2017-18
Regulations and Code of Conduct for the Use of ICT Facilities in the University of Glasgow
Introduction
30.1 These Regulations apply to the use of all University ICT by all staff, students, consultants, contractors, visiting and Honorary staff, affiliates, volunteers and others granted access. This includes use of any University ICT accessed over the campus data network or remotely via the Joint Academic Network (JANET) or otherwise whether through University supplied, third party supplied or the User’s own personal devices (including personal computers, smartphones and tablets).
- Part A describes the University’s policy for the acceptable use of University ICT.
- The Regulations in Part B contain general rules applicable to all Users of University IT. It is the responsibility of Users to become familiar with the Rules that apply to the particular Systems or Facilities that they utilise for University purposes.
- The Regulations in Part C relate to the permitted uses of digital content and software and includes the 'Code of Practice for the use of Software' described therein. They also include provisions relating to use of personal data and application of the 'Data Protection Principles'.
- Part D relates to misuse of University ICT and the sanctions and disciplinary procedures that apply. Any Users of University ICT who breach these Regulations may be dealt with under the appropriate Disciplinary Procedures in force within the University of Glasgow.
Definitions
In these regulations (including the Introduction) the following words and expressions have the meaning given to them below:
‘University ICT’
information and communication technology systems (including software, hardware, data networks and digital content) made available by the University for use by staff, students, consultants, contractors, visiting and Honorary staff, affiliates, volunteers and others;
‘Appropriate Authority’
an individual or organisational unit under whose control an ICT System or Facility is placed;
‘User’
any person or persons granted authority to use an ICT System or Facility. Authority will only be granted to a person where that person agrees to be bound by these Regulations;
‘UserID’
a form of unique identifier which is given to a User by the Appropriate Authority which, together with a personal password of the User, is used to identify and authenticate the User when accessing any University ICT.
Part A: Acceptable Use
30.2 The use of University ICT is subject to the following conditions of acceptable use.
- The University ICT is provided for bona fide University business, teaching, research and study purposes. Incidental personal use of the University’s campus data network, file store, email and Internet access is permitted only so long as it is reasonable and in full compliance with these Regulations. Personal use is a privilege and not a right. It must not be overused or abused. We may withdraw permission for it at any time or restrict access at our discretion. Permission to access and use University ICT Systems is given on the understanding that it is used only for approved purposes and only by the person or persons authorised to use them.
- All staff use of University ICT must be consistent with all terms and conditions in contracts of employment and with the University Human Resources Policies that are to be found on the Human Resource web site. All student use of ICT Systems and Facilities must be consistent with the Code of Student Conduct that is to be found on the Senate Office web site. Your use should not involve access to or publication of material of a nature which might bring discredit to you or the University.
- Before you can have access to and use any University ICT you must be registered as a User. Whether you are a student or member of staff of the University or you are a visitor or guest, you are required to adhere to the University's Policies, Guidelines and procedures. If your status is properly recorded in the relevant administrative databases you can be registered as a User by a standard process. If you are not a student or a member of staff, as part of the registration process you will give an undertaking that you have read these Regulations and agree to be bound by them. Copies of these regulations may be posted on notice boards and are published in the University Calendar.
- When you are registered to use University ICT, you will be given a UserID and a password, referred to as a ‘GUID’. This UserID is your personal identification and along with your password serves to authenticate you to the system and to grant access to the Systems and Facilities that you are authorised to use.
- Your use of University ICT should not interfere with or cause difficulties for other users, nor may you by any wilful or deliberate or negligent act endanger the integrity of networks, equipment, system programs or stored information.
- As a User you will have access to University electronic mail facilities. These are provided to improve communications among staff and students for matters relating to their roles within the University. It should be noted that sending electronic mail to a mailing list or to a specific list of recipients constitutes publishing and the university as well as the individual(s) concerned may be held responsible for the content of any such publication.
- There are many ways that as a User you will be able to make information available to other users and contribute to relevant discussion and debate, both internally and with other Users of the University's network and externally with users of other networks (including the Internet). In particular, you may publish material on web sites or by contributing to collaboration facilities or social networking sites. It should be noted that these activities constitute publishing the contents or contribution and the University as well as the individual(s) concerned may be held responsible for the content of any such publication.
- Access to or publication of material of a pornographic, criminal or offensive nature including material promoting terrorism is not permitted. The University has a statutory duty to have due regard to the need to prevent people being drawn into terrorism. If you need to work with any questionable material that is essential as part of your particular University work, research or study you must clear this use in advance with your Head of College/ School/Research Institute/Service and the Director of IT Services must be notified.
- Users may conduct work that involves the use of systems, facilities or data belonging to other organisations, including NHS Scotland, local and national government departments and commercial organisations. It is the User’s responsibility to ensure that they are aware of and comply with the policies, rules and regulations of both the University of Glasgow and these external organisations, so as to protect the User’s own, the University’s and the external organisation’s interests.
- The University may monitor communications but this is always in the context of what is permitted by relevant legislation and University policies. Whilst the University operates on the basis of trust, if there are reasonable grounds for suspecting that an individual is engaging in activities which are in breach of any of the Regulations or of the various guidelines, the University reserves the right to investigate fully. In the event that misuse is suspected, the University will take appropriate action to investigate the matter which may include direct monitoring of the use made by the User. Such monitoring will require the permission of the University Secretary or his/her nominee. If misuse is established, disciplinary action will be taken, including referring the matter to the Police should the University consider that an offence may have been, or may be, committed.
Part B: General Rules
- The Appropriate Authority controlling any element of the University ICT has the power to set out the conditions of use of that element by a User and to modify these from time to time.
- The conditions of use will include identifying and authenticating the User when accessing any University ICT, through appropriate UserIDs and passwords or other verification mechanisms. The authority granted to a User to use any University ICT is limited to the User to whom authority has been granted, in particular:
a) authority given to a User may not be extended or transferred to any other person or persons;
b) a User will not allow any other person (whether another User or otherwise) to access any University ICT by way of his/her personal UserID and personal password and is required to keep that password secret;
c) a User will not use or attempt to use any University ICT using someone else's UserID and password, nor attempt to find out another user’s UserID or password;
d) a User must not use or access any University ICT for any illegal or unauthorised purpose, nor attempt to gain access to information or facilities to which they have not been granted authorisation;
e) a User must not store or to make publicly accessible any data, text, image or programme which is unlawful or does not accord with the aims or objectives of the University;
f) a User’s permissions to access University ICT will terminate when he/she ceases to be a member of staff, student, consultant or otherwise following the expiry of the period in which that User (e.g. a visitor) has been permitted access.
'Hacking' and other unauthorised use of University ICT, whether situated on University premises or elsewhere, is explicitly forbidden and may constitute an offence under the Computer Misuse Act 1990.
- Users must ensure that their use of University ICT complies with all applicable UK and International laws and relevant University policies.
- Users of University ICT using computing equipment owned, leased or operated by the University must comply with the conditions as set down by any Appropriate Authority within the University. Users must ensure that network connections are not utilised for unauthorised access to University or external systems. Users with requirements for network usage extending beyond the normal teaching, research and administrative activities of the University should consult the Director of IT Services before any commitments are made. Special rules may apply which will cover payments due to the University for the use of its equipment and will protect the University from any claims for damages etc. which may arise from such use.
- Users may be permitted to access and use certain elements of the University ICT through devices that are their personal property (such as computers, tablets and smart phones) but these Regulations and all policies concerning data, communications and security apply to any such use.
- In managing University ICT, IT Services will take reasonable care to prevent the corruption or loss of information and data held on the University’s own servers. It cannot however guarantee the integrity of information stored on its equipment. It is therefore the responsibility of the User to satisfy himself/herself that there are adequate backup arrangements for valuable information. IT Services will only accept responsibility for attempting to recover data that has been stored on a system that is backed by the University. University ICT is managed to ensure high availability, but the University cannot accept responsibility for inconvenience caused to Users by breakdown or unavailability of equipment.
- Any commercial exploitation of programs developed using University ICT must be carried out according to regulations issued by the University from time to time. Information on these regulations can be obtained from Researc, Strategy & Innovation Office.
Part C: Rules Concerning Data, Digital Content and Software
- When using software, information, images and other digital content such as music or films, it should be understood that virtually all of this material is subject to copyright. Copies of material may not be made or stored without the approval of the copyright owner. Users must ensure that all the requirements of the agreements or contracts under which licensed software or other content is made available to and by the University (including Public Domain 'Shareware' or Fair Dealing conditions of use) are met and must comply with any published usage restrictions. In particular, users must also comply with the Code of Practice for the Use of Software, given below.
Code of Practice for the Use of Software
30.3 Most of the software supplied to Users through the University is licensed for Educational Use only. Those Users wishing to use software or systems for consultancy or commercial activity should ensure that either the University licenses permit this type of activity or that they arrange to licence a copy/copies of the appropriate software specifically for the activities concerned. If in doubt, users should consult the IT Helpdesk.
a) Software will be used for educational purposes only, unless explicit arrangements have been made for other purposes. A definition of 'Educational Use' is provided below.
b) The University will maintain a record of software available centrally for use in the University together with details of licensing arrangements. (Records of centrally licensed software are maintained by IT Services, whilst Colleges and Schools are responsible for maintaining lists of software currently held and for establishing the legality of all their holdings.)
c) All Users of software are expected to make themselves aware of the conditions under which it may be used before starting to use a particular product.
d) Software may not be copied for use on machines or by people, within or outwith the University, where such use is not covered by an appropriate licence.
e) In the event of termination of the licence, Users will be notified and must endeavour to remove all active copies of the software and take steps to ensure that archive copies are not used.
Definition of 'Educational Use'
30.4 The Educational Use of a Software Product or other Digital Content is the use by any person authorised under the terms of the Licensee for the purposes of the normal business of an Educational Establishment. Such use includes the following:
a) Teaching;
b) Research;
c) Personal educational development;
d) Administration and management of courses and the educational policy of the Educational Institution;
e) Development and/or support activities associated with any of the above.
30.5 The following are excluded:
a) Consultancy or services where the Software or Digital Content is commercially exploited.
b) Work of significant benefit to the employer of students on industrial placement or part-time courses.
- The protection of personal data (that is data that can be used to identify a living individual) is governed by the Data Protection Act 1998 and any holdings of personal data must be registered internally with the University's Data Protection Officer. Users processing, storing or transmitting personal data are responsible for ensuring that this is carried out in accordance with the Act and with its eight Data Protection Principles. The control of students using such data is the responsibility of the member of staff supervising them. All Users should comply with the University’s Data Protection Policy and Guidelines and must treat as privileged any personal information concerning others which may become available to them through their use of University ICT; no part of such information may be copied, modified, disseminated or used without the permission of the appropriate person or authority.
- Users of personal or other confidential data must take appropriate security measures against unauthorised access to, or alteration, disclosure or destruction of, that data and against its accidental loss or destruction. The Guidelines for handling Confidential Data (www.gla.ac.uk/services/it/informationsecurity/confidentialdata/) are designed to provide a secure framework within which confidential material may be protected and must be followed.
Part D: Misuse of ICT Systems and Facilities
- The Director of IT Services or his/her nominee shall have the power to remove from the University data network, any system or facility which is interfering with the operation of the network or which is being used for purposes which contravene these Regulations.
- The University Secretary or his/her nominee shall have the power to withdraw access to any or all University ICT from any person deemed to be in breach of these Regulations, any applicable legislation or relevant University policy, and to require the modification or deletion of personal data in order to ensure compliance.
- In the event of an apparent breach of these Regulations by a User, the Director of IT or Services or his/her nominee has the authority summarily to withdraw access to the facilities allowed to the User.
- Where a student violates these Regulations, minor infringements shall be dealt with by the Director of IT Services or his/her nominee. The Director of IT Services may report major breaches of these Regulations to the Clerk of Senate for action under the Code of Student Conduct where there was prima facie evidence of intention to breach these Regulations, and where sanctions beyond those set out in these Regulations might be invoked.
- Where a member of staff violates the Regulations, the matter will be dealt with via the Disciplinary Procedures defined by Human Resources and available via their web site.