University Policy On The Use Of Computing Facilities And Resources

main content

Introduction

All computer users, staff and students, must adhere to the University Policy on the Use of Computing Facilities and Resources. This Policy was approved by the University Court on 25th November 1997.

The Policy should be read in conjunction with the following notes (which are not part of the Policy):

  • References to "(the Department of) Information Services" should be read as "Information Resources Directorate" throughout.
  • References to "Director of Information Services" should be read as "Directory of Information Resources Directorate" throughout.
  • In Section 1, paragraph 2, "Information Technology Services" replaces "the Divisions of Information Systems and Networking and Computing Services" in the original document.
  • In Section 1, paragraph 2, "the Centre for Educational Systems and AV Media Services" have been merged to become "Learning Services".
  • In Sections 3.4 and 5.5, "Information Services Help Desk" should be read as "IT Services Helpdesk".
  • In Section 6, the list of legislation should not be viewed as exhaustive.
  • In Section 6, references to "EC Law" should be read as "EU Law" throughout. In Section 6.1, the telephone extension for the Data Protection Officer should be read as "ext 2477"
  • In Section 6.1, the Data Protection Act 1984 has been superceded by the Data Protection Act 1998.

Additions to Section 6:

For Section 6, some legislation mentioned (other than those corrected or additionally noted above) are available online:

Contents

Scope

This policy covers the use of all computing facilities and resources administered by the University of Strathclyde, including use by staff and students of the University and by any other person authorised to use these facilities; and use at the University's property and/or through any networked links to the University's computing facilities. Anyone using any kind of computer hardware or software, for any purpose, at the University, even if it is their own equipment and even if it is only connected to the institution through a network, is required to abide by the terms of this policy.

In this policy computing facilities and resources includes central services such as those provided by Information Services through Information Technology Services, and through the Centre for Educational Systems and AV Media Services; the University Libraries; departmental computers; microcomputers and peripherals; personal computers, whether desktop or portable, when linked to facilities provided by the University; any associated software and data including data created by others, and the networking elements which link the facilities together.

Introduction

The University of Strathclyde provides a wide range of computing facilities and resources for use by staff and students in pursuit of teaching, learning, research and administration. Use of the facilities solely for the purposes of the University is encouraged as part of the University's strategy of ensuring that any use the University makes of information technologies will be for the improvement of our already high educational standards.

Use of computing facilities requires that individuals accept certain responsibilities as set out in this policy (see section 5 - Conditions for Use). The University recognises that new measures are required for managing information in electronic forms, much of which will represent the University as a first point of contact with the rest of the world.

The underlying philosophy of this policy is that the University's computing facilities should be used in a manner which is ethical, legal, appropriate to the University's aims, and not to the detriment of others. The policy sets out the conditions for use of the University's network for the publication of all material and demands that the same sensitivity is applied to information in electronic format as is normally applied to the written work.

Access to Facilities

  • Computing facilities are provided by the Department of Information Services and others for the University as a whole, and by Faculties and departments for their staff and students, solely for use by staff and students in connection with the aims and purposes of the University (see section 4 - Definitions). Computing facilities should not be used for personal or recreational purposes.
  • On special application being made, the University may authorise the use of its computing facilities for work outside the scope of normal University purposes, including consultancy and use by external users. Any charges for provision of such facilities will be determined by the Director of Information Services. Other use may be allowed, by agreement with the Director of Information Services, as a privilege not a right and if abused may be deemed to be a breach of this policy.
  • In order to use the computing facilities of the University of Strathclyde a person must first register with the Department of Information Services as an authorised user in the manner prescribed in this Policy. Registration grants authorisation to use some or all of the facilities of the University. Access to facilities is normally arranged by allocation of a unique user ID (sometimes called a login or user name) and will require the production of a University ID card or other form of identification. On most computer systems a password is required to gain access. Users should choose a password that is secure and not easily guessed, and should keep it secure at all times.
  • If a user suspects that the security of their computing facilities has been breached or compromised it should be reported to Information Services Help Desk or departmental computing staff as soon as possible.
  • Bona fide visitors to the University such as the staff of institutions connected to JANET (Joint Academic Network) and visiting scholars from overseas can request access to the University's computing facilities. Appropriate arrangements will be made by the Department of Information Services to register them as an authorised user in the normal way.

Definitions

In this policy the following definitions apply:

accessing: holding, storing, displaying, transmitting, or distributing information in electronic format, by whatever means, such that others may have access to it or use it; and such that the publisher or source of the information may be traced back to the University of Strathclyde.

authorised: a person who has been registered as a user by the Department of Information Services in accordance with the procedures set out in section 3 or a separate legal entity or bona fide visitor allowed connection under 3.5 and 3.6 above.

computing facilities: all local computing facilities, multi-user systems, server systems, work stations, personal computers, micro computers and networks and or other electronic information and communication systems whether provided by the University or otherwise an which are intended wholly or partly for use by employees of, researchers at or students of the University or wholly or partly for use for other University related or academic purposes; all remote facilities which are accessed through the computer, electronic information and communication facilities at or operated wholly or partly by the University; and anything else deemed computing equipment by the University.

information: words, pictures, data, graphics, visual images, video and sound clips and computer programs.

solely for University purposes: use by staff in connection with their normal University duties of employment and by students in connection with their approved University study or research.

unacceptable material: material which, in the opinion of the University, is offensive, abusive, defamatory, discriminatory, obscene or otherwise illegal which brings or may bring the University into disrepute. The provision by a University user of explicit or cryptic links to such material stored elsewhere on the Internet is also unacceptable unless agreed with the Director of Information Services.

personal information: any information which is not sanctioned by the University in accordance with section 7 of this policy.

Conditions for Use - Rights and Responsibilities

  • All users will be required to sign an agreement to become a registered user of the University's computing facilities and resources and by so doing have understood and agreed to abide by the terms of this policy and other appropriate University regulations. Users must also comply with the provisions of any current UK or Scots law (see section 6 - Legal Framework) and will be held responsible for any and all activity on computing facilities which is initiated by their user ID. It is every users responsibility to act in a manner which will not cause damage to computing facilities or adversely affect the performance of any service available on these facilities. Users should not allow any other person access to their user ID or password; use another person's user ID or password; or modify or interfere with information belonging to another user without their permission.
  • The University of Strathclyde will not permit the use of its computer facilities and resources for the access to or transmission of information which is considered by the University to be unacceptable; illegal; in breach of University policies, such as those on Equal Opportunities and Harassment; wasteful of resources; or not commensurate with the provision of facilities for legitimate educational purposes.
  • Examples of such unacceptable use may include: accessing or displaying pornographic material; stating defamatory opinions or views concerning individuals or organisations; accessing or displaying discriminatory material or material which encourages discrimination; engaging in games or chain E-mail; publishing information which is intended to misinform and thereby cause anxiety or inconvenience in another; unauthorised use of University logos, titles etc.; spamming; corrupting or destroying other user's data; violating the privacy of other users; disrupting the work of others; using JANET in a way that denies service to others; misuse of networked resources such as the introduction of viruses.
  • The University may actively monitor usage of University computer facilities and resources which includes monitoring the access to, publication or receipt of any Internet materials by any user, and reserves the right to remove or require the immediate removal from the University systems of any material which, in the opinion of the Vice Principal or a depute to whom authority has been delegated is unacceptable (see section 4 - Definitions). It is University policy to provide information obtained by monitoring, when required to do so, to the UKERNA CERT team or other relevant agency.No user will by any wilful or deliberate act jeopardise the integrity of the computing equipment, communications network, systems programs or other stored information.
  • No user will connect to the University network any piece of equipment which by its function could adversely affect the performance of the network without the prior agreement of the Director of Information Services. Any user connecting their own equipment to the University network agrees that by doing so the Director of Information Services has the right to audit the equipment and data stored on it at any time.
  • Users may only use JANET for the purposes which meet the conditions agreed by the Secretary of State for Education for the operation of the network, and as set out in the UKERNA document JANET Acceptable Use Policy. Users must also comply with the provisions of the Code of Conduct for the Use of Software and Datasets at Higher Education and Research Council Establishments. This Code does not constitute a licence and, in all cases, users of software should acquaint themselves with the provisions of the relevant licence when they obtain a copy and before putting the same into use. Further information about JANET and the Code of Conduct are available from the Information Services Help Desk in the first instance.
  • At the request of the Director of Information Services, any user holding or transmitting encrypted data must provide corresponding decrypting tools to the Director of Information Services for investigation purposes. Any dispute arising over material of a commercial or militarily sensitive nature will be referred to the Vice Principal for decision.

Legal Framework

Users should be aware of UK legislation which relates to computer use. Much of the electronic information in use by staff and students is likely to also be available world wide and care should be taken that the laws of other countries are not infringed by this availability. Brief details of the relevant legislation is outlined below but those seeking further information should contact the Director of Information Services in the first instance. Users should note carefully that much of the legislation prescribes criminal penalties including fines and custodial sentences where an offence is committed.

Data Protection 1984

The Act prohibits the holding, processing or disclosure of personal data about others on computer, unless the user is properly registered under the terms of the Act and observes the principles of data protection. Use of such information is subject to the University's Data Protection Registration and information about this can be obtained from the University's Data Protection Officer on ext. tba. All users are responsible for ensuring that they comply with the terms of the Act.

Telecommunications Act 1984

The Internet makes use of the "public telecommunication system" as defined by the Act. Under the Act it is a criminal offence to send a message or other matter that is grossly offensive, indecent, obscene or menacing in character via the public telecommunication system or to send a false message for the purpose of causing annoyance, inconvenience or needless anxiety to another, and those found guilty could face a substantial fine or a term of imprisonment.

Copyright, Designs and Patent 1988

The Act requires that the permission of the owner of the intellectual property must be sought before any use is made of it. It is therefore unlawful to use or copy any material without proper authorisation and this includes computer software. Penalties include unlimited fines and up to 2 years imprisonment. It should be noted that the University titles and logos are the property of this University and may only be used for official University documents.

Computer Misuse Act 1990

The Act makes it a criminal offence to access, attempt to access or encourage others to access computer material without proper authority or to make unauthorised modification of computer material. This would include "hacking", the introduction of viruses and knowingly receiving or using material from an unauthorised user who has gained access to computer material. Penalties for conviction include up to 5 years imprisonment and/or a fine.

Obscene Publications Act 1959

The publication, which includes transmission over a network, whether for gain or not, of material intended to be read, heard or looked at which is such as to tend to deprave and corrupt persons having access to it is a criminal offence under this Act. Penalties include up to 3 years in prison.

Criminal Justice and Public Order Act 1994

This legislation consolidates the protection of minors by making it a criminal offence to possess pornographic or obscene material of or involving minors, or material considered to be excessively violent.

In the context of computer facilities it applies to the transmission, receipt and storage of text, audio, graphic and manipulated images.

(Note: The Acts referred to in 6.5.and 6.6 above apply in England and Wales but not in Scotland where prosecutions for similar offences are mounted on the basis of common law as opposed to Statute).

The Sex Discrimination Act 1975

The Act makes it unlawful to discriminate against others on the grounds of sex, gender and marital status and any information published or received via the Internet which discriminates or encourages discrimination is illegal.

Race Relations Act 1976

The Act makes it unlawful to discriminate against others on the grounds of race, colour, nationality, ethnic or national origin and any information published or received via the Internet which discriminates or encourages discrimination is illegal.

Laws of Defamation

Any publication of a statement, comment or innuendo about another individual or organisation which cannot be justified at law may render the author liable to an action for defamation.

International and EC Law

Users should be aware that material they produce and transmit may be available world wide, and care should be taken to ensure that no international laws or treaties are contravened. Specific examples include importing specified materials from a country for which an embargo is in force, and exporting material legally obtained in the UK but which when accessed in another country may constitute an offence in that country. It also includes accessing material which though legally available in another country is illegal in the UK.

EC law is constantly changing particularly in the area of sex discrimination, harassment and unequal treatment. Increasingly EC Directives and regulations are being interpreted to afford protection to people who are discriminated against or harassed because of their sexuality. The information about the Sex Discrimination Act (see 6.6 above) should be read with this in mind.

Official Secrets Act

Some work carried out under contract from the government or its agencies may be subject to the provisions of this legislation. Any publication of material which contravenes obligations under this legislation is a criminal offence and punishable by imprisonment and/or a fine.

Publishing Information in Electronic Format

  • The Department of Information Services gives permission to staff and students to publish information on the University of Strathclyde World Wide Web information server under Regulation 6.11.13 (see University calendar). This Regulation allows the University to impose more stringent conditions than those usually applying to the use of computing facilities and the University has chosen to do so in the form of this policy.
  • Heads of Department have the responsibility for ensuring that any information published electronically on behalf of their Department adheres to this policy. Any person who provides information for the Department must have the authority to do so from the Head of Department.
  • Staff or students may apply to the Department of Information Services to publish information on behalf of a University club, society or association but such an application must first have the approval of the Head of Department or Dean as appropriate, and the approval of the club, society or association.
  • Those who publish general University information, such as maps, events, descriptive or historical information about the University must obtain permission from External Affairs and Development. Guidelines to publishing in electronic format are available from that department and via the home page on the University's web site. They make clear that University logos and titles are only to be used in conjunction with information on official institutional webpages approved by the University for publication.
  • Individuals are responsible for all information published through their personal computer account such as via a WWW personal home page or Email contributions to discussion lists or bulletin boards. All the requirements outlined in this policy apply equally to publications on the World Wide Web (see particularly sections 5 and 6).
  • Information published by individuals must be declared as such and must not appear to be published on behalf of the University. To that end there must be a clear separation between University information and personal information and the latter should contain the following disclaimer: "The views and opinions expressed herein are strictly those of the author. The contents have not been reviewed or approved by the University of Strathclyde. They do not represent or reflect the views of the University of Strathclyde or anyone else associated with the institution and the University retains no liability for the content or layout". Anyone who registers in an external index an address for an electronic information system, such as a departmental server or personal home page, must ensure that it does not appear that their address is the principal access point for all University of Strathclyde systems. The home page of any externally registered WWW server, run on University of Strathclyde systems MUST contain a pointer to the University of Strathclyde home page. Information on or links to or from the University's official webpages must be authorised by External Affairs and Development.
  • Nothing must be published which might in any way bring discredit or harm to the University or its members or bring the University into disrepute. Personal opinions must not be published in any way which might make them seem to be those of the University.
  • Appropriate care must be taken in the presentation, content and management of information being published electronically. This includes: care in writing, proofing and layout following appropriate University presentational guidelines e.g. display of University crest/logo etc. attribution of the source of the information - include author, contact name and address removal of out-of-date information restricting access to sensitive information editorial changes to documents in electronic format should only be made with the permission of the 'owner' of the document
  • The University's computing facilities must not be used for the placing or distribution of commercial advertisements without the express written permission of the Vice Principal. Any non-commercial advertisements which do appear must comply with the Code of Practice for Advertisers, issued by the Advertising Standards Authority, which requires that all advertisements should be "legal, decent, truthful and honest".

Misuse - Penalties and Sanctions

  • Breaches of this policy by staff or students will be dealt with under the appropriate disciplinary procedures. Where this involves students it will normally be dealt with under the University regulations for Student Discipline (see Regulation 5 in the University Calendar). The University will accept no responsibility for the effect disciplinary action might have on a student's academic progress and achievement. Where members of staff are involved breaches will be dealt with under the appropriate disciplinary procedures. Where an offence may have occurred under criminal law it will be reported to the police or other appropriate authority.
  • Where appropriate, staff or students at the University of Strathclyde or other authorised users may have their use of the University's computing facilities immediately suspended pending an investigation by an authorised person in the University.
  • In the event of loss being incurred by the University or members of the University as a result of a breach of these regulations by a user, that user may be held responsible for reimbursement of that loss.

Monitoring and Review

The effectiveness of this Policy will be monitored by the Department of Information Services and will be formally reviewed by the University Court within twelve months of its adoption.