ICT Acceptable Use Policy

1. Background

Hartpury College provides access to computing and IT resources to help students and staff with their studies and work. 

Staff, students and visitors at the College have access to various computing and IT resources.  These resources all have access to the Internet and the World Wide Web (web).  The Internet and web can be considered to be the greatest informational resource ever produced by mankind but it can also be an un-regulated, un-governed environment which contains materials that would be considered to be illegal in the UK, plus content that the senior executive and governors consider unsuitable for staff, students and visitors engaged in work and study at the College.

Access to the College's computing and IT resources is a privilege. If a user violates the Acceptable Use Policy (AUP) the user may have their access rights limited or withdrawn, be subject to disciplinary action, or even criminal proceedings in the most severe cases.

2. Purpose

The purpose of this policy is to clearly state and publish an Acceptable Use Policy for access to computing and IT resources at Hartpury College, which supports the electronic safety (e-safety) of students, staff and visitors.   

3. Scope

This policy applies to all users of Hartpury College’s IT facilities and in relation to IT facilities owned, leased, hired or otherwise provided by the College, as well as those connected directly or remotely to the College’s network or IT facilities. It also covers non-College equipment used on the institution's premises, or individuals connecting their own equipment to the network i.e. personal laptops.  IT facilities include all networks, computer systems and/or computing hardware and software made available by the College.

4. General Principles

Computing and IT resources at Hartpury College must be used in a manner which is ethical, legal and appropriate to the College’s aims and goals.  Users of computing and IT resources, which are shared resources, must not obstruct the work of others and use facilities in such a way as to encourage a scholarly atmosphere.  Each user has a responsibility to learn how to use the resources appropriately and responsibly.  The College encourages the use and exploration of its IT resources but discourages behaviour which may inconvenience or harm other users and data.

4.1. Responsibility

Individual users are responsible for their own actions, and are thus liable for any consequences thereof.  The College cannot accept responsibility for ensuring that actions of users are acceptable.  Whilst we will take steps to monitor use of facilities, we cannot police them absolutely.  In all cases the user, or users, concerned will be considered liable for their actions.

Access to and use of the College’s computing and IT facilities shall comply with UK and EU laws, some of which are listed in section 8, the College rules & regulations, the College Code of Professional Conduct and this Acceptable Use Policy.

4.2. Privacy

The College reserves the right to conduct checks on user files, and their usage, where such action is justified for the purposes of system administration, investigation of suspected breaches of the Acceptable Use Policy or any other infringement of College Rules & Regulations or Codes of Conduct. 

The College also reserves the right to compress, archive, or otherwise remove files stored on computing and IT resources, such as central file stores, by existing or past users in line with the College Data Retention Guidelines. 

It also reserves the right to access, and, where necessary, to examine the content of user files held on any College computing and IT resources, private computers connected to the college network, or otherwise downloaded onto personal computers, discs or separate drives for the purposes of investigating suspected breaches of the Acceptable Use Policy.

4.3. Security

The College will endeavour to take reasonable care to ensure that users’ data is safe and secure, however this is done in good faith, and no responsibility can be taken for any loss or damage howsoever caused.  Facilities are provided "as-is" without any warranty or guarantee of suitability for any purpose, implied or otherwise.

The College requires all students to store and backup their own work.  A student IT account and the data contained in the IT account is deleted at the end of the longest running academic course attended by that student, as defined in the College’s student records system.  However, because of the way in which the backup system works it is possible that some student data and staff data is held on backup tapes for up to 6 years.  Student and staff data held on backup tapes will not be recovered unless the creator of the original data makes the request and is currently a student or member of staff at the College, or the request has been made by a member of the Executive in relation to an investigation of a breach of the Acceptable Use Policy

4.4. Enforcement

In the event of a known or suspected breach of policy, the College may take immediate action to ensure both the security and accessibility of its computing and IT resources.  Breaches of the Acceptable Use Policy will be dealt with according to their severity.

Action may consist of (but is not limited to) warnings; suspension or removal of user access to computing and IT resources, including (but not limited to) services such as e-mail and/or Internet access; and suspension or termination of the user's account.  Immediate action does not constitute any judgement of guilt, and appeals may be made following the processes laid out in section

4.5. Appeals

The member of staff that initially identifies a suspected breach of the Acceptable Use Policy is responsible for investigating suspected breach and reporting the incident to the appropriate line manager, member of the Executive or the IT Support Team.  The report will be assessed by an appropriate member of staff, which will be determined by the severity of the breach, and the appropriate disciplinary action will be taken, as outlined in section 7.

All users are entitled to the right of appeal and any user wishing to appeal must write to the Principal.

4.6 Social Networking

Access to social networking sites has the potential to use significant IT resources at key times of the day and deny access to other users.  The College therefore reserves the right to limit access to these sites (i.e. Facebook) from College computers.

 5.  Acceptable Use Policy

5.1. Computing and IT Facilities

When using College computing and IT facilities you MUST NOT:

  • eat or drink when at a computer,
  • alter the settings of the computer,
  • allow other people to use your account,
  • give your password to someone else to use, and/or disclose your password to someone else, and/or be otherwise careless with your password (N.B. personal passwords should be changed regularly),
  • disrupt the work of other people,
  • corrupt or destroy other peoples' data,
  • violate the privacy of other people,
  • offend, harass or bully other people,
  • break the law,
  • waste staff effort or resources,
  • store files not related to your study or work at the College on College computing resources,
  • engage in software piracy (including infringement of software licences or copyright provisions),
  • generate messages which appear to originate with someone else, or otherwise attempting to impersonate someone else,
  • physically damage or otherwise interfere with computing facilities, including attaching any un-approved hardware to College computers,
  • waste computing resources by playing games or using software which is not needed for your studies or work,
  • engage in any activity which is rude, offensive or illegal,
  • download and/or run programs or other executable software from the Internet or knowingly introduce viruses or other harmful programmes or files,
  • enable unauthorised third party access to the system,
  • use the IT facilities of the College for commercial gain without the explicit permission of the appropriate authority,
  • use a mobile phone inside the LRC
  • engage in any activity that denies service to other people or brings the College name in to disrepute.

When using College computing facilities YOU MAY:

  • join a public forum (e.g. social networking site, news group, etc) if this is a specific requirement of your course or work,
  • only attach headphones and USB memory sticks to College computers,
  • alter computer settings to improve accessibility in a manner which has been previously agreed with the IT Support, and the original settings are restored after use.

When using College computing facilities YOU MUST:

  • log out of your account if you are leaving a computer for an extended period of time, or otherwise lock the screen if you leave the keyboard and computer,
  • take appropriate actions to physically secure equipment issued to you for the purposes of study or work.

5.2. Telephony System

Payphones are situated around the College campus for private calls.  If any members of staff, a student, or a visitor wishes to use the College system for a private call, they should time the call and pay the corresponding charge at the Finance Office. All telephone calls are logged and checked on a regular basis.

If a member of staff is provided with a College mobile telephone at the expense of the College, they must ensure that they have signed a Corporation Policy Mobile Phone declaration form which will be held on the employee’s personal file in the HR Department.  Employees who are College mobile telephone users must remember that the phone is for College business use only and should not be used for personal calls.  Employees will be obliged to reimburse the College for any private calls made on a College phone, when requested to do so.

The College does not allow any members of staff to use mobile telephones when driving on College business without a hands-free kit.  An employee who fails to comply with these procedures may be subject to the Disciplinary & Dismissal Procedure.

5.3.       Laptop Users

Staff, students and visitors in receipt of a laptop computer should be aware that the computer, accessories, software and operating system remain the property of Hartpury College and it is provided on a loan basis.  Additional software may NOT be installed, nor hardware modifications made, without authorisation from the IT Support Team.

Personal use of the system is authorised within reasonable limits as long as it does not interfere with or conflict with business use.  Staff, students and visitors are responsible for exercising good judgement regarding the reasonableness of personal use.

Students issued with laptops to help them with their studies are not permitted to take the laptop home.  All laptops must be returned at the end of lessons to the designated location.

5.3.1.  Additional Regulations for Members of Staff

When issued with a College loan laptop, members of staff will be required to agree to a number of insurance conditions which will include:

  • The laptop will at no time be left in a visible position in any unattended, unlocked vehicle but will be placed in the locked boot of a vehicle,
  • The laptop will only be kept at Hartpury College, a private residence or a locked hotel bedroom when away on College business, but will not be taken on a private holiday,
  • Any room in which the laptop is kept will be secured when unoccupied,
  • Agreement to make the laptop available for inspection by IT Support at any time,
  • Agreement to inform the College immediately if the laptop is lost, stolen or damaged,
  • Agreement to return the laptop to IT Support on my last day of service with the College,
  • Accept responsibility for any damages caused by neglect, misuse etc excluding reasonable wear and tear,
  • Accept responsibility for the cost of repair/replacement of the laptop in the event of a breach of the above conditions.

6. Monitoring

The College reserves the right to log and retain records of all electronic communications (web browsing activities, email exchange etc) between users of College IT and computing facilities and all external organizations for a period of no more than 18 months.   

Use of e-mail and the Internet is primarily for work-related purposes.  The College has the right to monitor any and all aspects of its telephone and computer system that are made available to staff, students and visitors, and to monitor, intercept and/or record any communications including telephone, e-mail or Internet communications. 

To ensure compliance with this policy or for any other purpose authorised under the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000, staff, students and visitors are hereby required to expressly consent to the College doing so.  In addition, the College wishes to make all staff, students and visitors aware that Close Circuit Television (CCTV) is in operation for the protection of staff, students and visitors.

7. Action Upon Misuse

If you do not follow this IT Acceptable Use Policy the College will take action.  Disciplinary action will follow College procedures except in extreme circumstances when the police will be called immediately.

Generally verbal warnings will be issued for a minor first offence, unless the offence is deemed so serious that stronger action is required. 

College action may include but is not limited to:

  • Verbal warnings,
  • Disciplinary letters,
  • Disciplinary hearings,
  • Loss of access to computing resources,
  • Charges for any damage caused.

 7.1. Verbal Warnings

Some examples where misuse may result in a verbal warning are listed below.  Generally you will receive a verbal warning if after being informed of a breach of policy you continue to:

  • Eat or drink when at a computer,
  • Use a mobile phone in the LRC,
  • Disturb others,
  • Play computer games,
  • Send unacceptable e-mails or messages.

 7.2. Disciplinary Letters

If you continue to ignore verbal warnings informing you of a breach of policy, or commit a more serious breach of policy you will receive a disciplinary letter.  Some breaches of policy which will result in a disciplinary letter being issued include:

  • use of another person’s account,
  • installation of software,
  • making unauthorised use of College software etc.

 7.3. Disciplinary Hearings

Full disciplinary proceedings, and possibly legal proceedings, will be instigated if you ignore verbal warnings and disciplinary letters.  During this process you will not be allowed to use any computing resources at the College.  Some of the breaches of policy which will result in immediate disciplinary hearings being instigated include:

  • continuing to ignore earlier warnings,
  • use of another person’s account,
  • trying to hack into the network, change PC settings or use external proxy servers,
  • the use or sending of rude or threatening e-mails or broadcast messages,
  • harassing or bullying behaviour from anyone using computing resources,
  • the changing or deleting of software without permission,
  • the use someone else’s data without permission,
  • deliberately introducing harmful software such as viruses,
  • looking at, storing, printing or distributing pornographic, racist, sexist or otherwise illegal or offensive material,
  • copying College software without permission,
  • altering the College systems without permission,
  • altering, or trying to alter, College data without permission,
  • trying to access remote systems without permission.

8. Legal Conformity

Some of the UK legislation applicable to computer use is listed below.  This is by no means an exhaustive list and users are reminded of their responsibility to be aware of their legal obligations.     

  • Obscene Publications Act 1959                
  • Sex Discrimination Act 1995
  • Race Relations Act 1976                            
  • Protection of Children Act 1978
  • Data Protection Act 1984                           
  • Telecommunications Act 1984
  • Interception of Communications Act 1985    
  • Copyright, Designs, Patents Act 1988
  • Computer Misuse Act 1990            
  • Criminal Justice and Public Order Act 1994
  • Defamation Act 1996                                  
  • Disability Discrimination Act 1998
  • Data Protection Act 1998                           
  • Human Rights Act 1999
  • Investigative Powers Act 2000
  • Malicious Communications Act 1988

9. Other Applicable AUP’s

As the College is connected to the Joint Academic NETwork (JANET) all students, staff and visitors must abide by the JANET Acceptable Use Policy, which is published at www.ja.net

 

 

Version R02

Prepared by Head of ICT & E-Learning

Effective from 30/09/2011
Next review by 30/09/2012
Owned by Senior Executive & Governors
Reviewed by Senior Executive
Signed-off by Senior Executive
<< Back