- Computing Services

About BUCS
HomeComputing Services: About BUCSComputing Services: Policies and Guidelines → Acceptable Use Policy

IT ACCEPTABLE USE POLICY

This policy has been approved by the Executive Committee and any amendments to it require the Committee's approval.

Introduction

As a user of IT services of the University you have a right to use its computing services; that right places responsibilities on you as a user which are outlined below. If you misuse University computing facilities in a way that constitutes a breach or disregard of the following policy, consequences associate with that breach and you may be in breach of other University Regulations.

Ignorance of this policy (or those that it directs you to), and the responsibilities it places on you, is not an excuse in any situation where it is assessed that you have breached the policy and its requirements.

A specific policy governing the use of telephones, email and the internet by staff is available on the HR website and should be read in conjunction with this IT Acceptable Use Policy.

For the purposes of this policy the term “computing services” refers to any IT resource made available to you, any of the network borne services, applications or software products that you are provided access to and the network/data transport infrastructure that you use to access any of the services (including access to the Internet). Students and staff who connect their own IT to the University’s network and the services available are particularly reminded that such use requires compliance to this policy.

User Authorisation

The User Accounts policy provides details regarding eligibility for a Computing Services User Account.

Access to all systems and services is controlled by a central computing account and password. Students are allocated their User ID and initial password automatically as part of their registration with the University.

New staff paid through payroll are similarly automatically set up with a User ID and initial password. The procedures for any other category of personnel wishing to use the University’s computing facilities are described in the User Accounts policy.

General Conditions

Internet Access

The University campus network connects to the Internet via the SWERN Regional and JANET National networks. All hosts on the campus network have potential access to the Internet and must be registered with Computing Services so that they can be allocated correct network addresses and host names. Non registered hosts will be denied access to the Internet. Guidance and advice regarding this requirement is provided under the Host Connection and IP Address Allocation policies on the Computing Services web site.

Using External Web 2.0 Services

Web 2.0 services offer attractive and useful applications services (Blogs, wikis, office systems, social bookmarking and social networking) to mention but a few. Use of such services however must comply with this policy. Before using such services – or expecting others to do so – it would be sensible to appreciate the issues that pertain to them.

Pros

Cons

Always read and consider the terms and conditions for any service you register with and ensure that you understand the implications of the service conditions. Further details are available in the Computer Use Guidelines – the Route to Good IT Citizenship.

Remote Access

Remote access to the campus network is possible via the Internet, Virtual Private Network (VPN) or via direct dial to the University's dial-in Remote Access Server (RAS). Remote access from external networks or across the Internet must be made via secure methods only. Further information and guidance is available on the Computing Services web site (Remote Access Server and VPN).

Connections via VPN or RAS are considered direct connections to the campus network. As such, using the VPN service, dialing into the RAS, or generally accessing services remotely, subjects the user to the same conditions, requirements and responsibilities of this policy.

All connection attempts are logged.

Monitoring and Logging

Activities regarding network transactions may be monitored and logged and kept for an appropriate amount of time. Logs are taken for reasons of security, diagnostic and account/audit reasons. Logs are available only to authorised systems personnel and kept for no longer than necessary and in line with current data protection guidelines.

Such records and information are sometimes required - under law - by external agencies and authorities. Computing Services will comply with such requests when formally submitted.

ResNet Use

ResNet stands for the Residential Network service. This service, run by Computing Services, provides ethernet connections to University accommodation blocks, both on and off-Campus. The connections provide access to facilities and services on the Campus network, plus restricted access to services on the Internet at large.

All rooms of student accommodation provide access to the ResNet service. ResNet provides access to the following services:

Computing Services reserves the right to permit or block services not specifically listed above for the purposes of security, bandwidth and traffic management, legal reasons or to protect the University and its reputation.

Personal equipment connected to ResNet must comply with certain standards (10baseT or 100baseTX) and the only protocol family supported by Computing Services is TCP/IP.

Users of ResNet must not run:

Neither are they permitted to:

Any personal computer connected to the ResNet service must have up to date anti virus software installed at all times. Sophos anti virus software is available to all staff and students whilst members of the University.

Given this provision, there is no excuse for a personal computer connected to ResNet to be out of date for any Sophos version or update.

Virus risk management is an important priority and any personal computer not adequately protected under this provision will have its access to ResNet disabled - until it is quarantined, inoculated and made safe.

Breaches of This Policy

Incidents which are determined to be in contravention of this policy will be assessed for their severity. Investigating such incidents may require the collection and evaluation of user related activity and evidence.

It is not possible to provide an exhaustive list of potential ways in which a user may contravene this policy but in general such breaches will be categorised into one of three levels of severity and each level of breach will carry with it a possible range of sanctions, consequences and/or penalties.

The Computer Use Guidelines – the Route to Good IT Citizenship provide useful advice and considerations that should guide and inform your use of University of Bath computing resources. This guidance should keep you safe and ensure that you do not breach this Acceptable Use Policy.

Minor Breach

This level of breach will attract a verbal warning which will be held recorded for 12 months. In general this category will relate to behaviour or misuse of computer facilities that can be characterised as disruptive or a nuisance. Examples of this level of non compliance would include:

Not all first offences will automatically be categorised at this level since some may be of a significance or impact that elevates them to one of the higher levels of severity.

Moderate Breach

This level of breach will attract more substantial sanctions and/or penalties. These include:

Examples of this level of non-compliance would include:

Severe Breach

This level of breach will attract more stringent sanctions, penalties and consequences than those above, and access to computing facilities and services may be withdrawn (account suspension) until the disciplinary process and its outcomes have been concluded. Possible sanctions include:

Examples of this level of breach would include:

Process

An investigation will be carried out, in confidence, by Computing Services staff under the direction of the Director of Computing Services. For staff, that investigative report will be passed to the member of staff’s Head of Department, to be considered within the University’s disciplinary procedures. For students, if a verbal warning is appropriate, this will be given by the Director of Computing Services. If the breach is more serious, the report will be passed to the Head of Student Services to be considered under the preliminary student disciplinary procedures. Each set of disciplinary procedures provide for an appeal stage.

Recommended Reading

This policy strongly encourages all users to familiarise themselves with the requirements, conditions and responsibilities of other related internal and external policy and legislative material that will inform their use of the University’s IT services. These related sources are:

Several related laws and their relevance in a university context are succinctly described in the Web Publishing Legal Requirements. There is also considerable University guidance regarding Data Protection and Freedom of Information.