I.T. Facilities Acceptable Use Policy

Transcription

1 I.T. Facilities Acceptable Use Policy Beacon College status confirms Nelson and Colne as one of the country s best Colleges Nelson and Colne College - Judged OUTSTANDING by Ofsted Nelson and Colne College Scotland Rd, Nelson, Lancashire, BB9 7YT Tel: Web:

2 1. Overview The College wishes to encourage the use of its I.T. facilities, subject to adherence to its policies, and is committed to protecting its staff, students, partners and the College from illegal or damaging actions by individuals, either knowingly or unknowingly. College I.T. facilities, including computer equipment, software, operating systems, storage media, networks, web browsing, and file transfer, are the property of the College. These facilities are to be used in the interests of the College, and of our staff and students, in the course of normal operations. Legislation exists that defines the limits and acceptable use of computer systems and information. Compliance with this policy should ensure that legal requirements are observed. Effective security requires the participation and support of all staff, students and others who deal with information and systems. It is the responsibility of every user to know this policy and guidelines, and to use College I.T. facilities accordingly. 2. Purpose The purpose of this policy is to outline the acceptable use of College I.T. facilities, to protect staff, students and the College. Inappropriate use exposes the College to risks including virus attacks, compromise of network systems and services, and legal issues. 3. Scope This Policy applies to staff, students, contractors, consultants, and others at the College and applies to all computer equipment, software and systems that are owned or leased by the College. 4. Policy Statement - Use of I.T. facilities is permitted for legitimate purposes and is subject to authorisation Legitimate purposes include legal use in connection with teaching, learning, research and approved business activities of Nelson and Colne College by its staff, students and other authorised persons. Unauthorised use of I.T. facilities may lead to proceedings under the College s disciplinary procedures and/or legal proceedings. The College reserves the right to: Limit or restrict any user s access. Inspect copy, remove or otherwise alter any data, file, software or system that may undermine the integrity or authorised use of that facility with or without notice to the user. To monitor and record transmissions made through its I.T. facilities to ensure compliance with this policy or for any other purpose authorised under the Telecommunications (Lawful Business Practice) (Interception of Telecommunications) 2000 Regulations. 2

3 Users should be aware that: By using the I.T. facilities they agree to such monitoring. The College disclaims responsibility for loss of data or interference with files resulting from its efforts to maintain the privacy and security of its IT facilities. Use, or attempted use, of I.T. facilities without authorisation may give rise to legal proceedings. The ability to access an I.T. facility does not imply a right to use that facility or access data. If you have any doubts about which facilities you are authorised to access you should seek clarification from an appropriate member of staff. 5. Guidelines 5.1. General 1. Whilst the College would like to provide a reasonable level of privacy, users should be aware that the data they create on the College s I.T. facilities remains the property of the College. Confidentiality of information stored on College IT facilities cannot be guaranteed. 2. Staff and students are responsible for exercising good judgement regarding the reasonableness of personal use. If there is any uncertainty, staff should consult their manager and students their lecturer. The ( ext ) can also provide advice. 3. For security and network maintenance purposes, authorised individuals within the College may monitor I.T. facilities at any time. 4. The College may audit I.T. facilities to ensure compliance with this policy. 5. I.T. equipment must be treated with care and in accordance with operating instructions. Equipment labelled as Out of Order must not be used. Staff should report any equipment with an apparent fault to the I.T. Services ext 239 as soon as possible. Other users should report the fault to a member of staff as soon as possible. Equipment that is thought to be unsafe must not be used and the fault should be reported immediately to the I.T. Services ext Users wishing to connect any personal equipment to College I.T. equipment must consult with and obtain the written permission of ( ext ). equipment authorised for connection must undergo portable appliance testing (PAT), if appropriate, prior to connection, at the expense of the user. 7. Personal equipment includes Servers, Personal Computers (PC s), notebook or laptop computers, Personal Digital Assistants (PDA s), modems, line drivers, routers, switches, hubs, sniffers and headphones. 8. If any personal equipment authorised for connection to the College s I.T. facilities is suspected of causing degradation to the performance of any College I.T. facility; the College reserves the right to remove it immediately without notification to the owner. The College disclaims any responsibility for any damage occurring to personal equipment connected to College I.T. facilities, whether authorised or unauthorised, during connection to or removal from the College s I.T. facilities. 3

4 9. Non-staff users are responsible for backing up their own data. Backups of all data are made on a regular basis and in the event of a system failure I.T. Services will attempt to restore data. The College cannot guarantee that data will be restored. At the present time, there is no means for users to request that files be restored because of accidental erasure. All users should be aware that any data saved anywhere other than their home area (F: drive) is unlikely to be backed up unless special arrangements have been made with Network Services. 10. The College s servers have limited capacity and old should not be held on this server indefinitely. accounts held on College servers will periodically be deleted, users should make their own arrangements for archiving. 11. Nelson and Colne College will at its discretion use automatic message monitoring, filtering and rejections systems on College hosted s based on specific and variable user quotas. 12. Users have a fixed amount of file store available for their use. Failure to free up file store may result in the User ID being disabled or failure to create/write any additional data to disk. Users should be considerate of other users of I.T. facilities and delete any unwanted or unnecessary files. 13. All College users must agree to abide by the Joint Academic Network (JANET) acceptable use policy. 5.2 Security and Proprietary Information 1. Keep passwords secure and do not share accounts. Authorised users are responsible for the security of their passwords and accounts. Users will be held responsible for all actions performed by use of their User ID and must ensure that their unattended workstations are secure. 2. The College may automatically append a disclaimer to s sent to external organisations from College systems. The contents of this disclaimer may vary from time to time. 3. Postings by employees from a College address to newsgroups should contain a disclaimer stating that the opinions expressed are strictly their own and not necessarily those of the College, unless posting is in the course of business duties. 4. The College s servers have limited capacity and old should not be held on this server indefinitely. accounts held on College servers will periodically be deleted, users should make their own arrangements for archiving. 5. Nelson and Colne College will at its discretion use automatic message monitoring, filtering and rejections systems on College hosted s based on specific and variable user quotas. 6. Staff and students must use extreme caution when opening attachments received from unknown senders, which may contain viruses or other damaging content. 5.3 Unacceptable Use The following activities are generally prohibited. The may exempt designated 4

5 Under no circumstances are staff authorised to engage in any activity that is illegal while using College I.T. facilities. Incitement to commit a crime is itself a criminal offence whether or not the crime is subsequently committed. This includes the provision of information via computer systems to facilitate crimes. Materials lawful in their place of origin may but not be lawful in the UK and vice versa. The lists below are not exhaustive, but attempt to provide a framework for activities that fall into the category of unacceptable use System and Network - Prohibited Activities The following activities are strictly prohibited, with no exceptions: 1. Violation of the rights of any person or company protected by copyright, trade secret, patent or other intellectual property, or similar laws or regulations, including the installation or distribution of pirated or other software products that are not appropriately licensed for use by the College. 2. Unauthorised copying of copyrighted material including digitisation and distribution of photographs from magazines, books or other copyrighted sources, copyrighted music, and the installation of any copyrighted software for which the College or the end user does not have an active licence. 3. Exporting software, technical information, encryption software or technology, in violation of international or regional export control laws, is illegal. 4. Introduction of malicious programs into the network or server (e.g., viruses, worms, Trojan horses, bombs, etc.). 5. Revealing your account password to others or allowing use of your account by others. 6. Actively engaging in procuring or transmitting material that is in violation of sexual harassment or workplace laws. 7. Making fraudulent offers of products, items, or services. 8. Making statements about warranty, expressly or implied, unless it is a part of normal job duties. 9. Effecting security breaches or disruptions of any internal or external network communication. Security breaches include accessing data of which the user is not an intended recipient or logging into a server or account that the user is not authorised to access, unless these duties are within the scope of legitimate job responsibilities. 10. Unauthorised port scanning or security scanning. 11. Executing any form of network monitoring which will intercept data unless within the scope of authorised duties. 5

6 12. Circumventing, or attempting to circumvent, user authentication or security of any system, network or account. Users should not access or try to access any user ID or data of another user or attempt to masquerade as another user. 13. Attempt to circumvent data protection schemes or uncover security loopholes. Any user who finds a possible security weakness on any College system is obliged to report it to I.T. Services, their tutor or an I.T. facilitator. Users are also responsible for reporting any violation of this policy by another individual. 14. Interfering with or denying service to any user 15. Using any program/script/command, or sending messages of any kind, with the intent to interfere with, or disable, a user s terminal session, via any means, locally or via the Internet/Intranet/Extranet and Communications - Prohibited Activities 1. Sending racist or sexist comments, any other material which may be considered offensive. 2. Using offensive or condescending terms in s or engage in flaming. 3. Sending anonymous s, or posting anonymous comments, which are prejudicial to the interests or reputation of others or of the College. 4. Sending any potentially actionable materials or comments, or anything likely to undermine the ethos and reputation of the College. 5. Sending or forwarding unsolicited bulk messages ( junk mail or spam ). 6. Any form of harassment via , telephone or paging, whether through language, frequency, or size of messages. 7. Unauthorised use, or forging, of header information. 8. Creating or forwarding chain letters, Ponzi or other pyramid schemes of any kind. 9. Engaging in Social Engineering or other activities that may bring the College into disrepute. 10. Overloading College hosted systems by overuse of the carbon copy ( cc: ) and forward facilities within the package, or by unauthorised mass mailing within College. (Network Manager authorisation must be obtained when sending to large groups such as everyone ). 11. Any form of business activity not directly related to the work of the College. 12. Sending confidential materials in an unencrypted form. 6.0 Enforcement 1. Violation of this policy may result in the immediate withdrawal of the user s ID(s) and access to College I.T. facilities. 2. Any employee or learner who has violated this policy may be subject to disciplinary action. 7.0 Related Documentation 1. UKERNA, JANET Acceptable Use Policy. 2. Staff Disciplinary Procedure 3. Staff Code of Conduct 4. Disciplinary Policy 6

7 8.0 Definitions Term Chain letter Flaming I.T. Facilities Pyramid scheme Ponzi scheme Social engineering Spam User User ID Definition A chain letter is a letter, an message, or some other communication, which asks the recipient to send copies of it to several other people. Use of to convey insults, criticisms or remarks meant to incite anger. All equipment and services used in information technology enabled learning or work. A scheme in which a hierarchy is created by people joining under others who joined previously, and in which those who join make payments to those above them in the hierarchy, with the exception of being able to collect payments from those who join below. A Ponzi scheme is an investment scheme in which returns are paid to earlier investors, entirely out of money paid into the scheme by newer investors. Ponzi schemes are similar to pyramid schemes, but differ in that Ponzi schemes are operated by a central company or person, who may or may not be making other false claims about how the money is being invested, and where the returns are coming from. Ponzi schemes don t necessarily involve a hierarchical structure, as in a pyramid scheme; there is merely one person or company that is collecting money from new participants and using this money to payoff promised returns to earlier participants. Social engineering can be regarded as people hacking. It is the act of soliciting unwitting participation or revelation of information from a person inside an organisation. Unauthorised and/or unsolicited electronic mass mailings. Anyone authorised to use College I.T. facilities. Includes staff, students and persons or organisations engaged in College activities. Username allocated by the College which [in conjunction with a password] provides access to authorised systems. Appendix - Legislation Relevant to Computer Use Data Protection Act The Data Protection Act is concerned with any information about living individuals and demands good practice in relation to such information. With some exceptions any organisation or individual holding personal data must be registered with the Information Commissioner. Nelson and Colne College is registered. The 7

8 use of any personal data not in this registration is illegal. The 1998 Act extends the protection given to computerised information to manually stored data. It also prohibits the transfer of personal data outside of the European Economic Area ( the EEA ) to countries that do not provide adequate protection of personal data, except in exceptional circumstances. Transfer within the EEA is permitted. Remember that personal data placed on the Internet can find its way outside of the EEA! You must only use personal data for College related purposes. You must ensure that the use of College related personal data is restricted to the minimum and within the College s registration. You should contact the College s Data Protection Officer before conducting any activity that involves the collection, storage, display and/or transfer of personal data both manual and computerised g.monkhouse@nelson.ac.uk Computer Misuse Act The Computer Misuse Act is designed to protect I.T. systems against unauthorised access and modification. There are three levels of offence: The unauthorised accessing of computer material, including illicit copying, is punishable by up to 6 months in prison or a fine of up to 5,000. The unauthorised accessing of computer systems with the intent to commit or commission further crimes is punishable by up to 5 years imprisonment or an unlimited fine. The unauthorised modification of computer material, including the deliberate destruction of data or software, the spreading of virus infected files and addition of passwords to files is punishable by up to 5 years imprisonment or an unlimited fine. Copyright, Design and Patents Act The Computer Copyright, Design and Patents Act provides protection to materials for the author(s). Copyright applies to text, pictures, video and sound including those sent by . The explicit or implicit authorisation of the author(s) of copyrighted material must be sought before making, transmitting, installing or storing an electronic copy (or substantial part thereof) of any such material. Students should be particularly mindful that any material downloaded from the Internet and held to be original work will be considered plagiarism and the student may be subject to disciplinary action. The normal exemptions covering single articles photocopied from journals do not apply to copyrighted materials held electronically. Official Secrets Act This covers any material relating to security, intelligence, defence or international relations that has been disclosed by any Crown servant or Government contractor. The Act covers disclosures of such material. The Act requires that any such material is kept confidential at all times. Obscene Publications Act, Criminal Justice Act, Protection of Children Act These cover materials that are deemed to be obscene. Materials are deemed to be obscene if the overall effect of the material would be to deprave and corrupt a significant proportion of the people who view or hear such material. Obscene material includes material of a pornographic nature and material that is excessively violent. The Protection of Children Act places particular emphasis, with increased penalties, on obscene and pornographic material involving children. Sex Discrimination Act, Race Relations Act These are designed to prevent unfair discrimination based on Sex or Race and in some cases based on Sexual orientation. Defamation Defamation is the publication of opinions and false statements about a person or group of people. Any such statements published in permanent form even within an may lead to prosecution of the author. Bear in mind that an sent to a single individual may be forwarded to many other recipients. Beacon College status confirms Nelson and Colne as one of the country s best Colleges Nelson and Colne College - Judged OUTSTANDING by Ofsted Nelson and Colne College Scotland Rd, Nelson, Lancashire, BB9 7YT Tel: Web: