Computing Use Policy Introduction Purpose
advertisement
ROYAL FREE AND UNIVERSITY COLLEGE MEDICAL SCHOOL UCL DEPARTMENT OF MEDICAL SCHOOL ADMINISTRATION Centre for Computing Services Computing Use Policy Introduction Purpose Communications and Information Technology (C&IT) services are funded on condition that these services are used for legitimate, authorised purposes only. The main purpose of these local regulations is to encourage the responsible use of facilities; to maximise the availability of resource (desktop equipment, infrastructure and staff) for legitimate purposes; and to minimise exposure to misuse from inside or outside UCL. UCL may be required from time to time to demonstrate to external auditing bodies that it has mechanisms in place to manage, regulate and control its services. Any form of electronic communication may be construed in law as a publication and UCL publishing guidelines will apply. Users must be aware of the implications with respect to Intellectual Property Rights of publishing information in any electronic form. For further information users should consult the UCL Guidelines on Publishing at: http://www.ucl.ac.uk/UCLInfo/Docs/Guide.html This document is subject to review, http://www.ucl.ac.uk/UCL-Info/Policy/Computing/Use. for the most recent version please see Scope of the Regulations These regulations cover the use of all (C&IT) services and facilities within UCL. The C&IT facilities are of various kinds: 1 C&IT services run by the Education & Information Support Division (EISD) - Information Systems (IS) which may be used by any member of UCL. All users of these services must be registered with IS. 2 C&IT services run by the Management Services Division (MSD) which may be used by authorised, registered members of UCL. 3 C&IT services run by Departments for academic research, teaching and administration. Arrangements for use of these facilities are made through the department concerned and are normally restricted to its own staff and students. 4 C&IT services run by the Library and Administrative Divisions of UCL. 5 Personal computers owned by individual staff or students when connected to UCL communications network or using software under an educational licence arrangement. Authorised Use In these regulations "authorised use" is defined as: 1 (for students) use properly associated with the UCL programme of study or course for which a student is registered; 2 (for UCLU societies) use properly associated with UCLU society activities; 3 (for employees) use in the course of or properly associated with their employment 4 (for honorary staff) use properly associated with their appointment; 5 (for users who are neither staff nor students) use restricted to those purposes specified in the case made for registration. 6 network monitoring, interception and probing carried out by UCL-CERT, persons authorised by the Director of IS or (in the case of Departmental LANs) persons authorised by the Head of Department. Any use that falls outside these definitions is not authorised, is prohibited and will constitute a disciplinary offence under the appropriate staff or student disciplinary procedure and / or result in the suspension of access to the facilities. Further information about authorised use is contained in the guidelines below. Regulations C&IT users must: 1. respect the copyright of all materials and software that are made available by UCL service providers and third parties for authorised use; Users must abide by the CHEST Code Of Conduct For The Use Of Software Or Datasets (see http://www.chest.ac.uk/conduct.html) and Copyright Law (Copyright Act 1956 and Copyright, Designs and Patents Act 1988). In particular users must not make, run or use unicensed copies of software or data; 2. familiarise themselves with and comply with the requirements of the Data Protection Act. Further information is set out in the appropriate Staff or Student Handbook. More detail can be obtained from UCL's Data Protection Officer, Mrs. Rosamund Cummings, Records Office, Central Services; extension 7783; or email: rhc@central-services.ucl.ac.uk UCL is registered with the UK Data Protection authorities. Data Projection laws protect individuals against the unauthorised use or disclosure of their data. The misuse or disclosure of an individual's data outside UCL's registration may amount to a criminal offence, UCL may regard non-observance of Data Protection Laws as a disciplinary offence. 3. comply with the Computer Misuse Act of August 1990 which makes activities such as hacking or the deliberate introduction of viruses a criminal offence; Hacking is defined as unauthorised access to a computer system (locally or through a network) for the purpose of obtaining another’s identifier and password, or using resources that have not been allocated, with intent to modify or damage another’s files or systems files, or to obtain or alter financial or administrative records, or to facilitate the commission of a serious crime. 4. comply with the Criminal Justice Act 1994 amendment to the Obscene Publications Act under which it a criminal offence to create, store, download or transmit obscene material; 5. inform their Head of Department in writing where activities which might be subject to legislation (such as the Criminal Justice Act 1994 amendment to the Obscene Publications Act) are carried out in pursuit of legitimate, approved academic research. 6. comply with local arrangements for booking public clusters and machines in public clusters. C&IT users must not: 7. use material or programs in such a way as to contravene the law; 8. use the facilities in such a way as to risk or to cause loss, damage or destruction of data or breaches of confidentiality of data; IS undertakes to provide appropriate security measures to limit the likelihood of such occurrences on centrally managed systems. IS cannot give any warranty or undertaking about the integrity of information. 9. jeopardise the provision of services (for example by using resources for recreational purposes or by inappropriate use of bulk email); 10. use the facilities in such a way that brings or could bring UCL into disrepute; Users will be held personally liable and may be subject to disciplinary proceedings, for example for issuing false or libellous statements or for breaching the copyright of others. 11. allow their account to be used by others, or disclose passwords to others, or use accounts or passwords belonging to others; 12. do or fail to do anything which has the result of introducing any virus, worm, Trojan Horse or other harmful program to any computer, file or software on the system (this obligation includes doing anything to circumvent any firewall or software designed to protect systems against harm); 13. interfere or attempt to interfere with or destroy systems or software set up on public facilities (this obligation includes loading or attempting to load unauthorised software on centrally and / or departmentally managed systems and servers); 14. interfere with, disconnect, damage or remove without authority any equipment made available for use in conjunction with any UCL C&IT facilities; 15. smoke, eat or drink in public cluster rooms; 16. interrupt teaching sessions when a cluster room has been booked for this purpose; 17. use UCL equipment to carry out unauthorised actions at other institutions or organisations; 18. set up equipment to provide services that they are not competent to administer, especially if such services result in security vulnerability or exposure to misuse. Procedure 1. In the event of suspected misuse of C&IT facilities UCL reserves the right to suspend user accounts and to inspect, copy, retain and modify users' files if necessary. UCL may also disconnect network services, including those to rooms in Halls of Residence and prevent access to the facilities without notice while investigations proceed. 2. Cases of misuse or abuse should be reported to, and will be taken up in the first instance by the appropriate authority shown below. Misuse by: Report in the first instance to: Students using centrally managed IS facilities EISD Information Systems, User Support Group Manager or IS Director Staff using centrally managed MSD facilities Director of MSD Students using Royal Free Campus managed facilities Head of the Centre for Computing Services Students using locally managed departmental facilities Head of Department or local computer manager Staff Head of Department, Dean or Vice-Provost as appropriate Anyone not included in the categories above EISD Information Systems, User Support Group Manager or IS Director 3. The Head of Department and UCL authorities, including the Dean of Students where appropriate, may be informed and will deal with the incident under the appropriate disciplinary procedures for students and staff. In some cases legal action may be taken and the Police informed. UCL reserves the right to disclose data or information about a user's use of UCL's computing facilities to any appropriate or authorised third party (including the police) to assist in any further investigation. 4. If sites containing material that may be illegal are discovered, particularly material relating to children or the exploitation of children, UCL encourages its staff and students to make a report to the authorities named above or to the Internet Watch Foundation (IWF) hotline (http://www.iwf.org.uk). The normal course of events is that the IWF will request that the Internet Service Providers (ISPs) in the UK will block that site. If this does not happen the IWF will inform the Police who may investigate the matter further. Guidelines and Further Information General The enrolment form signed by students explicitly binds them to abide by UCL Regulations, of which these form a part. These regulations also form a part of the conditions of employment for UCL staff. Users of C&IT services who are neither staff nor students are required to complete a registration form which binds them to abide by these regulations. In all cases the act of registering as a user of the Information Systems facilities or making use of any of the C&IT facilities implies acceptance of the conditions of use given below and compliance with these regulations, relevant Acts of Parliament and European Community law or directives. Throughout this document reference is made to EISD Information Systems as the service provider. In general (and unless stated otherwise by local regulations) similar conditions will apply to Departmental or Faculty-based C&IT services. Since most computers in UCL are connected to and make use of the UCL network managed by EISD IS, UCL may require IS to take action to withdraw facilities when misuse is suspected. From time to time UCL may issue good practice guidelines and reserves the right to withdraw network services to systems or services that are not operated in accordance with those guidelines. UKERNA Acceptable Use Policy The Government funds the network (known as JANET, the Joint Academic Network) that provides network connection between Universities and Colleges and on to the Internet. All organisations connected to JANET must comply with its Acceptable Use Policy. UCL Computing Regulations implement this policy locally. Full details of this policy and other JANET service documents can be found at: http://www.ja.net/documents. The Law There are various national and European Community laws and directives that govern the use of C&IT, others make explicit reference to C&IT. These are mentioned in the section on regulations above. UCL has a duty to bring these to the attention of its staff and students. Conditions of Use Use of UCL C&IT facilities is subject to the following conditions of use. These may vary for locally managed systems. It is the responsibility of those managing these systems to make their users aware of the local conditions of use. 1. The facilities (including software) are provided entirely at the risk of the user. UCL will not be liable for loss (including any loss of software, data or other computer functionality or any economic, consequential or indirect loss), damage (including damage to hardware, software or data) or inconvenience arising directly or indirectly from the use of the facilities, except where statutory health or safety matters are involved. 2. UCL reserves the right to inspect, copy, modify and/or retain user data in order to investigate operational problems or for the detection and investigation of suspected misuse. This includes the authorised inter-ception of traffic on College networks. 3. UCL accepts no liability for any loss (including any loss of software, data or other computer functionality or any economic, consequential or indirect loss), or damage (including damage to hardware, software or data or the invalidation of any warranty agreement) to equipment not owned by UCL as a consequence of any work carried out on such equipment by members of staff (or students acting in the capacity of members of staff), whether authorised or not. 4. UCL accepts no liability for any loss (including any loss of software, data or other computer functionality or any economic, consequential or indirect loss), or damage (including damage to hardware, software or data or invalidation of any warranty agreement) to equipment not owned by UCL as a consequence of direct or indirect connection, whether authorised or not, to UCL networks. The user shall indemnify UCL for any loss or damage, whether direct or indirect, suffered or incurred as a consequence of the interconnection of any hardware or software not owned by or under the control of UCL with any IT system, hardware, software or data owned or controlled by UCL. 5. UCL reserves the right to scan for insecure and vulnerable systems and to block access to systems and/or services (ports) which place at risk the integrity of its network and services or which are being used to attack third parties. 6. UCL reserves the right to disconnect poorly managed equipment from the departmental LAN, or in extreme cases disconnect the departmental LAN from the UCL network until the offending machine is disconnected or shown to be working correctly. This document is based on the 4th revision of the document published in October 2000 by Information Systems www.ucl.ac.uk/is.
