SDC Email Acceptable Use Policy

advertisement
Sussex Downs College
Email Policy
Sussex Downs College
Email Policy
1. Introduction
Email is a tool provided by Sussex Downs College to improve communications and to reduce unnecessary
paperwork. The College is committed to making email available to all staff.
All those registered to use the College email system are required to adhere to this policy and to related
clauses in the College’s ‘Acceptable Use Policy’. Breaches of these regulations are subject to College
disciplinary procedures. The use of College email facilities assumes and implies acceptance of this policy
and of all its terms.
2.
Responsibilities
2.1. The College
The College, through Network Services, is responsible for providing and maintaining the email
system. This necessitates a range of maintenance tasks including the periodic automated deletion of
messages. Maintenance work may occasionally disrupt access and use of the system. College disaster
and business continuity plans take full account of the email system. The College will endeavour to
preserve and maintain the system in all circumstances.
2.2. Users
Users are responsible for using the College email system in full compliance with this policy. Users are
additionally responsible for complying with all other relevant College policies and regulations. At
times these policies overlap and complement each other, which means that the proper use of email
will be informed not only by the guidelines below but also by a range of other documents. These
include, but are not limited to, the following:





3.
Confidentiality Policy
Data Protection Policy
Dignity at Work Policy
Information Security Policy
Network Services Regulations
Ownership
3.1. Email systems
Sussex Downs College wholly owns the email system. In addition, all email communications and
associated information sent, received or otherwise generated in the course of College business, both
academic and administrative, belong to Sussex Downs College. This statement does not, however,
seek to assert a claim to the copyrights or intellectual property of others.
3.2. Email addresses
Sussex Downs College email addresses are created and assigned entirely at the discretion of the
College. All addresses are formed in a standard way and all include the College’s core domain
name, sussexdowns.ac.uk. Other domains may be implemented for specific groups (students for
instance) but they will always include the sussexdowns.ac.uk construction.
Page | 1
Sussex Downs College
Email Policy
4. Monitoring and privacy
Designated Network Services personnel routinely monitor electronic communications at a network level.
Additionally, individual users’ messages may be subject to interception, access and disclosure for a limited
range of legitimate reasons in accordance with the terms of the Regulation of Investigatory Powers Act,
the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations, the
Data Protection Act and with due regard to the Human Rights Act. In certain circumstances this may
include messages marked as personal, private or by some other term.
5.
Use of the system
5.1. Permission to use the system
Standard email accounts are automatically made available to all staff who are properly recorded
within the relevant College administrative databases. Certain other groups who are attached to the
College may also apply for accounts. These special accounts are created and maintained entirely at
the discretion of the College.
5.2. Passwords
College email accounts are password protected and users are required to keep their passwords safe
and secure.
5.3. Proper use
Use of email must comply with the current version of the College’s regulations. The following are
notably prohibit:
 The use of email to obtain, disseminate or publicise derogatory, defamatory, offensive, illegal or
in any other way inappropriate material
 The bulk dispatch of emails where this is likely to cause offence or inconvenience to recipients
 The use of forged or in any way deceptive email messages or headers
 The circulation of material over which a third party holds an intellectual property right without
their explicit permission
 The use of the email system to operate, manage, promote or in any way support an organisation
other than the College and its subsidiaries and partners or one that operates in their broad
interests
These Regulations are updated from time to time and, while the College is responsible for publishing
and promoting them, users are equally responsible for reading and adhering to the latest version.
5.4. Courteous use
Staff communicate by email on the College’s behalf. As such the style of address, tone, spelling,
grammar and punctuation of all messages should reflect the standards of formal business
communication.
The use of email must in all ways meet the conditions of the College’s Dignity at Work policy and
other related policies concerning equality and respect.
5.5. Staff signatures
Staff are encouraged to include a signature detailing the senders’ name and department as well as
their job title and telephone number.
5.6. Use of email addresses
Users must in all instances avoid using their College address in ways that are likely to attract excessive
or unwanted mail. Users should avoid providing their College email address when using public
websites for any purpose other than that of official College business.
Page | 2
Sussex Downs College
Email Policy
5.7. Staff personal use
The email system is made available to staff for the College’s business purposes, both academic and
administrative. Personal use of individual addresses must be modest and must not in any
circumstances cause unnecessary expense or disruption to be incurred by the College through its
scale or its nature. Generic email addresses from owned accounts (see 6.3 below) may not be used
for any personal purposes at all.
Staff must also ensure that personal messages are not and cannot be interpreted as official
communications made on behalf of the College.
6.
Sensitive & restricted information
6.1. Transmitting sensitive information
Email is not a fully secure medium. Sensitive or confidential material including financial, commercial
and personal information should be sent with care. Email is not always the ideal form of
communication and users should be fully aware of its risks and shortcomings. Users should always
ensure that they send messages only to their intended recipients.
6.2. Encryption
Users may freely encrypt messages but they do so at their own discretion and entirely at their own
risk. Users should be confident in the encryption option that they have chosen. They must ensure
that messages can be properly decrypted by their intended recipients.
6.3. Owned accounts
By agreement special owned accounts with generic addresses can be created. These accounts may be
shared and are intended for use by College departments and teams. Under no circumstances should
personal messages be sent or received through owned accounts. These accounts are approved solely
for the handling of College business and personal use is prohibited.
7.
Out of office
7.1. Out of office messages
To ensure compliance with the Freedom of Information and Data Protection Acts and to maintain the
high service standards of the College, staff that are away from the office should make arrangements
to ensure that their emails are properly dealt with. Various solutions are available including
automatic forwarding of emails to colleagues or configuring an out of office message.
7.2. Supervised access
The inbox of any email user may be accessed in their absence by Network Services for a limited range
of legitimate reasons, in line with the considerations set out in 4 above.
7.3. Remote access
To reduce the necessity of forwarding corporate messages the College has ensured that email
services are also accessible via the Internet. The College web-mail facility can be accessed by any
registered user.
8.
Management of information
8.1. Email as a corporate record
Emails that are sent and received in the course of College business, both academic and
administrative, are a corporate record in the same way as paper correspondence, computer files and
databases. As such, emails are subject to the College’s relevant policies including those on data
protection and freedom of information.
8.2. Email management
Page | 3
Sussex Downs College
Email Policy
Staff are individually responsible for managing all their business emails properly on behalf of the
College. This involves, but is not limited to, the following tasks:




Identifying and retaining significant messages with ongoing business relevance
Routinely and promptly deleting ephemeral and non-work related messages
Ensuring that stored emails can be readily searched, located and retrieved by using meaningful
subject lines and logical folder structures
Following available guidelines to help ensure that the security and integrity of corporate
messages is maintained
8.3. Message size limit
For practical reasons the maximum size allowed for any single message within the College email
system is fixed. This limit, which takes in both the message itself and any attachments, is currently set
at 10Mb. This is subject to ongoing review and may change.
8.4. Spam and junk mail
The College, through a third-party contractor, scans all mail coming into the Sussex Downs domain.
During scanning suspected spam and junk mail are filtered out and quarantined using a wholly
automated process. Users are required to accept that scanning is entirely necessary to protect the
operation and integrity of the email system. They are also encouraged to monitor the anti-spam
service to ensure that they are aware of any messages inappropriately filtered.
8.5. Closing mail accounts
Email accounts are automatically closed and email addresses are cancelled whenever a user’s formal
association with the College ends. The closure process incorporates safeguards to ensure that users
are properly forewarned and need not lose important emails unnecessarily. Nevertheless, each user
remains individually responsible for exporting or otherwise saving their messages from a closing
account. Staff in particular must ensure that all non-personal emails are properly reassigned before
they leave.
9.
Protection
9.1. System backup
The email filestore is regularly and routinely backed up. This is to ensure that the entire email system
can be restored in the event of a disaster. Backup provisions and procedures are subject to periodic
reappraisal as part of an ongoing review of College business continuity planning.
9.2. Firewall
The purpose of a firewall is to protect computers from unauthorised external access or attack.
College firewalls operate at both a network and a desktop level and as a necessary part of their
operation they routinely block some incoming and some outgoing data.
9.3. Malicious software (malware)
The College provides a range of technologies and tools to limit the impact of malware at a desktop
level including anti-virus applications, software patches and updates as well as advice and guidance.
Users are required to avail themselves of appropriate and current protection. They are forbidden
from disabling or otherwise compromising pre-installed software on College computers and they are
forbidden from connecting to the network with any unprotected device.
Page | 4
Download