1 Policy Statement
South Tyneside College is committed to providing a safe and secure environment for all users of its computer networks and communications systems, including all devices connected to those networks and systems.
Users of the networks and communications systems (ICT Systems) should be made clearly aware of what is and is not considered acceptable usage of those systems.
2 Scope
This policy applies to all aspects of the use of Information and Communications Technology (ICT) within the College and usage of systems and services provided by the College from remote locations. This includes but is not limited to:
a) College owned equipment, including:
· Desktop PC’s
· Servers
· Laptop/Tablet devices
· Telephones, both fixed and mobile
· Mobile phones
· Digital video camera or camcorders
· Digital audio recording devices
· Reproduction devices (scanners, printers, etc..)
· Any and all software and ICT services provided by the College
b) Privately owned ICT equipment (including personal mobile phones), when:
· Connected to any College owned network
· Utilized to access College software and services
· Made use of on campus, or in the pursuit of College business.
It is not possible for the College to inspect or audit the content of privately owned devices. Electronic communications from privately owned devices when connected to, or communicating with, the College network will be monitored.
The same expectations of user behaviour exist when using privately owned devices in the contexts listed above as would exist when using College owned devices. For example, it would not be acceptable to use a privately owned laptop to display obscene images on campus, nor would it be acceptable to use a private mobile phone to send abusive messages on campus.
This policy applies to all, employees, learners, and any other person permitted to use South Tyneside College ICT Systems.
3 Legislation
· Data Protection Act 1998
· Computer Misuse Act 1990
· Freedom of Information Act 2000
· Regulation of Investigatory Powers Act 2000
· Copyright Designs & Patents Act 1988
· Malicious Communication Act 1998
· Criminal Justice & Public Order Act 1994
4 Responsibilities
Everyone has a responsibility to give full and active support for the policy by ensuring:
4.1 The policy is known, understood and implemented
4.2 Everyone is treated with respect and dignity
4.3 Behaviour not in accord with the policy is challenged.
Within this general responsibility there are some specific responsibilities:
4.4 The Head of ICT, for the effective implementation of the policy.
5 Actions to Implement and Develop Policy
5.1 Expectation of proper contact
The operation of the ICT Systems relies heavily on the proper conduct of the users, who must adhere to this policy.
5.2 Requirement to comply with legislation
The use of all ICT Systems must be made in compliance with all appropriate legislation e.g. Data Protection.
5.3 Requirement to conform with all College policies
The use of all ICT Systems must be made in compliance with all College policies.
5.4 Consequences of failure to comply with legislation or policies
If a user fails to comply with any legislation or policy, including any of the acceptable use provisions outlined in this document, use of the system may be withdrawn and future access may be restricted. This may impact on the individual’s ability to undertake the duties of their job or continue their studies.
Serious or consistent non-compliance with this policy may be considered to be a disciplinary offence and will be dealt with in accordance with the College’s Disciplinary procedure or other appropriate action may be considered.
5.5 Monitoring usage and access to systems
All communications and stored information sent, received, created or contained within the College’s ICT Systems are the property of the College. The College reserves the right to monitor, log and access all computer, telephone and network activity including internet access and e-mail, with or without notice, to or from any device owned by the College, or connected to the College’s ICT Systems.
Monitoring and access will take place in order to:
· Establish the existence of facts
· To investigate disciplinary issues
· To detect and/or prevent crime
· To ensure that any use (including any personal use permitted by this policy) is lawful and complies with this policy
· To intercept email for operational purposes, such as protection against viruses and forwarding email to the correct destinations.
The College may make and keep copies of email and other data stored or transmitted on its systems for any of the above purposes. Users should, therefore, have no expectations of privacy in the use of these systems.
When recording telephone conversations the College will make every effort to inform both parties that recording is taking place. This does not apply to the routing monitoring of telephone activity logs which do not contain recordings of conversations.
Monitoring of usage and access to systems will be made with the authorisation of the Head of ICT Services or their appointed deputy.
5.6 Acceptable Use
The following criteria will be used to assess whether usage is acceptable:
· Usage is consistent with College policies and is undertaken by:
o A learner currently enrolled on a course in the support of their studies
o A employee in support of their approved duties
o A contractor in support of work for which they have a current contract with the College.
o An official visitor to the College in support of the purposes of their visit
· Usage is consistent with the regulations appropriate to any external or internal system or network being accessed, i.e. the JaNET Acceptable Use Policy
· Usage of the ICT Systems may be made for limited and reasonable personal usage, provided this is:
o not associated with monetary reward
o undertaken in the users own time
o not interfering with the delivery of College services
o does not prevent other users from carrying out their studies or assigned duties
o does not violate this or any other College policy
o a lawful activity.
· Telephony – The College ordinarily does not allow personal use, with the exception of that outlined in the Mobile Phone Policy.
5.7 Unacceptable Use
It is unacceptable for a user to use, submit, publish, display, download or transmit on or from the ICT Systems, or from privately owned devices used on campus, information which knowingly:
· Restricts or inhibits other users from using the system or the efficiency of the computer systems. Specifically no software, executable files or other potentially harmful material should be downloaded or otherwise installed on the College’s systems without the express permission of the Head of ICT Services.
· Violates or infringes on the rights of any other person, including the right to privacy.
· Is contrary to the College’s Harassment Policy and Procedures.
· Is in violation of any other College policy.
· Contains defamatory, false, inaccurate, abusive, pornographic, profane, sexually explicit, threatening, racially offensive, or otherwise discriminatory, or illegal material, or personal/private information about any other College employee.
· Encourages the use of controlled substances.
· Uses the system for any other criminal or unlawful purpose, including obtaining unauthorised access to or otherwise interfering with any computer system by ‘hacking’.
It is unacceptable for a user to use ICT systems to:
· Conduct any non-approved business
· Transmit material information, or software in violation of any local or national law;
· Harass an individual or group of individuals
· Make copies of published materials or software when doing so will break copyright laws
· Conduct unauthorised political activity for personal gain or to promote extremist groups or policies
· Conduct any non-College related fund raising or non-College related public relations activities
· Falsify documents or forge a message to make it appear as if it came from another person
· Access or transmit information via the Internet, including email, in an attempt to impersonate another individual
· Conduct any other unauthorised activity (such as sending or forwarding jokes, chain emails and similar material)
· Reproduce any software installed on College’s systems without specific authorisation.
· Commit fraudulent activity
· Transmit images or videos of an individual, or group of individuals, unless it is reasonably believed that consent of the subjects has been obtained.
· Attempt to subvert the course of an ongoing disciplinary procedure.
· Deliberately infect, or attempt to infect, the College systems with a virus or other form of malware.
Clarification of any of the above should be sought from the Head of ICT Services.
Should users indulge in unacceptable use as defined above they will be subject to disciplinary action under the College’s disciplinary procedure. In certain cases this may amount to gross misconduct e.g. accessing pornographic or offensive material which would normally lead to summary dismissal.
5.8 Security
Access and usage of systems must be in accordance with the College’s Data Security Policy.
In terms of acceptable usage a user must:-
· Not deliberately reveal the account password or allow another person to use their account
· Not use another individual’s account
· Not attempt to log on as another user
· Notify the ICT Helpdesk immediately if they identify a security problem, including out of date virus protection.
· Not show or identify a security problem to anyone other than the College’s ICT staff or their line manager
· Take reasonable precautions to protect the College’s systems from security issues such as computer viruses, spyware and other malware.
· Use only properly supplied and authorised systems for undertaking College business
· Not attempt to circumvent any security measures or virus protection put in place by ICT Services.
5.9 Etiquette
When using ICT Systems users must:-
· Be polite
· Not use offensive language
· Use caution when revealing their address or phone number (or those of others)
· Be aware electronic mail is not guaranteed to be private
· Not intentionally disrupt the network or other users
· Abide by generally accepted rules of network etiquette: for example:
o Consider who the appropriate recipients of an email should be
o Do not send emails to a large number of recipients unless it is necessary to do so
o Consider whether large files or attachments need to be sent, since these will affect system performance.
5.10 Internet & E-Mail
5.10.1 Purpose of the internet
The Internet (including external e-mail) is a global communications network which provides vast, diverse and unique resources. With access to computers and to people all over the world users can gain access to material or individual communications that are not suitable for everyone. The College views information gathered from the Internet in the same manner as reference materials identified by the staff. Specifically, the College supports resources that will enhance the business and service environment. Exploration and manipulation of resources is encouraged where this benefits the College and staff development within their post. However, it is impossible to control all materials on a global network and users may discover inappropriate information.
Unacceptable access and the implications for the user are detailed in Section 5.7.
5.10.2 Access to the Internet
Access to the internet is provided from all devices connected to the ICT systems. The College reserves the right to withdraw access to the internet from any device, or individual, at the discretion of the Head of ICT Services. Access to and usage of the internet must be in accordance with this policy.
Use of the internet for personal purposes is permissible provided this usage is in line with the general guidelines for acceptable usage outlined in section 5.6.
5.10.3 Filtering and Access to Inappropriate Material
Access to the Internet via the ICT systems is “filtered” to prevent access to certain sites, for example, those containing pornography. The system, however, is not failsafe and the College cannot prevent the possibility that some users may access material that is not consistent with the policies of the College, or in line with the employee’s normal duties and responsibilities.
Where material, which is not consistent with the policies of the College, is inadvertently accessed, people are strongly advised in their own interest to report the matter to their line manager. If there is any doubt as to what constitutes inappropriate material, the user should seek advice from the line manager or ICT Services.
If a user continues to deliberately access inappropriate material this will be treated as unacceptable use as per Section 5.7.
The system must not be used to send or receive illegal material. Illegal material includes, but is not limited to, unlicensed software. Software piracy is theft: if it is detected by the College, disciplinary action may be taken and the police notified.
5.10.4 Monitoring of Internet Access
Internet access will be regularly and actively monitored by the College to ensure usage is in accordance with this policy. Reports will be provided to Human Resources on a regular basis identifying any staff who have attempted to access material considered inappropriate or illegal.
A record of the websites visited by users of the ICT Systems will be maintained for a period of 12 months. Access to these logs will be restricted to authorised personnel and will be used for the purposes of diagnosing problems, managing system performance and determining if usage is in accordance with this policy.
5.10.5 Accuracy and Quality of Information
The College will not be responsible for the accuracy or quality of information obtained through its Internet connection.
5.11 Email
5.11.1 Access to e-mail
Access to internal and external e-mail, is provided on all devices connected to the ICT Systems. The College reserves the right to withdraw access to internal or external e-mail from any device, or individual, at the discretion of the Head of ICT Services.
Access to and usage of e-mail must be in accordance with this policy.
Use of e-mail for personal purposes is permissible provided this usage is in line with the general guidelines for acceptable usage outlined in section 5.6.
5.11.2 Legal Commitments and E-Mail
E-mail can result in binding contracts. Users should be aware that legal commitments can result from their e-mails, and the same degree of care should be exercised as with any other written communication.
For evidential purposes, it is the responsibility of the individual who sends, or receives, the e-mail that a suitable record of any messages which evidence commitments is made.
Personal e-mail accounts, for example, Hotmail, Yahoo, Googlemail etc should not normally be used for official communications.
5.11.3 Dissemination of Information
When disseminating views or opinions via the College’s systems on subjects not directly related to their responsibilities in the College, users will ensure that any opinions or views expressed are not attributed to the College by inserting a suitable disclaimer, for example, “The opinions expressed herein are my own and do not necessarily reflect those of the College”.
5.11.4 Monitoring and Logging of E-Mail
E-Mail access will be regularly and actively monitored by the College to ensure usage is in accordance with this policy.
In particular monitoring will be undertaken to identify and eliminate any messages which may be harmful to the operation of ICT Systems. For example, spam e-mails, e-mails containing viruses, malware, spyware and spam.
The College reserves the right to maintain records of all e-mail messages for the purposes outlined in section 5.5 of this policy. Records may also be maintained for evidentiary purposes to satisfy funding body or legislative requirements.
5.12 Backups
ICT Services will take all reasonable measures to ensure that network servers and resources are backed up on a regular basis in accordance with the Backup Policy.
The ICT department strongly advises users not to store any documents on the local hard drives (i.e. C) of their workstations. It is the responsibility of the user to ensure that any files stored on local hard drives are backed up; furthermore the ICT department must be made aware, in writing, of any machines which have documents stored on their local hard drives.
5.13 Remote Access
Access to and usage of software or services provided by the ICT Systems from remote locations must be in accordance with this policy. This includes staff or learners accessing systems from home or from a place of employment.
5.14 Use of Social Networking Services
The use of social networking sites and services is a routine part of everyday life for many users of the internet. For example, Facebook claims over 500 million users worldwide, of which 50% access their account at least once a day. Recent research has also found that social networking now surpasses e-mail as the most common internet communications tool. In this environment it is inevitable that many staff and learners will have digital identities with one or more social networking services.
Social networking services offer a wide range of tools that can be used to provide learning opportunities and help to engage with learners outside of the classroom. However staff who work in an education establishment have a professional image to uphold and how they conduct themselves online impacts on this image. Stories have been reported by the national press of educators who have been charged with professional misconduct following the posting of inappropriate comments about their school/learners, or, the posting of photos/videos that were considered inappropriate for a person in their position.
Social networks are built around the concept of being able to add other users of the network as a ‘friend’, building a community of like minded individuals. When learners gain access into a lecturer’s network of friends and acquaintances the dynamic of the relationship is altered. Adding learners as ‘friends’ provides more information than one should share in an educational setting. It is important to maintain a professional relationship with learners.
When using social networking services it is considered unacceptable for staff to:
· Accept learners as friends on personal social networking sites, any learner-initiated friend requests should be declined
· Initiate friendships with learners.
· Post commentary that could be deemed to be defamatory, obscene, proprietary, or libellous
· Discuss students or co-workers or publicly criticize College polices or personnel
· Post images that include student on social networking sites
· List their College e-mail address “@stc.ac.uk” as a contact address for personal social network accounts.
If you wish to use social network services and sites with your learners you should maintain a separate account for that purpose. Your College e-mail address should be used as the contact address for this account. This account should not be linked or “friended” with any personal accounts you may have. Post only what you want the world to see – it can be extremely difficult to remove something that you have posted.
Staff and learners should not create pages, sections, news groups or equivalent on social networking services that claim to be linked to or represent the College (i.e. South Tyneside College Football Club) without authorisation from the Marketing and Schools Liaison Co-coordinator.
All staff are advised to review the security and privacy settings on all social networking services they use. We recommend that all privacy settings be set to “only friends”. “Friends of Friends” will allow anyone who is a friend of any of your friends to see your profile, photos of you, comments you have posted etc... Do you know who all of the friends of your friends are?
5.15. Additional Regulations
All Users must comply with the additional regulations that relate to the use of particular aspects of the ICT facilities. This includes the following documents:
· Joint Academic Network (JANET) Acceptable Use Policy available from:
http://www.ja.net/documents/policy_document.html
6 Monitoring & Evaluation
The Head of ICT Services will monitor and evaluate the policy by submitting a report annually to the e-Resources group.
7 Related Policies
· Harassment Policy
· Data Protection Policy
· Data Security Policy
· E-Safety Policy
· Control of ICT Software and Hardware Policy
· Backup Policy
· Disciplinary Procedure
|
Date Reviewed:
|
December 2011 |
|
Version Number:
|
4 |
|
Revised by:
|
Craig Scott, Head of ICT Services |
|
Approved by:
|
SMT |
|
Next Review Date:
|
December 2014 |