Acceptable use of IT services

These regulations apply to anyone using IT services provided by York St John University, including but not limited to all online services, systems, telephony, mobile phones, apps, software, data, networks, hardware, third-party services and IT credentials whether accessed from on campus or from personal networks and/or devices. These regulations form part of the regulatory framework applying to staff and students at the University.

The IT facilities are provided for use in furtherance of the mission of York St John University, primarily to support a course of study, research or in connection with your employment or course of study at the institution.

Use of these facilities for personal activities (provided that it does not infringe any of the regulations, and does not interfere with others’ valid use) is permitted, but this is a privilege that may be withdrawn at any point.

Use of these IT facilities for non-institutional commercial purposes, or for personal gain, is not permitted other than with explicit approval acquired in advance from the Chief Information Officer.

Use of certain licences is only permitted for academic use and where applicable to the code of conduct published by the Combined Higher Education Software Team (CHEST).

Physical world standards of behaviour apply online and on social networking platforms, including, but not limited to, LinkedIn, Facebook, WordPress, Instagram and X.

Always treat all individuals with fairness and respect and ensure you engage respectfully with others online and on social networking platforms. Never cause needless offence, concern or annoyance to others and do not harass or discriminate against people based on protected characteristics (age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, religion or belief, sex, sexual orientation).

York St John University supports lawful freedom of speech and academic freedom, as protected under the Higher Education (Freedom of Speech) Act 2023. Users are entitled to express lawful views and opinions via the university’s IT facilities, provided such expression is respectful, responsible, and complies with applicable laws, including those relating to harassment, hate speech, defamation, and incitement.

Ensure you adhere to university policies and avoid illegal activities, including promoting extremist views or terrorism-related content.

Always use IT resources efficiently and avoid excessive consumption of resources like bandwidth or processing power, avoid sending spam (unsolicited bulk email or social media messages).  Do not use York St John University’s IT facilities to advertise or promote any commercial interests.

Ensure you use the IT facilities in a way that does not interfere with others’ valid use of them.

Take all reasonable precautions to safeguard any IT credentials (for example, your username and password, email address, smart card or other identity hardware) issued to you. Keep your credentials private and secure and ensure your credentials are not shared with others. Remember, no one has the authority to ask you for your password, never disclose it to anyone.

Represent your identity accurately and authentically and avoid misleading others about your identity online, do not obtain or use anyone else’s credentials or impersonate others when using IT facilities.

If circumstances require someone to access IT facilities on your behalf (for example, a personal assistant or carer) or to gain access to another’s account or information (for example, a manager in the case of staff who are absent), please contact IT Support who will be able to offer advice and/or authorisation.

Maintain the integrity of IT infrastructure by:

• Using equipment responsibly without causing damage, reconfiguration, or unauthorized movement of equipment.
• Only installing software approved by the University following the security measures in place.
• Only reconfiguring and/or connecting devices to the network using approved methods.
• Only setting up servers or services on the network with the support of ITS.
• Avoiding actions like introducing malware or bypassing IT security measures.
• Reporting lost or stolen equipment immediately and ensuring any equipment allocated to you remains with you and is not passed on to any other person without informing ITS.
• Reporting cybersecurity incidents (such as phishing, ransomware, breaches) immediately to IT Support.

If you handle personal, confidential or sensitive information, you must take all reasonable steps to safeguard it and should be aware of and follow the requirements of the Data Protection Act (2018) and the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR).  Take particular care with removable media, mobile and privately owned devices.

Respect copyright and software license agreements and ensure that you do not infringe copyright or break the terms of licences for software or other material.

Ensure you only access, delete, modify, or disclose information belonging to other people with their permission or explicit approval from the Chief Information Officer or the University Secretary.

Always use IT facilities for lawful purposes and ensure you discuss any valid activities involving sensitive material with the Chief Information Officer before proceeding (such as research material). Ensure that you do not create, download, store or transmit unlawful material, or material that is indecent, offensive, threatening, discriminatory, and/or considered extremist, that encourages terrorism or risks drawing people into terrorism.

York St John University may monitor and record the use of its IT facilities for the purposes of:

• The effective and efficient planning and operation of the IT facilities.
• Detection and prevention of infringement of these regulations.
• Investigation of alleged misconduct.
• Any other lawful purpose as may arise or be imposed upon the University.

York St John University will comply with lawful requests for information from government and law enforcement agencies.

You must not attempt to monitor the use of the IT facilities without explicit authorisation from the Chief Information Officer, or if compelled to do so by legal order, in which case the Chief Information Officer should be informed and involved in so far as the conditions of such order allow.

When using IT, you remain subject to the same laws and regulations as in the physical world.

It is expected that your conduct is lawful, and ignorance of the law is not considered to be an adequate defence for unlawful conduct.

When accessing services from another jurisdiction, you must abide by all relevant local laws, as well as those applicable to the location of the service.

Always abide by the regulations applicable to any other organisation whose services you access such as Jisc, including those governing use of the university’s “Janet” Internet connection, Eduroam, and Eduserve.

When using Eduroam, you are subject to both the regulations of York St John University and the institution where you are accessing services.

Some software licences procured by York St John University will set out obligations for the user – these should be adhered to. If you use any software or resources covered by a CHEST agreement, you are deemed to have accepted the Eduserv User Acknowledgement of Third Party Rights.

Breach of any applicable law or third party regulation will be regarded as a breach of these IT regulations.

These regulations are issued under the authority of the Chief Information Officer who is also responsible for their interpretation and enforcement, and who may also delegate such authority to other people.

Ensure that you always have permission from Innovation and Technology Services to use IT facilities.

Ensure that you always comply with any reasonable written or verbal instructions issued by people with delegated authority in support of these regulations. If you feel that any such instructions are unreasonable or are not in support of these regulations, you may appeal via IT Support, for the attention of the Chief Information Officer.

Any infringement may result in disciplinary action, removal of offending material, or legal consequences.

These regulations will be reviewed every three years and are subject to approval by Academic Board.

Infringing these regulations may result in action or sanctions under the institution’s safeguarding or disciplinary processes.  Offending material may be removed, and York St John University will not be liable for any loss as a result of such removal.

Depending upon the nature of the infringement, you may also face criminal charges or civil action brought by other parties.  Information about infringement may be passed to appropriate law enforcement agencies, and any other organisations whose regulations you have breached.

York St John University reserves the right to recover from you any costs incurred as a result of your infringement.

If you become aware of any breach of these regulations, report it to IT Support.