Академический Документы
Профессиональный Документы
Культура Документы
Title:
AcceptableUseofITFacilitiesandServicesProcedureforStaff
Version:
1.3
Summary:
DescribestheacceptableuseofITFacilitiesandServicesbystaff
EffectiveDate
June2013
Whenusingthisdocumentpleaseensurethattheversionyouareusingisthemostuptodateby
checkingontheUniversitysonlinedocumentsystemhttp://documents.manchester.ac.uk/list.aspxfor
anynewversions.
1
Background
Thisstandardoperatingprocedure(procedure)supportstheUniversitysAcceptableUseofITFacilities
andServicesPolicy(Policy)andRegulationXV.Thereisaseparateprocedureforstudents.
2
Definitionsandscope
UniversityITfacilitiesandservicesincludeall:
physicalorvirtualcomputers,whetherservers,desktops,terminalsormobiledevices;
peripheralssuchasmonitors,keyboardsandprinters;
computernetworks,includingwirelessandtelecommunicationsnetworks;
softwareanddataonUniversityITfacilities;and
computerbasedinformationsystemsprovidedforanypurpose(UniversityITfacilities).
ThisprocedureappliestoallUniversityITfacilities,whethertheyarelocatedonUniversitypremisesor
elsewhereandregardlessofthesourceoffundsusedtoprocuresuchfacilitiesorservices.
WheremorespecificconstraintsontheuseofUniversityITfacilitieshavebeenspecifiedbytheUniversity
(suchasComputerClusterRegulations),themorerestrictiverequirementsmustbeobserved.
Theprocedureappliestoallmembersofstaff,aswellasindividualsconductingworkatorforthe
Universityand/oritssubsidiaries,whoaredulyauthorisedtohaveaccesstoUniversityITfacilities(staff).
Thisincludestemporary,honorary,visiting,casual,voluntary,agencyworkersandsuppliers(thislistisnot
intendedtobeexhaustive).
3
Purpose
ThisproceduredefineswhatisacceptableandwhatisunacceptablewhenusingtheUniversitysIT
facilities,whethersuchUniversityITfacilitiesareownedand/orprovidedbytheUniversity,andthe
responsibilitiesofstaffincomplyingwithit.
4
Consequencesofnoncompliancewiththisprocedure
CompliancewiththisprocedureismandatoryandnoncompliancemustbereportedtotheDirectorofIT
whowilldeterminetheactiontobetaken.
StaffmustnotethatanybreachesofthisproceduremaybetreatedasmisconductundertheUniversitys
relevantdisciplinaryproceduresandcouldleadtodisciplinaryaction.Seriousbreachesofthisprocedure
mayconstitutegrossmisconductandleadtosummarydismissal.Anybreachesofthisproceduremaylead
toremovalofaccesstoUniversityITfacilitiesand/orfines.
DirectorateofITServices
DirectorateofHumanResources
July2013
Page1of6
Staffwhosuspectmisusemustraisetheirconcerns,inconfidence,withamemberoftheHumanResources
team.
5
Procedure
5.1
Responsibilities
TheDirectorofITandtheDirectorofHumanResourcesareresponsiblefordefining,reviewingand
publishingthisprocedureandforprovidingguidance,adviceandtraininginsupportofit.
HeadsofSchoolandDirectorsareresponsibleforensuringthatallstaffwithintheirareaactinaccordance
withthisprocedure.
EachandeverymemberofstaffisresponsibleforensuringthattheiruseofUniversityITfacilitiesis
acceptableandisaccountableforallactionsundertakenusingtheirUniversitycredentials(usernameand
password).
5.2 Acceptableuse
UniversityITfacilitiesareprovidedtostaffforconductingUniversitybusiness.
ReasonablepersonaluseofUniversityITfacilitiesbystaff(i.e.usenotrelatedtotheirjobroleorUniversity
activities)ispermitted,providedthisdoesnotinterfere,eitherbyitstimingorextent,withtheavailability
ofUniversityITfacilitiesforteaching,researchoradministrativepurposesortheperformanceofthe
memberofstaffsduties,andmustbelimitedtoscheduledbreaksoroutsideofthenormalworkingday
whereverpossible.Furtherrestrictionsmaybeputinplaceinpublicareas,forexampleinareceptionarea.
TheUniversityhasnoliabilityforanypersonallossordamagesufferedbyamemberofstaffthrough
personaluseofUniversityITfacilities,forexamplethetheftofcreditcarddatausedonline.TheUniversity
doesnotprovideanyguaranteesregardingtheprivacyorsecurityofsuchpersonaluse;forexample,the
Universitymayrequireaccesstodatainaccordancewithsection6below.
5.3
Unacceptableuse
Allunlawfulactivitycarriedouton,throughorbyusingUniversityITfacilitiesisunacceptable.Unacceptable
useofUniversityITfacilitiesincludesthefollowingactivities,someofwhichmaybeunlawfulincertain
circumstances:
5.3.1 thecreation,download,use,storage,transmission,disseminationordisplayofanymaterialwhich:
comprisesorcontainsoffensive,obsceneorindecentimages,dataorothermaterial;
Furthermore,creatingordownloadingorusingortransmittingordisseminatingordisplaying
certainimagesisacriminaloffenceandthepolicewillbeinformedwherethereisanyevidence
ofsuchactivity;
isaformofharassmentorbullying,orisdesigned,orlikely,tobethreateningand/orabusive,
includingthroughtheuseofemailorsocialmedia;
isdefamatoryand/orlibellous;and/or
unlawfullydiscriminates,orencouragesunlawfuldiscrimination,onthegroundsofage,
disability,sex,genderreassignment,pregnancy,maternity,race(whichincludescolour,
nationalityandethnicornationalorigins),sexualorientation,religionandbelief,orbecause
someoneismarriedorinacivilpartnership;
5.3.2 activitieswithanyofthefollowingcharacteristics:
deliberatelywastingstafftimeorITresources;
DirectorateofITServices
DirectorateofHumanResources
July2013
Page2of6
corruptingordestroyingotherusersdataorviolatingtheirprivacythroughuseofUniversityIT
facilities;
usingtheUniversityITfacilitiesinawaythatdeniesservicetootherusers(forexample
overloadingnetworkcapacity);
theintroductionofmalware(suchasviruses)and/orpassworddetectingsoftware;
hackingactivities;
disguising,orattemptingtodisguise,theidentityofthesender/originofanelectronic
communication;and/or
usingUniversityITfacilitiestomisrepresentanyviewsand/oropinionsheldpersonallybythe
userastheviewsand/oropinionsoftheUniversity,unlesstheuserisexplicitlyauthorisedtodo
so;
5.3.3
5.3.4
5.3.5
5.3.6
5.3.7
thetransmissionofcommunicationscontainingcommercialorpromotionalmaterialwhichdonot
makeprovisionforrecipientstooptoutofreceivingsuchcommunications;
unauthoriseddisclosureofsensitiveorconfidentialinformationobtainedfrom,ordisseminated
throughtheuseof,UniversityITfacilities;
useofpersonaldata,throughtheuseofUniversityITfacilities,inbreachoftheDataProtectionAct
1998;
usingUniversityITfacilitiestoundertakeactionswhichunderminethesecuritycontrolsor
procedureswhichhavebeenimplementedtoprotectsystemsanddata,forexample,sharing
passwords,storingunencryptedpersonidentifyingdataonnonUniversityITfacilitiesandfailingto
adheretosoftwaredevelopmentstandards;
accessingorusingUniversitydatawhichisnotrequiredbythememberofstaffinordertoperform
theirduties.Theabilitytoaccessdataoverandabovethatrequireddoesnotconferpermissionto
useit;
5.3.8 usingUniversityITfacilitiestocreate,download,use,transmit,disseminateand/ordisplaymaterial,
includingsoftware,whichwouldresultincopyrightinfringement.Staffmustensurethattheydo
notbreachcopyrightlawsandmustnotcreate,download,use,transmit,disseminateand/or
displayanymaterialwhichissubjecttocopyrightwithouttheappropriatepermission(s);
5.3.9 theinstallation,andconsequentuse,ofsoftwareonUniversityprovidedequipmentunlessthe
softwareisproperlylicensedtotheUniversityorisfreelydistributed,e.g.AcrobatReader.Ifin
doubt,staffmustspeaktoamemberofITservices;
5.3.10 theconnectionofITequipmentnotowned,leased,hiredorotherwiseprovidedbytheUniversity
(forexampletheconnectionofportableorprivatelyownedequipment)unlessconnectedin
accordancewiththeproceduresprescribedbyITServices;
5.3.11 theuseofUniversityITfacilitiesforunapprovedcommercialpurposesoutsidethescopeofofficial
dutiesorfunctions;and/or
5.3.12theuseofUniversityITfacilitiestostoreand/ortransmitcreditcarddata,includingbutnotlimited
tothecreditcarddataofUniversitycustomers,studentsorotherindividualsororganisations,
unlesstheDirectorofFinanceandDirectorofIThaveauthorisedappropriateandsecureITfacilities
tobeusedspecificallyforthispurpose.Fortheavoidanceofdoubt,email,MicrosoftOffice,pdf
documentsandimages,paperrecords,photocopiesandfaxarenotacceptablemethodstostore
and/ortransmitcreditcarddata.
DirectorateofITServices
DirectorateofHumanResources
July2013
Page3of6
5.4
Exceptions
WhereuseofUniversityITfacilitiesforwhatwouldbeconsideredunacceptableuseunderthisprocedureis
requiredforUniversityrelatedbusiness(suchaslawfulresearch),theusermustseekthepriorwritten
permissionoftheDirectorofIT.
5.5
UseofTelephones
Universitytelephonesmustnotbeusedformakingpersonalcallsexceptinemergenciesorurgent
situations.
Theuseofpersonalmobilephonestocall,text,tweet,accessemails,orforanyotherpurpose,mustnot
interfere,eitherbyitstimingorextent,withtheperformanceofthestaffmembersdutiesandmustbe
limitedtoscheduledbreaksandoutsideofthenormalworkingdaywhereverpossible.
Schools/departmentsmayhavelocalarrangementswhichrequirestafftoswitchoffpersonalmobile
phonesduringworkinghours.
6 Monitoringcompliance
TheDirectorofITwillreportonthisproceduretotheInformationSystemsSubCommitteeofthePlanning
andResourcesCommittee.
NomemberofstaffispermittedasamatterofroutinetomonitoranindividualsuseofUniversityIT
facilities.However,wheretherearereasonablegroundstosuspectaninstanceofunacceptableuse,misuse
orabuseofanyUniversityITfacilities,orwherealegitimaterequestismadebythepoliceorother
authority,theDirectorofHRandDirectorofIT,ortheirauthoriseddeputies,maygrantpermissionforthe
monitoringorinvestigationofamemberofstaffsuseofUniversityITfacilitiesincludingemailandthe
internet(forexample,useofsocialmediawebsites),inaccordancewiththeUniversitysStandard
OperatingProcedureforaccessingandmonitoringUniversityITaccountholdercommunicationsanddata
(MonitoringSOP).Theremaybeothercircumstanceswheremonitoringisappropriateandthiswillbe
doneinaccordancewiththeMonitoringSOP.
Examplesmightincludemonitoringwhereanemployeeissuspectedofspendinganexcessiveamountof
timeusingUniversityITfacilitiesfornonworkuse,e.g.:
telephonesmonitoringthedestinationandlengthofoutgoingcallsandthesourceandlengthofin
comingcalls.Thiswouldnotnormallyinvolvethesurveillanceofcalls,butincertainrare
circumstances,wheretherearereasonablegroundstosuspectseriousmisconduct,theUniversity
reservestherighttorecordcalls;
emailmonitoringthedestination,sourceandcontentofemailtoandfromaparticularaddress;
internetmonitoringitsusage,e.g.,viewingwebsitesthatarenotworkrelated,viewinginappropriate
websites;and/or
socialmediamonitoringitsusage,includingcontentwherethememberofstaffisrepresentingthe
University.
7
Reviewofprocedure
Thisprocedurewillbereviewedatleasteverytwoyearsorwhentherearesignificantchangestoit.
DirectorateofITServices
DirectorateofHumanResources
July2013
Page4of6
8
Contactlistforqueriesrelatedtothisprocedure
Name
Telephone
Role
HRPolicy
KarenScoresby
01613065753
Development
Manager
ITRiskManager
MikeVale
01612757840
InformationSecurity BarbaraFrost
01612752122
Manager
Email
Karen.Scoresby@manchester.ac.uk
Mike.Vale@manchester.ac.uk
Barbara.Frost@manchester.ac.uk
DirectorateofITServices
DirectorateofHumanResources
July2013
Page5of6
Documentcontrolbox
Proceduretitle:
AcceptableUseofITFacilitiesandServicesProcedureforStaff
Dateapproved:
June2013
Approvingbody:
ISSubCommitteeandHRSubCommitteeofPRC
Version:
1.3
Supersedes:
ITServicesComputerUsagePolicy,January2008
TelephoneEmail&InternetUseatWorkPolicy,January2005.
Previousreview
dates:
Nextreviewdate:
June2015
RelatedStatutes,
OrdinanceXIVIntellectualPropertyRights(IPR),DataProtectionandthe
Ordinances,
UseofInformationSystems
General
UniversityGeneralRegulationXVUseofInformationSystem
Regulations:
Relatedpolicies:
AcceptableUsePolicy:
http://documents.manchester.ac.uk/DocuInfo.aspx?DocID=16277
InformationSecurityPolicy
http://documents.manchester.ac.uk/DocuInfo.aspx?DocID=6525
DataProtectionPolicy
http://documents.manchester.ac.uk/DocuInfo.aspx?DocID=14914
DignityatWorkandStudyPolicy
http://documents.manchester.ac.uk/DocuInfo.aspx?DocID=2753
Related
AcceptableUseofITFacilitiesandServicesProcedureforStudents:
procedures:
http://documents.manchester.ac.uk/DocuInfo.aspx?DocID=16220
SOPAuthoritytoaccessandmonitorUniversityITaccountholder
communicationsanddata:
http://documents.manchester.ac.uk/display.aspx?DocID=16278
Relatedguidance
andor
codesofpractice:
Related
information:
Procedureowner: DirectorofITandDirectorofHR
Versionamendmenthistory
Version
Date
Reasonforchange
1.0
June2013 Creation
1.1
July2013 Amendmenttopara6pendingcompletionofthemonitoringSOP
1.2
Dec2014 Changeofjobtitles;amendmenttopara6followingcompletionofthe
monitoringSOP;updatedlinks
1.3
Mar2015 Added5.3.12
DirectorateofITServices
DirectorateofHumanResources
July2013
Page6of6