Sussex Downs College Email Policy Sussex Downs College Email Policy 1. Introduction Email is a tool provided by Sussex Downs College to improve communications and to reduce unnecessary paperwork. The College is committed to making email available to all staff. All those registered to use the College email system are required to adhere to this policy and to related clauses in the College’s ‘Acceptable Use Policy’. Breaches of these regulations are subject to College disciplinary procedures. The use of College email facilities assumes and implies acceptance of this policy and of all its terms. 2. Responsibilities 2.1. The College The College, through Network Services, is responsible for providing and maintaining the email system. This necessitates a range of maintenance tasks including the periodic automated deletion of messages. Maintenance work may occasionally disrupt access and use of the system. College disaster and business continuity plans take full account of the email system. The College will endeavour to preserve and maintain the system in all circumstances. 2.2. Users Users are responsible for using the College email system in full compliance with this policy. Users are additionally responsible for complying with all other relevant College policies and regulations. At times these policies overlap and complement each other, which means that the proper use of email will be informed not only by the guidelines below but also by a range of other documents. These include, but are not limited to, the following: 3. Confidentiality Policy Data Protection Policy Dignity at Work Policy Information Security Policy Network Services Regulations Ownership 3.1. Email systems Sussex Downs College wholly owns the email system. In addition, all email communications and associated information sent, received or otherwise generated in the course of College business, both academic and administrative, belong to Sussex Downs College. This statement does not, however, seek to assert a claim to the copyrights or intellectual property of others. 3.2. Email addresses Sussex Downs College email addresses are created and assigned entirely at the discretion of the College. All addresses are formed in a standard way and all include the College’s core domain name, sussexdowns.ac.uk. Other domains may be implemented for specific groups (students for instance) but they will always include the sussexdowns.ac.uk construction. Page | 1 Sussex Downs College Email Policy 4. Monitoring and privacy Designated Network Services personnel routinely monitor electronic communications at a network level. Additionally, individual users’ messages may be subject to interception, access and disclosure for a limited range of legitimate reasons in accordance with the terms of the Regulation of Investigatory Powers Act, the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations, the Data Protection Act and with due regard to the Human Rights Act. In certain circumstances this may include messages marked as personal, private or by some other term. 5. Use of the system 5.1. Permission to use the system Standard email accounts are automatically made available to all staff who are properly recorded within the relevant College administrative databases. Certain other groups who are attached to the College may also apply for accounts. These special accounts are created and maintained entirely at the discretion of the College. 5.2. Passwords College email accounts are password protected and users are required to keep their passwords safe and secure. 5.3. Proper use Use of email must comply with the current version of the College’s regulations. The following are notably prohibit: The use of email to obtain, disseminate or publicise derogatory, defamatory, offensive, illegal or in any other way inappropriate material The bulk dispatch of emails where this is likely to cause offence or inconvenience to recipients The use of forged or in any way deceptive email messages or headers The circulation of material over which a third party holds an intellectual property right without their explicit permission The use of the email system to operate, manage, promote or in any way support an organisation other than the College and its subsidiaries and partners or one that operates in their broad interests These Regulations are updated from time to time and, while the College is responsible for publishing and promoting them, users are equally responsible for reading and adhering to the latest version. 5.4. Courteous use Staff communicate by email on the College’s behalf. As such the style of address, tone, spelling, grammar and punctuation of all messages should reflect the standards of formal business communication. The use of email must in all ways meet the conditions of the College’s Dignity at Work policy and other related policies concerning equality and respect. 5.5. Staff signatures Staff are encouraged to include a signature detailing the senders’ name and department as well as their job title and telephone number. 5.6. Use of email addresses Users must in all instances avoid using their College address in ways that are likely to attract excessive or unwanted mail. Users should avoid providing their College email address when using public websites for any purpose other than that of official College business. Page | 2 Sussex Downs College Email Policy 5.7. Staff personal use The email system is made available to staff for the College’s business purposes, both academic and administrative. Personal use of individual addresses must be modest and must not in any circumstances cause unnecessary expense or disruption to be incurred by the College through its scale or its nature. Generic email addresses from owned accounts (see 6.3 below) may not be used for any personal purposes at all. Staff must also ensure that personal messages are not and cannot be interpreted as official communications made on behalf of the College. 6. Sensitive & restricted information 6.1. Transmitting sensitive information Email is not a fully secure medium. Sensitive or confidential material including financial, commercial and personal information should be sent with care. Email is not always the ideal form of communication and users should be fully aware of its risks and shortcomings. Users should always ensure that they send messages only to their intended recipients. 6.2. Encryption Users may freely encrypt messages but they do so at their own discretion and entirely at their own risk. Users should be confident in the encryption option that they have chosen. They must ensure that messages can be properly decrypted by their intended recipients. 6.3. Owned accounts By agreement special owned accounts with generic addresses can be created. These accounts may be shared and are intended for use by College departments and teams. Under no circumstances should personal messages be sent or received through owned accounts. These accounts are approved solely for the handling of College business and personal use is prohibited. 7. Out of office 7.1. Out of office messages To ensure compliance with the Freedom of Information and Data Protection Acts and to maintain the high service standards of the College, staff that are away from the office should make arrangements to ensure that their emails are properly dealt with. Various solutions are available including automatic forwarding of emails to colleagues or configuring an out of office message. 7.2. Supervised access The inbox of any email user may be accessed in their absence by Network Services for a limited range of legitimate reasons, in line with the considerations set out in 4 above. 7.3. Remote access To reduce the necessity of forwarding corporate messages the College has ensured that email services are also accessible via the Internet. The College web-mail facility can be accessed by any registered user. 8. Management of information 8.1. Email as a corporate record Emails that are sent and received in the course of College business, both academic and administrative, are a corporate record in the same way as paper correspondence, computer files and databases. As such, emails are subject to the College’s relevant policies including those on data protection and freedom of information. 8.2. Email management Page | 3 Sussex Downs College Email Policy Staff are individually responsible for managing all their business emails properly on behalf of the College. This involves, but is not limited to, the following tasks: Identifying and retaining significant messages with ongoing business relevance Routinely and promptly deleting ephemeral and non-work related messages Ensuring that stored emails can be readily searched, located and retrieved by using meaningful subject lines and logical folder structures Following available guidelines to help ensure that the security and integrity of corporate messages is maintained 8.3. Message size limit For practical reasons the maximum size allowed for any single message within the College email system is fixed. This limit, which takes in both the message itself and any attachments, is currently set at 10Mb. This is subject to ongoing review and may change. 8.4. Spam and junk mail The College, through a third-party contractor, scans all mail coming into the Sussex Downs domain. During scanning suspected spam and junk mail are filtered out and quarantined using a wholly automated process. Users are required to accept that scanning is entirely necessary to protect the operation and integrity of the email system. They are also encouraged to monitor the anti-spam service to ensure that they are aware of any messages inappropriately filtered. 8.5. Closing mail accounts Email accounts are automatically closed and email addresses are cancelled whenever a user’s formal association with the College ends. The closure process incorporates safeguards to ensure that users are properly forewarned and need not lose important emails unnecessarily. Nevertheless, each user remains individually responsible for exporting or otherwise saving their messages from a closing account. Staff in particular must ensure that all non-personal emails are properly reassigned before they leave. 9. Protection 9.1. System backup The email filestore is regularly and routinely backed up. This is to ensure that the entire email system can be restored in the event of a disaster. Backup provisions and procedures are subject to periodic reappraisal as part of an ongoing review of College business continuity planning. 9.2. Firewall The purpose of a firewall is to protect computers from unauthorised external access or attack. College firewalls operate at both a network and a desktop level and as a necessary part of their operation they routinely block some incoming and some outgoing data. 9.3. Malicious software (malware) The College provides a range of technologies and tools to limit the impact of malware at a desktop level including anti-virus applications, software patches and updates as well as advice and guidance. Users are required to avail themselves of appropriate and current protection. They are forbidden from disabling or otherwise compromising pre-installed software on College computers and they are forbidden from connecting to the network with any unprotected device. Page | 4