General - Legal and Governance - Acceptable Use Policy | Harper Adams University

Legal and Governance

Acceptable Use Policy

1. SCOPE OF THIS POLICY AND WHY IT IS IMPORTANT

The Harper Adams University (“the University”) Acceptable Use Policy (“the Policy”) applies to all individuals who access the Internet and/or internal electronic mail (“e-mail”) and other electronic communication systems through the computing or networking resources made available by the University (together “the Systems”). This includes users who are permanent full-time, part-time and temporary employees, permanent full-time and part-time students and nominated contractors, agents, fellows and alumni, each of whom shall require individual nomination through a University-employed sponsor (“Users”), for so long as they remain authorised to be Users by the University. The principal initial point for contact or enquiry about this Policy or related issues is the University IT ServiceDesk (the “ServiceDesk”)

1.1 The University provides the Systems at its expense for Users. Such facilities provide many benefits to the University and to individual Users. It is the University’s policy that these facilities like other University assets, be used appropriately at all times. Each User must also comply with the Information Systems and Services 'Code of Practice’ at all times when accessing the Systems.

1.2 To apply for permission to be authorised as a User, you must complete the appropriate Access form (examples of which are available online and through the ServiceDesk). If your application is accepted you will be set up on the system, usually using your ID card number as a username, and supplied with an initial password for access to a suitable system. Guest users will be allocated a temporary unique set of username and password credentials. Students may periodically be provided with additional temporary account credentials for the specific purposes of undertaking online assessments and examinations. Such guest and examination accounts will have appropriately restricted access to University Systems and to external internet services, and will expire automatically after a fixed period of currency.

1.3 You are required to change the initial password provided for systems access, to a suitable strong password known only to yourself. Selection, use and maintenance of passwords should comply with the terms of the University Information Security Policy. Advice on password security is available through the ServiceDesk.

1.4 Once changed by the User, passwords are not accessible to or retrievable by any University Systems administrators, and restored access to any System should be achieved by reporting such loss or expiry to the ServiceDesk or through use of the Online Password Recovery service.

1.5 This Policy provides guidance to you on the standards of behaviour each User is expected to adopt when using the Systems, what the University considers to be inappropriate use of the Systems and informs you about the monitoring of use of the Systems.

1.6 Users are expected to be familiar with and to comply with this Policy. The University reserves the right to change this Policy at any time. Where changes are made to this Policy, the new Policy will be uploaded to the Harper Adams website. Users should periodically check to note any changes which have been implemented.

1.7 All Users are responsible for the success of this Policy and should ensure that they take the time to read and understand it. Before access to the Systems (including the Internet via the University network) is approved, you are required to read and agree to this Policy.

1.8 Any misuse or suspected misuse of the Systems or equipment should be reported to the Head of Information Services or their acting Deputy. Failure to comply with the obligations set out in this Policy may constitute a disciplinary offence amounting to gross misconduct and/or termination or suspension of your studies or other relationship with the University.

1.9 Questions regarding the content or application of this Policy should be directed to the Head of Information Services or their acting Deputy.

1.10 All the University facilities must be used in a professional and appropriate manner. Personal use (i.e. non-University business use) of University Systems by staff Users and by student Users is allowed so long as such usage:

  • does not, as deemed by the University, interfere with University work, studies or the working environment of others;
  • is not for any illegal activity or any activity which could bring the name of the University into disrepute or open the University up to legal action;
  • does not impact the University’s ability to provide Systems access for its legitimate business purposes;
  • does not mislead the recipient of communications;
  • is not used to support an independent enterprise with which a staff or student User is associated, and/or
  • by staff Users is kept to a minimum.

2. THE COUNTER TERRORISM AND SECURITY ACT 2015 AND THE PREVENT DUTY

2.1 There is a duty on authorities (including HE) under the above act to have due regard to the need to prevent people from being drawn into terrorism. Under this duty, the University will block, and as stated in 11.1 below may monitor, access or attempted access to websites carrying inappropriate materials.

3. INFORMATION SYSTEMS AND NETWORK SECURITY

3.1 Security of the University’s Systems is paramount. Each User must not permit any unauthorised person to gain access to the University’s Systems (or to a third party’s system) nor seek unauthorised access to a third party’s systems or documents. The University has implemented a number of security controls to safeguard its computer equipment, software and data and these are monitored on a regular basis.

3.2 Unless approved in advance through the ServiceDesk, under no circumstances must any User:

  • introduce or use any program that is not already installed on any System, and/or
  • download programs or other executable material from the Internet for use on the System.

3.3 The use of any type of removable media on the Systems must involve a preliminary check for viruses by an effective scanning utility approved by the ServiceDesk. University-provided equipment is normally configured to perform such scans automatically.

4. INTERNET USE

4.1 The rules and requirements for e-mail use (see section 5.9 below) apply equally to Internet usage, with the following additional guidelines:

  • each User must ensure that, in obtaining information or material from websites or from any other source, the User is not infringing copyright or incurring unauthorised expense to the University;
  •  each User is responsible for ensuring compliance with any terms and conditions governing the use of external websites;
  • access to certain sites may be blocked by configurations set through the Information Services team. If any User has a legitimate requirement to be able to access such sites, they should contact the ServiceDesk for authorisation;
  • Users must not visit sites, download material, transfer data or images, store data or images, transmit information or display web pages that may fall into one or more of the following (non-exhaustive) categories (and given the widest meaning of the terms):
    • defamatory, offensive, vulgar or obscene material (including any type of pornography or sexually explicit material);
    • any racist or sexist material;
    • any material that could constitute bullying or harassment (such as on the grounds of sex, including sexual orientation, race or disability);
    • any material that could incite violence or hatred;
    • engaging in any form of intelligence collection from the University facilities;
    • engaging in fraudulent activities, or knowingly disseminating false or otherwise libellous materials;
    • any material that could be otherwise considered illegal, or reasonably perceived as falling into one of the above categories; and/or
    • (for staff Users only,) for the conduct of an independent business enterprise or political activity
    • breach of any legal duty owed to a third party such as obligations of confidentiality and contractual duties
    • users must not impersonate any person, or misrepresent their identity or affiliation with others or the University
    • users must not give the impression that comments/contributions they make are on behalf of the University if this is not the case

4.2 Staff Users must not under any circumstances, even outside normal working hours, at lunchtimes etc., use University systems to participate in any Internet chat room, post messages on any Internet message board or set up or log text regarding the University on a blog, where there is a risk that engagement with such media could bring the University into disrepute. [The use of social sites, e.g. Twitter, Facebook, etc., is permitted, but the usage must not interfere with the University's work and/or the University’s legitimate business interests]. Nor should such engagement bring the University into disrepute.

4.3 Staff Users must not upload University staff/student/consultant/research or project information which is confidential or personal in nature to cloud based storage solutions (for example, but not limited to DropBox), without the risk-management consent of their line manager. The University has concerns about the security of these storage solutions and does not recommend the use of cloud storage solutions to share files over the Internet and encourages individuals to use alternate sources for the sharing/receiving of information. If consent to use a cloud storage solution is given, there will be conditions as to the usage of such a solution.

4.4 Other activities that are strictly prohibited include, but are not limited to:

  • accessing the University’s information using the Systems (or held on the Systems) that is not within the scope of the User’s work and/or studies;
  • misusing, disclosing, or altering staff/student personal information, (unless with regard to alteration ONLY) the user's job description specifically requires them to update the personal data of others);
  • deliberate pointing or hyper-linking of the University Websites to other internet sites, domain names or IP addresses whose content may be inconsistent with or in violation of the aims or policies of the University; and/or
  • use, transmission, duplication, or voluntary receipt of material that infringes on the copyrights, trademarks, trade secrets, or patent rights of any person or organisation. Users should assume that all materials on the Internet are subject to copyright and/or patented unless specific notices state otherwise.

4.5 Users must not place any University materials (examples: internal documentation, policies, course literature etc.) on any mailing list, public news group, or such service, unless such sharing of materials meets the legitimate business needs of the University.

5. E-MAIL USE

5.1 The e-mail System is installed as a method of communication for the University. If you are a member of staff whose day to day work normally involves the use of the University's email, on working days, you should wherever possible ensure you access your e-mails at least once per day; stay in touch by remote access when travelling; use an out of office response when away from the office for more than a day; and endeavour to respond to e-mails marked “high priority” as soon as practicable.

5.2 All e-mail communications may be monitored and subject to random compliance checks at any time as defined below.

5.3 This Policy should not be exploited for personal use. If you are a staff User, you should keep personal use to a minimum when within normal working hours, and ensure that such use does not interfere with the proper performance of your duties.

5.4 The University e-mail System should only be used by members of staff to conduct the University’s business and by students for correspondence that does not infringe this Policy. Wherever possible, staff or students should use their own personal email accounts held outwith of the University to conduct correspondence on personal matters that do not relate to their work, study or well-being at the University.

5.5 Personal and web mail accounts must not be used by members of staff to conduct the University’s business unless the user’s University account is inaccessible and the matter to be communicated is urgent. In addition, members of staff and other Users should not:

  • use a University e-mail account to send or receive large/multiple personal attachments including screensavers, games, pictures, executable files, video images and/or presentations from your University or personal e-mail account unless the receipt/sending of such materials relates directly to the University's legitimate business activities;
  • use a University e-mail account to create, send or receive screensavers, chain letters or notes, junk mail or for-profit messages;
  • use another person’s ID to send mail or instant messages unless specifically authorised by that person.
  • use a University email account for automated and/or unsolicited bulk emailing. Users with legitimate bulk mailing requirements may request access to a separate bulk mailing facility through the University ServiceDesk

5.6 E-mail encryption facilities are available [for appropriate business and/or learning uses] to ensure the confidentiality and integrity of messages sent between the University and its Users and/or third parties. Requests should be directed to the ServiceDesk.

5.7 As with written correspondence, e-mail communications can give rise to binding obligations and expose the University to liability in the same way as conventional correspondence.

5.8 Users should not write anything in an electronic communication that could jeopardise the integrity or reputation of the University, or which the User cannot or would not be prepared to justify. Always consider whether e-mail is the appropriate medium for a particular communication. For example, confidential or sensitive personal information should not be sent within the main text of an e-mail but should be sent in the form of either a password protected file, encrypted attachment or as a separate letter.

5.9 Users must not use the electronic communications systems to write, store, send, forward or otherwise transmit any material in any of the following categories, without prior approval of their Line or Programme Managers. To do so may constitute gross misconduct and could result in summary dismissal in accordance with the University disciplinary procedures and/or termination of your studies or other relationship with the University. The (non-exhaustive) list of categories includes:

  • material which breaches any obligations of confidentiality you have to the University, or the University obligations of confidentiality to any third party or is in breach of the proprietary interest, trade mark, trade secret or copyright of others;
  • defamatory material;
  • abusive, offensive, vulgar, sexually explicit or obscene material (including any type of pornography);
  • any material which is untrue or malicious, whether about another student, a member of staff or someone else outside the University;
  • information promoting terrorism or cults;
  • any material that could constitute bullying or harassment (such as on the grounds of sex, including sexual orientation, race or disability); and/or
  • any material that could be otherwise considered illegal, or perceived as falling into one of the above categories.
  • material which could breach of any legal duty owed to a third party such as obligations of confidentiality and contractual duties
  • material giving the impression that comments/contributions are on behalf of the University if this is not the case
  • any racist or sexist material;
  • any material that could incite violence or hatred

5.10 If a recipient properly asks you to stop sending messages (whether of a personal nature or otherwise), you should always stop immediately.

6. VIRUSES

6.1 All e-mails passing through the University Systems are monitored for viruses. However, you should exercise caution when opening e-mails from unknown external sources or where, for whatever reason, an e-mail appears suspicious (if for example its filename ends in .exe). The ServiceDesk should be immediately informed if a suspected virus is received. The University reserves the right to block access to attachments to e-mails for the purpose of effective use of the Systems and to ensure compliance with this Policy. Certain types of attachment are considered to be high risk, and the range of blocked attachment types is periodically reviewed.

6.2 Users should be wary of incoming emails from an unknown source. Unsolicited emails from unknown sources should be discarded before opening or referred to the ServiceDesk. Links from emails should not be followed / used unless the email is from a known reliable sender.

7. RETENTION OF E-MAIL MESSAGES

7.1 Every member of staff should individually create an archive file on a matter-by-matter basis of all important e-mail messages which must be kept for University business, and should ensure its periodic backup. Advice on this is available from the ServiceDesk.

7.2 On a regular basis to conserve space on our e-mail server, the University will conduct maintenance to review e-mail file storage.

8. PRIVACY OF E-MAIL COMMUNICATIONS NOT GUARANTEED

8.1 Users should be aware that even if a message is deleted from the University’s e-mail system, it will still be retained by the University either on the daily backups of all data or in other ways. Users should also be aware that e-mail messages may be read by persons other than the intended recipient, including University’s employees or outsiders, under certain circumstances.

8.2 Like hard copy documents, once a User distributes an e-mail message, even if only to an individual recipient, that User (and the University) may not have the ability to control the subsequent distribution, review or retention of that message thereafter.

8.3 Users that receive a wrongly-delivered e-mail should return it to the sender. If the e-mail contains confidential information or inappropriate material (as described above) it should not be disclosed or used in any way.

Please note that wherever possible before sending highly confidential information by email, users should consider whether there is a need to encrypt the information and/or use a different means of transfer.

9. IMPROPER MESSAGES PROHIBITED

9.1 Users should not send abusive, obscene, discriminatory, racist, harassing, derogatory or defamatory e-mails. Anyone who feels that they have been harassed or bullied, or are offended by material received from another User via e-mail should inform the ServiceDesk

9.2 Users should assume that e-mail messages may be read by others and not include anything which would offend or embarrass the University, any other reader, or themselves, if it found its way into the public domain.

9.3 In general, Users should not:

  • contribute to System congestion by sending trivial messages or unnecessarily copying or forwarding e-mails to those who do not have a real need to receive them;
  • sell or advertise using the University's communication systems or broadcast messages about lost property, sponsorship or charitable appeals or other non-University business matters without prior permission from the Service Desk;
  • agree to terms, enter into contractual commitments or make representations by e-mail on behalf of the University unless appropriate authority has been obtained. A name typed at the end of an e-mail is a signature in the same way as a name written at the end of a letter;
  • download or e-mail text, music and other content from the Internet subject to copyright protection, unless it is clear that the owner of such works allows this;
  • send messages from another User’s computer or under an assumed name unless specifically authorised; or
  • as set out below, send highly confidential messages via e-mail or the Internet, or by other means of external communication which are known not to be secure.

10. AUTHORITY

10.1 The IS Service Delivery Manager may immediately suspend access to System(s) by any person suspected of contravening any conditions applied to the use of the university system. After enquiries, the IS Service Delivery Manager may at their discretion either continue the suspension or reinstate access:

  • in the case of students, after consultation with the appropriate academic colleague,
  • in the case of staff, after consultation with the line manager,
  • in the case of contractors, agents, fellows or alumni, after consultation with the nominating sponsor.

11. MONITORING

11.1 The University reserves the right for business reasons and in order to carry out any legal obligations in our role as an employer and learning institution, to monitor, review, record and check the use of all information systems, including Internet and e-mail use, from all computers and devices connected to the University network.

11.2 The University may exercise this right in order to establish facts relevant to the University’s business and teaching activities and:

  • to comply with regulatory practices or procedures;
  • to prevent or detect crime;
  • to ensure compliance with the University policies, including this Policy;
  • to investigate or detect unauthorised uses of the Systems or to ensure the effective operation of the Systems (e.g. to check if viruses are being transmitted);
  • to meet contractual obligations for disclosure of information; and/or
  • for business reasons, this may include gathering information about how often information contained on our IT systems is used and by whom in order to help us develop our strategy and to ensure resources are focused on the correct areas and identify unauthorised usage.

11.3 In these circumstances, individuals do not have a right to privacy when using the University Systems or in relation to any communication generated, received or stored on the University systems.

11.4 Access to monitoring applications is strictly controlled. IS Service Managers may access all monitoring reports and data if necessary to respond to a security incident.

11.5 The University’s systems enable us to monitor and access e-mail communications. For legitimate business reasons, and in order to carry out legal obligations in our role as a University (and as an employer), use of the University’s Systems including the computer systems, and any personal use of them, may be continually monitored by the University. Monitoring and accessing of e-mail accounts is only carried out to the extent legally required or lawfully permitted or as required as necessary and justifiable for business purposes.

11.6 The University reserves the right to monitor e-mails (including personal e-mails), retrieve the contents of and access mailboxes and private directories (and/or check associated Internet use) without further notifying the individual User concerned, where reasonably necessary for the following purposes (this list is not exhaustive):

  • where the University has a business (including learning/pastoral) need to access your mailbox. For example, if a staff User is absent from the office and a supervisor has reason to believe that information required for the day’s business is located in that individual’s mailbox. Suitable arrangements need to be made to cover staff absence to avoid such access being required wherever possible;
  • to monitor whether the use of the Systems is legitimate and in accordance with this Policy;
  • to find lost messages or to retrieve messages lost due to computer failure;
  • to assist in the investigation of suspected or actual wrongful acts; or
  • to comply with any legal obligation, such as requests for personal information, litigation or regulatory enquiry or investigations and for the University to be able to obtain legal advice and/or to bring or defend legal proceedings.

11.7 E-mail filters have been put in place to monitor e-mail messages for viruses, spam and general compliance with this Policy.

11.8 The University reserves the right to monitor Internet and e-mail traffic data (including domain names of websites visited, duration of visits, details of any blocked sites visited, and details of files downloaded from the Internet) at a network level (but covering both personal and business use) in accordance with this Policy. Each User of the Systems must be aware that the effect of such monitoring or e-mail access may be to reveal certain personal data (including sensitive personal data) about that User as an identifiable individual. For example, a visit to a website relating to a political party or a religious group may indicate your political or religious beliefs. E-mail monitoring or access for business purposes may also identify the presence of personal e-mails containing sensitive personal data. By accessing websites of this type using the University IT systems, each User is providing consent to the University processing any sensitive personal data that may be revealed by monitoring or access for business purposes as described. Monitoring is carried out automatically and access to any recorded information is limited to a small number of IS staff and then under a strict set of guidelines

11.9 If in doubt, and you wish to preserve your personal privacy, do not use the University IT systems to access any such websites or send/receive personal e-mails.

12. CONSEQUENCES OF VIOLATION OF POLICY

12.1 Violations of this Policy will be documented and can lead to revocation of System privileges and/or disciplinary action up to and including termination of employment and/or termination of studies or other relationship with the University.

12.2 Additionally, the University may at its discretion seek legal remedies for damages incurred as a result of any violation. The University may also be required by law to report certain illegal activities to the proper enforcement agencies.

13. LIABILITY

13.1 Reasonable endeavours are made by the University to:

  • ensure that the systems are available as scheduled, and function correctly. No liability can be accepted by the University for any inability to use our systems, any reliance placed on any content displayed on University sites, or any loss of data or delay as a result of any System malfunction or failure.
  • ensure the integrity and security of information held on the System or in computer media. No liability can be accepted by the University as a result of data being lost or corrupted for any reason or if it is inappropriately accessed.

14. POINTS OF CONTACT

If you need assistance regarding the following topics related to Systems usage, you should initially contact the Service Desk, for additional assistance.

12th October 2015

The principal initial point for contact or enquiry about this Policy or related issues is the IT ServiceDesk

01952 815555

Cookies on the Harper Adams University website

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we'll assume that you are happy to receive all cookies on the website. However, you can change your cookie settings at any time.