriate use of College network bandwidth; effecting security breaches or disruptions of network communication. Security breaches include, but are not limited to, accessing data of which the employee or student is not an intended recipient or logging into a server or account that the employee or student is not expressly authorised to access, unless these duties are within the scope of regular duties. For purposes of this section, "disruption" includes, but is not limited to, network sniffing, pinged floods, packet spoofing and forged routing information for malicious purposes; any action that constitutes a Denial of Service attack. A Denial of Service:

7 o an attack that intentionally disrupts, prevents and/or removes access to computing services within the College or any external organisation; o port scanning or security scanning (expressly prohibited), except by the College ICT Department; o executing any form of network monitoring, which will intercept data not intended for the employee's host, except by the College ICT Department; o circumventing user authentication or security of any host, network or account; o interfering with or denying service to any user other than the employee's host (for example, denial of service attack); o using any program/script/command, or sending messages of any kind, with the intent to interfere with, or disable, a user's terminal session, via any means, locally or via the Internet/Intranet/Extranet; providing information about, or lists of, the College staff or learners to parties outside the College without express authorisation; the interruption by users of any virus checking activity. All College computing facilities have Anti-Virus software constantly monitoring the machine; users must not attempt to change Safe Search (Google, Bing, etc) settings as applied by the College systems; users may not set up web sites on College computing facilities unless this forms part of approved curriculum content; publish pages on external web sites containing information relating to the College; enter into agreements on behalf of the College via a network or electronic communication system; and

8 any action or lack of action which may interfere with security, other people s use, the Data Protection Act, serviceability of the network, or bring the College in to disrepute or breach of any legislation or other activity which may be deemed to constitute misuse of the College computing facilities. 7. and Information Communications Activities The College does not as a matter of routine monitor , Internet or other network or information systems use however where material is suspected to breach the College s policies and procedures, contain illegal material or be in support of an illegal act the College will make attempts to access the data and take appropriate action. Users should note that , Instant Messages and other information systems messages form part of the public record and are therefore actionable. The following activities are strictly prohibited: sending unsolicited messages, including the sending of "junkmail" or other advertising material to individuals who did not specifically request such material ( spam); any form of harassment via electronic communication whether through language, pictures, frequency, or size of messages; unauthorised use, or forging, of header information; misuse of distribution lists, such as: spamming, modifying user lists without the list owners consent; solicitation of for any other address, other than that of the poster's account, with the intent to harass or to collect replies; creating or forwarding "chain letters" or other "pyramid" schemes of any type; and posting the same or similar non-college related messages to large numbers of Usenet newsgroups (newsgroup spam). 8. Web Logs (Blogs), Social Networking, Websites and Other Internet Resources Social networking websites, including but not limited to facebook.com, web logs (blogs), and other internet resources are good ways to keep in touch with friends and colleagues. The College takes a very serious view

9 of material that may offend or harass individuals or that might bring the College into disrepute. In appropriate use by staff may lead to disciplinary action up to and including dismissal. In respect of learners this may include expulsion, in certain circumstances. Users must note that if they write something defamatory, the individual concerned may take legal action against them personally. Users must make sure that they take responsibility and think carefully about what posts they make to sites and be cautious as to what information is posted on such sites, as it can be used to aid fraud. 9. Supporting Policies and Procedures Disciplinary Policy and Procedure Grievance Policy and Procedure Code of Learner Behaviour Dignity and Respect Policy Equality and Diversity Policy Commendations and Complaints Procedure Complaints Handling Procedure