IT Acceptable Use Policy

Information Technology (IT) at Central includes the use of any computers, storage, networking and other physical devices, infrastructure and processes to create, process, store, secure and exchange all forms of electronic data.

The IT Acceptable Use Policy is a formal statement of what is and what is not acceptable when using Central’s IT facilities and network. This policy aims to enforce responsible behaviour and good practice, thus assisting Central with maintaining a secure, safe and robust IT environment.

The Policy applies to all users of Central’s IT facilities whether members of staff, students, or people from outside Central who have been authorised to access and use its IT facilities.

• Approved by the Governing Body on 31 January 2022 
• Via Audit Committee 
• Next review: January 2025
• Owner: Director of Operations 

• Section A: Scope and Purpose
• Section B: Definitions
• Section C: Acceptable Use
• Section D: Unacceptable Use
• Section E: Visitors
• Section F: Breaches of the IT Acceptable Use Policy
• Section G: Reporting Computer Misuse
• Section H: Advice and Support
• Section I: Document Review and Communication

Section A: Scope and Purpose

1. This Policy is a formal statement of what is acceptable and unacceptable when using Central’s IT facilities and network. It aims to enforce responsible behaviour and good practice, thus assisting Central with maintaining a secure, safe and robust IT environment. The Policy detailed herein apply to all users of Central’s IT facilities whether members of staff, students, or people from outside Central who have been authorised to access and use its IT facilities.

2. All users should be aware of this Policy, contravention could lead to loss of access to IT facilities and disciplinary action. Users that are unsure about any aspect of this IT Acceptable Use Policy or use of Central’s IT facilities, should seek clarification by contacting the IT Services department.

3. Information Technology Services (ITS) will make all users aware of this IT Acceptable Use Policy and its availability when they are issued an IT account and during their IT induction.

4. This Policy will be implemented fairly and transparently at all times. This Policy should be read in conjunction with the School’s other policies including:

• Computing Systems Monitoring and Interception Policy
• Data Governance Policy
• Data Protection and Records Retention Policy
• Disciplinary Procedure
• Handbook of Academic Regulations and Guidance (including section dealing with Academic Misconduct)
• Intellectual Property Policy
• IT Handbook

5. This Policy applies to all IT facilities owned by Central as well as those owned by third parties for which access has been facilitated by Central. It also applies to personally owned equipment used to access any of Central’s IT facilities.

The Royal Central School of Speech and Drama, ‘Central’ hereafter, is the Institution to which this IT Acceptable Use Policy applies and takes into account all physical sites and all users that use Central’s IT facilities.

Section B: Definitions

The Royal Central School of Speech and Drama, ‘Central’ hereafter, is the Institution to which this IT Acceptable Use Policy applies and takes into account all physical sites and all users that use Central’s IT facilities.

IT facilities means all computing equipment such as servers, cloud services, PCs, laptops, tablets, smartphones desk phones, external hard drives (including USB memory sticks) and printers; software, data and information held on those systems; information systems used for administrative and other Central related purposes; network access via wired and wireless connections; VPN connections for access to Internal only resources; online services; video and audio conferencing services and the user credentials used to identify you and manage access to facilities.

Device means any equipment that can be connected to Central’s network including PCs, servers, as well as mobile devices such as laptops, phones and tablets.

Information Technology Services, ‘ITS’ hereafter, is Central’s centralised IT Services, providing technology services including, but not limited to the support and provision of desktop technology facilities as well as application, project and network and infrastructure support.

Users are defined as individuals that include, Students, Staff (Fixed Term and Permanent Staff), Contracted Staff (Visiting Lecturers and Short Term Contracted Staff) and Visiting Professionals and any member of the Central community that physically or wirelessly connect to Central’s network or IT Services.

Section C: Acceptable Use

IT Facilities

1. IT facilities are provided for the pursuit of legitimate Central activities:

• Teaching and learning
• Research
• Personal educational development
• Administration and management of Central business
• Any other lawful activity that furthers Central’s mission

2. Limited use of Central’s network and IT facilities for personal purposes other than work or study, e.g. access to the internet, is permitted. However, such use must not interfere with work or studies, must be legal and must be strictly in line with the requirements in this IT Acceptable Use Policy and IT Handbook.

Email

3. Central’s email system may be used by staff or students for email communications concerning Central matters.

4. Users must use Central’s recommended email client to view Central emails.

Hardware

5. Users may use Central’s IT facilities on a loan basis and are expected to relinquish any Central owned devices on contract termination, completion of studies or upon request.

6. Users that are allocated desktops, laptops and associated peripherals are expected to agree to Rules and Regulations which outline the conditions of the loan provision.

Software

7. Software installed on IT facilities or provided remotely can be used in line with licence conditions of the software.

Security

8. Access to IT facilities is granted on the condition of a strong password being set, which must be changed every 90 days to maintain security.

9. Central’s electronic file storage system can be used for any of the activities in Point 1. Users must store all work or study material in Central’s electronic file storage system, unless otherwise instructed, for example, if the file needs to be uploaded to Central’s Virtual Learning Environment.

Local Area Network and the Internet

10. Users can access Central’s IT facilities using their Central username and password.

11. Central encourages the use of the Internet for work purposes within the following guidelines:

• Complies with the Joint Information Systems Committee (JISC) / Joint Academic Network (JANET) Acceptable Use Policy.
• Does not contravene any applicable legislation.

Wireless network

12. Users can access Central’s wireless network with their Central username and password.

13. Visitors can access Central’s ‘Guest’ wireless network upon request to the IT Service Desk who will issue the Visitor with a temporary and time limited password.

14. Use of Central’s wireless network is reserved for legitimate Central activity and for reasonable personal use. Central reserves the right to prohibit the use of wireless network access where there is an excessive consumption of bandwidth causing a degradation of service.

Personal devices

15. Personal devices are permitted in Central on the condition that the personal device has an up-to-date Operating System, latest anti-virus definitions and is password protected.

Use of services provided by others

16. Use of services provided by others (online or outsourced services) is permitted. In this case users must abide by that provider’s acceptable use, code of conduct, policies or rules regarding the use of that service.

17. Users must ensure the security and confidentiality of electronic resources made available to them, so that Central may comply with its licences for access to electronic resources (including databases and electronic journals). In addition, users must ensure that any information derived from these resources is used only for the purpose defined in the licences.

18. Central will not be liable for any financial or material loss to a user accessing the Internet for personal use, including for personal transactions such as purchase of goods or banking transactions.

Section D: Unacceptable Use

1. The following are expressly forbidden when using Central’s network and IT facilities:

(i) Any illegal purposes. The police will be informed where there is evidence of illegal activity.

(ii) Accessing, viewing, creating, storing or transmitting (other than for properly supervised and lawful purposes [1]) offensive, obscene or indecent data or images [2], or data from which such material could be derived, or material that may be subject to counter terrorism legislation [3].

(iii) Central has a statutory duty, under the Counter Terrorism and Security Act 2015, termed Prevent. The purpose of this duty is to aid the process of preventing people being drawn into terrorism. You must not create, view, download, store or transmit unlawful material, or material that is indecent, offensive, defamatory, threatening, discriminatory or extremist. Central reserves the right to filter, block or monitor access to such material.

(iv) Excessive consumption of Internet bandwidth to the extent that there has been a noticeable degradation in Internet services across Central.

(v) Creation or transmission of material that is designed or likely to annoy, harass, bully, inconvenience or cause needless anxiety.

(vi) Creation or transmission of material with the intent to defraud.

(vii) Creation or transmission of defamatory, discriminatory or libellous material, or material whose effect is to bring Central into disrepute.

(viii) Transmission (including downloading, uploading, and streaming) of material that infringes the copyright of another person.

(ix) The unauthorised distribution to third parties of any information in which Central or partner organisations such as research funders have intellectual property rights.

(x) Unauthorised interception or hacking of communications over the network including e-mail and telephone messages.

(xi) Transmission of unsolicited commercial or advertising material within Central or externally, unless authorised to do so on Central’s behalf and where that material relates to a service to which the recipient has subscribed.

(xii) Unauthorised access or trying to gain unauthorised access to IT facilities or services both within and outside Central.

(xiii) Users must not disclose their Central password to others, whether in response to an email, by visiting a web page, in person, or over the telephone; nor should they allow others to use their IT account (including members of Central or external parties).

(xiv) Deliberate activities having or likely to have any of the following characteristics:

• Corrupting or destroying other users’ data.
• Violating the privacy of others and/or disrupting the work of others.
• Causing annoyance to others by inappropriate or inconsiderate use of computing facilities.
• Using applications or services for non-academic purposes that are likely to result in excessive network traffic causing disruption to others.
• Denying service to others.
• Continuing to use an item of software/hardware after ITS have requested that such use cease.
• Other misuse of Central IT facilities or resources, such as the introduction of malicious software, in such a way that it compromises the security of Central’s systems and the network.
• If Central’s network is being used to access another network, any deliberate or persistent breach of the acceptable use policy of that network.
• If an individual is absent from work for a long period or leaves Central without first passing on their digital assets, and access to their IT account is needed to progress Central business, then access to it by another authorised individual can be granted if written authorisation has been granted by a member of the Executive Management Group.

2. Users must not copy or distribute Central provided software to others unless authorised to do so.

3. Any form of Data Processing that does not comply with Central’s Data Governance Policy and/or guidance in the Data Protection and Records Retention Handbook.

4. Storage of software or digital content (music, video, ebook) that has been unlawfully obtained or which falls under the Prevent Duty.

5. Users must not damage IT facilities, all precautions to avoid damage must be taken to safeguard Central’s IT hardware and electronic assets.

6. Accessing Central’s network using a ‘rooted’ or ‘jailbroken’ (i.e. circumvent the security) device. Any attempt to bypass the security is potentially an offence under the Computer Misuse Act, 1990.

Section E: Visitors

1. Users that invite visitors’ onsite should raise a request for Guest Wi-Fi on the visiting party’s behalf via the IT Helpdesk at least two working days prior to the visitor coming onsite. This is so that ITS can create unique access for the visitor where they will be sent an email informing them of the Wi-Fi details and helps control who has access to Central’s wireless services.

2. Users that invite visitors’ onsite should make them aware of the IT Acceptable Use Policy and their responsibility to adhere to the guidelines outlined.

3. Visitors must not contravene this IT Acceptable Use Policy in any way.

4. A visitor’s device should not be connected to Central’s network without up-to-date anti-virus/anti-malware software being installed and operational.

5. Visitors must not try to run any software whose use is prohibited by Central, either on their own system connected to Central’s network, or on Central owned devices.

6. Visitors must not disclose to anyone else passwords that have been allocated to them for the purpose of authorised access to Central IT and computer systems.

7. Visitors must not take any action to circumvent any security control that is in place at Central.

Section F: Breaches of the IT Acceptable Use Policy

1. If there are reasonable grounds for suspecting that a user is engaging in activities that breach the IT Acceptable Use Policy, Central reserves the right to investigate fully in line with Central’s Disciplinary Procedures outlined in the Handbook of Academic Regulations and Guidance (Student) and Disciplinary Policy (Staff).

2. Central reserves the right to withdraw (temporarily or permanently) the authority of any user to use any system in such circumstances. Direct monitoring of individual use or withdrawal of services in such circumstances may be authorised only by a member of the Executive Management Group.

3. Central reserves the right to seek reimbursement of any costs arising from legal actions taken against Central caused by any failure of a user to comply with this IT Acceptable Use Policy, where this has been due to deliberate neglect, deliberate avoidance or criminal act and in line with the appropriate Disciplinary proceedings.

Section G: Reporting Computer Misuse

1. Computer misuse is any activity involving Central’s IT facilities that is illegal, contravenes this IT Acceptable Use Policy, or has any of the following characteristics:

• Compromises the security of the Central’s IT systems or its data.
• Breaches Central’s Data Governance Policy.
• Results in a formal complaint from a member of the public or another member of Central or is part of a police enquiry.

2. If a member of Central becomes aware of such activity, they have a responsibility to report this to the Director of Operations. If appropriate, they will begin investigative action and will inform and engage with Human Resources, Academic Registrar’s Office or appropriate Head of Department.

Section H: Advice and Support

1. ITS are responsible for ensuring regular monitoring and periodic updating of this IT Acceptable Use Policy on behalf of Central.

2. If you need any advice and/or clarification of this IT Acceptable Use Policy, please contact the IT Service Desk in the first instance.

Section I: Document Review and Communication

The IT Acceptable Use Policy will be reviewed every 3 years.

[1] Lawful purposes include approved teaching or research, or an investigation by authorised personnel into suspected abuse of Central facilities.

[2] Offensive or Obscene examples include, but not limited to: articles which are indecent, conveys a threat or is false and may cause distress or anxiety to individual(s), possession of pornographic images or portrayal of crimes, violence or incidents with the intention to corrupt individual(s) and where there is no academic reason for such material to be possessed.

[3] Where academic use is likely to include such material, authorisation should first be sought from the Head of Department and the relevant research or ethics committee and the Director of Operations. Consultation with external authorities may be required and is advisable under certain circumstances depending on the nature of the activity. In particular, all use of material subject to counter-terrorism legislation must be used only in line with the Counter-Terrorism and Security Act 2015 and the guidance applying to Higher Education institutions in England and Wales.