Acceptable Use Policy (AUP)

The aim of this policy is to ensure that Loughborough University’s IT facilities are used: safely, lawfully and equitably.

The University seeks to promote and facilitate the proper and extensive use of Information Technology in the interests of learning, teaching and research, including business and community engagement partnerships. Whilst the tradition of academic freedom will be fully respected, this also requires responsible and legal use of the technologies and facilities made available to students, staff and partners of the University.

This Acceptable Use Policy is intended to provide a framework for such use of Loughborough University's I.T. resources. It applies to all computing, telecommunication, and networking facilities provided at the University. It should be interpreted such that it has the widest application, in particular references to I.T. Services should, where appropriate, be taken to include departmental or other system managers responsible for the provision of an I.T. Service. This policy should be interpreted so as to encompass new and developing technologies and uses, which may not be explicitly referred to.

This Acceptable Use Policy is taken to include the JANET Acceptable Use Policy and the JANET Security Policy published by JANET (UK), the Combined Higher Education Software Team (CHEST) User Obligations, together with its associated Copyright Acknowledgement, and the Chest Data Processing Agreement. Users of commercial broadband services provided, or facilitated by, the University must abide by any specific policies associated with those services. Members of the University and all other users of the University's facilities are bound by the provisions of these policies in addition to this Acceptable Use Policy. They are also bound by such other policies as are published via the University on the IT Services policies website. It is the responsibility of all users of Loughborough University's I.T. services to read and understand this policy.

Scope

This policy applies to anyone using University IT facilities (hardware, software, data, network access, telephony, services provided by licensed third parties, online cloud services or using University IT credentials) including students, staff, tenants and third-party individuals who have been given access for specific purposes. The term University IT facilities refer to all IT facilities; whether they are provided, or arranged, by IT Services, or by Schools, or by other Professional Services. It is the responsibility of all users of the University’s IT facilities to read, understand and comply with this policy and any additional policies related to their activities, including other relevant information security policies.

This policy is issued under the authority of the Information Technology and Governance Committee. Responsibility for their interpretation and enforcement is delegated to IT Services and University IT Professionals.

You must comply with any reasonable written or verbal instructions issued by people with delegated authority in support of this policy. If you feel that any such instructions are unreasonable or are not in support of this policy, you may appeal to the Director of IT Services.

Acceptable Use

University IT resources are provided primarily for academic and operational purposes to support learning and teaching, research, enterprise and the other work of the University. Facilities are also provided to students to enhance their wider experience at Loughborough University.

Whilst the principles of academic freedom will be fully respected, facilities must only be used responsibly, in accordance with the law and not to bring the University into disrepute.

University IT facilities may be accessed via University owned devices or via personally owned devices but this policy is applicable, regardless of the ownership of the device used. Personally owned devices whether owned by students or staff must be maintained with up to date anti-virus software (where appropriate), system patches and kept secure in accordance with the Mobile Working Policy (link). Devices provided to staff by the University for their personal use must also be kept secure in a similar manner.

Use of the facilities for personal activities is permitted, provided that it does not infringe the law or University policies, does not interfere with others’ valid use and, for staff, is not done inappropriately during their working hours. However, this is a privilege that may be withdrawn by the Director of IT Services, at any point, if such use is not in accordance with this policy.

Using University owned or managed services for commercial work for outside bodies, that is being undertaken on a personal basis, solely for personal gain and not through University channels, requires explicit permission from the Director of IT Services.

University e-mail addresses and associated systems, must be used for all official University business, in order to facilitate auditability and institutional record keeping. All staff and students of the University must regularly read their University e-mail.

You are bound by Loughborough University’s Charter, Statutes, Ordinances and Regulations when using the IT facilities and in particular Regulation XV: Use of University IT Facilities - http://www.lboro.ac.uk/governance/

When using the University’s IT facilities, you remain subject to all relevant laws and policies, and, when accessing services from another legal jurisdiction, you must abide by all relevant local laws, as well as those applicable to the location of the service. Following the requirements of this policy, and other University policies and procedures applicable to your activities, should normally ensure that you comply with the law. However, if you have any concerns about whether planned actions might be regarded as unlawful please contact the abuse@lboro.ac.uk email alias for further advice.

You must abide by the policies and terms & conditions applicable to any other organisation whose services you access. When using Loughborough University IT services from another institution via eduroam (i.e. whilst in attendance at a conference at another university), you are subject to both Loughborough University’s requirements and those of the institution where you are accessing services.

Users must adhere to any licence conditions when using software procured by the University. If you use any software or resources covered by a Chest agreement, you are deemed to have accepted the Chest User Acknowledgement of Third Party Rights.

Further details of what constitutes acceptable and unacceptable use is provided in the subsequent sections of this policy.

Governance Contact IT Services

Keeping Your IT Credentials Secure

You must take all reasonable precautions to safeguard your username, password and any other IT credentials issued to you. Advice is available on the choice of passwords . You must not allow anyone else to use your IT credentials. No-one has the authority to ask you for your password, and you must not disclose it to anyone, including the IT Service Desk.

You must not attempt to obtain or use anyone else’s credentials, and you will be held responsible for all activities undertaken using your IT credentials, including access through the Hallnet Service. You should only use the access to University systems provided to you under the Management of User Access Policy for the purpose which that access was granted.

You must not impersonate someone else or otherwise disguise your identity when using the IT facilities.

Password Guidance

Safeguarding of Information

You must make yourself aware of the University’s Information Categories and Controls Policy and take all reasonable steps to safeguard any information you have access to in accordance with the law (Data Protection Act) and the University’s information security policies for staff and students.

You must not infringe copyright, or break the terms of licences for software or other material.

You should ensure you are aware of the appropriate procedures for handling any Confidential or Highly Confidential University information to which you have access. Sharing of this information should only be undertaken in accordance with the University’s Information Sharing policy. You must not attempt to access, delete, modify or disclose information belonging to other people without their permission, or explicit approval from the Director of IT (or nominee) or Director of HR (or nominee).

You must not create, download, store or transmit unlawful material, or material that is indecent, offensive, threatening or discriminatory. In the event that there is a genuine academic need to carry out an activity which might be interpreted as being in breach of the law (e.g. the deliberate viewing or accessing of sites or media which are specifically designed to promote terrorism or which are directly linked to a proscribed terrorist organisation;), the University must be made aware of your plans in advance and prior permission to access must be obtained from the Chief Operating Officer.

Behaviour

The conduct of staff and students when using the University’s IT facilities should always be in line with the institution’s values, including the use of online and social networking platforms. When using University IT facilities you must not:

  • Cause needless offence, concern or annoyance to others including posting of inappropriate comments about students or members of staff (genuine scholarly criticism and debate is acceptable)
  • Use the IT facilities in a way that interferes with others’ valid use of them
  • Undertake any illegal activity including the downloading and storing of: copyright information, except under a relevant licence, or with permission from the copyright owner
  • View, store or print pornographic images or video
  • The retention or propagation of sites or media which are specifically designed to promote terrorism or which are directly linked to a proscribed terrorist organisation, except in the course of recognised research or teaching that is permitted under UK and international law
  • Send spam (unsolicited bulk email), forge addresses, or use University mailing lists other than for legitimate purposes related to University activities
  • Deliberately or recklessly consume excessive IT resources such as processing power, bandwidth, storage or consumables
  • Undertake any activity which jeopardises the security, integrity, performance or reliability of electronic devices, computer equipment, software, data and other stored information. This includes undertaking any unauthorised penetration testing or vulnerability scanning or the monitoring or interception of network traffic, without permission
  • Deliberately or recklessly introduce malware or viruses
  • Attempt to disrupt or circumvent IT security measures such as connecting to third party VPN services or the installation and utilisation of any application that interferes with University Multi-factor Authentication (MFA) solution
  • Unless otherwise approved by the Director of IT Services, where remote access needs to be gained to a device connected to the University network the only approved method which may be used is the University's VPN platform. The use of any other remote access tools (including Teamviewer or LogMeIn), method or system in order to gain access to a device on the University's network is expressly forbidden

Monitoring

Loughborough University records and monitors the use of its IT facilities, under the Regulation of Investigatory Powers Act (2000) for the purposes of:

  • The effective and efficient planning and operation of the IT facilities
  • Investigation, detection and prevention of infringement of the law, this policy or other University policies
  • Investigation of alleged misconduct by staff or students

Loughborough University will comply with lawful requests for information from government and law enforcement agencies.

You must not attempt to monitor the use of the IT facilities without explicit authority to do so.

Access to workspaces, email, and/or individual IT usage information will not normally be given to another member of staff unless authorised by the Director of IT, or nominee, who will use their discretion, normally in consultation with the Director of Human Resources or other senior officer of the University. Where possible and appropriate, the Dean, Head of Professional Service, OPS Manager, or more senior line manager, will be informed, and consulted, prior to action being taken.

Where there is a requirement to access the account of another member of staff, the Dean, Head of Professional Service or OPS Manager should contact the IT Service desk with the circumstances.

If the request for access is related to a HR investigation, this should be managed wholly through the HR advisor who will work with IT if approved by the Director of Human Resources or their nominee.

Implementation and Enforcement of this Policy

This policy is issued under the authority of the Information Technology and Governance Committee. Responsibility for its interpretation and enforcement is delegated to IT Services, IT Professionals and the Academic Registry by the Chief Operating Officer.

You must comply with any reasonable written or verbal instructions issued by people with delegated authority in support of the implementation of this policy. If you feel that any such instructions are unreasonable or are not in support of this policy, you may make a complaint under the relevant staff or student procedures.

If you believe this policy has been infringed, you should report the matter to abuse@lboro.ac.uk, overseen by IT Services, at the earliest opportunity. Follow up action will be considered carefully. Genuinely accidental infringement will be treated with understanding but any deliberate or wilfully negligent infringement of this policy is likely to result in disciplinary action being taken under the relevant University Ordinance http://www.lboro.ac.uk/governance/ordinances. Penalties may include withdrawal of services and/or fines. Offending material will be taken down.

Information about deliberate infringement or illegal activities may be passed to appropriate law enforcement agencies, and any other organisations whose requirements you may have breached.

Loughborough University reserves the right to recover from you any costs incurred as a result of your infringement.

University Ordinance Contact IT Services

Further Information

This IT Acceptable Use Policy is underpinned by the University’s Information Governance policy and Information Security Sub-Policies which are available at

Details of relevant third party agreements and obligations can be found below:

The user must comply with all relevant legislation and legal precedent, including the provisions of the following specifically related Acts of Parliament, or any re-enactment thereof:

Acts and legislation

More detailed information around the acts and legislation: