Conditions of use of IT resources
11. CONDITIONS OF USE OF IT RESOURCES (ACCEPTABLE USE POLICY)
Any person using College IT resources (referred to as a “user”) agrees and accepts that:
11.1 College IT resources are all hardware, software, services and resources made available for the College business. They include all computer networks, wired or wireless, computers, printers, mobile devices, storage, audio visual systems, and associated information services including Cloud services;
11.2 he/she must understand and abide by the advice provided in the Be Secure web pages and must enrol and complete the College’s Information Security Awareness training;
11.3 use of College IT resources, and their use to access non-College IT resources, must be for the purpose of College research, teaching, coursework, associated administration or other authorised use. No private commercial work is permitted without prior authorisation;
11.4 College business should be conducted only on information services provided by the College. Using non-College information services to carry out College business puts College data at risk and therefore is not allowed except with sufficient justification. For example, Qualtrics should be used instead of SurveyMonkey, Box or OneDrive instead of Dropbox, and College email instead of Gmail, Hotmail, etc;
11.5 reasonable personal use of College IT resources is permitted provided such use does not disrupt the conduct of College business or other users. Recreational use of the Halls of Residence network is also permitted, subject to these conditions;
11.6 it is not permitted to connect active network devices such as network switches, hubs, wireless access points and routers to the College network. All IP addresses will be allocated and administered only by ICT;
11.7 he/she may not grant access to College computing services to non-College staff or students except where expressly permitted to do so in writing.
11.8 when using College IT resources the user must comply with the College’s Information Security Policy including this Acceptable Use Policy, JANET Acceptable Use Policy, and all relevant statutory and other provisions, regulations, rules and codes of practice. Specifically, but not exclusively, the user must:
11.8.1 not disclose to others their College password and must understand and abide by “Code of Practice 4: Passwords”;
11.8.2 not access or attempt to access IT resources at College or elsewhere for which permission has not been granted or facilitate such unauthorised access by others;
11.8.3 not use or produce materials or resources to facilitate unauthorised corruption, changes, malfunction or access to any IT resources at the College or elsewhere, e.g. port scanning;
11.8.4 not display, store, receive or transmit images or text which could be considered offensive or which is likely to bring the College into disrepute, e.g. material of a pornographic, paedophilic, sexist, racist, libellous, threatening, defamatory, illegal, discriminatory, or terrorist nature;
11.8.5 not forge email signatures and/or headers, initiate and/or forward 'chain' or 'junk' or 'harassing' email, must not impersonate others in electronic communication and generate junk or offensive communications and must understand and abide by “Code of Practice 2: Electronic Messaging”;
11.8.6 ensure all mobile devices they access College resources with are encrypted by an appropriate encryption software, and pin or password protected;
11.8.7 respect the copyright of all material and software made available by the College and third parties and not use, download, copy, store or supply copyrighted materials including software and retrieved data other than with the permission of the copyright holder or under the terms of the licence held by the College;
11.8.8 when holding data about living individuals, abide by the College’s Data Protection Policy, to process information (that is, collect, use, share and dispose of) in accordance with the Principles of the data protection legislation. Students must not keep personal data concerning individuals in connection with their academic studies/research without the express approval from their Head of Department;
11.8.9 when responsible for information assets as an identified Information Asset Owner, understand and abide by their responsibilities as defined in “Code of Practice 1: Data privacy impact assessment”;
11.8.10 be aware that all information assets created/owned/stored by the user on or connected to College IT resources may, in the instance of suspected wrong doing, be subjected to inspection by College or by statutory authorities. Should the information be encrypted the user shall be required to and must provide the decryption key;
11.8.11 establish what the terms of the licence are for any material and software which he/she uses through any platform and must not breach such licences including those which relate to “walk-in” access to particular materials which should only be accessed in Imperial College Libraries.
11.9 As provided by the “Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000”, made under the “Regulation of Investigatory Powers Act 2000” and “Prevent Duty Guidance” as directed by the “Counter-Terrorism and Security Act 2015” the College will intercept and monitor electronic communications for the purposes permitted under those Regulations in accordance with “Code of Practice 3: Inspection of Electronic Communications and Data”.
11.10 In the event of a suspected or actual information security incident or an unacceptable network event, the Director of ICT may decide to take any action necessary to remedy the situation. This may include blocking access by users to systems and examination of any devices connected to the network.
11.11 In the event of further examination required, ICT may take action to examine any systems on the College network by express permission from the College Secretary.
11.12 Other than as per any applicable statutory obligation, the College will not be liable for any loss, damage or inconvenience arising directly or indirectly from the use of, or prevention of use of, any IT resource provided and/or managed by the College.
11.13 Whilst the College takes appropriate security measures against unauthorised access to, alteration, disclosure, destruction or accidental loss of personal and other data it cannot and does not give any warranties or undertakings to the user about security, confidentiality or integrity of data.
11.14 Users’ name, address, photograph, status, e-mail name, login name, alias, College Identifier (CID) and other related information will be stored in computerised form for use for administrative and other purposes e.g. monitoring system usage.
11.15 These conditions apply to non-College owned equipment e.g. personal Laptops, home PCs when connected to the College network, directly and/or via the VPN, for the duration that the equipment is using the College network.
11.16 Breach of these conditions may lead to College disciplinary procedures being invoked, with penalties which could include suspension from the use of all College IT resources for extended periods and/or fines. Serious cases may lead to expulsion or dismissal from the College and may involve civil or criminal action being taken against the user.
11.17 If you have any questions, contact ICT’s Service Desk.
11.18 All guests using College IT facilities and/or the College internet connection must be known to a member of College as their sponsor. Sponsors must be able to identify and take responsibility for the actions of their individual guests. For further information regarding the setup of guest accounts, refer to ICT’s Guest Accounts page.
27 April 2018 Approved by the Provost Board