Conditions of Use of Computing and Networking Facilities
It is the policy of Rose Bruford College that its computing and networking facilities are intended for use for teaching, learning, research and administration in support of the college's mission. Although recognizing the increasing importance of these facilities to the activities of staff and students, the college reserves the right to limit, restrict, or extend access to them.
All persons using the computing and networking facilities shall be responsible for the appropriate use of the facilities provided as specified by the "Codes of Practice" of this policy, and shall observe conditions and times of usage as published by the administrator of the system.
It is the policy of Rose Bruford College that its computing and associated network facilities are not to be used for commercial purposes or non-college-related activities without written authorization from the college. In any dispute as to whether work carried out on the computing and networking facilities is internal work, the decision of the Principle or his delegate shall be final.
The user will not record or process information which knowingly infringes any patent or breach any copyright.
The college will endeavour to protect the confidentiality of information and material furnished by the user and will instruct all computing personnel to protect the confidentiality of such information and material, but the college shall be under no liability in the event of any improper disclosure.
The college will endeavour to safeguard the possibility of loss of information within the college's computing and networking facilities but will not be liable to the user in the event of any such loss. The user must take all reasonable measures to further safeguard against any loss of information within the college's computing and networking facilities.
If a loss of information within the system can be shown to be due to negligence on the part of the computing or network personnel employed by the college, or to any hardware or software failure which is beyond the user's means to avoid or control, then the Information Technology Services (IT) will endeavour to help restore the information and will not charge the user for computer time spent in such restoration.
The use of the computing and networking facilities is permitted by the college on the condition that it will not involve the infringement of any patent or the breach of any copyright and the user agrees to indemnify and keep indemnified the college and each member and every member of its staff against all actions, claims, and demands for infringement of patent and or breach of copyright which may be brought or made against the college or any member of its staff arising out of or in connection with the use of the computing and networking facilities.
Users of the computing and networking facilities recognize that when they cease to be formally associated with the college (e.g. no longer an employee, enrolled student or visitor to the College), their information may be removed from college computing and networking facilities without notice. Users must remove their information or make arrangements for its retention prior to leaving the college.
The college reserves the right to limit permanently or restrict any user's usage of the computing and networking facilities; to copy, remove, or otherwise alter any information or system that may undermine the authorized use of the computing and networking facilities; and to do so with or without notice to the user in order to protect the integrity of the computing and networking facilities against unauthorized or improper use, and to protect authorized users from the effects of unauthorized or improper usage.
The college, through authorized individuals, reserves the right to periodically check and monitor the computing and networking facilities, and reserves any other rights necessary to protect them.
The college disclaims responsibility and will not be responsible for loss or disclosure of user information or interference with user information resulting from its efforts to maintain the privacy, security and integrity of the computing and networking facilities and information.
The college reserves the right to take emergency action to safeguard the integrity and security of the computing and networking facilities. This includes but is not limited to the termination of a program, job, or on-line session, or the temporary alteration of user account names and passwords. The taking of emergency action does not waive the rights of the college to take additional actions under this policy.
Users of the computing and networking facilities do so subject to applicable laws and college policies. Rose Bruford College disclaims any responsibility and/or warranties for information and materials residing on non-college computer systems or available over publicly accessible networks, except where such responsibility is formally expressed. Such materials do not necessarily reflect the attitudes, opinions, or values of Rose Bruford College, its staff, or students.
The Head of Information Communication & Technology (IT) may suspend any person from using the computing and networking facilities for a period not exceeding 28 days (and may recommend additional penalties to the Principle) if after appropriate investigation that person is found to be:
- responsible for wilful physical damage to any of the computing and networking facilities;
- in possession of confidential information obtained improperly;
- responsible for wilful destruction of information;
- responsible for deliberate interruption of normal services provided by the IT services;
- responsible for the infringement of any patent or the breach of any copyright;
- gaining or attempting to gain unauthorized access to accounts and passwords;
- gaining or attempting to gain access to restricted areas without the permission of Head of IT;
- responsible for inappropriate use of the facilities.
External work or use of the computing and networking facilities shall not be undertaken which would prevent college users from having their usual access to the facilities.
External users of the college's computing and networking facilities must adhere to the JANET’s policy on access to the Internet which prohibits direct connectivity to the Internet to individuals and organizations outside of the college.
Code of Practice in the Use of Computing & Network Facilities
Standards for the use of the college's computing and networking facilities derive directly from standards of common sense and common decency that apply to the use of any shared resource. The college community depends on a spirit of mutual respect and cooperation to resolve differences and resolve problems that arise from time to time. This code of practice is published in that spirit. Its purpose is to specify user responsibilities and to promote the appropriate use of IT for the protection of all members of the college community.
APPROPRIATE AND REASONABLE USE
Appropriate and responsible use of the Rose Bruford College computing and networking facilities is defined as use that is consistent with the teaching, learning, research and administrative objectives of the college and with the specific objectives of the project or task for which such use was authorized. All uses inconsistent with these objectives are considered to be inappropriate use.
Users of the Rose Bruford College computing and networking facilities accept the following specific responsibilities:
- To safeguard their data, personal information, passwords and authorization codes, and confidential data;
- To take full advantage of file security mechanisms built into the computing systems;
- To choose their passwords wisely and to change them periodically;
- To follow the security policies and procedures established to control access to and use of administrative data.
- To respect the privacy of other users; for example, not to intentionally seek information on, obtain copies of, or modify files, tapes, or passwords belonging to other users or the college;
- Not to represent others, unless authorized to do so explicitly by those users;
- Not to divulge sensitive personal data to which they have access concerning staff or students without explicit authorization to do so.
- To respect the rights of other users; for example, to comply with all college policies regarding sexual, racial, and other forms of harassment. Rose Bruford College is committed to being a racially, ethnically, and religiously heterogeneous community.
- To respect the legal protection provided by copyright and licensing of programs and data; for example, not to make copies of a licensed computer program to avoid paying additional license fees or to share with other users.
- To respect the intended usage of resources; for example, to use only the account name and password, funds, transactions, data, and processes assigned by service providers, unit heads, or project directors for the purposes specified, and not to access or use other account names and passwords, funds, transactions, data, or processes unless explicitly authorized to do so by the appropriate authority.
- To respect the intended usage of systems for electronic exchange (such as e-mail, Usenet News, World Wide Web, etc.); for example, not to send forged electronic mail, mail that will intimidate or harass other users, chain messages that can interfere with the efficiency of the system, or promotional mail for profit-making purposes. Also, not to break into another user's electronic mailbox or read someone else's electronic mail without their permission.
- To respect the integrity of the computing and networking facilities; for example, not to intentionally develop or use programs, transactions, data, or processes that harass other users or infiltrate the system or damage or alter the software or data components of a system. Alterations to any system or network software or data component are to be made only under specific instructions from authorized academic staff, unit heads, project directors, or management staff.
- To respect the financial structure of the computing and networking facilities; for example, not to intentionally develop or use any unauthorized mechanisms to alter or avoid charges levied by the college for computing, network, and data processing services.
- To adhere to all general college policies and procedures including, but not limited to, policies on proper use of information resources and computing and networking facilities; the acquisition, use, and disposal of College-owned computer equipment; use of telecommunications equipment; legal use of software; and legal use of administrative data.
- To report any information concerning instances in which the college IT Security Policy or any of its standards and codes of practice has been or is being violated. In general, reports about violations should be directed initially to the administration of the school, area or unit where the violation has occurred whereupon it will be passed on to the Custodian of the system. If it is not clear where to report the problem, it may be sent to the Information Technology (IT) Help Desk, which will redirect the incident to the appropriate person(s) for action or will handle it directly.
CODE OF PRACTICE FOR SPECIFIC ACTIVITIES
The following apply to specific activities.
In general, it is inappropriate use to store and/or give access to information on the college computing and networking facilities that could result in legal action against the college.
The college's computing and networking facilities must not be used for the transmission, obtaining possession, demonstration, advertisement or requesting the transmission of objectionable material knowing it to be objectionable material as defined by the Obscene Publications Act 1959 & 1964, namely:
- A film classified RC (refused classification), a computer game classified RC (refused classification), or a refused publication
- Child pornography
- An article that promotes crime or violence, or incites or instructs in matters of crime or violence or
- An article that describes or depicts, in a manner that is likely to cause offence to a reasonable adult e.g.
- The use of violence or coercion to compel any person to participate in, or submit to, sexual conduct
- Sexual conduct with or upon the body of a dead person
- The use of urine or excrement in association with degrading or dehumanising conduct or sexual conduct
- Acts of torture or the infliction of extreme violence or extreme cruelty.
Users of the facilities should be aware that there are severe penalties under the Act for such activities; that the police or a person authorized for the purposes of the Act may without a warrant, at any reasonable time, enter any place where the operating of a computer service is carried on and inspect any articles and records kept on the premises and may seize any thing that the member reasonably suspects is connected with an offence against the Act that is found on or in the place. In addition there are penalties for delaying, obstructing or otherwise hindering the police or authorized person in the performance of their functions under the Act and for giving false or misleading statements including statements which are misleading through the omission of information.
It should be noted that the Act allows that it is a defence to a charge of an offence against this section to prove that the article concerned is:
- An article of recognized literary, artistic or scientific merit; or
- A bona fide medical article, and that transmitting, obtaining possession of, demonstrating, advertising, or requesting the transmission of, the article is justified as being for the public good.
The college's computing and networking facilities must not be used to transmit or make available restricted material to a minor, restricted material being defined by the British Board of Film Classification (BBFC) under the Cinematography Act 1952 (rev. 1982 & 1985) as an article that a reasonable adult, by reason of the nature of the article, or the nature or extent of references in the article, to matters of sex, drug misuse or addiction, crime, cruelty, violence or revolting or abhorrent phenomena, would regard as unsuitable for a minor to see, read or hear.
Users of the facilities should be aware that there are severe penalties under the Act for such activities; that the police or a person authorized for the purposes of the Act may without a warrant, at any reasonable time, enter any place where the operating of a computer service is carried on and inspect any articles and records kept on the premises and may seize anything that the member reasonably suspects is connected with an offence against the Act that is found on or in the place. In addition, there are penalties for delaying, obstructing or otherwise hindering the police or authorized person in the performance of their functions under the Act and for giving false or misleading statements including statements which are misleading through the omission of information.
It should be noted that the Act allows that it is a defence to a charge to prove that:
- The defendant complied with a code of practice;
- The defendant took all reasonable steps in the circumstances to avoid a contravention of the Act; or
- The defendant believed on reasonable grounds that:
- The person to whom the defendant transmitted the restricted material was not a minor; or
- The restricted material would not be made available to a minor.
Restricted Software and Hardware
Users should not knowingly possess, give to another person, install on any of the computing and networking facilities, or run, programs or other Information which could result in the violation of any college policy or the violation of any applicable license or contract. This is directed towards but not limited to software known as viruses, Trojan horses, worms, password breakers, and packet observers. Authorization to possess and use Trojan horses, worms, viruses and password breakers for legitimate research or diagnostic purposes can be obtained from the Director of Information Technology Services.
The unauthorized physical connection of monitoring devices to the computing and networking facilities which could result in the violation of college policy or applicable licenses or contracts is inappropriate use. This includes but is not limited to the attachment of any electronic device to the computing and networking facilities for the purpose of monitoring data, packets, signals or other information. Authorization to possess and use such hardware for legitimate diagnostic purposes must be obtained from the Head of IT.
Copying and Copyrights
Users of the computing and networking facilities must abide by the Rose Bruford College Copyright Policy, which covers copyright issues pertaining to college faculty, staff and students as well as commissioned works of non-employees.
Respect for intellectual labour and creativity is essential to academic discourse. This tenet applies to works of all authors and publishers in all media. It includes respect for the right to acknowledgment and right to determine the form, manner, and terms of publication and distribution. If copyright exists, as in most situations, it includes the right to determine whether the work may be reproduced at all. Because electronic information is volatile and easily reproduced or altered, respect for the work and personal expression of others is especially critical in computing and networking environments. Viewing, listening to or using another person's information without authorization is inappropriate use of the facilities. Standards of practice apply even when this information is left unprotected.
In particular, users should be aware of and abide by the College Policy on Copying and Using Computer Software. Most software that resides on the computing and networking facilities is owned by the college or third parties, and is protected by copyright and other laws, together with licenses and other contractual agreements. Users are required to respect and abide by the terms and conditions of software use and redistribution licenses. Such restrictions may include prohibitions against copying programs or data for use on the computing and networking facilities or for distribution outside the college; against the resale of data or programs, or the use of them for non-educational purposes or for financial gain; and against public disclosure of information about programs (e.g., source code) without the owner's authorization. College employees who develop new packages that include components subject to use, copying, or redistribution restrictions have the responsibility to make any such restrictions known to the users of those packages.
With a greater emphasis on computer based assignments, students need to be especially cognizant of the appropriate use of computing and networking facilities. In particular, academic dishonesty or plagiarism in a student assignment may be suspected if the assignment calling for independent work results in two or more solutions so similar that one can be converted to another by a mechanical transformation. Academic dishonesty in an assignment may also be suspected if a student who was to complete an assignment independently cannot explain both the intricacies of the solution and the techniques used to generate that solution. Suspected occurrences of academic dishonesty are referred to the Head of the student's school.
College policy prohibits sexual and discriminatory harassment. RBC computing and networking facilities are not to be used to libel, slander, or harass any other person. The following constitute examples of Computer Harassment:
- Intentionally using the computer to annoy, harass, terrify, intimidate, threaten, offend or bother another person by conveying obscene language, pictures, or other materials or threats of bodily harm to the recipient or the recipient's immediate family;
- Intentionally using the computer to contact another person repeatedly with the intent to annoy, harass, or bother, whether or not any actual message is communicated, and/or where no purpose of legitimate communication exists, and where the recipient has expressed a desire for the communication to cease;
- Intentionally using the computer to contact another person repeatedly regarding a matter for which one does not have a legal right to communicate, once the recipient has provided reasonable notice that he or she desires such communication to cease (such as debt collection);
- Intentionally using the computer to disrupt or damage the academic, research, administrative, or related pursuits of another;
- Intentionally using the computer to invade the privacy, academic or otherwise, of another or the threatened invasion of the privacy of another.
The display of offensive material in any publicly accessible area is likely to violate college harassment policy. There are materials available on the Internet and elsewhere that some members of the college community will find offensive. One example is sexually explicit graphics. The college cannot restrict the availability of such material, but it considers its display in a publicly accessible area to be inappropriate. Public display includes, but is not limited to, publicly accessible computer screens and printers.
It is inappropriate use to deliberately perform any act which will impair the operation of any part of the computing and networking facilities or deny access by legitimate users to any part of them. This includes but is not limited to wasting resources, tampering with components or reducing the operational readiness of the facilities.
The wilful wasting of computing and networking facilities resources is inappropriate use. Wastefulness includes but is not limited to passing chain letters, wilful generation of large volumes of unnecessary printed output or disk space, wilful creation of unnecessary multiple jobs or processes, or wilful creation of heavy network traffic. In particular, the practice of wilfully using the college's computing and networking facilities for the establishment of frivolous and unnecessary chains of communication connections is an inappropriate waste of resources.
The sending of random mailings ("junk mail") is discouraged but generally permitted in so far as such activities do not violate the other guidelines set out in this document. It is poor etiquette at best, and harassment at worst, to deliberately send unwanted mail messages to strangers. Recipients who find such junk mail objectionable should contact the sender of the mail, and request to be removed from the mailing list. If the junk mail continues, the recipient should contact the appropriate local support person.
Limited recreational game playing, that is not part of an authorized and assigned research or instructional activity, is tolerated (within the parameters of each department's rules). College computing and network services are not to be used for extensive or competitive recreational game playing. Recreational game players occupying a seat in a public computing facility must give up that computing position when others who need to use the facility for academic or research purposes are waiting.
College computing and network facilities are provided by the college for the support of its mission. It is inappropriate to use the computing and networking facilities for:
- Commercial gain or placing a third party in a position of commercial advantage
- Any non-College related activity, including non-college related communications
- Commercial advertising or sponsorship except where such advertising or sponsorship is clearly related to or supports the mission of the college or the service being provided.
This paragraph is not intended to restrict free speech or to restrict the college from setting up Information servers or other services specifically designated for the purpose of fostering an "electronic community" with the wider community the College serves. These designated Information servers should normally conform to the College IT Security Policy of which this Code of Practice is a part
Use for Personal Business
College computing and network facilities may not be used in connection with compensated outside work nor for the benefit of organizations not related to Rose Bruford College, except in connection with scholarly pursuits (such as academic publishing activities), in accordance with the College Consulting Policy or in a purely incidental way. This and any other incidental use (such as electronic communications or storing data on single-user machines) must not interfere with other users' access to resources (computer cycles, network bandwidth, disk space, printers, etc.) and must not be excessive.
Additional Guidelines at Local Sites
The college computing and network facilities are composed of many "sites." Each site may have local rules and regulations which govern the use of computing and network facilities at that site. Each site has operators, consultants, and/or supervisors who have been given the responsibility to supervise the use of that site. Each site has an administrator (Custodian) with overall policy responsibility for the site. Users are expected to cooperate with these individuals and comply with college and local site policies. Site policies may be more restrictive than college policy. It is the intention that the College IT Security Policy represent a minimum standard. Local administrators may impose more restrictive policies, which become their responsibility to administer.
Connection to the Campus-Wide Data Network
Most campus buildings are included in the Campus Network. To maintain the integrity of the college computing and network facilities, connections to the campus network are made only by specialized personnel under the direction of the Information Technology team. Users are encouraged to attach appropriate equipment only at existing user-connection points. All requests for additional network connections or for the relocation of a connection should be directed to the colleges estates team.
Use of Desktop Systems
Users are responsible for the security and integrity of college information stored on their personal desktop system. This responsibility includes making regular disk backups, controlling physical and network access to the machine, and installing and using virus protection software. Users should avoid storing passwords or other information that can be used to gain access to other campus computing resources. Users should not store college passwords or any other confidential data or information on their laptop or home PC or associated floppy disks or CD’s. All such information should be secured after any dialup connection to the college network.
Use of External Services
Networks and telecommunications services and administrative systems and services to which Rose Bruford College maintains connections (e.g. JANET) have established acceptable use standards. It is the user's responsibility to adhere to the standards of such networks. The college cannot and will not extend any protection to users should they violate the policies of an external network.
Users are responsible for the security and privacy of printouts of college information.
Appropriate Use of Electronic Mail
Electronic mail and communications facilities provided by Rose Bruford College are intended for teaching, research, outreach and administrative purposes. Their use is governed by college rules and policies, applicable laws, and acceptable use policy of the provider.
Electronic mail may be used for personal communications within appropriate limits
These Standards of Use cover all electronic mail systems used by members of the college community, from the college’s network or connecting to the college’s network or while acting in an official college capacity.
Appropriate Use and Responsibility of Users
Electronic mail can be both informal like a phone call and yet irrevocable like an official memorandum. Because of this, users should explicitly recognize their responsibility for the content, dissemination and management of the messages they send. This responsibility means ensuring that messages:
- Do not contain information that is harmful to the college or members of the college community;
- Are courteous and polite;
- Are consistent with college policies;
- Protect others’ right to privacy and confidentiality;
- Do not contain obscene, offensive or slanderous material;
- Are not used for purposes that conflict with the college’s interests;
- Contain an accurate, appropriate and informative signature;
- Do not unnecessarily or frivolously overload the email system (e.g. spamming and junk mail is not allowed);
- Are not for commercial purposes unless authorized by the college.
Users should cover periods of absence by adopting an appropriate functional account, delegation, or vacation message strategy.
Electronic mail containing a formal approval, authorization, delegation or handing over of responsibility must be copied to paper and filed appropriately for purposes of evidence and accountability.
Users must ensure that personal information in the custody of the College is protected in accordance with the College’s Intellectual Property Policy, the Data Protection Act 1998, and Information Privacy Principles.
Although Computing Services does everything possible to back up data areas, it is the responsibility of the individual user to backup their own data safely onto tape, diskette, or other media.
Confidentiality and Security
- Electronic mail is inherently NOT SECURE.
- As college networks and computers are the property of the college, the college retains the right to allow authorized college officers to monitor and examine the information stored within.
- It is recommended that personal confidential material not be stored on or sent through college equipment.
- Users must ensure the integrity of their password and abide by college policy on password security (see the relevant section on password security).
- Sensitive confidential material should NOT be sent through the electronic mail system unless it is encrypted.
- Confidential information should be redirected only where there is a need and with the permission of the originator, where possible.
- Users should be aware that a message is not deleted from the system until all recipients of the message and of any forwarded or attached copies have deleted their copies.
- Electronic mail messages can be forged in the same way as faxes and memoranda. If a message is suspect, users should verify its authenticity via telephone or fax.
Users agree to indemnify the college for any loss or damage arising out of improper use.
The college takes no responsibility and provides no warranty against the non-delivery or loss of any files, messages or data nor does it accept any liability for consequential loss in the event of improper use or any other circumstances. In the event of data or message loss, the remedy shall be limited to the refund of any relevant fees or charges relating to the period in question.
Guidelines on Passwords
- Passwords should be memorized - never written down.
- Passwords belong to individuals and must never be shared with anyone else.
- Passwords should be changed every 90 days (staff), or immediately if compromised.
- System Custodians should regularly run password cracking software against their password files to identity weak passwords.
- New or changed passwords must be given in writing only to the identified user - never over the telephone or via email.
- All domain computers should be version 4.sp5 or higher, with C2 level security enabled.
Password security isn't just a matter of thinking up a nice word and keeping it to yourself. You must choose a password which will be difficult for someone else to guess or crack.
We often have a tendency to forget passwords, so we choose something that has particular relevance to ourselves: the name of a loved one, our favourite car, sport, or ice cream, etc. Anyone knowing a little about us can make a list of these words and easily crack the password. All-digit passwords usually fall into this category - birth dates, phone numbers.
Observe the following guidelines when choosing your password:
- A password MUST be at least 8 characters long and be complex
- Complex passwords
- Not contain the user's account name or parts of the user's full name that exceed two consecutive characters
- Be at least eight characters in length
- Contain characters from three of the following four categories:
- English uppercase characters (A through Z)
- English lowercase characters (a through z)
- base 10 digits (0 through 9)
- Non-alphabetic characters (for example, !, $, #, %)
- NEVER make your password a name or something familiar, like your pet, your children, or partner. Favourite authors and foods are also guessable.
- DON'T words that can be associated with you
- Do not have a password consisting of a word from a dictionary. Most basic cracking programs contain over 80000 words, and plenty of variations.
- Try to have a password with a number or mixed case letters. Simple substitutions like a '1' for an 'i', and '0' for an 'O' are easily guessed. Add a '%' or '$' to the middle of the password.
- Choose something you can remember, that can be typed quickly and accurately and includes characters other than lowercase letters.
Student IT & Network Code of Practice
Your access to the college network is provided by the college for administrative, academic, research or study purposes only. The college network is a valuable but limited resource which must be shared with others. It is your obligation to use the facilities in an efficient, ethical, legal and responsible manner, in accordance with the College’s "Code of Practice in the Use of Computing and Network Facilities", "Appropriate Use of Electronic Mail", and the code of conduct specified below. Grossly improper behaviour may be grounds for termination of your access or be subject to other penalties which may apply.
- Your Student Network account is provided by the college in your name for your use only.
- You must not share your account with family, friends or make your password available to any other person.
- You MUST change your password at least every 365 days.
- You may not use the account of any other person. If you inadvertently gain such access to any unauthorized information, you should advise Helpdesk staff immediately.
- In certain circumstances you may share an account with others where shared duties apply. Such accounts will be specifically authorized by the Head of IT or delegate. In such cases all sharers are jointly responsible for the account but may not share with others outside the group.
- You MUST NOT attempt to find the password of another user or access their account in an unauthorized username.
Computing facilities are provided for Rose Bruford students only. You must carry a college photo ID at all times while using these facilities. Security/Estates and Helpdesk staff have the right to deny access to these facilities to anyone without proper identification.
Appropriate Electronic Behaviour
Users of Internet are asked to comply with guidelines of network etiquette (netiquette). Netiquette is based on the use of good manners and common sense. Some are:
- Always acknowledge electronic mail.
- Limit your email to a single screen of text where possible.
- Do not send large files as email attachments.
- Do not use offensive language.
- Be polite to other users of the Internet.
- Avoid wasting network resources:
- FTP should be used for academic and study purposes only.
- Participating in multi-user Internet applications (e.g. MUDS, MOO’s) is NOT acceptable use unless authorized by your lecturer as being an essential component of your studies and Computer Services has been notified prior to its use.
- The use of TALK wastes bandwidth and is discouraged. Limit use to 5-10 minute sessions only. Use of email is preferred. Do not attempt to talk to someone without obtaining their prior permission via email or similar
- Do not download or copy software without appropriate authority or license.
- It is an offence to knowingly inject viruses into any system or engage in any other form of hacking.
- It is an offence to transmit material which is offensive, obscene, harassing, slanderous, damaging to the files or programs of others, or which violate any applicable law. Do not download or copy software without appropriate authority.
- You must not create, download, store or transmit unlawful material, or material that is indecent offensive, threatening, discriminatory, liable to radicalise or is considered extremist. If, as a valid part of your studies, you wish to access any material which may contravene this guideline you must first bring this to the attention of the Secretary & Registrar who will discuss this with relevant members of academic staff. You must always contact the Secretary & Registrar prior to accessing or using any material of this nature.
- No food, drink or cigarettes are to be consumed in the IT rooms.
- Avoid excessive noise. It annoys other users.
- The number of workstations is limited. Your session may be limited to 30 minutes during peak activity periods, especially if there are queues. Automatic termination of services may apply.
- Please be courteous to staff and fellow users.
- Game-playing is not desirable. It is forbidden when there are queues unless authorized in writing by your lecturer as part of your course.
- You are required to comply with any instruction by a college staff member or security/estates officer.
Internet Conditions, Standards, and Guidelines
The new resources, new services, and inter-connectivity available via the Internet all introduce new opportunities and new risks. In response to the risks, this statement describes Rose Bruford College official policy regarding Internet security. It applies to all college employees, students, contractors, and temporaries who use the Internet with college computing or networking resources, as well as those who represent themselves as being connected with Rose Bruford College.
Transmission of Information
All software downloaded from non-college sources via the Internet must be screened with virus detection software prior to being invoked. Whenever the provider of the software is not trusted, down-loaded software should be tested on a stand-alone non-production machine. If this software contains a virus, worm, or Trojan horse, then the damage will be restricted to the involved machine.
All information taken off the Internet should be considered suspect until confirmed by separate information from another source. There is no quality control process on the Internet, and a considerable amount of its information is outdated or inaccurate.
Contacts made over the Internet should not be trusted with college information unless reasonable steps have been taken to ensure the legitimacy of the contacts. This applies to the release of any internal college information.
Wiretapping and message interception is straightforward and frequently encountered on the Internet. Accordingly, college, proprietary, or private information must not be sent over the Internet unless it has first been encrypted by approved methods. Credit card numbers, log-in passwords, and other parameters that can be used to gain access to college systems, networks and services, must not be sent over the Internet in readable form.
College computer software, documentation, and all other types of internal information must not be sold or otherwise transferred to any non-college party for any purposes other than College purposes expressly authorized by Head of IT.
Exchanges of software and/or data between college and any third party may not proceed unless a written agreement has first been signed. Such an agreement must specify the terms of the exchange, as well as the ways in which the software and/or data is to be handled and protected. Regular business practices--such as shipment of software in response to a customer purchase order--need not involve such a specific agreement since the terms are implied.
The college strongly supports strict adherence to software vendors' license agreements. Adherence to these agreements is subject to random audits by these vendors. When college computing or networking resources are employed, copying of software in a manner that is not consistent with the vendor's license is strictly forbidden.
Staff using college information systems and/or the Internet should realize that their communications are not automatically protected from viewing by third parties. Unless encryption is used, workers should not send information over the Internet if they consider it to be private. Any doubts regarding the privacy of information should be resolved by contacting the system’s custodian, the organization’s ITLO, or ICT.
Right to Examine
At any time and without prior notice, college management reserves the right to examine e-mail, personal file directories, and other information stored on college computers. This examination assures compliance with internal policies, supports the performance of internal investigations, and assists with the management of college information systems.
Rose Bruford College encourages staff to explore the Internet, but if this exploration is for personal purposes, it should be done on personal, not College time. Likewise, games, social media, news groups, and other non-college activities must be performed on personal, not college time. Use of college computing resources for these personal purposes is permissible so long as the incremental cost of the usage is negligible, and so long as no college activity is pre-empted by personal use.
Staff may indicate their affiliation with the college in bulletin board discussions, social networks and other offerings on the Internet. This may be done by explicitly adding certain words, or it may be implied, for instance via an e-mail address. In either case, whenever staff provide an affiliation, they must also clearly indicate the opinions expressed are their own, and not necessarily those of Rose Bruford College. All external representations on behalf of the college must first be cleared with the Head of Marketing. Additionally, to avoid libel problems, whenever any affiliation with the college is included with an internet message or posting, "flaming" or similar written attacks are strictly prohibited.
All staff must not publicly disclose internal college information via the Internet that may adversely affect the college's relations or public image.
Care must be taken to properly structure comments and questions posted to mailing lists, social media, public news groups, and related public postings on the Internet. If a user is working on a research and/or development project, or related college matters, all related postings must be cleared with the Head of Marketing prior to being placed in a public spot on the Internet.
All users wishing to establish a connection with college computers via the Internet must authenticate themselves at a firewall or RADIUS server before gaining access to College internal network.
Unless the prior approval of the Head of IT has been obtained, staff may not establish modems, Internet or other external network connections that could allow non-College users to gain access to college systems and/or networks and college information
Likewise, unless the Head of IThas approved in advance, users are prohibited from using new or existing Internet connections to establish new communication channels. These channels include electronic data interchange (EDI) arrangements, electronic malls with on-line shopping, on-line database services.
Reporting Security Problems
ICT must be notified immediately when:
- Sensitive college information is lost, disclosed to unauthorized parties, or suspected of being lost or disclosed to unauthorized parties.
- Unauthorized use of college information systems has taken place, or is suspected of taking place.
- Passwords or other system access control mechanisms are lost, stolen, or disclosed, or are suspected of being lost, stolen, or disclosed.
- There is any unusual systems behaviour, such as missing files, frequent system crashes, misrouted messages.
Security problems should not be discussed widely but should instead be shared on a need-to-know basis.
Users must not attempt to probe computer security mechanisms at Rose Bruford College campuses or other Internet sites. If users probe security mechanisms, alarms will be triggered and college resources will needlessly be spent tracking the activity.
Unless prior written authority has been obtained from the Head of IT, files containing hacking tools or other suspicious material may be taken as prima facie evidence of unauthorized hacking activity and may expose the user to disciplinary procedures.
Violations of these computer security policies can lead to withdrawal and/or suspension of system and network privileges and/or disciplinary action.
OECD Information Privacy Principles
The following OECD Information Privacy Principles are presented as guidelines for all members of Rose Bruford College.
Collection Limitation Principle
There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means and where appropriate, with the knowledge or consent of the data subject.
Data Quality Principle
Personal data should be relevant to the purposes for which they are to be used and, to the extent necessary for those purposes, should be accurate, complete and kept up-to-date.
Purpose Specification Principle
The purposes for which personal data is collected should be specified not later than at the time of collection and the subsequent use limited to the fulfilment of those purposes or such others as are not incompatible with those purposes and as are specified on each occasion of change or purpose.
Use Limitation Principle
Personal data should not be disclosed, made available or otherwise used, for purposes other than those specified in accordance with Principle 7.3 except with the consent of the data subject; or by the authority of law.
There should be a general policy of openness about developments, practices and policies with respect to personal data. Means should be readily available of establishing the existence and nature of personal data, and the main purpose of their use, as well as the identity and usual residence of the data controller.
Individual Participation Principle
An individual should have the right:
- To obtain from a data controller, or otherwise, confirmation of whether or not the data controller has data relating to that person;
- To have communicated to the person, data relating to that person:
- within a reasonable time
- at a charge (if any) that is not excessive
- in a reasonable manner; and
- in a form that is readily intelligible
- To be given reasons if such request is denied, and to be able to challenge such denial; and
- To challenge data relating to the person and if the challenge is successful, to have the data erased, rectified, completed or amended.
A data controller should be accountable for complying with measures which give effect to the principles stated above.