The following two sections detail the user email policy principles at Rose Bruford College that must be followed by all users. In the event that users are not clear of any policy principles they should seek clarification from the ICT ManagerHead of IT.
These are the essential principles of the email security policy which must be followed by all email users, whether, employees or directors:
- Email facilities are intended for business use. A limited amount of personal use is allowed subject to management agreement;
- All college emails sent to external email addresses will have a corporate signature added (see below for template);
- The college corporate email signature template (see below) must not be altered or removed on any external email communication;
- Emails which may be considered libellous, or otherwise detrimental to Rose Bruford College, must not be transmitted internally or externally to the organisation;
- Emails which are offensive in e.g. a racial, sexual, religious, ethnic, or any other nature are not permitted to be transmitted using email;
- Unsolicited emails such as Spam should be deleted and must not be passed on to other internal or external email addresses;
- Emails that are clearly not business related and are in any way suspicious, e.g. “meaningless” sender, subject or attachment name must be deleted;
- Emails that are of a “phishing” nature or scams that are unsolicited but prompting for any sensitive information such as credit card details, PINS, passwords by way of a hyperlink to a site that even appears authentic must not be opened, or forwarded and should be deleted (some legitimate emails may contain links to a site logon page, for example as a result of the user selecting the “forgotten password” link on a legitimate website;
- Staff and students should not create, store or automatically forward college emails to an outside email address;
- The authenticity of an external email origin as stated in the email header must not be relied upon, in particular for requests for information;
- Users are accountable for usage of their own email accounts and must not share their own password with other individuals;
- Users should not send confidential or highly sensitive personal information externally without using additional security measures such as encryption;
- Failure to comply with any of the above policies principles may result in disciplinary action.