Introduction
This Acceptable Use Policy (AUP)
covers the use of the ICT
facilities within and provided by the National Science Learning Centre
(NSLC). They are in place to ensure that all users have reasonable
access to the facilities, that their use is within relevant legislation
and that all users and providers of the facilities understand and
satisfy the responsibilities they bear.
This document gives specific
guidance on the acceptable use of
ICT
facilities and the possible consequences of any misuse. It is not a
complete statement of the current law.
This AUP covers all staff, course
tutors, delegates and
associates
using the ICT facilities of the NSLC, or other equipment connected to
the NSLC's Network (including connections via a VPN service). In
general the NSLC will treat misuse of the ICT facilities as a breach of
its own regulations and take suitable disciplinary action, whether or
not it is a matter for the criminal courts.
Non-members of the NSLC (e.g.
conference guests, visitors or
employees of organisations using the NSLC Network) must agree to this
AUP as a condition of being allowed access to the NSLC Network.
It must be understood that ICT
facilities cannot be designed
to
prevent every form of misbehaviour and it is therefore unsafe to assume
that because something is possible it is necessarily permitted (for
example, the ability to view an illegal website does not affect the
fact that this action is against the law).
Any questions about this policy
should be directed to the
Infrastructure Co-ordinator in the first instance.
Definitions
The NSLC and the Centre
All refer to the National Science
Learning Centre.
The Network, NSLC Network or Network
service
Refers to all network facilities
provided by the NSLC
(including
internal connectivity and access to external networks such as JANET and
guestNet).
ICT Facilities
The Information &
Communications Technology (ICT)
Facilities are
the computers, printers, scanners, cameras, telephones and like devices
used for the creation, storage, transmission and manipulation of
information, and all infrastructure needed in their support (switches,
network fabric, etc).
guestNet
Refers to the wired and wireless
network provide by the
National
Science Learning Centre for use event attendees. It is denoted by the
wireless SSID "guestNet" and explicitly labeled ethernet data sockets.
General Guidance
Users are expected to use the NSLC's
ICT facilities for NSLC
course
or work related activities. Limited personal use is allowed provided
that it does not prevent others from pursuing their legitimate work or
interfere with the user's own work. A user's line manager or director
can provide guidance on what is reasonable. Personal use in a user's
own time will normally be acceptable providing it complies with this
AUP.
The NSLC accepts no liability for
any loss or damage caused by
personal use of the network (e.g. for Internet Banking).
Users must abide by the JANET
Acceptable Use Policy at all
times http://www.ja.net/documents/publications/policy/aup.pdf.
Where applicable, users must also abide by the University of York's
regulations for the use of Computing Facilities http://www.york.ac.uk/admin/aso/ordreg/r11.htm.
Network equipment (e.g. computers,
laptops, wireless
equipment,
hubs, switches etc.) may only be connected to the network with specific
authorisation from the Infrastructure Team. The exception to this rule
is the guestNet service to which any individual may connect their
personal computer or laptop provided they have been assigned the
appropriate credentials by a member of NSLC staff of an event
organiser. Connecting equipment, even if not owned by the NSLC, to the
NSLC's network, grants the NSLC authority to require access to that
system if necessary to investigate a breach of policy.
Many computers within the NSLC have
a virus protection system
installed. Users must not interfere with the operation of this system.
The Infrastructure Team must be notified if a system is infected.
Privacy
The NSLC reserves the right for an
appointed person, or
persons, to
copy and examine any files or information resident on NSLC systems. The
NSLC also reserves the right for appointed personnel to monitor network
traffic at any time for purposes of network maintenance or security.
In all cases, access to personal
data (files, email, desktop
etc.)
will comply with the requirements of the Data Protection Act 1998, the
Human Rights Act 1998 and the Regulation of Investigatory Powers Act
2000 - in particular, only authorised staff may take such actions and
only when authorised by a suitable person or by the user concerned.
Abuse of such authority will be a serious disciplinary offence.
The NSLC retains logs of all web
browsing and email traffic
(but not
the contents). These logs will be kept confidential except as
authorised under the RIP Act. However summaries containing no personal
information may be distributed for operational purposes.
Management of Accounts and Data
Access to the NSLC's ICT facilities
will normally be withdrawn
at
the end of each course period (in the case of delegates) or when a user
ceases to be a member of the NSLC. Any files left at that time may be
removed without notice.
Use of ICT facilities is conditional
on prior registration
with, and
granting of access rights by, the Infrastructure Team unless certain
facilities are specifically exempted from the need for registration.
Such an allocation is made on the understanding that the resource will
be used only for the purpose for which it was requested, e.g. an
interactive kiosk may be used to browse the Science Learning Centres
Portal without first authenticating.
Each user is responsible for all
accounts registered in their
name
and for all actions conducted when logged in as that account. Where a
shared account is appropriate a nominated person will be considered
responsible for the account.
Passwords for personal or delegate
accounts must not be
disclosed.
If it is suspected that a password has been discovered by another
person it must be reported to the Infrastructure Team immediately.
Passwords for shared accounts must only be given to users authorised to
use that account. If an authentication method other than passwords is
used it should be protected in the same manner.
A user issued with accounts other
than their main one is
responsible
for ensuring that these accounts are not misused and are removed when
no longer needed.
It is the responsibility of the user
to ensure that the data
in
their account(s) is protected. Reasonable precautions will be taken to
ensure the reliability of the NSLC servers, but no guarantee of the
correct functioning of program or equipment is given.
Data Protection and Copyright
Users may not create, access or
transmit material in such a
way as
to infringe a copyright, moral right, trademark or other intellectual
property right.
Software and computer-readable
datasets made available on the
NSLC
network may only be used subject to the relevant licensing conditions
and, where applicable, to the Code of Conduct published by the Combined
Higher Education Software Team (CHEST).
Users shall treat as confidential
any information that may
become
available to them through the use of such facilities and which is not
on the face of it intended for unrestricted dissemination; such
information shall not be copied, modified, disseminated, or used either
in whole or in part without the permission of the person or body
entitled to give it.
Participation in distributed
file-sharing networks is not
permitted except where agreed in advance with the Infrastructure Team.
No user may use ICT facilities to
hold or process data
relating to a
living individual save in accordance with the provisions of current
data protection legislation (which in most cases will require the prior
consent of the individual or individuals whose data is to be
processed). Any person wishing to use ICT facilities for such
processing is required to discuss their requirements with the
Infrastructure Team.
Computer Misuse
Users shall not by any wilful,
deliberate, reckless, negligent
or
unlawful act interfere with the work of another user or jeopardize the
integrity of data networks, computing equipment, systems, programs, or
other stored information.
Gaining or attempting to gain
unauthorised access to any
facility or
service within or outside the NSLC, or making any attempt to disrupt or
impair such a service, is not permitted.
The scanning of another machine to
determine which services or
software is running or installed is regarded as a hostile action. Such
scanning is therefore prohibited, whether the target machine is on the
NSLC network or elsewhere, unless specifically authorised by the
Infrastructure Team.
Network sniffing (the viewing of
network traffic not directed
at the
equipment used to listen) is not allowed on the network without
explicit permission from the Infrastructure Team.
Users may not undertake (either
deliberately or recklessly)
activities which may result in the following:
- the waste of staff effort or
network resources, including
time on any system accessible via the NSLC's network;
- the corruption or disruption of
other users' data;
- the violation of the privacy of
other users;
- the disruption of the work of
other users;
- the introduction or transmission
of a virus into the
network;
Obscene and Offensive Material
The following actions are all
prohibited:
- the creation, transmission,
storage, downloading or display
of
any offensive, obscene, indecent, or menacing images, data or other
material, or any data capable of being resolved into such images or
material;
- the creation or transmission of
material which is designed
or
likely to cause annoyance, inconvenience or needless anxiety, or to
harass another person;
- the creation or transmission of
defamatory material about
any individual or organisation;
The NSLC reserves the right to
filter or block any material
deemed to be in breach of this AUP.
Electronic Mail
The owner of an account is
responsible for all messages sent
using that account.
Users wishing to send an email that
includes information that
should
not be disclosed to anyone other than the intended recipients should
make this clear in the message. This should be done in a short
paragraph at the start of the message.
If the content of the email contains
copyright material,
sections
that should not be passed onto others or statements that are personal
and do not represent the views of the NSLC then this must be made clear
in the message.
Email and any other files stored on
NSLC systems may be used
as
evidence in a court or industrial tribunal. Information contained in
emails created or received by staff as part of their job/contract of
employment may also be disclosable under the Environmental Information
Regulations 2004 or the subject access provisions of the Data
Protection Act 1998. The NSLC may be required to give over all relevant
files/emails as evidence or information contained in emails/file stores
in response to a request where the account holder is unable to provide
access to the information themselves. For this or other reasons it may
be necessary for an authorised member of staff to search a user's email
account; this may include messages deleted from the system but held on
backup tapes.
Users must not send offensive or
abusive email or propagate
chain
mail. Statements made in email messages are considered to be "in
permanent form" for the purposes of the Defamation Act 1996 and so the
sender or the NSLC or both could be held responsible for any libellous
statements made in an email.
It is recommended that staff keep
their NSLC email account for
work
related emails only and open another (external) account for personal
use.
It is not permitted to send any
email that does not correctly
identify the sender of that email or attempts to disguise the identity
of the computer from which it was sent.
The transmission, without proper
authorisation, of email to a
large
number of recipients, unless those recipients have indicated their
positive and informed consent to receiving such email, or the sending
or forwarding of email which is intended to encourage the propagation
of copies of itself is prohibited.
Software
Much software (and many databases
and datasets) is only
licensed for
use on the systems upon which it is installed. Unauthorised copying of
such items is commonly known as "piracy" and is an offence under the
Copyright, Designs and Patents Act 1988.
No attempt should be made to copy
software or
databases/datasets
from NSLC or other computer systems unless written authority to do so
has been obtained from the owner of the information.
Some software is freely
distributable and in this case copies
may be
taken for personal use without authorisation. However, users are
advised to investigate carefully and abide by the terms under which
such copying is allowed.
The NSLC does not take
responsibility for any consequent
damage or
liability incurred by the copying, installation or running of any
software or datasets.
Software obtained from the NSLC for
use offsite must be used
subject
to the proper procedures as set out in the relevant licence. The NSLC
subscribes to the CHEST Code of Conduct for the use of Computer
Software or Datasets in Higher Education. Breaches of the Code shall be
deemed to be breaches of the NSLC Regulations.
Suspected Breaches of the
Regulations
Minor infringements of the
regulations will be addressed by
the
course tutor (for delegates) or the line manager or Infrastructure
Coordinator (for staff and associates). For serious offences
proceedings may be initiated under either or both of the NSLC
disciplinary procedure and any appropriate legislation.
Equipment may be disconnected from
the NSLC Network without
notice
to maintain the Network service, to prevent damage to the Network or
any Network Service or if a breach this AUP is suspected.
Top
|