Вы находитесь на странице: 1из 6

StandardOperatingProcedure

Title:

AcceptableUseofITFacilitiesandServicesProcedureforStaff

Version:

1.3

Summary:

DescribestheacceptableuseofITFacilitiesandServicesbystaff

EffectiveDate

June2013

Whenusingthisdocumentpleaseensurethattheversionyouareusingisthemostuptodateby
checkingontheUniversitysonlinedocumentsystemhttp://documents.manchester.ac.uk/list.aspxfor
anynewversions.

1
Background

Thisstandardoperatingprocedure(procedure)supportstheUniversitysAcceptableUseofITFacilities
andServicesPolicy(Policy)andRegulationXV.Thereisaseparateprocedureforstudents.

2
Definitionsandscope

UniversityITfacilitiesandservicesincludeall:
physicalorvirtualcomputers,whetherservers,desktops,terminalsormobiledevices;
peripheralssuchasmonitors,keyboardsandprinters;
computernetworks,includingwirelessandtelecommunicationsnetworks;
softwareanddataonUniversityITfacilities;and
computerbasedinformationsystemsprovidedforanypurpose(UniversityITfacilities).

ThisprocedureappliestoallUniversityITfacilities,whethertheyarelocatedonUniversitypremisesor
elsewhereandregardlessofthesourceoffundsusedtoprocuresuchfacilitiesorservices.

WheremorespecificconstraintsontheuseofUniversityITfacilitieshavebeenspecifiedbytheUniversity
(suchasComputerClusterRegulations),themorerestrictiverequirementsmustbeobserved.

Theprocedureappliestoallmembersofstaff,aswellasindividualsconductingworkatorforthe
Universityand/oritssubsidiaries,whoaredulyauthorisedtohaveaccesstoUniversityITfacilities(staff).
Thisincludestemporary,honorary,visiting,casual,voluntary,agencyworkersandsuppliers(thislistisnot
intendedtobeexhaustive).

3
Purpose

ThisproceduredefineswhatisacceptableandwhatisunacceptablewhenusingtheUniversitysIT
facilities,whethersuchUniversityITfacilitiesareownedand/orprovidedbytheUniversity,andthe
responsibilitiesofstaffincomplyingwithit.

4
Consequencesofnoncompliancewiththisprocedure

CompliancewiththisprocedureismandatoryandnoncompliancemustbereportedtotheDirectorofIT
whowilldeterminetheactiontobetaken.

StaffmustnotethatanybreachesofthisproceduremaybetreatedasmisconductundertheUniversitys
relevantdisciplinaryproceduresandcouldleadtodisciplinaryaction.Seriousbreachesofthisprocedure
mayconstitutegrossmisconductandleadtosummarydismissal.Anybreachesofthisproceduremaylead
toremovalofaccesstoUniversityITfacilitiesand/orfines.

DirectorateofITServices
DirectorateofHumanResources
July2013
Page1of6


Staffwhosuspectmisusemustraisetheirconcerns,inconfidence,withamemberoftheHumanResources
team.

5
Procedure

5.1
Responsibilities

TheDirectorofITandtheDirectorofHumanResourcesareresponsiblefordefining,reviewingand
publishingthisprocedureandforprovidingguidance,adviceandtraininginsupportofit.

HeadsofSchoolandDirectorsareresponsibleforensuringthatallstaffwithintheirareaactinaccordance
withthisprocedure.

EachandeverymemberofstaffisresponsibleforensuringthattheiruseofUniversityITfacilitiesis
acceptableandisaccountableforallactionsundertakenusingtheirUniversitycredentials(usernameand
password).

5.2 Acceptableuse

UniversityITfacilitiesareprovidedtostaffforconductingUniversitybusiness.

ReasonablepersonaluseofUniversityITfacilitiesbystaff(i.e.usenotrelatedtotheirjobroleorUniversity
activities)ispermitted,providedthisdoesnotinterfere,eitherbyitstimingorextent,withtheavailability
ofUniversityITfacilitiesforteaching,researchoradministrativepurposesortheperformanceofthe
memberofstaffsduties,andmustbelimitedtoscheduledbreaksoroutsideofthenormalworkingday
whereverpossible.Furtherrestrictionsmaybeputinplaceinpublicareas,forexampleinareceptionarea.

TheUniversityhasnoliabilityforanypersonallossordamagesufferedbyamemberofstaffthrough
personaluseofUniversityITfacilities,forexamplethetheftofcreditcarddatausedonline.TheUniversity
doesnotprovideanyguaranteesregardingtheprivacyorsecurityofsuchpersonaluse;forexample,the
Universitymayrequireaccesstodatainaccordancewithsection6below.

5.3
Unacceptableuse

Allunlawfulactivitycarriedouton,throughorbyusingUniversityITfacilitiesisunacceptable.Unacceptable
useofUniversityITfacilitiesincludesthefollowingactivities,someofwhichmaybeunlawfulincertain
circumstances:

5.3.1 thecreation,download,use,storage,transmission,disseminationordisplayofanymaterialwhich:
comprisesorcontainsoffensive,obsceneorindecentimages,dataorothermaterial;
Furthermore,creatingordownloadingorusingortransmittingordisseminatingordisplaying
certainimagesisacriminaloffenceandthepolicewillbeinformedwherethereisanyevidence
ofsuchactivity;
isaformofharassmentorbullying,orisdesigned,orlikely,tobethreateningand/orabusive,
includingthroughtheuseofemailorsocialmedia;
isdefamatoryand/orlibellous;and/or
unlawfullydiscriminates,orencouragesunlawfuldiscrimination,onthegroundsofage,
disability,sex,genderreassignment,pregnancy,maternity,race(whichincludescolour,
nationalityandethnicornationalorigins),sexualorientation,religionandbelief,orbecause
someoneismarriedorinacivilpartnership;

5.3.2 activitieswithanyofthefollowingcharacteristics:
deliberatelywastingstafftimeorITresources;
DirectorateofITServices
DirectorateofHumanResources
July2013
Page2of6

corruptingordestroyingotherusersdataorviolatingtheirprivacythroughuseofUniversityIT
facilities;
usingtheUniversityITfacilitiesinawaythatdeniesservicetootherusers(forexample
overloadingnetworkcapacity);
theintroductionofmalware(suchasviruses)and/orpassworddetectingsoftware;
hackingactivities;
disguising,orattemptingtodisguise,theidentityofthesender/originofanelectronic
communication;and/or
usingUniversityITfacilitiestomisrepresentanyviewsand/oropinionsheldpersonallybythe
userastheviewsand/oropinionsoftheUniversity,unlesstheuserisexplicitlyauthorisedtodo
so;

5.3.3

5.3.4

5.3.5

5.3.6

5.3.7

thetransmissionofcommunicationscontainingcommercialorpromotionalmaterialwhichdonot
makeprovisionforrecipientstooptoutofreceivingsuchcommunications;
unauthoriseddisclosureofsensitiveorconfidentialinformationobtainedfrom,ordisseminated
throughtheuseof,UniversityITfacilities;
useofpersonaldata,throughtheuseofUniversityITfacilities,inbreachoftheDataProtectionAct
1998;
usingUniversityITfacilitiestoundertakeactionswhichunderminethesecuritycontrolsor
procedureswhichhavebeenimplementedtoprotectsystemsanddata,forexample,sharing
passwords,storingunencryptedpersonidentifyingdataonnonUniversityITfacilitiesandfailingto
adheretosoftwaredevelopmentstandards;
accessingorusingUniversitydatawhichisnotrequiredbythememberofstaffinordertoperform
theirduties.Theabilitytoaccessdataoverandabovethatrequireddoesnotconferpermissionto
useit;

5.3.8 usingUniversityITfacilitiestocreate,download,use,transmit,disseminateand/ordisplaymaterial,
includingsoftware,whichwouldresultincopyrightinfringement.Staffmustensurethattheydo
notbreachcopyrightlawsandmustnotcreate,download,use,transmit,disseminateand/or
displayanymaterialwhichissubjecttocopyrightwithouttheappropriatepermission(s);

5.3.9 theinstallation,andconsequentuse,ofsoftwareonUniversityprovidedequipmentunlessthe
softwareisproperlylicensedtotheUniversityorisfreelydistributed,e.g.AcrobatReader.Ifin
doubt,staffmustspeaktoamemberofITservices;

5.3.10 theconnectionofITequipmentnotowned,leased,hiredorotherwiseprovidedbytheUniversity
(forexampletheconnectionofportableorprivatelyownedequipment)unlessconnectedin
accordancewiththeproceduresprescribedbyITServices;

5.3.11 theuseofUniversityITfacilitiesforunapprovedcommercialpurposesoutsidethescopeofofficial
dutiesorfunctions;and/or

5.3.12theuseofUniversityITfacilitiestostoreand/ortransmitcreditcarddata,includingbutnotlimited
tothecreditcarddataofUniversitycustomers,studentsorotherindividualsororganisations,
unlesstheDirectorofFinanceandDirectorofIThaveauthorisedappropriateandsecureITfacilities
tobeusedspecificallyforthispurpose.Fortheavoidanceofdoubt,email,MicrosoftOffice,pdf
documentsandimages,paperrecords,photocopiesandfaxarenotacceptablemethodstostore
and/ortransmitcreditcarddata.

DirectorateofITServices
DirectorateofHumanResources
July2013
Page3of6

5.4
Exceptions

WhereuseofUniversityITfacilitiesforwhatwouldbeconsideredunacceptableuseunderthisprocedureis
requiredforUniversityrelatedbusiness(suchaslawfulresearch),theusermustseekthepriorwritten
permissionoftheDirectorofIT.

5.5
UseofTelephones

Universitytelephonesmustnotbeusedformakingpersonalcallsexceptinemergenciesorurgent
situations.

Theuseofpersonalmobilephonestocall,text,tweet,accessemails,orforanyotherpurpose,mustnot
interfere,eitherbyitstimingorextent,withtheperformanceofthestaffmembersdutiesandmustbe
limitedtoscheduledbreaksandoutsideofthenormalworkingdaywhereverpossible.
Schools/departmentsmayhavelocalarrangementswhichrequirestafftoswitchoffpersonalmobile
phonesduringworkinghours.
6 Monitoringcompliance

TheDirectorofITwillreportonthisproceduretotheInformationSystemsSubCommitteeofthePlanning
andResourcesCommittee.

NomemberofstaffispermittedasamatterofroutinetomonitoranindividualsuseofUniversityIT
facilities.However,wheretherearereasonablegroundstosuspectaninstanceofunacceptableuse,misuse
orabuseofanyUniversityITfacilities,orwherealegitimaterequestismadebythepoliceorother
authority,theDirectorofHRandDirectorofIT,ortheirauthoriseddeputies,maygrantpermissionforthe
monitoringorinvestigationofamemberofstaffsuseofUniversityITfacilitiesincludingemailandthe
internet(forexample,useofsocialmediawebsites),inaccordancewiththeUniversitysStandard
OperatingProcedureforaccessingandmonitoringUniversityITaccountholdercommunicationsanddata
(MonitoringSOP).Theremaybeothercircumstanceswheremonitoringisappropriateandthiswillbe
doneinaccordancewiththeMonitoringSOP.

Examplesmightincludemonitoringwhereanemployeeissuspectedofspendinganexcessiveamountof
timeusingUniversityITfacilitiesfornonworkuse,e.g.:
telephonesmonitoringthedestinationandlengthofoutgoingcallsandthesourceandlengthofin
comingcalls.Thiswouldnotnormallyinvolvethesurveillanceofcalls,butincertainrare
circumstances,wheretherearereasonablegroundstosuspectseriousmisconduct,theUniversity
reservestherighttorecordcalls;
emailmonitoringthedestination,sourceandcontentofemailtoandfromaparticularaddress;
internetmonitoringitsusage,e.g.,viewingwebsitesthatarenotworkrelated,viewinginappropriate
websites;and/or
socialmediamonitoringitsusage,includingcontentwherethememberofstaffisrepresentingthe
University.
7
Reviewofprocedure

Thisprocedurewillbereviewedatleasteverytwoyearsorwhentherearesignificantchangestoit.

DirectorateofITServices
DirectorateofHumanResources
July2013
Page4of6


8
Contactlistforqueriesrelatedtothisprocedure

Name
Telephone
Role
HRPolicy
KarenScoresby
01613065753
Development
Manager
ITRiskManager
MikeVale
01612757840
InformationSecurity BarbaraFrost
01612752122
Manager

Email
Karen.Scoresby@manchester.ac.uk

Mike.Vale@manchester.ac.uk
Barbara.Frost@manchester.ac.uk

DirectorateofITServices
DirectorateofHumanResources
July2013
Page5of6


Documentcontrolbox
Proceduretitle:
AcceptableUseofITFacilitiesandServicesProcedureforStaff
Dateapproved:
June2013
Approvingbody:
ISSubCommitteeandHRSubCommitteeofPRC
Version:
1.3
Supersedes:
ITServicesComputerUsagePolicy,January2008
TelephoneEmail&InternetUseatWorkPolicy,January2005.
Previousreview

dates:
Nextreviewdate:
June2015
RelatedStatutes,
OrdinanceXIVIntellectualPropertyRights(IPR),DataProtectionandthe
Ordinances,
UseofInformationSystems
General
UniversityGeneralRegulationXVUseofInformationSystem
Regulations:
Relatedpolicies:
AcceptableUsePolicy:
http://documents.manchester.ac.uk/DocuInfo.aspx?DocID=16277
InformationSecurityPolicy
http://documents.manchester.ac.uk/DocuInfo.aspx?DocID=6525
DataProtectionPolicy
http://documents.manchester.ac.uk/DocuInfo.aspx?DocID=14914
DignityatWorkandStudyPolicy
http://documents.manchester.ac.uk/DocuInfo.aspx?DocID=2753
Related
AcceptableUseofITFacilitiesandServicesProcedureforStudents:
procedures:
http://documents.manchester.ac.uk/DocuInfo.aspx?DocID=16220
SOPAuthoritytoaccessandmonitorUniversityITaccountholder
communicationsanddata:
http://documents.manchester.ac.uk/display.aspx?DocID=16278
Relatedguidance

andor
codesofpractice:
Related

information:
Procedureowner: DirectorofITandDirectorofHR

Versionamendmenthistory
Version
Date
Reasonforchange
1.0
June2013 Creation
1.1
July2013 Amendmenttopara6pendingcompletionofthemonitoringSOP
1.2
Dec2014 Changeofjobtitles;amendmenttopara6followingcompletionofthe
monitoringSOP;updatedlinks
1.3
Mar2015 Added5.3.12

DirectorateofITServices
DirectorateofHumanResources
July2013
Page6of6

Вам также может понравиться