Northern College Information Communication Technologies User Policy

Northern College ICT User Policy

Northern College Information Communication Technologies User Policy

Objective

The objective of this policy is to provide a set of standards by which all users of ICT systems at the College will abide.

Scope

This policy applies to all users of ICT systems at The Northern College. It is essential that all users read, and abide by these guidelines and make themselves aware of their responsibilities and the potential liabilities of using ICT systems. “ICT Systems” means, any piece of computing equipment, printer, photocopier, telephones, network and attached equipment. This is not an exhaustive list and in the case of any doubt, clarification should be sought from Senior Management.

We seek to preserve:

· Confidentiality: data and information can only be seen by those authorised to see it and can only be changed by those allowed to change it.

· Integrity: the data is complete, accurate, up to date and relevant and the system is operating as per the specification.

· Availability: information and services are delivered to the right person when they are needed.

· Accountability: all activity can be traced back to the originator.

We will attempt to make sure that:

· Information will be protected against unauthorised access.

· Regulatory and legislative requirements will be met. This includes compliance with the PREVENT duty, as set out in in the Counter-Terrorism and Security Act 2015

· Business continuity plans will be produced, maintained and tested.

· Breaches of the IT User Policy will be reported and investigated by the appropriate staff.

· Computer systems are used to enable the College to meet its mission.

The Northern College expects and encourages both students and staff to make full and productive use of the available ICT facilities. The College recognises that the use of telecommunications and electronic technologies will play a growing role in the process of teaching and learning and that ICT will play an increasing role in the effective delivery and management of the College services.

General ICT Usage

ICT systems must be treated with care and used only in accordance with its intended purpose.

Equipment must not be used if there is reason to believe that it may not be in safe working order. Any apparent fault with hardware should be reported to ICT Support.

The use of any ICT equipment for downloading, storage, printing and/or transmission of materials which the College considers to be obscene and/or offensive is strictly prohibited. Some examples are - pornographic, obscene, violent, extremist, offensive, copyrighted material etc. Music or other copyrighted media should not be stored on the College network.

Users must take all reasonable steps to exclude and avoid the spread of malicious software, and must co-operate fully with all measures put in place by The Northern College to prevent the spread of such software. If users wish to install software from third parties approval should be sought from ICT Support.

Computer programs on the College systems are protected by copyright. The College has the appropriate licences for all of the software on its systems. Users must comply with all their legal obligations concerning copyright, and must not copy any software or other data without the prior authorisation from the copyright owner. Such action would be in breach of copyright law.

Authorisation from the copyright owner does not constitute permission to store, execute or download on the College network.

Priority must be given to use of resources for work or educational use.

Personal use must not:

Be of a commercial or profit-making nature, including private consultancy, or for any other form of personal financial gain. This includes using the email system for advertising items for sale.
Be of a nature that competes or conflicts with the College in any way.
Be excessive.

If users are in any doubt about what constitutes acceptable and appropriate use, they should seek the advice and guidance from their line manager, personal tutor or the ICT department.

You are responsible for safeguarding your password; your password should not be printed, stored online or given to anyone else.

The Northern College operates a password complexity policy.

Password history 3 passwords remembered

Password age 90 days

Password length 7 characters

Complexity enabled

A computer must never be left unattended whilst logged on in a publicly accessible place. This is a serious breach of the ICT User Policy.

The Network

The Northern College provides a high speed network infrastructure using both wireless and fixed cabling technologies. Whilst the fixed network points on walls may look alike, they connect to a variety of configurations. For this reason, any network moves (including telephones) must only be carried out by ICT Support staff.

The College provides both desktop and laptop computers that have been configured specifically for the tasks that they perform. College owned computers are configured to link directly to security systems, such as Anti-virus systems, that are approved and managed by the College. Users must not, under any circumstances, connect any unauthorised equipment to the College network without first seeking approval from the Network Manager.

The College provides “guest” wireless access to an unsecure zone on the network; this can be accessed by connecting your device to “NC Guest” and accepting terms and conditions. This is a restricted zone, offering minimal services to users. Permission to connect to this system is not an automatic right and may be withdrawn at any time.

The e-mail system is not a secure means of communication. It is your responsibility to make sure it is used appropriately.

The College reserves the right to access and disclose the contents of a user’s e-mail messages in accordance with its legal and audit obligations and for legitimate operational purposes.

· If you receive a virus warning from any source, send it to the Network Manager only.

· Delete mail once it has been dealt with in order to conserve disk storage space. The College E-mail facilities are not intended to act as filing systems.

Don’t

· Send offensive, abusive, sexist or anonymous messages.

· Send indiscriminate e-mail to groups of users.

· Subscribe to user/news groups or mailing lists on the Internet that result in large quantities of Internet traffic. The College reserves the right to block e-mail on entry in these circumstances.

Internet Access

All internet traffic is monitored logged and recorded. Inappropriate use contrary to that detailed in General ICT usage will be reported.

· Only use your personal account to access the Internet.

· Logoff when you have finished using the computer.

· Log off computers when you are away from your desk.

Don’t

· Access the Internet from an account other than your own

· Download unauthorised or unlicensed software.

· Access, view or download information, graphics, pictures etc. that are deemed to be defamatory, obscene, racist, sexist or may be of a criminal nature. This could include material that incites racial hatred, condones and encourages support for terrorism and forms of extremism leading to terrorism.

· Use the Internet to set up or run a personal business.

In the interests of information security, the College restricts access to certain sites and prevents the downloading of certain types of file and content. You must not download, or attempt to download programs, viruses, hacking tools, and copyrighted material. You must not access, or attempt to access, sites which offer or promote such downloads. If you are in any doubt, contact ICT Support.

Any attempt to bypass any filtering or security system may lead to disciplinary action and may be treated by the College as gross misconduct.

If you have a legitimate request to download something that is blocked by one of the College security systems, you should submit a request to the Network Manager who will evaluate the request and take the appropriate action.

Laptops and iPads issued to staff/students remain the property of Northern College. Additional software should only be installed with the permission of ICT Support

Any unlicensed or unauthorised software found will be removed.

It is the user’s responsibility to make sure any equipment taken off site is adequately insured, and returned in the condition it was issued.

Access to data and information

All users must comply with the law, Ignorance of the law is neither defence nor excuse

· Notify the College Vice Principal (Residential and Administrative Services) [VP(R&AS)] of the use or change of use of data or information.

· Pass any request for personal or confidential data or information to the College VP(R&AS) immediately.

· Periodically review the use and need for any stored data or information

· Check the integrity of the data or information.

· Sensitive, confidential or personal printouts that are no longer required should be placed in the confidential waste bins provided.

Don’t

· Divulge personal or confidential data or information to anyone without authority.

· Leave printouts, fax messages, or any storage media unsecured.

· Send personal or confidential data or information via the e-mail system unencrypted.

· Send personal or confidential data or information via an unprotected fax system.

· Leave visitors unattended in areas where there is access to personal or confidential data or information.

· Leave secure areas unlocked.

PCI DSS Compliance

All College EPOS systems must be compliant with PCI DSS requirements.

Only approved college departments/staff are allowed to process card payments.

No card data is transmitted over the College IP network.

No track data from the magnetic stripe, magnetic stripe image on the chip, or elsewhere (card electronic data) must be stored.

Reporting Incidents

The College will investigate all security incidents. It is the responsibility of staff and students to report any such incidents in accordance with the information in this policy.

A security breach is:

· Any action that results in or potentially could result in the loss or damage to College assets and data.

· The unauthorised access to or disclosure of data and information.

· Any lapse in security.

Responsibilities

The VP (R&AS) has executive responsibility for information security. S/he will maintain overall responsibility for determining appropriate sanctions, reporting on security incidents to the College’s Senior Management Team and reviewing the effectiveness of the IT User Policy. Specific security tasks may be delegated to certain staff.

Security incidents will be reported to the Networked Manager who will undertake an initial investigation, log the incident and report to the VP(R&AS) who will then gauge the scale of the incident and decide on further action, briefing the SMT where appropriate.

Monitoring and Evaluation

Policy will be reviewed in light of every reported incident. Each year the log of security incidents will be investigated to determine the effectiveness of the IT User Policy. This review will take place between the VP(R&AS), Network Manager and e-learning Manager. Subsequent recommendations will be taken to the College Senior Management Team and changes to the IT User Policy will be directed to the appropriate College committee structures.

Sanctions

All users are hereby advised that violation of one or more of the above conditions of use and/or violations of the related policies shall be treated as a breach of this policy and may lead to disciplinary sanctions.

Where abuse of the College’s ICT or Voice mail systems is identified, such facilities will be withdrawn from the user concerned.

Relevant Legislation

Use of the ICT facilities is subject to the provisions of (amongst others)

The Health & Safety At Work Act 1974

The Computer Misuse Act 1990

The Data Protection Act 1998

The Counter-Terrorism and Security Act 2015

These are examples of relevant legislation and not an exhaustive list of all the legislation that the College is bound by now or in the future.

More Information and Other Relevant Documents

Further information and guidance can be obtained from the following

The Vice Principal

The Network Manager

Academic Director – Student Support