Acceptable use policy
Updated on 12 March 2018
Outlines the University’s approach to acceptable use of its computing facilities
This policy outlines the University’s approach to acceptable use of its computing facilities and provides the guiding principles and responsibilities to ensure the University’s acceptable use objectives are met.
This policy is applicable across the University and applies to:
- all individuals who have access to University information and technologies
- all facilities, technologies and services that are used to process University information
- all information processed, accessed, manipulated, or stored (in any format) by the University pursuant to its operational activities
- internal and external processes used to process University information
- external parties that provide information processing services to the University
The policy will be communicated to users and relevant external parties.
The University’s objectives for this policy are to:
- safeguard the University’s information from security threats that could have an adverse effect on its operations or reputation
- fulfil the University’s duty of care toward the information with which it has been entrusted
- protect the confidentiality, integrity, availability and value of information through the optimal use of controls
- This document is an adjunct to the JISC Acceptable Use Policy which currently applies to the transmission of information between the University and other networks. Breaches of either the Janet Acceptable Use Policy or the University Acceptable Use Policy will be regarded as disciplinary offences and dealt with under disciplinary procedures.
- The University network may be used for any legal activity that is in furtherance of the purpose, aims, and policies of the University.
The University network may not be used for any of the following:
- The creation or transmission (other than for properly supervised and lawful research purposes) of any offensive, obscene or indecent images, data or other material, or any data capable of being resolved into obscene or indecent images or material
- The creation or transmission of material which is designed or likely to cause annoyance, inconvenience or needless anxiety
- The creation or transmission of defamatory material
- The transmission of material such that this infringes the copyright and intellectual property rights of another person
- The unauthorised transmission of unsolicited commercial or advertising material either to other User Organisations, or to organisations connected to other networks
- Deliberate unauthorised access to facilities or services accessible via the network
- The creation or transmission of any material which could bring the University into disrepute
- Deliberate activities with any of the following characteristics:
- wasting staff effort or networked resources, including time on end systems accessible via the University network and the effort of staff involved in the support of those systems
- corrupting or destroying other users' data
- violating the privacy of other users
- disrupting the work of other users, whereby the network is used in a way that denies service to other users (for example, deliberate or reckless overloading of access links, or of switching equipment)
- continuing to use an item of networking software or hardware after the University has requested that use cease because it is causing disruption to the correct functioning of the network
- other misuse of the network or its networked resources, such as the introduction of viruses
Legal and regulatory obligations
The University of Dundee has a responsibility to abide by and adhere to all current UK and EU legislation as well as a variety of regulatory and contractual requirements.
A non-exhaustive summary of the legislation and regulatory obligations that contribute to the form and content of this policy is provided in IT policies - relevant legislation.
Related policies will detail other applicable legislative requirements or provide further detail on the obligations arising from the summarised legislation.
The following bodies and individuals have specific information security responsibilities:
- The University’s information technology department, UoD IT, is accountable for the effective implementation of this policy, and supporting information security rules and standards, within The University.
- The Data, Records and Information Committee (DRIC) has executive responsibility for information security within The University. DRIC has responsibility for overseeing the management of the information security risks to the University's staff and students, its infrastructure and its information.
- The Assistant Director, UoD IT (Infrastructure, Security and Research Computing) is responsible for establishing and maintaining The University’s cyber security management framework to ensure the availability, integrity and confidentiality of The University’s information. The Assistant Director will lead on the definition and implementation of the University’s cyber security arrangements and make judgement calls when situations arise that are not covered by the current cyber security management framework.
- Users are responsible for making informed decisions to protect the information that they process. Users will familiarise themselves with the relevant policies governing the information and systems they access.
Supporting policies, codes of practice, procedures, and guidelines
Supporting policies have been developed to strengthen and reinforce this policy statement. These, along with associated codes of practice, procedures and guidelines are published together and are available for viewing on the University of Dundee website.
All staff, users, and any third parties authorised to access the University’ network or computing facilities are required to familiarise themselves with these supporting documents and to adhere to them in the working environment.
Compliance and breach of policy
The University shall conduct cyber security compliance and assurance activities, facilitated by the University’s cyber security staff to ensure cyber security objectives and the requirements of the policy are met. Wilful failure to comply with the policy will be treated extremely seriously by the University and may result in enforcement action on a group and/or an individual. If you have any questions or concerns about this policy please discuss them with your line manager.
Review and development
This policy, and supporting documentation, shall be reviewed and updated annually or more frequently when best practice or the legislative/regulatory environment changes to ensure that they:
- remain operationally fit for purpose
- reflect changes in technologies
- are aligned to industry best practice
- support continued regulatory, contractual and legal compliance
Changes to this policy will be presented to DRIC for review prior to publication.
- The University of Dundee is a Scottish Registered Charity, No. SC01509 with its registered office at Tower Building, Nethergate, Dundee DD1 4HN.
- Staff are salaried members of the University or contracted individually by the University to provide a service.
- A person pursuing any course of study in the University.
- A visitor is anyone, not a member of staff or student, requiring access to University premises or services.
- The result of processing, manipulating, or organising data. Examples including but not limited to, text images, sounds, codes, computer programmes, software and databases.
- Information in raw form.
- Property that information is not made available or disclosed to unauthorized individuals, entities, or processes.
- Property of accuracy and completeness.
- Property of being accessible and usable upon demand by an authorized entity.
A non-exhaustive summary of the legislation and regulatory obligations that contribute to the form and content of this policy is provided in IT policies - relevant legislation
If you have any questions regarding this policy please contact the University’s Help4U service