- IT Acceptable Use Policy
Our Information Technology (IT) resources, systems and services are essential to the day-to-day operation of the Royal Agricultural University (RAU). This policy underpins our overarching Information Security Policy and is designed to make clear the responsibilities that all our students, staff and authorised third parties must be aware of, and act in accordance with, when using any of the IT facilities, or accessing the information, provided by the RAU.
Accordingly, for clarity we use the following definitions in this policy:
• by ‘personal’ we mean any activities that relate to your role as a student, staff member or authorised third party
• by ‘private’ we mean any activities that do not relate to your role as a student, staff member or authorised third party
If you have any questions about anything in this policy, please don’t hesitate to contact our IT Service Desk, by email, by phone (extn: 2400, or 01285 889 841) or in person (08.30 – 17:30 Monday – Friday in the Library Foyer).
The scope of this policy
This policy applies to all our students and staff and to any authorised third party who makes use of our IT facilities, or accesses our information.
It also applies to you if you are using your RAU network credentials to access IT facilities located elsewhere.
Your responsibilities under this policy
It is your personal responsibility to ensure that your behaviour and activities when using our IT facilities, or accessing our information, are in accordance with the requirements of this policy.
The consequences of violating this policy
If you are a student or member of staff, then failure to comply with this policy may lead to the instigation of disciplinary procedures and, in certain circumstances, legal action may be taken. This could also have a bearing on your studies or employment with us and with other organisations in the future.
If you are a contractor, then failure to comply may lead to the immediate cancellation of a contract.
Where appropriate, breaches of the law will be reported to the relevant authorities.
Your personal RAU network account, email account and Z: Drive / OneDrive
Your RAU network account
As a student, staff member or third party who is authorised to use our IT facilities and access our information, you are assigned a RAU network account for your individual use under the following conditions:
- You must never allow any other person to use your RAU network account
- You must never share your login details (username and password) with anyone – nobody, not even the Vice-Chancellor, has the authority to ask you for these details
- You must not use your RAU network password as the password for any other account
- You must change your password if there is any suspicion that someone else may know it
- You must change your password if instructed to do so by a member of ITS (IT Services)
- You must either log out from, or lock, any equipment you are using to access your RAU network account if you are going to leave it unattended
Your RAU email account
You are provided with an individual email address for your sole use, but please be aware your email address remains the property of the RAU and your use of it is subject to your conformance with our Information Security policies.
Whether you are a student or a staff member, you must use only your RAU-provided email account when conducting university business.
You should not use your RAU-provided email account for private correspondence.
Your Z: Drive and OneDrive
We provide all our students and staff with an individual storage area on our servers for your personal use, known as your ‘Z’ Drive, and which is regularly backed up as part of our overall backup procedures. You also have access to your personal OneDrive.
You must be aware of the restrictions governing the use of your Z Drive or OneDrive for the storage of ‘Restricted’ or ‘Confidential’ information, as defined in our Information Handling Policy.
You must not use your Z Drive or OneDrive for storage or sharing of large quantities of private documents, photographs, media and emails that are not related to your work or study.
Access to your email account and Z Drive
Although no-one else usually has access to your Z Drive or OneDrive and we do not routinely monitor your emails, there are certain circumstances when appropriately authorised staff may be given access to your email account and / or Z Drive or OneDrive.
These include, but are not limited to, prolonged absence from your studies or place of work, or when you have left the RAU, or when an Information Security breach has occurred or is suspected to have occurred, or when concerns arise about the level or nature of personal or private use of, and access to, our IT facilities and information.
Further information on our use of monitoring processes can be found in our Information Security Policy.
Your personal use of our IT Facilities
Our IT facilities are provided for your use in support of your course of study, research, employment or other approved activities that are associated with the aims and objectives of the RAU.
Accordingly, you must not do anything to jeopardise the integrity of our IT facilities by, for example:
- Damaging our IT equipment;
- Reconfiguring or moving any of our IT equipment without prior approval from ITS;
- Loading software on any of our IT equipment without prior approval from ITS;
- Reconfiguring or reconnecting any of our IT equipment to our network without prior approval from ITS;
- Setting up servers or services on our networks without prior approval from ITS;
- Deliberately or recklessly introducing malware;
- Attempting to disrupt or circumvent our Information Security policies, processes and procedures.
If you are connecting a personal device to our networks, you must only do so in an approved manner, and you must also ensure that:
- Your device is password-protected in order to safeguard any information held on it in the case of loss or theft
- You have up to date anti-virus software installed on the device
- You do not use it for the storing of ‘Restricted’ or ‘Confidential’ information, as defined in our Information Handling Policy.
If you are a staff member, you can find further guidance on the use of personal devices in our Remote Working and Mobile Device Policy.
Using our IT facilities for private activities
We permit you to use our IT facilities for a limited amount of private activity, provided that you do not:
- compromise your studies, research or work
- infringe any of our Information Security policies
- interfere with the valid use of our IT facilities by other people
- consume an excessive amount of our IT resources
- use our IT facilities for unapproved commercial purposes or for private gain
Any such misuse of our IT facilities may result in this permission being withdrawn.
When using our IT facilities for private activity, you must also be aware that information stored on RAU-supplied equipment may under certain circumstances be accessed by suitably authorised individuals. For further information, please see our Information Security Policy.
Unacceptable use of our IT facilities
The following activities are examples of the unacceptable use of our IT facilities, and are consistent with the JANET Acceptable Use Policy (by which everyone who uses our IT facilities is also bound) and the laws of the UK:
- Any illegal activity or action which knowingly breaches any of our policies
- Any attempt to knowingly gain unauthorised access to our IT facilities or information
- Any attempt to knowingly undermine the security or integrity of our IT facilities (including any unauthorised penetration testing or vulnerability scanning of any of our systems)
- Providing access to our IT facilities or information to anyone who is not entitled to such access
- Any irresponsible, or reckless handling, or unauthorised use, or modification of our information (for further information, please see our Information Handling Policy)
- Using our IT facilities to bully, harass, intimidate or otherwise cause alarm or distress to others
- Sending unsolicited and unauthorised bulk email (spam)
- Creating, storing or transmitting any material which infringes copyright
- Creating, storing, accessing or transmitting defamatory or obscene material.
- Using software which is only licensed for limited purposes for any other purpose, or otherwise breaching software licensing agreements
The laws you must comply with
In addition to the above requirements, we have a statutory duty, under the Counter Terrorism and Security Act 2015, termed “PREVENT”.
The purpose of this duty is to aid the process of preventing people being drawn into terrorism.
You must also be aware of your responsibilities under the laws of England and Wales listed below, and of any other jurisdiction applying to your location or the location of the services you are using:
- Counter Terrorism and Security Act 2015
- Computer Misuse Act 1990
- EU General Data Protection Regulation (GDPR) 2018
- Copyright, Designs and Patents Act 1988
- Wireless Telegraphy Act 2006
You must understand that any infringement may result in action being taken against you in accordance with University procedures.
Other Information Security Policies
This policy is one of a number that relate to the confidentiality, security and availability of our IT facilities and information assets. You can find them on the ITS pages on Gateway and the staff intranet.
- Information Security Policy
- Information Handling Policy
- Remote Working and Mobile Device Policy