This control procedure defines the University’s approach to acceptable use of our information systems and infrastructure, and directly supports the following policy statement from the Information Security System:
The University’s security policies and expectations for acceptable use will be communicated to all users to ensure that they understand their responsibilities. Information security training will be made available to all staff, and poor and inappropriate behaviour will be addressed.
This procedure is intended to be read and understood by all users accessing University information, IT systems, networks or software using any University or personally owned device. This includes social media, communication and interactive platforms including but not limited to WhatsApp, Facebook, Facebook Messenger, and Microsoft Teams.
Users are bound by the laws of England and Wales when using the University’s IT resources. In addition, when using University devices or accessing the University’s network from abroad, users must also adhere to the laws of that country.
It is the user’s responsibility to ensure his or her activities comply with these laws.
Acceptable use is defined as any use that supports the University’s teaching, learning, research, consultancy and administrative activities, and does not meet the definition of Prohibited Use.
Prohibited use includes but is not limited to activity that:
Specifically, users are prohibited from:
Occasionally use of University IT systems is required for University‐related activities such as security sensitive research that may otherwise meet the definition of prohibited use. In this case prior, explicit approval through the University’s official processes for dealing with academic, ethical issues is required. Please contact the Information Services team for further information.
The University recognise that users may make personal use of University systems, including email and the Internet. Personal use should be reasonable and not excessive, ensuring that it does not interfere with IT resources, business requirements or any other University or legislative requirement.
It is not recommended that users store or share their own sensitive data for personal use on University systems as the University cannot guarantee the confidentiality, integrity or availability of this information.
The University reserves the right to withdraw access to IT resources for personal use at any time and may remove or modify information (including personal data) held on its IT resources.
The University may log all forms of IT use. Monitoring systems is necessary for administrators to identify and investigate technical or security related problems, and also provides an audit log in the event of misconduct or criminal investigations.
The University also reserves the right to inspect any items of computer equipment connected to the network. Any IT equipment connected to the University’s network will be removed if it is deemed to be breaching University policy or otherwise interfering with the operation of the network.
The University may need to access or suspend any user’s account for business purposes. Action will only be taken where it has been authorised by a suitable HR representative, or where the Information Security team have identified an immediate threat to University information.
Upon leaving the University it is expected that users:
Failure to comply with this procedure could result in action in line with the University’s Disciplinary Procedure or Capability Procedure.
Any prohibited use which is deemed to be in contravention of the law and/or which involves the intentional access, creation, storage or transmission of material which may be considered indecent or obscene will be regarded as an act of gross misconduct on the part of staff which could result in dismissal. This would also qualify as an act for which students may be expelled under the student disciplinary procedure.
Compliance checks will be undertaken by the University’s governance functions from time to time.
This control procedure needs to be understood in the context of the other policies and procedures constituting the University’s Information Security Management System, in addition to others not limited to those that relate to professional conduct and behaviours of staff and students when representing or undertaking any University activities, including the use of communications platforms.
A review of this policy will be undertaken by the Information Services team annually or more frequently as required, and will be approved by the University Executive.
Last updated: August 2022
The principal initial point for contact or enquiry about this Policy or related issues is the IT ServiceDesk