​Policy Number: QP1.12 ​
Revision Number:​
1 ​
Date of Issue:​ June 2007 ​
Status: ​ Approved ​
Date of Approval:​
 June 2009
Responsibility for Policy:​
 Director of ICT Services ​
Responsibility for Implementation: ​
 All Adam Smith College Staff and    Students ​
Responsibility for Review:​
 Director of ICT Services ​
Date of Last Revision:​ January 2009​
Date of Last Review:​ January 2009 ​
Date of Next Review:​ January 2012 ​

 

 

1.0 Purpose

The purpose of this policy is to set out the conditions of acceptable use of any and all computer and network related equipment and services  owned or used by or with the permission of the College. This provision is referred to in this document as "the System".

This policy is in place to:

  • protect the users of the System, the College and third parties, and…

  • to ensure that scarce resources (machines and bandwidth etc) are available when needed by authorised users of the system.

Inappropriate use of the System not only exposes the College to risks including the risk of being infected by a computer virus or other electronic threats, the risk that the security of the System and its services may be compromised and the risk that the College might attract legal liability, but also takes up scarce resources.

With the rapidly changing nature of electronic media, and the "netiquette" which is developing among users of external on-line services and the internet, this policy, whilst providing guidance regarding what is and is not acceptable use of the System by users, cannot lay down rules to cover every possible situation.  Instead, it expresses the College philosophy and sets forth general principles which should be clear to users in any given situation whether or not their intended use of the System would be deemed acceptable.

 

Return to top

2.0 Scope

This policy applies to all users accessing the System, including College employees, contractors or consultants appointed by the College, agency personnel, workers of any affiliates or any other third party, students of the College, and anyone else who makes use of the System.   This policy also applies to any use whatsoever made of any information technology equipment that is owned or leased by the College, whether such use takes place on College premises or elsewhere (e.g. Outreach centres) and whether or not directly or remotely connected to the System or its networks.

As the System is connected to the network for the education community within the UK (JANET), system users must comply with the current version of the JANET Connection and Acceptable use Policy, which is deemed to be incorporated herein. Many members of the College community will use electronic mail in their day-to-day activities associated with the College business.  This policy is designed to inform users of acceptable use and that users should ensure that their use of the System is consistent with other College policies.

All users of the System should be aware that legal responsibility for email and internet misuse rests with both the College and the individual User.  Under the law of defamation, the College may be liable to third parties as the publisher of defamatory or libellous material distributed by any user for whom the College is legally responsible.  It is for this reason, that the College has an interest in ensuring that the System is not misused or used inappropriately.

 

Return to top

3.0 The College Electronic Mail Service

The College email service which forms part of the System is provided subject to the following terms and conditions and its use may be withdrawn in the event of a breach of this policy.

The email service is provided to send and receive electronic mail via the Internet, using the College email service on the College Network for purposes relevant to users' work activities or course of study in order to communicate both outwith and within the College.

The College reserves the right to vary any limits associated with email storage areas in accordance with specific User requirements and where necessary will keep Users informed.  Such limits may be by reference to the physical amount of space available, the number of electronic mail messages held, the size of any attachments sent or any other method the College specifies.  The College reserves the right to refuse to accept material, which would exceed any storage limit, and/or to delete material, which exceeds the relevant storage limit. 

This service is provided to Users without charge as long as the service is accessed via the College network.  Remote access (e.g. from home) means that Users may incur charges whilst using the service for which they are solely liable.  Users should be aware that such use must still comply with the Network acceptable use policy. 

 Return to top

4.0 The College Data Storage Service

The College data storage service which forms part of the System is provided subject to the following terms and conditions and its use may be withdrawn in the event of a breach of this policy.

The College will provide Users with storage space for data in a format most appropriate to the delivery of ICT services and facilities. In addition Users may have access to discretionary collaborative areas for data which should be shared.

The College reserves the right to vary any limits associated with these storage areas in accordance with specific user requirements and where necessary will keep Users informed. Such limits may be by reference to the physical amount of space available or any other method the College specifies. The College reserves the right to refuse to accept material, which would exceed any storage limit, and/or to delete material, which exceeds the relevant storage limit.

This service is provided to Users without charge as long as the service is accessed via the College network. Remote access (e.g. from home) means that Users may incur charges whilst using the service for which they are solely liable.  Users should be aware that such use must still comply with the Network Acceptable Use Policy.

Return to top

5.0 Use of/Access to the Service

To use/access the service provided by Adam Smith College users are required to agree to abide by the terms and conditions set out herein as well as acceptance of all other associated policies in using the networks.  In so doing, users undertake to provide true, accurate, complete and current information about themselves and to notify the College of any changes timeously. Any breach of the terms and conditions set out herein or of any other associated policy may result in disciplinary action and/or the withdrawal of access to the System.

Return to top

6.0 User Conduct – Unacceptable Use of the System

6.1 Contractual Communications

Users should, at all times, exercise a general duty of care with respect to the drafting of emails; insofar as emails sent for or on behalf of the College have the potential to place the reputation and business interests of the College at risk by the careless use or abuse of email by users.  Email is a competent means of creating a contract; consequently, any User sending an email or digitally signing a document transmitted by email on behalf of the College must be aware that by so doing, the email or the document may effectively bind the College in contract, even where that was not the intention of the sender.

All business records such as emails forming part of contracts, contracts, agreements, financial statements or other records and any correspondence connected with any legal proceedings should be retained as hard copy on file for a period of at least 7 years as these may be needed for legal, regulatory, tax, contractual, audit and evidentiary purposes.

Return to top

6.2 Unacceptable Use

Under no circumstances is any User authorised to engage in any illegal activity while utilising the College resources.

The following list provides guidance as to which activities constitute unacceptable use of the System. The list is illustrative only and is not exhaustive.

  1. Breaching or infringing the intellectual property rights of any third party including but not limited to  the installation or distribution of unlicensed software products;

  2. The unauthorised copying of copyright materials including digitisation and distribution of photographs from magazines, books or any other copyright sources.

  3. Introducing malicious programs into the network infrastructure (e.g. Viruses, worms, Trojans, email bombs or malware of any description)

  4. Revealing account details or password to, or allowing use of a User's account by, others.

  5. Using the identity and password of another User for any reason other than a job related function.

  6. Using the System or any College equipment to procure or transmit material that constitutes to breach the College Equal Opportunities or Harassment Policies, or could be seen as an act of harassment on the grounds of age, ethnicity, gender, religion, sexual orientation, disability or cultural community.

  7. Making fraudulent offers of products, items or services through the use of any College user account.

  8. Effecting security breaches or disruptions to network communication whether on the System or on any third party system.  Security breaches include but are not limited to, the accessing of data of which the User is not an intended recipient or logging into a server or account that the User is not expressly authorised to access, unless these duties are within the scope of regular duties.  'Disruption' may include, but is not limited to, network sniffing, pinged floods, packet spoofing, denial of service and forged routing information for malicious purposes.

  9. Port scanning or security scanning is expressly prohibited. See also Exemptions.

  10. Executing any form of network monitoring which will intercept data not intended for the User's computer.

  11. Circumventing user authentication or security of any host, network or account; 

  12. Using any program/script/command for sending messages of any kind with the intent to interfere with or disable a User's terminal session or the services of any server.

    13. Return to top

6.3 Exemptions

Certain categories of User may be exempted from these restrictions during the course of their legitimate job responsibilities or approved Studies in a controlled environment and in consultation with Adam Smith College ICT Services.

Return to top

6.4 Electronic Communications — Unacceptable Use

The following list provides guidance as to which activities constitute unacceptable use of the System for email and communications. The list is illustrative only and is not exhaustive.

  1. Sending any emails which are known to have viruses contained within them

  2. Sending messages of an offensive, bullying threatening, harassing nature or which contravene the provisions of item 6 (above).

  3. Sending unsolicited email messages, including the sending of junk mail or other advertising material to individuals who did not specifically request such material

  4. Subscribing to email newsletters other than for business purposes;

  5. Playing online internet games or using streaming media for news, sports scores or other non-business real time data streaming; There are specific exceptions for officially approved activities e.g. as part of curriculum delivery.

  6. Transmitting by email, retrieving from the internet or storing any communication with obscene language or of an obscene, distasteful, offensive or sexually explicit nature, or which might be judged as such by a sensitive third party;

  7. Running a business or any commercial activity (other than the business of the College)

  8. Misrepresenting the  identity of the sender of an email or the source of an email

  9. Intercepting, disrupting or altering electronic communications

  10. Any form of harassment via email, telephone or SMS services

  11. Creating or forwarding 'chain letters' or other pyramid schemes of any type

  12. Posting the same or similar non-business related messages to large numbers of Usenet newsgroups (newsgroup spam)

Return to top

6.5 Blogging

The College's Personal Blog Policy (available as a separate document) has been developed to provide guidance to Staff, Students and all Users who maintain personal blogs that may contain postings about the College's business, services, courses, students or employees and the work they do. They are also applicable to Employees and Students who post comments about the College on the blogs of others.

The Policy outlines the legal implications of blogging about the College, whether or not the System is used for this purpose. It includes recommended best practice to consider when posting anything about the College, its work, employees or students.

When connected to College Network Any breach of the Blogging Policy using the System constitutes a breach of this Acceptable Use Policy.

Return to top

7.0 General Use and Ownership

7.1 Confidentiality and Monitoring

Whilst the organisation and administration of the System aims to provide a reasonable level of privacy, Users should be aware that the data they create using the System is and remains the property of the College.   Because of the need to protect College Systems and also to protect the College from the types of risks mentioned above, the College cannot guarantee the confidentiality of information stored or communicated on the System (including personal storage space on servers). Ultimately the information which is stored on or transmitted via the System is not private to the individual User.  Accordingly, Users have no reasonable expectation that the personal or commercial information stored or transferred through the use of the System are or shall remain private and should therefore only make use of the System on that basis.

Return to top

7.2 Backups

All Users should be aware that backups are taken at regular intervals and that any data held in either electronic or email format on any of the Servers will be backed up along with all business data and email. Information deleted from the System either deliberately or accidentally can be restored from the backups.

Return to top

7.3 Monitoring

Employees should be aware that the College is permitted to inspect, monitor and/or record an employee's email and internet usage. The College employs a range of monitoring utilities to log information from which it generates reports as illustrated in Annex 1. These may change without notice as the technology and threats grow and develop.

The College may also inspect email in consultation with a suitable member of the ICT Services, who will log the access and protocols adopted and record the data viewed, in accordance with the provisions of the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2006. Specific inspections are carried out where such monitoring reveals the likelihood of risk or inappropriate use. Such inspections extend to both current data and backed up data.

Monitoring or recording may be employed where it helps:

 

  • To prevent or detect crime;

  • To ascertain whether there are breaches of this or another College policy (e.g. College Security Policy, Personal Use etc)

  • To ascertain compliance with any regulatory requirements;

  • To maintain or secure the effective operation of the System; 

    •  

    The College may also monitor where it wishes to ascertain whether a communication relates to College business.

    In addition, the College may record or monitor where it is legally obliged to do so. Where appropriate, the College may be required to notify relevant government agencies, the Police or the Scottish Ministers of any incidents of possible concern (e.g. Issues of National Security or the accessing of child pornography).

    The Director of ICT Services will routinely report the outcomes of monitoring reports to the Principals' Group and other parties as appropriate - (e.g. Team Leaders/Department Managers would be informed if students were downloading inappropriate material for content of study).  The Security and IT Asset Management Reports will be confidential to ICT Services and senior College Management.

    Return to top

    7.4 Personal Use and Privacy

    While, the College will at all times seek to act appropriately in its use of monitoring, it reserves the right to block sites which are being persistently visited by users which have no legitimate business purpose, where it perceives threat or risk to its business activities or where it infringes the acceptable and personal use policies.   The College will also endeavour to use technical measures to stop misuse as an alternative to monitoring, where it is considered appropriate to do so.  However, Users should be aware that, because monitoring is a recognised component of the relationship between the provider of the System and the Users (and of the employer/employee, college/student and other such formal relationships), there is no legitimate expectation of privacy when using the System, email, Intranet, Extranet and Internet facilities etc.

    On a practical level, employees should be aware that, as others may read emails; confidential information should not be sent in this way.

    For guidance purposes only, examples of reasonable and unacceptable private use are set out in Annex 2.

    Return to top

    7.5 Security

    Access to information contained within the College ICT related systems should be classified as either confidential or not confidential as defined by the College's Data Protection Officer.  Examples of confidential information include but are not limited to: company strategies, competitor sensitive information, and student and staff information held on the central records system, specifications, customer lists and research data.  Users should take all necessary steps to prevent unauthorised access to this information.

    Keep passwords secure and do not share accounts. All Users are responsible for the security of their passwords and accounts.  User level passwords for ALL Staff Users will be prompted to change (failure to do so will terminate access to the Network) every forty five days in accordance with the networks security policy.

    Users should ensure their computers are secured by logging off when the computer is unattended or by locking the computer when leaving it unattended for a short time. Access to computer facilities are enabled once Users have completed a valid enrolment process.

    Postings by Users from a College email address should contain a disclaimer stating that the opinions expressed are strictly their own and not necessarily those of the College. (This is applied by College email systems by default).

    All computers which are connected to the College Infrastructure shall run with the Colleges' approved Threat Management software, which must not be disabled.

    Users must use extreme caution when opening email or attachments as they may contain viruses, email bombs, malicious code or other potential risks.

    Return to top

    7.6 Discipline

    Access to the System in general is a facility available only to authorised Users.  As with any other College facility, abuse of these facilities through improper or unacceptable use in breach of this Policy or otherwise can result in disciplinary action against the User.

    Students are bound by the College's Student Disciplinary Procedures and Staff are bound by the College Staff Disciplinary Procedure.  All users of the network are subject to legal compliance with various statutory requirements including but not limited to the Computer Misuse Act 1990, the Copyright, Design & Patents Act 1988, and the Data Protection Act 1998.

    For the avoidance of doubt, a serious breach of this policy, and in particular those parts which relate to the processing of personal information, may amount to gross misconduct.  In a case where inappropriate use is identified or where such use severely impacts upon the performance or appears to pose a risk to the security of the System or upon College services and facilities, or where such misuse is deemed sufficiently serious, a User's account may be suspended pending investigation or withdrawn entirely.

    Return to top

    7.7 Modifications

    The College may from time to time change some or all of the terms of this Policy or to modify or discontinue (either temporarily or permanently) the provision of the System.  Users will be notified of any such changes where practical.  Users do not have to accept such changes, but if they do not, the College shall be entitled to withdraw their access to the System where deemed appropriate. Users agree that the College shall not be liable to them or to any third party for any such change, modification of the withdrawal of access to the System.

    On occasion for technical, operational or other reasons, it may also be necessary to terminate services hosted on the System with little or no prior notice. Users agree that the College shall not be liable to them or to any third party for any such termination of such services.

    Return to top

    7.8 Termination of Use

    Users agree that the College may immediately terminate their use of the System without prior notice for any reason including, but not limited to:

    • The College having a reasonable belief that they are or have been in breach of this Policy.

    • The College being unable to continue access to the System or any services hosted on the System, due to contractual, economic, technical or operational reasons; or,

    • …in the event of the College receiving intimation of a User's withdrawal from course or the termination of a User's employment.  In the event of termination, the College will give Users such notice of termination as is reasonably practicable. 

     Return to top

    7.9 Exclusions and Limitations

    Access to the System and to services hosted thereon is provided on an "as is" and "as available" basis.  No conditions, warranties or other terms are made or given by the College in respect of access to the System.  Further, the College can make no guarantee that the services offered on the System will meet Users requirements; that it will be interruption or bug free; timely or ultimately secure.

    The College accepts no responsibility for any unintentional deletion or failure to properly store any data or email messages on Users' behalf and accepts no responsibility for any costs or damages arising from any interruption, suspension of, withdrawal of or termination of the services on the System. 

    Users understand and agree that any material and/or data downloaded or otherwise obtained through remote access and use of or from the System is done at their own risk and that they will be solely responsible for any damage to their own computer system or for any loss of data that may occur as a result.

    The College shall not be liable for any direct, indirect or consequential loss or damages resulting from the use or inability to use the System.  These terms and conditions represent the entire agreement between Users and the College and supersede any prior agreements, arrangements or representations made by either party relating to access to the System.

     

    User Undertaking

    I have read, understood and agree to abide by and to have my access to and use of the System regulated by the foregoing terms and conditions.

    Signature: ……………………………………………………………………..

    Please PRINT name in block capitals ……………………………………...

    If signed on behalf of a student User please PRINT the student User's name in block capitals (See note below).

    …………………………………………………………………………………..

    Date: …………………..…………………………………………..

    [In some instances a parent or legal guardian may be asked to sign where a student User is under 16 years of age, thereby making the parent or guardian responsible for the actions of the student.]

     

    Annex 1: Examples of Reports Generated from Automated Monitoring of Network Usage

    The College uses unobtrusive monitoring software that enables reporting in the following areas:

    • Web Blocker/filter Reports:

      • Top 20 Report showing the top 20 Domains visited by Users

      • Blocked URL Attempts showing Users who have attempted to access blocked URLs

    • Content Management

      • Inappropriate content report to identify inappropriate content (e.g. Pornography) the location of the file, and the User who created it

      • Scan for MP3 and MPEG Report — specific categories of files (which has a major impact on legal liability and storage capacity)

    • Security Reports:

      • File Scan for Threats Report showing files posing a danger to network security

      • Threat Alerts which automatically alerts Networks Services when an identifiable threat has been introduced onto any component of the network

    • IT Asset Management

      • Installed Software Summary showing all installed software on a particular machine

      • Operating System Summary showing all installed operating systems, serial numbers and service packs

      • Hardware/Software changes showing these changes over a given period

      • Machine Configuration showing an overview of each machine's installed software, hardware and summary of disk usage

    • Email Filter (to block inappropriate content and spam)

      • Biggest emails sent

      • Largest volume of email sent

      • Most emails received

      • Most email sent

      • Spam summary

    The College routinely generates these and other network activity reports to ensure that Users are complying with College policies and procedures and to enable the College to safeguard itself and the System against known and perceived threats, inappropriate or malicious use by Users or Users deliberately or inadvertently acting in a manner which breaches College policies.

     

    Annex 2: Reasonable and Unacceptable Personal Use Guidelines

    The following details College policy for Users on what is considered to be reasonable personal use and what is considered unacceptable personal use of ICT systems.  The College takes the view that personal use should be within reason and that it should not be abused to the detriment of an individual's work outputs.  Use of the System for personal purposes should therefore be limited to non-working hours

     

    Reasonable and Unacceptable Personal Use — Guidelines for all College Network Users

     
    Acceptable Personal Uses Unacceptable Personal Uses​
     
    Staff:
    • Access to sites relevant to curriculum area of team
    • Accessing sites of personal interest out with normal working hours or during lunch breaks
    • Download of licensed or non-copyright materials relevant to curriculum area of team
    • Use of email facilities in course of college duties and responsibilities
    • Use of the internet to gain experience of modern business/commerce purposes/practice i.e. Personal email. Internet purchases; online travel bookings/banking (Adam Smith College cannot guarantee the security of Credit card information which may be accessible)
       
       
    Students:
    • Accessing sites which are relevant to course of study and timetabled activities
    • Accessing materials relevant to course of study/subject area/timetabled activities
    • Use of email facilities relevant to course of study/subject area/timetabled activities in order to facilitate effective communication between classmates and tutors within the team
     
    Staff and Students:
     
    • Accessing or downloading materials from sites containing pornographic or potentially offensive images
    • Downloading any copyright or unlicensed materials which infringe the law and/or expose the College to risk
    • Sending email communications containing offensive, abusive, harassing or threatening language or images
    • Use of chat lines
    • Blogging (Please see our Blogging Policy for further clarification)
    • Forwarding or distributing items of 'junk' via email facility
    • Forwarding of inappropriate material which wastes time

     

    Staff and Students:

    • Committing the College to anything which incurs unauthorised cost or any unauthorised subscription to paid for services
     
     

    Notes

    1. For example the default maximum attachment size is 10 MB in Microsoft Exchange.

     

    Return to top