This policy applies to anyone using the IT facilities (hardware, software, data, network access, third party services, online services or IT credentials) provided or arranged by Buckinghamshire New University.  This means more than students and staff and includes, for example:

• Visitors to Buckinghamshire New University’s website, and people accessing the institution’s online services from off campus;
• External partners, contractor and agents based onsite and using Buckinghamshire New University’s network, or offsite and accessing the institution’s systems;
• Tenants of the institution using the University’s computers, servers or network;
• Visitors using the institution’s Wi-Fi;
• Students and staff from other institutions logging on using Eduroam.

All users of Buckinghamshire New University’s IT facilities are bound by the laws of England and Wales. An illustrative list of these is given in the Applicable Laws and Regulations document. It is the user’s responsibility to ensure their activities comply with these laws.

When making use of the internet, the JISC Acceptable Use Policy also applies.

The University has a statutory duty, under the Counter Terrorism and Security Act 2015, to aid the process of preventing people being drawn into terrorism.

Any information you create or store on Buckinghamshire New University systems may be released under an information access request in line with (but not limited to) Data Protection and Freedom of Information.

The University network may be used for any legal activity that supports the University’s teaching, learning, research, consultancy and operational activities. Whilst the principles of academic freedom will be fully respected, IT facilities must be used responsibly, in accordance with the law and not in a way that brings the University into disrepute.

Users of the University’s IT facilities, remain subject to all relevant laws and policies. Additionally, when accessing services from another legal jurisdiction, users must abide by all relevant local laws, as well as those applicable to the location of the service.

If you use University IT facilities to access third party services or resources you are bound by the regulations associated with that service or resource.

When using University IT facilities from another institution e.g. via eduroam, you are subject to both Buckinghamshire New University’s policies and those of the institution where you are accessing services.

Users of the University’s IT facilities must adhere to all relevant licence conditions when using software procured or provided by the University.

Use of these facilities for personal activities (provided that it does not infringe any of the regulations, and does not interfere with others’ valid use) is permitted, but this is a privilege that may be withdrawn at any point.

Use of the University’s IT facilities for non-institutional commercial purposes, or for personal gain, requires the explicit approval of the Director of Digital and Technical services.

If you handle personal, confidential or sensitive information, you must take all reasonable steps to safeguard it and manage it in accordance with Buckinghamshire New University’s Information Classification Policy and supporting guidance.

Users of the University’s IT facilities must periodically undertake approved Information Security training courses, or other training appropriate to their role at the University.

In the event that there is a genuine academic need to carry out an activity that might breach acceptable use, such as research involving sensitive or extreme materials, approval must be obtained in advance via the appropriate University process, e.g. University Ethics process.

The University network may not be used for any of the following:

• The creation or transmission (other than for properly supervised and lawful research purposes) of any offensive, obscene or indecent images, data or other material, or any data capable of being resolved into obscene or indecent images or material;

•    The creation or transmission of material which is designed or likely to cause annoyance, inconvenience or needless anxiety;

• The creation or transmission of material with the intent to defraud;
• The creation or transmission of defamatory material;

•    Use your IT account to send Spam (unsolicited bulk mail) forge addresses, or use University mailing lists other than for legitimate purposes related to University activities;

•    Deliberately or recklessly consume excessive IT resources such as processing power, bandwidth or consumables;

•    Using the IT facilities in a way that interferes with others’ valid use of them;

•    Impersonate someone else or otherwise disguise your identity when using the IT facilities;

•    The creation or transmission of material that infringes copyright, or breaks the terms of licenses for software or other material;

• Access, or attempt to access, University systems and information for which permission has not been granted;

•    Partake in any activity that contravene any laws, University policies or regulations.

You are specifically prohibited from

•    Damaging, reconfiguring or moving equipment;

•    Loading software on the University’s equipment other than in approved circumstances;

•    Reconfiguring or connecting equipment to the network other than by approved methods;

•    Setting up servers or services on the network;

• Introducing data-interception, password-detecting or similar software or devices to the University’s network;

•    Deliberately or recklessly introducing to their device or University services or systems any form of spyware, computer virus or other potentially malicious software;

•    Attempting to disrupt or circumvent IT security measures;

•    Sharing your IT credentials with another user or attempt to obtain or use anyone else’s credentials;

• Using personal email accounts instead of a University staff email account to conduct University business, or automatically forwarding emails from a staff email account to a personal account.

If you are a staff member or working in such a capacity you must not create or store personal, or sensitive university information on personally owned devices this includes via the use of file synchronisation tools.

Buckinghamshire New University monitors and records the use of its IT facilities for the purposes of:

• Effective and efficient planning and operation;
• Detection and prevention of infringement of University regulations;
• Investigation of alleged misconduct; and
• Continuation of normal business operations which may include requests to view content you have created / modified using IT systems e.g. email, during periods of absence.

Buckinghamshire New University will comply with lawful requests for information from government and law enforcement agencies.

You must not attempt to monitor the use of the IT facilities without explicit authority

The University may need to access or suspend any user’s account for business purposes. Action will only be taken where relevant authorisation has been acquired, or where the Information Security team have identified an immediate threat to University information.

On leaving the University access to IT facilities will be terminated according to the end date set in the Identity Management System. Before this date users must:

• Return to the Service Desk, in good condition, all personally issued IT equipment. IT equipment must not be retained by (or sold to) staff or students should they leave the University;
• Return to the Service Desk any University data whether printed, stored on removable media, or stored on remote or non-University computing systems.
• Not delete any data which belongs to the University and which the University may need in future without prior authorisation from your line manager or tutor;
• Ensure any data held in a personal areas such as OneDrive or Email which may be needed by the University is transferred to an appropriate shared area prior to their departure;
• Ensure any personal data that they wish to keep is removed from the University’s systems, as they will not be entitled to access this (and the University will not retrieve it for them) once they leave.

Infringement of this policy may result in sanctions under the University’s disciplinary processes. Penalties may include withdrawal of services and/or fines. Offending material will be taken down.

Information about infringement may be passed to appropriate law enforcement agencies, and any other organisations whose regulations you have breached.

Any actual or suspected breaches of this policy must be reported to the Service Desk or the Director of Digital and Technical Services. 

This policy should be read and understood in the context of other Buckinghamshire New University Policies which together form the Information Security framework. Key documents include:

• Applicable Laws and Regulations
• Data Protection Policy
• Freedom of Information Policy
• Information Security Policy