Acceptable Use Policy for University ICT systems

1. Scope

These regulations apply to anyone using the IT facilities (hardware, software, data, network access, third party services, online services or IT credentials) provided or arranged by York St John University.  These regulations form part of the regulatory framework applying to students of the University.

 

2. Intended use

The IT facilities are provided for use in furtherance of the mission of York St John University, primarily to support a course of study, research or in connection with your employment or course of study at the institution.

Use of these facilities for personal activities (provided that it does not infringe any of the regulations, and does not interfere with others’ valid use) is permitted, but this is a privilege that may be withdrawn at any point.

Use of these IT facilities for non-institutional commercial purposes, or for personal gain, is not permitted other than with explicit approval acquired in advance from the Director of Information Learning and Estates.

Use of certain licences is only permitted for academic use and where applicable to the code of conduct published by the Combined Higher Education Software Team (CHEST). See the accompanying guidance for further details.

 

3. Behaviour

Real world standards of behaviour apply online and on social networking platforms, such as, but not limited to, Facebook, Wordpress and Twitter.

You must not:

  • cause needless offence, concern or annoyance to others. You must not harass people or discriminate against people based on protected characteristics (age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, religion or belief, sex, sexual orientation.)
  • send spam (unsolicited bulk email or social media messages), or advertise or promote commercial interests using York St John University’s IT facilities.
  • deliberately or recklessly consume excessive IT resources such as processing power, bandwidth or consumables.
  • use the IT facilities in a way that interferes with others’ valid use of them.
  • use IT facilities for illegal purposes, including the distribution, promotion or expression of extremist views that risk drawing people into terrorism or are shared by terrorist groups.

 

4. Identity

You must take all reasonable precautions to safeguard any IT credentials (for example, a username and password, email address, smart card or other identity hardware) issued to you. You must not allow anyone else to use your IT credentials. Nobody has the authority to ask you for your password and you must not disclose it to anyone.

You must not attempt to obtain or use anyone else’s credentials.

You must not impersonate someone else or otherwise disguise your identity when using the IT facilities.

In some cases you may consider it necessary for others to use IT facilities on your behalf (e.g. a personal assistant or carer) or to gain access to another’s account or information (e.g. a manager in the case of staff who are absent).  In such cases please contact Information Learning Services ServiceDesk who will be able to offer advice or authorisation.  See the accompanying guidance for further details.

 

5. Infrastructure

You must not do anything to jeopardise the integrity of the IT infrastructure by, for example, doing any of the following:

  • Damaging, reconfiguring or moving equipment;
  • Loading harmful software onto University owned equipment, or circumventing any measures in place to prevent the loading of software onto such equipment;
  • Reconfiguring or connecting equipment to the network other than by approved methods;
  • Setting up servers or services on the network;
  • Deliberately or recklessly introducing malware;
  • Attempting to disrupt or circumvent any other IT security measures.

 

6. Information

If you handle personal, confidential or sensitive information, you must take all reasonable steps to safeguard it and should be aware of and observe the requirements of the Data Protection Act (1998) and the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR).  Particular care should be taken with regard to removable media, mobile and privately owned devices.

You must not infringe copyright, or break the terms of licences for software or other material.

You must not attempt to access, delete, modify or disclose information belonging to other people without their permission, or explicit approval from the Director of Information Learning and Estates or the University Secretary.

You must not create, download, store or transmit unlawful material, or material that is indecent, offensive, threatening, discriminatory, and/or considered extremist, that encourages terrorism or risks drawing people into terrorism. Valid activities involving the use of such material should be discussed and agreed with the Director of Information Learning and Estates in advance of access or usage.

 

7. Monitoring

York St John University may monitor and record the use of its IT facilities for the purposes of:

  • The effective and efficient planning and operation of the IT facilities;
  • Detection and prevention of infringement of these regulations;
  • Investigation of alleged misconduct;
  • Any other lawful purpose as may arise or be imposed upon the University.

York St John University will comply with lawful requests for information from government and law enforcement agencies.

You must not attempt to monitor the use of the IT facilities without explicit authorisation from the Director of Information Learning and Estates, or if compelled to do so by legal order, in which case the Director of Information Learning and Estates should be informed and involved in so far as the conditions of such order allow.

 

8. Governance

When using IT, you remain subject to the same laws and regulations as in the physical world.

It is expected that your conduct is lawful, and ignorance of the law is not considered to be an adequate defence for unlawful conduct.

When accessing services from another jurisdiction, you must abide by all relevant local laws, as well as those applicable to the location of the service.

You must abide by the regulations applicable to any other organisation whose services you access such as Jisc, including those governing use of the University’s “Janet” Internet connection, and Eduserv.

When using Eduroam, you are subject to both the regulations of York St John University and the institution where you are accessing services.

Some software licences procured by York St John University will set out obligations for the user – these should be adhered to. If you use any software or resources covered by a CHEST agreement, you are deemed to have accepted the Eduserv User Acknowledgement of Third Party Rights. (See accompanying guidance for more detail.)

Breach of any applicable law or third party regulation will be regarded as a breach of these IT regulations.

 

9. Authority

These regulations are issued under the authority of the Director of Information Learning and Estates who is also responsible for their interpretation and enforcement, and who may also delegate such authority to other people.

You must not use the IT facilities without the permission of Information Learning Services.

You must comply with any reasonable written or verbal instructions issued by people with delegated authority in support of these regulations. If you feel that any such instructions are unreasonable or are not in support of these regulations, you may appeal via the Information Learning Services ServiceDesk, for the attention of the Director of Information Learning and Estates.

These regulations will be reviewed every three years and are subject to approval by Academic Board.

 

10. Infringement

Infringing these regulations may result in action or sanctions under the institution’s safeguarding or disciplinary processes.  Offending material may be removed, and York St John University will not be liable for any loss as a result of such removal.

Depending upon the nature of the infringement, you may also face criminal charges or civil action brought by other parties.  Information about infringement may be passed to appropriate law enforcement agencies, and any other organisations whose regulations you have breached.

York St John University reserves the right to recover from you any costs incurred as a result of your infringement.

You should inform Information Learning Services ServiceDesk if you become aware of any infringement of these regulations.

Cookie Settings