IT CODE OF CONDUCT
Introduction
This Code of Conduct describes acceptable computer use at the University. The items in the code are not recommendations or guidelines but are University policy. This replaces all previous Codes of Conduct.
Breach of this I.T. Code of Conduct will lead to investigation and may lead to disciplinary action against the offender via existing disciplinary procedures. The University reserves the right, to report to the Police, any action/activity considered to be unlawful. Criminal proceedings may follow as a result.
Terms and Scope of the Document
1.1 Computer hardware or equipment, refers to that owned by the University irrespective as to its site. This includes microcomputers, networks, personal computers, laptops, workstations, minicomputers and multi-user systems, collectively called computer systems.
- This document applies to anyone who uses any of the University's computer systems or networks in any capacity.
- The I.T. Director is the Designated Authority within the University for all matters relating to the use of computer systems.
Complaints, Amendments and Exceptions
2.1 If you find libellous material on any of the University's computers systems, please report this immediately to the Company Secretary (x1098) as well as to the Designated Authority.
2.2 If you believe that any of the guidance in this document has been broken please contact the Designated Authority, who will ensure that your concern is investigated.
2.3 If you have any suggestions for additions or amendments to this code then please contact the Designated Authority.
2.4 On occasions - as a user - you may need to access contentious materials or perform activities which may break these regulations. In such exceptional circumstances you must apply in writing to the Designated Authority (via your Course Leader, Head of Department or Dean) for permission BEFORE the activity takes place.
General Practice and Usage
3.1 The University's computer systems are to be used for teaching, study, research and administration purposes only. They must not be used for playing "computer games" or similar.
3.2 Any other use is subject to the permission of your manager or Dean.
3.3 In order to use the computing facilities, you must be authorised and/or registered; Computing Services is responsible for issuing usernames and passwords to authorised users.
3.4 Commercial or distribution activities are prohibited unless formally sanctioned by the University's Directorate.
3.5 Activities likely to damage the good name of the University are prohibited.
3.6 You must follow the Joint Academic Network (JANET) Acceptable Use Policy, http://www.ja.net/documents/use.html
3.7 You must respect the rights of others and conduct yourself in a quiet and orderly manner when using the computer systems. You must respect the published times for access to the facilities.
3.8 You may be required to show Computing Services personnel or Library and Learning Resources staff your ID card (as proof of identity). Please keep your ID card with you and be prepared to show it when asked. For example if you require any changes to be made to your network account you will have to produce your ID card.
Monitoring and Interception
4.1 The Designated Authority may order the monitoring or interception of system logs, web pages, E-mail messages, network account or any other data on any computer system owned by the University for the following reasons; to prevent or detect crime, to ascertain compliance with regulatory standards, to monitor communications in order to establish whether they are business related, to investigate or detect unauthorised use of telecommunication systems, or to secure effective system operation. All such monitoring or interception will be performed in compliance with the Data Protection Act, the Regulation of Investigatory Powers Act (RIPA), The Lawful Business Regulations (under RIPA) and the Human Rights Act.
4.2 Computing Services reserves the right to inspect and validate any items of University owned computer equipment connected to the network.
4.3 Any other computer equipment connected to the University's network can be removed if it is deemed to be interfering with the operation of the network.
4.4 For security/legal purposes Computing Services may record and keep audit data generated when users access computer and other systems at the University.
4.5 The University is legally obliged to report to the police the discovery of certain types of electronic data, if that data is found on University of Derby's equipment, or transmitted across its networks.
Prohibitions
5.1 Internet/Network
5.1.1 You must not try to gain unauthorised access to any computer system anywhere using the University's computer systems; this is commonly called hacking. It is a criminal offence (Computer Misuse Act 1990) to gain unauthorised access to a computer system to make any unauthorised modification of computer material (including the introduction of a computer virus) or to interfere with any computing system provided in the interests of health and safety.
5.1.2 You must not allow unauthorised access to occur by your negligence.
5.1.3 You must not disseminate any information which enables others to gain unauthorised access to computer material (this includes instructions for gaining such access, computer codes or other devices which facilitate unauthorised access).
5.1.4 You must not disseminate any information which may lead to any unauthorised modification of computer materials (such modification would include activities such as the circulation of "infected" software or the unauthorised use of a password).
5.1.5 You must not disseminate any material which may incite or encourage others to carry out unauthorised access to or modification of computer materials.
5.1.6 You must not use the facilities in a way that restricts the services available to others e.g. deliberate or reckless overloading of access links or switching equipment.
5.1.7 When you use the University's computer system to gain access to remote sites it is your personal responsibility to ensure that only approved links are used. It is also your responsibility to ensure that your activities conform to the local regulations of the site.
5.1.8 You must not change the function or role of any system/network component within the University's network without the permission of the Designated Authority.
5.1.9 You must not set-up any network services (e.g. web servers, E-mail servers etc.) unless formally sanctioned by the Designated Authority.
5.1.10 You must not delete or amend the data or data structures of others without their permission.
5.1.11 You must not introduce any harmful or nuisance programs, files or macros (e.g. viruses, worms, Trojan horses) onto any computer system. You must not take any deliberate action to circumvent any precautions taken or prescribed to prevent this or cause any form of damage to any of the University's computer systems.
5.1.12 You must not register any domain name, which includes the name of the University, or any name which may mislead the public into believing that the domain name refers to the University.
5.1.13 The University is committed to the prevention of access to and publication through any of its computing services of any material that it may consider pornographic, violent or unlawful. Accordingly you must not generate, change, use, store, print or transmit information, programs or any other data that can reasonably be judged to be inappropriate or offensive to others. This includes material which is designed to or is likely to cause annoyance, inconvenience or needless anxiety, particularly if of a threatening nature or which is intended to harass, frighten, promote or encourage racism or any other discriminatory or offensive material.
5.1.14 You must not place links to sites which facilitate illegal or improper use, where copyright protected works, such as computer software, are unlawfully distributed or which display pornographic materials.
5.1.15 You must not place links to bulletin boards which are likely to publish defamatory materials or contain discriminatory statements.
5.1.16 Students (or other guests) living in the University Halls of Residence must make all reasonable efforts to protect themselves from viruses and "hacking" when connecting to the Universities network. The University will not be held responsible for any damage that occurs through virus infection or "hacking" in the halls.
5.2 Security
5.2.1 You must not let other people use your username. You must not reveal your password(s) or username to anybody. Passwords must adhere to accepted good password practice; advice about what constitutes a good password may be obtained from Computing Services' Help Desks or from http://www.derby.ac.uk/computing-services/password.html
5.2.2 You must not violate the privacy of others on the computer systems.
5.2.3 For your own security you must not leave your workstation "logged in" when unattended. Where practical, action will be taken against people who leave their station "logged in" and unattended.
5.3 E-mail
5.3.1 You must not send unwanted E-mail.
5.3.2 You must not post or send binary files to E-mail groups or other areas such as USENET groups.
5.3.3 You must not create or transmit
chain letters, hoax virus warnings, pyramid letters or similar schemes
using E-mail.
5.4 General
5.4.1 You must only use equipment (and mains leads) at the University that have been Portable Appliance Tested (PAT) by University approved staff. The equipment must also have an up-to-date green PAT-testing label attached to it.
5.4.2 You must not modify or delete files on the hard disks of the lab computers.
5.4.3 You must not interfere with the use by others of the computer systems. You must not remove or interfere with output belonging to others.
5.4.4 You must abide by the local rules for individual rooms or school-based computing facilities. Eating, drinking and smoking within computing laboratories is prohibited.
5.5. Web Pages
5.5.1 All official University web pages must conform to any stylistic or publishing guidelines produced by CEDM or Marketing.
5.5.2 Any "unofficial" web pages hosted on University web servers must not be linked directly to the University home page or linked directly to the school/department homepages. These pages must not include the University logo. Pages such as this should include a disclaimer stating, "The views and opinions expressed are those of the individual concerned and not necessarily those of the University".
Legal
6.1 The Data Protection Act 1998 regulates the storage of personal information (i.e. any information that can be identified as relating to a particular person or persons) on computer systems. Before storing any such information on the University computer system, you must notify the Designated Authority in writing. It is your responsibility to ensure that any such information complies with the law. For more details see http://www.dataprotection.gov.uk/
6.2 Libel is a civil wrong which, in proven cases, may incur substantial compensation. It is very complicated and therefore one of the easiest laws to contravene through ignorance. Facts concerning individuals or organisations must be accurate and verifiable and views or opinions must not portray their subjects in any way that could damage their reputation. Check with the Company Secretary (x1098) before publicly displaying contentious material. IF IN DOUBT, DO NOT PUBLISH! Remember Web pages and E-mail messages may be regarded as publishing.
Copyright
7.1 The copyright laws of the UK and other countries must not be infringed. Downloading material from the Internet carries the risk of infringing copyright. This applies to files, documents and software, which must be licensed. Material illegally copied in this country or elsewhere and then transmitted to another country via the Internet, will also infringe the copyright laws of the country receiving it. Copyright, Design and Patents Act 1988 is applicable to all types of creations, including text, graphics and sounds by an author or an artist. This will include any that are accessible through the University's computer systems. Any unloading or downloading of information through on-line technologies which is not authorised by the copyright owner will be deemed to be an infringement of her/his rights. You must not make, transmit or store an electronic copy of copyright material on the University's computing systems without the permission of the owner.
Software
8.1 Presenting a licence agreement to the Designated Authority will not be enough evidence to prove that you are entitled to install, copy or disseminate the software on any of the University's computer systems.
8.2 You must always comply with all valid regulations covering the use of software, whether those regulations are made by law, by the producer of the software, by the supplier of the software (e.g. CHEST) by the University or by any other legitimate authority. If you have any doubts contact the Designated Authority before using the software.
8.3 The University has the right to remove any unauthorised software from any of its computer systems.
8.4 The making, use and possession of any copy of computer software without the licence of the owner of the program is illegal, and may leave both you and the University open to legal proceedings. It is therefore of the utmost importance that you comply with all software licensing regulations and laws.
8.5 You must not install ANY third party software that is not licensed to the University on any of the University's computer systems under any circumstances.
8.6 Unlicensed copies of computer software must not be brought onto University premises, uploaded to or downloaded from University machinery, or passed across University networks.
8.7 If you are in any doubt as to whether computer software in your possession is held under a valid licence, it should not be used until you have verified that it is legal copy. In addition to a valid licence, evidence that the software was purchased through the University's finance system will also be required.
8.8 Computer software may not be copied for the purpose of student study, research or criticism without the written permission of the copyright owner.
8.9 You must not distribute, sell, hire or otherwise deal with any unauthorised copies of computer software.
8.10 Any of the University's schools or
departments' senior managers may order regular unscheduled audits of
selected computers systems within their school or department to ensure the
legality of software installed or in use.
Liability, Warranty and Related Matters
9.1 The University will not be liable for any loss, damage or inconvenience arising directly or indirectly from the use of any facility provided. The University takes reasonable care to prevent corruption of information and strives to maintain effective security on all of its computer systems. However it cannot and does not give warranties about the integrity of information or about the security or confidentiality of data (including electronic mail) or other materials submitted or processed by the University or otherwise deposited or left in reception or other areas. It may be necessary on occasions for selected University staff to gain access to password protection information stored on the computer systems.
9.2 Neither the University nor any University employees or bodies will be held responsible for the correctness or otherwise of results produced by using its computer facilities.
9.3 While every reasonable endeavour is made to ensure that the computer systems are available as scheduled and function correctly, no liability whatsoever can be accepted by the Designated Authority for any loss or delay because of any equipment malfunction.
9.4 If as a result of misuse of the computer systems an individual causes the University to be involved in legal action, the University reserves its right to take consequential action against the said individual.
E-mail Guidelines
These guidelines should be read in conjunction with the above.
10.1 Recommendations/Good Practice
10.1.1 E-mail messages should not ordinarily be composed in capital letters, as this can be interpreted as 'shouting'.
10.1.2 Try and be familiar with general housekeeping 'good practice' and delete E-mail messages regularly.
10.1.3 E-mail messages, either internally or externally, are not guaranteed to be private and, therefore, sending a message by E-mail should have the same amount of consideration and care as writing a letter. Please use 'disclaimers' where appropriate. Do not use E-mail in circumstances where permanent records need to be kept. Advice given by E-mail has the same legal consequences as any other written advice.
10.1.4 Consider placing the text non-urgent in the subject box when the message is low priority.
10.1.5 If you put your signature at the
end of your E-mail, ensure that it contains correct contact details and do
not make it longer than six lines.
10.1.6 Use Groupwise rules to
efficiently organise your incoming E-mail.
10.1.7 Try and keep E-mails as short as possible.
10.1.8 E-mails should not be used to completely replace other forms of communication.
10.1.9 If you wish to report excessive junk e-mail or if you believe an e-mail to be advertising an illegal service/material then please forward examples with a covering note to abuse@derby.ac.uk
10.2 Prohibitions
10.2.1 You must not send unwanted E-mail to other users. Users must not post or send binaries to E-mail groups or other areas such as local USENET groups.
10.2.2 You must not create or transmit chain letters, pyramid letters or similar schemes using E-mail.
10.2.3 You must not violate the privacy of other users on the computer systems.
10.2.4 You must not use the facilities in a way that restricts the services available to other users e.g. deliberate or reckless overloading of access links or switching equipment.
10.2.5 You must not create or transmit material that infringes the copyright of another person or institution.
10.2.6 You must not attach inappropriate material such as pornography to outgoing E-mails. The internal recipient of any inappropriate material must bring the matter to the attention of the Designated Authority.
10.2.7 Messages must not include defamatory, libellous or sexually harassing statements or offensive comments based on gender, age, sexuality, race, disability or appearance.
10.2.8 You must not falsify or attempt to falsify E-mails to make them appear to have been originated from someone else or to provide false information where senders' details are required or sought.
10.3 General
10.3.1 You must take all reasonable care to ensure that data sent is 'virus free'.
10.3.2 Do NOT pass on virus warnings to anybody unless you are sure that that they are not a hoax. Please refer to our hoax virus web page for more information http://www.derby.ac.uk/it-services/hoax_virus_messages.htm.
10.3.3 No E-mail system is 100% reliable: do not rely on E-mail as the only means of communicating important messages.
10.3.4 Remember, E-mail can be used as court evidence and an agreement by E-mail can create a binding contract.
Disciplinary Action
11.1 Breach of this IT Code of Conduct will lead to investigation and may lead to disciplinary action against the offender via existing disciplinary procedures. The University reserves the right to report to the Police, any action/activity considered to be unlawful. Criminal proceedings may follow as a result.
v
2002.07