Regulation Governing the use of University Computing Facilities
Computing Facilities means:
(a) any computer or device capable of storing data in electronic form owned, operated or loaned by the University whether connected to the University’s information network/s or not; and/or
(b) any computer or device capable of storing data in electronic form owned or operated by someone other than the University when connecting to the University’s information networks or used to gain access to the University’s information network; and/or
(c) any computer or device capable of storing data in electronic form owned or operated by someone other than the University when used for University Business; and/or
(d) any software or information provided or created for University Business; and/or
(e) any Cloud or hosted or similar service through which University information is stored and/or services are provided for the University to enable Users to undertake University Business, including without limitation, accessing an on- line learning platform, accessing “Software as a Service’, using their University email account, and/or their University social media accounts; and/or
(f) accessing any electronic resource (such as a database, e-book, e-journal or other e-resource material) made available through the University’s Library or other departments of the University to enable Users to undertake University Business.
University means the University of Warwick and any of its associated companies.
University Business means any activity conducted either in the course of employment or as part of or related to a University course or other University activity that is not purely personal.
Users means all people authorised to use the Computing Facilities for any purpose, including but not limited to students, staff, visitors to the University and members of partner organisations.
Extremism, for the purposes of this regulation, is as defined by the statutory Guidance for specified authorities in England and Wales on the duty in the Counter-Terrorism and Security Act 2015 as amended or replaced from time to time.
2.1 This Regulation is one of a number of regulations, policies, codes and guidelines which form part of the University’s Information Security framework. This Regulation is intended to protect the Computing Facilities against unauthorised access, misuse and harm and promote effective and secure communication when using the Computing Facilities and to ensure the University fulfils its statutory and legal obligations.
2.2 The University of Warwick has a statutory duty to comply with all legislative requirements in force from time to time. These include, but are not limited to, the Equality Act 2010, the Data Protection Act 1998, the Counter Terrorism and Security Act 2015, the Human Rights Act 2000. References to such legislation includes references to the legislation as amended or as replaced from time to time.
2.3 All Users of the Computing Facilities are required to abide by this Regulation and should report any suspected, attempted or actual breaches of this Regulation to the Registrar or his/her nominee as soon as reasonably practicable via emailing informationsecurity at warwick dot ac dot uk.
2.4 Any attempted or actual breach of this Regulation and any other related policies in Clause 9 may lead to the suspension or withdrawal of a user’s authorisation and may constitute an offence under the University disciplinary procedures.
2.5 Any breach of this Regulation by a student may be dealt with under our disciplinary procedures, including as a major disciplinary offence under the University Reg. 23 Disciplinary Regulations. Please see these Regulations at www.warwick.ac.uk/gov/calendar/section2/regulations/disciplinary/.
2.6 Any suspected criminal offence committed through the use of University Computing Facilities will be referred to the relevant authorities, including, but not limited to, the police.
2.7 This Regulation forms part of the terms and conditions of appointment of members of staff. Breaches by staff may be dealt with under the disciplinary procedures contained in those terms and conditions.
2.8 The University may also take any appropriate legal or other action against any User.
2.9 Departments who provide locally managed University Computing Facilities may issue appropriate policies, procedures and guidance specific to the use of these local Facilities. These should support and not contravene this Regulation or any other part of the University Information Security Framework.
IMPLEMENTATION OF THE REGULATION
3.1 University managers and Heads of Departments will ensure that they and all Users in their designated area abide by this Regulation and understand the standards of behaviour expected of them. University managers and Heads of Departments will notify the Registrar or his/her nominee as soon as possible if they consider there may have been a breach of this Regulation via emailing informationsecurity at warwick dot ac dot uk.
4.1 All Users are responsible for the security of the Computing Facilities and any University data contained on them and will not act in any way to harm the Computing Facilities. Users should ensure they log off or lock any Computing Facilities when they are not being used.
4.2 Users must guard against the loss or theft of portable Computing Facilities and will let the Registrar or his/her nominee know immediately if any Computing Facilities are lost or stolen via emailing informationsecurity at warwick dot ac dot uk.
4.3 Users will abide by the Code of Practice for the Use of Computer Work Areas issued from time to time by the Director of IT Services when they use Computing Facilities in IT Services provided work areas. Please see this Code at http://www2.warwick.ac.uk/services/its/servicessupport/workareas/codeofconduct/.
4.4 Where Users of the Computing Facilities are issued with a University username and password, they will not share their University password with another person, or use their University password as login credentials for any non-University account.
4.5 All Users using their own devices to access Computing Facilities must use a password or PIN to secure access to ‘reserved’ or’ restricted’* data kept or accessed on such devices to ensure that this data is protected in the event of loss or theft.
*Please refer to University information classifications at www.warwick.ac.uk/gov/informationsecurity
4.6 Users will let the Registrar or his/her nominee know immediately if their password has been compromised via emailing informationsecurity at warwick dot ac dot uk. Users may be responsible for use under their own name and password prior to such notification.
4.7 Users shall not attempt to gain access to any part of the Computing Facilities, or data stored thereon, without proper authorisation.
4.8 Users will not knowingly introduce any viruses or other harmful programs or similar computer code designed to adversely affect the operation of any computer software or hardware onto the Computing Facilities and will notify the Registrar or his/her nominee via emailing informationsecurity at warwick dot ac dot uk if they are concerned this may have occurred.
4.9 Users should not delete, destroy or modify existing University systems, information or data contained on the Computing Facilities without due authorisation.
INAPPROPRIATE USE OF COMPUTING FACILITIES
5.1 Users shall not use the Computing Facilities or any e-mail or Internet services used on the Computing Facilities:
5.1.1 Subject to clause 5.1.2 to view, create, transmit or store material which could be considered, offensive, obscene, indecent, abusive, harassing, derogatory or defamatory, material related to proscribed organisations or material which is at risk of drawing people into terrorism and/or poses a risk of inducing people into making the transition from extremism to terrorism and/or adversely affect the reputation of the University.; or
5.1.2 Any individual wishing to view, create, transmit or store security sensitive material for valid, programme-related research purposes, including that which falls under the descriptors in 5.1.1 above, must at all times abide by the University’s Research Code of Practice: www.warwick.ac.uk/services/ris/research_integrity/code_of_practice_and_policies/research_code_of_practice. Where such a question might arise, in the case of academic or research activity, or any other matter, prior permission should be sought in writing from the Registrar or his/her nominee; or
5.1.3 For any unlawful or fraudulent act, including infringing the copyright of another person; or
5.1.4 To send unsolicited or unauthorised advertising, promotional or any other similar material, save where that material is embedded within, or is otherwise part of, a service to which the user or the University has chosen to subscribe.
5.2 Use of electronic resources must be in accordance with the terms and conditions of licence agreements.
PERSONAL USE OF COMPUTING FACILITIES OWNED OR OPERATED BY UNIVERSITY
6.1 Incidental, reasonable personal use of all Computing Facilities owned or operated by the University is permitted provided the use is minimal, does not interfere with University commitments, does not put the University in disrepute and does not contravene our Internet Service Provider’s policy on acceptable use.
7.1 This Regulation is subject to and must be read in accordance with the University’s Statement on Regulation of Investigatory Powers Act 2000. Please see this Statement at: www.warwick.ac.uk/gov/informationsecurity/ .
7.2 Under the Regulation of Investigatory Powers Act 2000, the University may monitor or intercept any information contained or services used on the Computing Facilities or information networks, including e-mails, files and access logs in particular circumstances. For example, the University would be able to investigate if a breach of this Regulation is suspected.
7.3 Users should not store, send or use private or confidential information on the Computing Facilities that they do not want the University to see. The University cannot be held responsible for the deletion or removal of such information in the course of routine software or hardware maintenance or service improvement.
7.4 This Regulation on the privacy and the interception of electronic communications is intended to achieve a balance between the rights of individuals and the need to protect users and the University from the consequences of misuse, illegal activity or activity in breach of this Regulation.
8.1 The University may levy charges for any use of the Computer Facilities as appropriate.
8.2 Users shall declare all use of the Computing Facilities for private commercial purposes in accordance with Financial Procedures 10 governing Private Work and other Appointments and/or 13 covering the exploitation of Intellectual Property (http://www2.warwick.ac.uk/services/finance/resources/regulations/) and in connection with research projects where outside funds for computing costs are available.
COMPLIANCE WITH RELATED POLICIES AND AGREEMENTS
9.1 All Users shall comply with all other relevant regulations, policies, codes and procedures in relation to the Computing Facilities, including but not limited to:
9.1.1 The University’s Information Security framework and other documentation issued from time to time by the Director of IT Services and the Deputy Registrar. Please see these at www.warwick.ac.uk/gov/informationsecurity/.
9.1.2 The Janet policy on acceptable use when using Computing Facilities to create, store or disseminate information or to access external computer networks or other computer based communication systems. Please see this Policy at: https://community.jisc.ac.uk/library/acceptable-use-policy. The University’s Internet Service Provider is Janet.
9.1.3 The University’s Code of Conduct for the Use of Software when using software made available by the University. Please see this Code at: http://www2.warwick.ac.uk/services/its/about/policies/software/.
9.1.4 The Electronic-Resources Conditions of Use and additional guidance issued from time to time and/or provided for specific resources. Please see:
- webcat.warwick.ac.uk/search (restrictions indicated on the detailed database record).