Acceptable Use Policy (AUP)

1. Aim

The University seeks to promote and facilitate the use of Information Technology and digital tools to enable effective operations and delivery of the University Strategy.  The aim of this policy is to ensure that º¬Ðß²ÝÊÓƵ’s online and digital services and facilities are used lawfully and in accordance with the University’s values.

2. Scope

This policy applies to anyone using any of the online, digital, computing, communication technology and networking facilities provided by the University, including new and developing technologies and uses.  It is applicable to both University owned and personally owned devices used to access and use University IT services whether on campus or elsewhere.  All users are expected to read and comply with this policy and any additional policies relevant to their activities.

Users of commercial broadband services provided, or facilitated by, the University must additionally abide by any specific policies associated with those services.

This acceptable use policy is taken to include the JISC Acceptable Use Policy and the JISC Security Policy, the combined Higher Education Software Team (CHEST) User Obligations, together with its associated Copyright Acknowledgement, and the CHEST Data Processing Agreement.

3. Acceptable Use

3.      Acceptable Use

a.      All devices regardless of ownership must be maintained with up-to-date anti-virus software, system patches and kept secure in accordance with the Mobile and Remote Working Policy.

b.      The use of IT services and facilities for personal activities is permitted, providing that it does not infringe UK law or University policies, interfere with others’ valid use, and is not used inappropriately during working hours.

c.      Communication technologies must only be used in accordance with the University’s Freedom of Expression policy and code of practice and in line with the University’s values.

d.      University email addresses, corporate systems and approved file storage facilities must be used for all official University business, to facilitate auditable communications and institutional record keeping.

e.      Staff and students must regularly read their university email.

f.        The use of IT facilities or services for commercial work, undertaken solely for personal gain and not through university channels, requires explicit permission from the Director of IT Services.

g.       When accessing University services from another legal jurisdiction and there is a conflict with local laws, the system should not be used in the jurisdiction concerned.

h.      In addition to adhering to the University’s policies, you must abide by the policies and terms and conditions of any other organisation whose services you access.

i.        Sharing of information must be undertaken in accordance with the University’s Information Sharing Policy paying due regard to personal privacy and commercial confidentiality.

j.        All users must take all reasonable precautions to safeguard their IT credentials.

k.       All staff accessing the University’s IT facilities must have completed the University’s mandatory information security training at the mandated frequency.

The University is committed to upholding the principles of academic freedom (Statute XXI) and its Policy and Code of Practice on Freedom of Expression seeks to ensure compliance with the law whilst maintaining the University’s values.
In the event that there is a genuine academic need to carry out an activity which might be interpreted as being in breach of the law (e.g. the deliberate viewing of sites or media directly linked to a proscribed terrorist organisation), the University must be made aware of those plans in advance and prior permission to access must be obtained from the Chief Operating Officer.

4. Unacceptable use

4.     Unacceptable use includes:

a.      Creating, downloading, storing, or transmitting unlawful material, or material that is indecent, offensive, obscene, threatening or which promotes discrimination or harassment.

b.      Accessing unlawful material, including sites which are specifically designed to promote terrorism or are directly linked to a proscribed terrorist organisation, except in the course of recognised research or teaching that is permitted under UK and international law.

c.      Activity that infringes intellectual property rights, copyright law, or terms of licence for software or other materials procured by the University, or privacy rights of a third party.

d.      Sending spam (unsolicited bulk email), forged addresses, or use University mailing lists other than for legitimate purposes related to University activities.

e.      Undertaking any activity which jeopardises the confidentiality, integrity, availability, performance or reliability of the University’s IT facilities, resources, or data assets; or attempting to disrupt or circumnavigate the University’s IT security measures.

f.        Deliberate or reckless activities having, with reasonable likelihood, any of the following characteristics: 

        • obtaining or using another person’s IT credentials, disguising your identity when using IT facilities, or sharing your own IT credentials with others.
        • Bringing the University into disrepute.
        • Disruptive, corrupt or destroy other users work, or violate the privacy of others.
        • Using the IT facilities in a way that interferes with others’ valid use of them.
        • Abusive or unacceptable behaviour towards University staff.
        • Deliberately or recklessly consume excessive IT resources such as processing power, bandwidth, storage, or consumables.
        • View, store or print pornographic images or video.
        • Introduce malware or viruses.
        • Use any method, tool, or system apart from the University’s virtual private network (VPN) for remote access to the facilities or services unless approved by the Director of IT Services.
        • Undertake any unauthorised penetration testing or vulnerability scanning or the monitoring or inception of network traffic unless approved by the Director of IT Services.

5. Monitoring

º¬Ðß²ÝÊÓƵ records and monitors the use of its IT facilities, under the Regulation of Investigatory Powers Act (2000) for the purposes of:

a.     The effective and efficient planning and operation of the IT facilities

b.     Investigation, detection and prevention of infringement of the law, this policy or other University policies

c.     Investigation of alleged misconduct by staff or students

º¬Ðß²ÝÊÓƵ will comply with lawful requests for information from government and law enforcement agencies.

Individual staff or student IT accounts are private to the individual concerned, other than in exceptional circumstances such as prolonged absence where critical information cannot be access in any other way or where there are serious allegations of misconduct. Access will only be given to relevant individuals with authorisation of the Director of IT Services, or nominee, who will use their discretion, normally in consultation with the Director of Human Resources or another senior officer of the University.

6. Failure to Comply with this Policy

All users of IT facilities and services are bound by º¬Ðß²ÝÊÓƵ’s Charter, Statutes, Ordinances and Regulations including student and staff disciplinary procedures.

If a user believes this policy has been infringed, they should report the matter to abuse@lboro.ac.uk, at the earliest opportunity.  The report of a potential infringement will be overseen by IT Services and given careful consideration.  Genuine accidental infringements will be treated with understanding, but any deliberate or reckless infringement of this policy is likely to result in disciplinary action being taken under the relevant University Ordinance (Ordinance XVII for students and doctoral researchers and Ordinance XXXVI for staff).

Acts and legislation

More detailed information around the acts and legislation: