IT Acceptable Use Policy (AUP)
Lasted updated February 2020.
Aim
The aim of this policy is to help ensure that the University of Essex's IT facilities can be used safely, lawfully and equitably.
Explanatory notes
The issues covered by this policy are complex and you are strongly urged to read the accompanying
explanatory notes (pdf). This gives more detailed information that we hope you will find useful.
Policy
1. Scope
This policy applies to anyone using the IT facilities (hardware, software, data, network access, third party services, online services or IT credentials) provided or arranged
by the University of Essex.
2. Governance
When using IT, you remain subject to the same laws and regulations as in the physical world.
It is expected that your conduct is lawful. Furthermore, ignorance of the law is not considered to be an adequate defence for unlawful conduct.
When accessing services from another jurisdiction, you must abide by all relevant local laws, as well as those applicable to the location of the service.
You are bound by the University of Essex's ordinances and regulations when using the IT facilities. You are expected to abide by all relevant University policies, including the University's Information Security Policy.
You must abide by the regulations
applicable to any other organisation
whose services you access such as
Janet, Eduserv and Jisc Collections.
When using services via the eduroam
roaming service, you are subject
to both the regulations and guidelines
of the University of Essex and the
institution where you are accessing
services.
Some licences for software and
other IT based resources arranged
by the University of Essex will
set out obligations for the user
– these should be adhered to. If
you use any software or resources
covered by a Chest agreement, you
are deemed to have accepted the
Eduserv User Acknowledgement of
Third Party Rights.
Breach of any applicable law
or third party regulation will be
regarded as a breach of this Acceptable
Use Policy.
Under the Counter Terrorism and
Security Act 2015 the University
has a statutory duty to have due
regard to the need to prevent people
from being drawn into terrorism.
IT resources and facilities must
not be used in such a way that would
breach this or any other terrorism
related legislation. Those with
concerns about themselves or others,
related to extremism, are encouraged
to report those concerns.
3. Authority
This policy is issued under the
authority of the Director of Innovation and Technology Solutions who is also responsible
for their interpretation and enforcement,
and who may also delegate such authority
to other people.
4. Intended Use
The IT facilities and resources
are provided for use in furtherance
of the mission of the University
of Essex. Use of these facilities
for reasonable personal activities
(provided that it does not infringe
this policy, and does not interfere
with others' valid use) is permitted,
but this is a privilege that may
be withdrawn at any point.
Use of certain licences is only
permitted for academic use and where
applicable to the user obligations
set out in the Eduserv Chest User
acknowledgement of third party rights
or the Jisc Model Licence Agreements.
If you wish to use a license for
purposes outside this, you are responsible
for checking.
5. Identity
You must take all reasonable
precautions to safeguard any IT
credentials (for example a username
and password, email address, smart
card or other identity hardware)
issued to you. You must not allow
anyone else to use your IT credentials.
No-one has the authority to ask
you for your password, and you must
not disclose it to anyone.
- You must not
attempt to obtain
or use anyone else's
credentials.
- You must not
impersonate someone
else or otherwise
disguise your identity
when using the IT
facilities.
6. Infrastructure
You must not do anything to jeopardise
the integrity of the IT infrastructure
by, for example, doing any of the
following without approval:
- damaging, reconfiguring
or moving equipment
- loading software
on the University
of Essex's equipment
other than in approved
circumstances
- reconfiguring
or connecting equipment
to the network other
than by approved
methods
- setting up servers
or services on the
network
- deliberately
or recklessly introducing
malware
- attempting to
disrupt or circumvent
IT security measures
If you handle personal, confidential
or sensitive information, you must
take all reasonable steps to safeguard
it and must observe the University
of Essex
Data Protection policy and guidance
and the Information Security Policy,
particularly with regard to removable
or portable media, mobile and privately
owned devices.
- You must not
infringe copyright,
or break the terms
of licences for
software or other
material.
- You must not
attempt to access,
delete, modify or
disclose information
belonging to other
people without permission.
You must not create, download,
store or transmit unlawful material,
or material that is indecent, offensive,
threatening, discriminatory, or
extremist material that risks drawing
people into terrorism. If there
are valid academic reasons for doing
so explicit permission must be sought
from the Director of Innovation and Technology Solutions,
and where appropriate ethical approval
obtained.
8. Behaviour
Real world standards of behaviour
apply online and on social networking
platforms, such as Facebook, Blogger
and Twitter.
- You must not
use IT to send,
circulate, or make
available any message
that is grossly
offensive, or that
is indecent, obscene
or of a menacing
nature.
- You should also
adhere to the University
of Essex's guidelines
on social media.
- You must not
send spam (unsolicited
bulk email).
- You must not
deliberately or
recklessly consume
excessive IT resources
such as processing
power, bandwidth
or consumables.
- You must not
use the IT facilities
in a way that interferes
with others' valid
use of them.
9. Monitoring
The University of Essex monitors
and records the use of its IT facilities
for the purposes of:
- the effective
and efficient planning
and operation of
the IT facilities
- detection and
prevention of infringement
of this policy
- investigation
of alleged misconduct
The University of Essex will
comply with lawful requests for
information from government and
law enforcement agencies.
You must not attempt to monitor
the use of the IT facilities without
explicit authority from the Director
of Innovation and Technology Solutions.
10. Concern about
use
If you are concerned about your
own or others' use of IT facilities
you may contact the
IT Helpdesk
or Student Support Service for advice.
Any approach will be treated sympathetically.
11. Infringement
Infringing this policy may result
in the University's disciplinary
processes being followed under which
there are sanctions for students
and staff.
Information about infringement
may be passed to appropriate law
enforcement agencies, and any other
organisations whose regulations
you have breached.
You must inform the
IT Helpdesk
if you become aware of any infringement
of these regulations.