Acceptable Use Policy (AUP)

This policy applies to anyone using University IT facilities (hardware, software, data, network access, telephony, services provided by licensed third parties, online cloud services or using University IT credentials) including students, staff, tenants and third-party individuals who have been given access for specific purposes. The term University IT facilities refer to all IT facilities; whether they are provided, or arranged, by IT Services, or by Schools, or by other Professional Services. It is the responsibility of all users of the University’s IT facilities to read, understand and comply with this policy and any additional policies related to their activities, including other relevant information security policies.

This policy is issued under the authority of the Information Technology and Governance Committee. Responsibility for their interpretation and enforcement is delegated to IT Services and University IT Professionals.

You must comply with any reasonable written or verbal instructions issued by people with delegated authority in support of this policy. If you feel that any such instructions are unreasonable or are not in support of this policy, you may appeal to the Director of IT Services.

University IT resources are provided primarily for academic and operational purposes to support learning and teaching, research, enterprise and the other work of the University. Facilities are also provided to students to enhance their wider experience at Loughborough University.

Whilst the principles of academic freedom will be fully respected, facilities must only be used responsibly, in accordance with the law and not to bring the University into disrepute.

University IT facilities may be accessed via University owned devices or via personally owned devices but this policy is applicable, regardless of the ownership of the device used. Personally owned devices whether owned by students or staff must be maintained with up to date anti-virus software (where appropriate), system patches and kept secure in accordance with the Mobile Working Policy (link). Devices provided to staff by the University for their personal use must also be kept secure in a similar manner.

Use of the facilities for personal activities is permitted, provided that it does not infringe the law or University policies, does not interfere with others’ valid use and, for staff, is not done inappropriately during their working hours. However, this is a privilege that may be withdrawn by the Director of IT Services, at any point, if such use is not in accordance with this policy.

Using University owned or managed services for commercial work for outside bodies, that is being undertaken on a personal basis, solely for personal gain and not through University channels, requires explicit permission from the Director of IT Services.

University e-mail addresses and associated systems, must be used for all official University business, in order to facilitate auditability and institutional record keeping. All staff and students of the University must regularly read their University e-mail.

You are bound by Loughborough University’s Charter, Statutes, Ordinances and Regulations when using the IT facilities and in particular Regulation XV: Use of University IT Facilities - http://www.lboro.ac.uk/governance/

When using the University’s IT facilities, you remain subject to all relevant laws and policies, and, when accessing services from another legal jurisdiction, you must abide by all relevant local laws, as well as those applicable to the location of the service. Following the requirements of this policy, and other University policies and procedures applicable to your activities, should normally ensure that you comply with the law. However, if you have any concerns about whether planned actions might be regarded as unlawful please contact the abuse@lboro.ac.uk email alias for further advice.

You must abide by the policies and terms & conditions applicable to any other organisation whose services you access. When using Loughborough University IT services from another institution via eduroam (i.e. whilst in attendance at a conference at another university), you are subject to both Loughborough University’s requirements and those of the institution where you are accessing services.

Users must adhere to any licence conditions when using software procured by the University. If you use any software or resources covered by a Chest agreement, you are deemed to have accepted the Chest User Acknowledgement of Third Party Rights.

Further details of what constitutes acceptable and unacceptable use is provided in the subsequent sections of this policy.

You must take all reasonable precautions to safeguard your username, password and any other IT credentials issued to you. Advice is available on the choice of passwords . You must not allow anyone else to use your IT credentials. No-one has the authority to ask you for your password, and you must not disclose it to anyone, including the IT Service Desk.

You must not attempt to obtain or use anyone else’s credentials, and you will be held responsible for all activities undertaken using your IT credentials, including access through the Hallnet Service. You should only use the access to University systems provided to you under the Management of User Access Policy for the purpose which that access was granted.

You must not impersonate someone else or otherwise disguise your identity when using the IT facilities.

You must make yourself aware of the University’s Information Categories and Controls Policy and take all reasonable steps to safeguard any information you have access to in accordance with the law (Data Protection Act) and the University’s information security policies for staff and students.

You must not infringe copyright, or break the terms of licences for software or other material.

You should ensure you are aware of the appropriate procedures for handling any Confidential or Highly Confidential University information to which you have access. Sharing of this information should only be undertaken in accordance with the University’s Information Sharing policy. You must not attempt to access, delete, modify or disclose information belonging to other people without their permission, or explicit approval from the Director of IT (or nominee) or Director of HR (or nominee).

You must not create, download, store or transmit unlawful material, or material that is indecent, offensive, threatening or discriminatory. In the event that there is a genuine academic need to carry out an activity which might be interpreted as being in breach of the law (e.g. the deliberate viewing or accessing of sites or media which are specifically designed to promote terrorism or which are directly linked to a proscribed terrorist organisation;), the University must be made aware of your plans in advance and prior permission to access must be obtained from the Chief Operating Officer.

The conduct of staff and students when using the University’s IT facilities should always be in line with the institution’s values, including the use of online and social networking platforms. When using University IT facilities you must not:

• Cause needless offence, concern or annoyance to others including posting of inappropriate comments about students or members of staff (genuine scholarly criticism and debate is acceptable)
• Use the IT facilities in a way that interferes with others’ valid use of them
• Undertake any illegal activity including the downloading and storing of: copyright information, except under a relevant licence, or with permission from the copyright owner
• View, store or print pornographic images or video
• The retention or propagation of sites or media which are specifically designed to promote terrorism or which are directly linked to a proscribed terrorist organisation, except in the course of recognised research or teaching that is permitted under UK and international law
• Send spam (unsolicited bulk email), forge addresses, or use University mailing lists other than for legitimate purposes related to University activities
• Deliberately or recklessly consume excessive IT resources such as processing power, bandwidth, storage or consumables
• Undertake any activity which jeopardises the security, integrity, performance or reliability of electronic devices, computer equipment, software, data and other stored information. This includes undertaking any unauthorised penetration testing or vulnerability scanning or the monitoring or interception of network traffic, without permission
• Deliberately or recklessly introduce malware or viruses
• Attempt to disrupt or circumvent IT security measures such as connecting to third party VPN services or the installation and utilisation of any application that interferes with University Multi-factor Authentication (MFA) solution
• Unless otherwise approved by the Director of IT Services, where remote access needs to be gained to a device connected to the University network the only approved method which may be used is the University's VPN platform. The use of any other remote access tools (including Teamviewer or LogMeIn), method or system in order to gain access to a device on the University's network is expressly forbidden

Loughborough University records and monitors the use of its IT facilities, under the Regulation of Investigatory Powers Act (2000) for the purposes of:

• The effective and efficient planning and operation of the IT facilities
• Investigation, detection and prevention of infringement of the law, this policy or other University policies
• Investigation of alleged misconduct by staff or students

Loughborough University will comply with lawful requests for information from government and law enforcement agencies.

You must not attempt to monitor the use of the IT facilities without explicit authority to do so.

Access to workspaces, email, and/or individual IT usage information will not normally be given to another member of staff unless authorised by the Director of IT, or nominee, who will use their discretion, normally in consultation with the Director of Human Resources or other senior officer of the University. Where possible and appropriate, the Dean, Head of Professional Service, OPS Manager, or more senior line manager, will be informed, and consulted, prior to action being taken.

Where there is a requirement to access the account of another member of staff, the Dean, Head of Professional Service or OPS Manager should contact the IT Service desk with the circumstances.

If the request for access is related to a HR investigation, this should be managed wholly through the HR advisor who will work with IT if approved by the Director of Human Resources or their nominee.

This policy is issued under the authority of the Information Technology and Governance Committee. Responsibility for its interpretation and enforcement is delegated to IT Services, IT Professionals and the Academic Registry by the Chief Operating Officer.

You must comply with any reasonable written or verbal instructions issued by people with delegated authority in support of the implementation of this policy. If you feel that any such instructions are unreasonable or are not in support of this policy, you may make a complaint under the relevant staff or student procedures.

If you believe this policy has been infringed, you should report the matter to abuse@lboro.ac.uk, overseen by IT Services, at the earliest opportunity. Follow up action will be considered carefully. Genuinely accidental infringement will be treated with understanding but any deliberate or wilfully negligent infringement of this policy is likely to result in disciplinary action being taken under the relevant University Ordinance http://www.lboro.ac.uk/governance/ordinances. Penalties may include withdrawal of services and/or fines. Offending material will be taken down.

Information about deliberate infringement or illegal activities may be passed to appropriate law enforcement agencies, and any other organisations whose requirements you may have breached.

Loughborough University reserves the right to recover from you any costs incurred as a result of your infringement.

This IT Acceptable Use Policy is underpinned by the University’s Information Governance policy and Information Security Sub-Policies which are available at

Details of relevant third party agreements and obligations can be found below:

• Jisc and Janet Acceptable Use Policy - https://community.jisc.ac.uk/library/acceptable-use-policy

• Chest User Acknowledgement of Third Party Rights - https://www.chest.ac.uk/user-obligations/

The user must comply with all relevant legislation and legal precedent, including the provisions of the following specifically related Acts of Parliament, or any re-enactment thereof: