Date of Policy Author Date approved by Governors Review date July 2015 Helen Bounds / Michael Hilton December 2015 October 2017 Employee IT User Acceptance Policy The Academy encourages its employees to use e-mail and the internet at work where this can save time and expense. However, it requires that employees follow the rules set out within the policy. It is a term of each employee's contract that he/she complies with these rules, and any serious breach could lead to dismissal. Any employee who is unsure about whether something he/she proposes to do might breach this e-mail and internet policy should seek advice from the IT Manager. Although the academy encourages the use of e-mail and the internet where appropriate, their use entails some risks. For example, employees must take care not to introduce viruses or malware on to the system and must take proper account of the security advice below. Employees must also ensure that they do not send libellous statements in e-mails as the academy could be liable for damages. These rules are designed to minimise the legal risks to the academy when its employees use e-mail at work and access the internet. Where something is not specifically covered in this policy, employees should seek advice from the IT Manager. Technology and the law change regularly and this policy will be updated to account for changes as and when necessary. Employees will be informed when the policy has changed but it is their responsibility to read the latest version of this document. The most recent copy is always available on the academy staffshared area. Use of e-mail Contents of e-mails E-mails that employees intend to send should be checked carefully. E-mail should be treated like any other form of written communication and, as such, what is 1 normally regarded as unacceptable in a letter is equally unacceptable in an email communication. Be polite and appreciate that other users might have different views from your own. E-mail should not be used as an outlet for comments that employee would be unwilling to vocalise. Always remember e-mail messages can be forwarded and viewed by unexpected readers. Please try to limit the sending of global e-mails, there are many distribution groups such as Teachers, Associate Staff, Curriculum Directors, departments, LSA’s, CPM’s. Please use the relevant distribution group to avoid unnecessary e/mails. If you receive an e-mail containing material of a violent, dangerous, racist, or inappropriate content, always report such messages to a member of the HR department. The sending or receiving of an e-mail containing content likely to be unsuitable for schools is strictly forbidden. Do not put pupil personal details into the header of an e-mail if this could be seen by a class member, for example all staff e-mails. The use of e-mail to send or forward messages which are defamatory, obscene or otherwise inappropriate will be treated as misconduct under the appropriate disciplinary procedure. In serious cases this could be regarded as gross misconduct and lead to dismissal. Equally, if an employee receives an obscene or defamatory e-mail, whether unwittingly or otherwise and from whatever source, he/she should not forward it to any other address. Statements to avoid in e-mails include those criticising the academy, colleagues, external bodies or their staff, those stating that there are quality problems with goods or services of suppliers or customers, and those stating that anyone is incompetent. Academy information to be included in e-mails Employees should ensure that official academy information is given on any emails that they send. Copying in Others – Carbon Copying (CCing) Employees should exercise care not to copy e-mails automatically to all those copied in to the original message to which they are replying. Doing so may result in disclosure of confidential information to the wrong person. Think about who has been copied into the e-mail you are sending. You should be able to justify your decision to include them. This can be viewed as a form of harassment. 2 Attachments Employees should not attach any files that may contain a virus to e-mails, as the Academy could be liable to the recipient for loss suffered. The Academy has virus-checking in place but, if in doubt, employees should check with the IT department. Employees should exercise extreme care when receiving e-mails with attachments from third parties, particularly unidentified third parties, as these may contain viruses. Personal use of e-mail Although the e-mail system is primarily for business use, the Academy understands that employees may on occasion need to send or receive personal e-mails using their work address. When sending personal e-mails, employees should show the same care as when sending work-related e-mails. Monitoring of e-mail The Academy reserves the right to monitor employees' e-mails, but will endeavour to inform an affected employee when this is to happen and the reasons for it. The Academy considers the following to be valid reasons for checking an employee's e-mail: If the employee is absent for any reason and communications must be checked for the smooth running of the business to continue. If the Academy suspects that the employee has been viewing or sending offensive or illegal material, such as material containing racist terminology or nudity (although the Academy understands that it is possible for employees inadvertently to receive such material and they will have the opportunity to explain if this is the case). If the Academy suspects that an employee has been using the e-mail system to send and receive an excessive number of personal communications. If the Academy suspects that the employee is sending or receiving e-mails that are detrimental to the Academy. The following network activities are monitored by IT Help desk: Disk space (including user home folders) File types (the storing of executable files in home folders is forbidden in most circumstances) E-mail messages are scanned for inappropriate content and attachments scanned for viruses Website activity and downloads are logged. All user network logon and logoff activity is logged. 3 When monitoring e-mails, the Academy will, save in exceptional circumstances, confine itself to looking at the address and heading of the emails. Employees should mark any personal e-mails as such and encourage those who send them to do the same. The Academy will avoid, where possible, opening e-mails clearly marked as private or personal. The Academy reserves the right to retain information that it has gathered on employees' use of e-mail for a period of one year. Mobile Phones and Camera Usage Mobile phones may be used in academy, as long as their use is appropriate. The use of a mobile phone must not detract from the quality of supervision and care of children. We recognise the importance of mobile phones in academy for communication purposes, but are aware that casual or inappropriate use of mobile phones in the Academy could pose a risk to children. This policy applies to all staff and volunteers, and covers both indoor and outdoor areas. Failure to adhere to this policy may result in disciplinary action. If staff have a break time during their working hours, they may use their mobile phones during these times, in an agreed area not used by children e.g. in the office / staff room. Classroom based staff must give the academy telephone number to their next of kin, in case it is necessary for the staff member to be contacted, in an emergency, during teaching hours. Use of internet Authorised internet users Where an employee has been provided with a computer with internet access at his/her desk, he/she may use the internet at work. Not everyone in the Academy needs access to the internet at work. Anyone who does not have access but believes that he/she requires it should contact his/her manager and make a written request, setting out the reasons why access should be allowed. Sensible internet use Where employees are allowed access to the internet at work they are expected to use it sensibly and in such a manner that it does not interfere with the efficient running of the Academy. For example, where it would be quicker to make a 4 telephone call than to engage in an internet search for the required information, then the telephone call should be made. Employees may be called upon to justify the amount of time they have spent on the internet or the sites that they have visited. The Academy encourages employees to become familiar with the internet and does not currently impose any time limitation on work-related internet use. It trusts employees not to abuse the latitude given to them, but if this trust is abused it reserves the right to alter the policy in this respect. Removing internet access The Academy reserves the right to deny internet access to any employee at work, although in such a case it will endeavour to give reasons for doing so. Registering on websites Many sites that could be useful for the Academy require registration. Employees wishing to register as a user of a website for work purposes are encouraged to do so. However, they should ask their manager before doing this. Licences and contracts Some websites require the Academy to enter into licence or contract terms. The terms should be printed off and sent for approval in advance or e-mailed to the Finance Department before an employee agrees to them on the Academy's behalf. In most cases, there will be no objection to the terms and it is recognised that the free information provided by the website in question may save the Academy money. Employees should, however, always consider whether the information is from a reputable source and is likely to be accurate and kept up to date, as most such contract terms will exclude liability for accuracy of free information. Downloading files and software Any software must be purchased through the IT department. No attempt must be made to install software onto academy computers as this could create a security risk. Using other software and hardware at work The Academy does not allow employees to bring software or hardware into the classroom without the IT department's consent and nothing in the e-mail and internet policy modifies the Academy's general view on this. 5 Personal use of the internet Although the e-mail system is primarily for business use, the Academy understands that employees may on occasion need to use the internet for personal purposes. Employees may access the internet at work for personal purposes provided that: such use is limited to a reasonable amount in any day; the internet is not used to access offensive or illegal material, such as material containing racist terminology or nudity; the internet is not used for on-line gaming or on-line gambling; they do not enter into any contracts or commitments in the name of or on behalf of the Academy; Monitoring of Internet Access at Work The Academy reserves the right to monitor employees' internet usage, The Academy considers the following to be valid reasons for checking an employee's internet usage: If the Academy suspects that the employee has been viewing offensive or illegal material, such as material containing racist terminology or nudity (although the Academy understands that it is possible for employees inadvertently to view such material and they will have the opportunity to explain if this is the case). If the Academy suspects that the employee has been spending an excessive amount of time viewing websites that are not work related. The Academy reserves the right to retain information that it has gathered on employees' use of the internet for a period of one year. Social Networking Sites Staff must adhere to the following Guidelines for Employee using Social Networking sites. As educators we have a professional image to uphold and how we conduct ourselves online helps determine this image. As reported by the media, there have been instances of those working in education demonstrating professional misconduct while engaging in inappropriate dialogue about their academy and/or students or posting pictures and videos of themselves engaged in inappropriate activity. Some educators feel that being online shields them from having their personal lives examined. But increasingly, how educators’ online identities are too often public and can cause serious repercussions. 6 One of the hallmarks of social networks is the ability to “friend” others – creating a group of others that share interests and personal news. Do not accept invitations to friend students within these social networking sites. When students gain access to a teacher’s or other staff member’s network of friends and acquaintances and are able to view personal photos, the student-staff dynamic is altered. It is important to maintain a professional relationship with students to avoid relationships that could cause bias in the classroom. For the protection of your professional reputation: Friends and Friending Do not under any circumstances accept current students as friends on personal social networking sites. Do not under any circumstances accept current students with siblings still at the academy as friends on personal social networking sites Consider your own family members. Do they have pupils/ex-pupils as their friends? Decline any student-initiated friend requests. Do not initiate friendships with students Remember that people classified as “friends” have the ability to download and share your information with others. Content Do not use commentary deemed to be defamatory, obscene, proprietary, or libellous. Exercise caution with regards to exaggeration, colourful language, guesswork, obscenity, copyrighted materials, legal conclusions, and derogatory remarks or characterisations. Consider whether a particular posting puts your effectiveness as a teacher or other professional at risk. Post only what you want the world to see. Imagine your students, their parents, your manager, visiting your site. It is not like posting something to your web site or blog and then realising that a story or photo should be taken down. On a social networking site, basically once you post something it may be available, even after it is removed from the site. Do not discuss students or colleagues or publicly criticise academy policies or colleagues. Do not post images that include students. 7 Security Due to security risks, be cautious when installing the external applications that work with the social networking site. Examples of these sites are calendar programs and games. Run updated malware protection to avoid infections of spyware and adware that social networking sites might place on your computer. Be careful not to fall for phishing scams that arrive via email or on your wall, providing a link for you to click, leading to a fake login page. Visit your profile’s security and privacy settings. At a minimum, educators should have all privacy settings set to “only friends”. “Friends of friends” and “Networks and Friends” open your content to a large group of unknown people. Your privacy and that of your family may be a risk. People you do not know may be looking at you, your home, your children, your grandchildren, - your lives! Please stay informed and be cautious in the use of all new networking technologies of employees using the internet to access social networking websites. Personal use of the internet The Academy does not allow access to social networking websites from its computers at any time. Personal conduct The Academy respects an employee's right to a private life. However, the Academy must also ensure that confidentiality and its reputation are protected. Security and identity theft Employees should be aware that social networking websites are a public forum, particularly if the employee is part of a "network". Employees should not assume that their entries on any website will remain private. Employees should never send abusive or defamatory messages. Employees must also be security conscious and should take steps to protect themselves from identity theft, for example by restricting the amount of personal information that they give out. Social networking websites allow people to post detailed personal information such as date of birth, place of birth and favourite football team, which can form the basis of security questions and passwords. In addition, employees should: 8 ensure that no information is made available that could provide a person with unauthorised access to the Academy and/or any confidential information; and refrain from recording any confidential information regarding the Academy on any social networking website. Network Security The computers are provided and maintained for the benefit of all employees. You are encouraged to use and enjoy these resources and help to ensure they remain available to all. Remember that access is a privilege, not a right and inappropriate use will result in that privilege being withdrawn. Equipment Always check computer equipment, particularly laptops, before and after lessons and report any faults or damage to the IT Help desk via the helpdesk webpage, by phone or in person. Pen drives and external hard drives are not permitted on the academy network. Should an external visitor need to use a pen drive this must be taken to the ICT helpdesk so they can scan them. Always check mobile equipment (e.g. laptops, tablets, smart phones etc.) are virus free before connecting to the wireless guest network. Nonacademy computers and laptops are not permitted on the curriculum network. Protect the computers from spillages by eating or drinking well away from the ICT equipment. Food and drink is forbidden in the ICT suites. Security and Privacy Always lock your door when you leave your office. Always lock your computer desktop if you are away from your desk for any period of time. Always turn off or freeze the projector screen in a classroom environment before viewing sensitive information. Protect yourself and the systems, you should respect the security on the computers; attempting to bypass or alter the settings may put you or your work at risk. Ensure that personal data (such as data on e/portal) is kept secure and is used appropriately, whether in academy, taken off the premises or accessed remotely. Computer storage areas are for educational resources these storage areas are periodically checked for inappropriate or non-educational content. 9 Regularly review your files in order to save disk space and do not save personal photographs or music files or executable files in your home folder. Ensure that all entries on E-portal are anonymous and do not contain inappropriate language, errors, acronyms etc. Please be sensitive as parents will be able to view all entries. The academy’s Microsoft Agreement entitles employees to install Microsoft Office onto their home computer, however this must be removed once employment ends. When employees leave the academy they must check with the IT Helpdesk before copying their data (My Documents) to a removable storage device. Many network shares (e.g. department folders) will contain sensitive data (such as pupil information) and items which are the copyright of the academy. The copying of department information and resources is not permitted. The account will be disabled the day after the official leaving date. Personal data will be retained for one month. The use of cloud storage such as Microsoft’s One Drive and Drop box is permitted but staff should adhere to data protection and security guidelines. Password Complexity - Protect your work by keeping your password to yourself; never use someone else’s logon name or password. The use of complex passwords is essential by using a mixture of alphanumeric, upper and lowercases and symbols. I have read the User Acceptance policy above and will adhere to the guidance outlined in accordance with the policy. Signed………………………………… (print name) Date………………………………….. 10 ……………………………