GENERAL CONDITIONS OF USE OF COMPUTING AND NETWORK FACILITIES
This policy is concerned with the general conditions of user of Dimensions IT computing and network facilities.
___
Policy Author: James Shepherd, IT Operations Manager (Information Technology)
Policy Owner: Mark Verrier, Head of Information Technology
This policy is to be adhered to by all employees who have access to the corporate IT system or corporate equipment supplied by Dimensions.
The purpose of this policy is to ensure that all employees with IT system access or equipment understand its terms of provision and usage.
___
In relation to this policy it may be helpful to refer to these other policies issued by Dimensions:
This policy replaces IT-POL-A1-POL-G (IT Policy)
2. General Conditions Relating to Use of Systems.
4. Licence Registration and Prevention of Piracy.
5. Security of Computer Information.
7. Use of Social Media (Blogs, Wikis, Forums, Personal Email, Etc.)
8. Consent To Intercept and Disclose Data.
10. Other Matters.
11. Centrally-Provided Computing Facilities.
12. Equipment
1.1. The General Conditions of Use of Computing and Network Facilities (the Conditions of Use) provides the basis for communicating the acceptable use of Dimensions IT services. The provisions of the Conditions of Use must be observed by all Dimensions staff, and constitute part of the Conditions of Employment for all Staff.
1.2. The Conditions of Use apply to all staff and third parties such as collaborating organisation, external contractors, agency workers, and other contributors, having access to Dimensions information resources, computing and/or network facilities.
1.3. Unless otherwise stated, the Conditions of Use apply to all computer users and to all computer equipment within or operated by Dimensions and its contractual associates.
1.4. In these Conditions of Use, 'computer', 'computer system' and 'network' mean those that fall into one or more of the following categories:
1.4.1. The property of Dimensions or leased/rented to it
1.4.2. On loan to Dimensions from third parties
1.4.3. The property of parties to Dimensions contracts located within Dimensions, or attached to Dimensions computers, computer systems or networks
1.4.4. Used within Dimensions network, irrespective of ownership
1.4.5. Used to gain access to Dimensions computing and network facilities or systems, irrespective of ownership, and 'computing and/or network resources' includes any such property
1.4.6. Section 11 defines Conditions of Use particularly relevant to centrally-provided computing and information facilities
1.5. The Dimensions Network includes all communication equipment that transmits information electronically.
2.1. Every person who connects to and uses computing and/or network resources owned or controlled by Dimensions shall abide by these Conditions of Use, the Information Security Policy and associated Codes of Practice and Standards.
2.2. The provisions in any local 'conditions of use' that may be drawn up shall not override the provisions within the General Conditions of Use of Computing and Network Facilities and must be approved by the Head of IT.
2.3. Dimensions computing and/or network resources are provided for Dimensions purposes only.
2.4. All users must act so as to cause as little inconvenience or nuisance to other users as possible and must co-operate with other users to ensure equitable use of shared resources
3.1. All Dimensions staff must comply with the requirements of the Data Protection Act 1998 ("the Act"). The Act enunciates eight principles relating to the collection, storage, processing, and disclosure of personal data:
3.1.1. Data shall be obtained and processed fairly and lawfully
3.1.2. Data shall only be held for specified and lawful purposes
3.1.3. Data shall not be used or disclosed except in accordance with the Act
3.1.4. Data shall be adequate, relevant and not excessive for those purposes
3.1.5. Data shall be accurate and up-to-date
3.1.6. Data shall not be kept any longer than necessary
3.1.7. An individual has the right, at reasonable intervals and without undue delay or expense, to know what personal data may be held about him/her, to access those data, and (where appropriate) to have those data corrected or erased
3.1.8. Security measures shall be taken to prevent unauthorised access to data and to prevent accidental loss or damage
3.2. It is a criminal offence to disclose another individual's personal data, unless the disclosure is with consent or is allowable by one of the specified limited circumstances described in the Act.
3.3. Every person considering the collection, storage or use of personal data must consult Dimensions Data Protection Officer before such collection, storage or use, and must follow the registration procedure adopted by Dimensions. This applies irrespective of the ownership of the computer on which the data will be stored.
3.4. All members of Dimensions must comply with Dimensions' Information Security Policy that is available in the document library of the portal in the IT section of the Policies area.
4.1. All licences concerning hardware and software must be registered with the Dimensions IT Department and, where appropriate, signed by an authorised signatory within the organisation.
4.2. Where software has been electronically downloaded the user must read and comply with the licensing conditions for that software, and the act of downloading indicates acceptance of the licensing conditions pertinent to that software. Before downloading the software the user must ensure that the licensing conditions have been read and do not conflict with Dimensions policy or interests.
4.3. Where software is required by Dimensions' staff, any legal queries must be referred to the IT Service Desk prior to downloading.
4.4. Registration and signature will occur at Cost Centre or Dimensions IT Department level depending on the nature of the licence.
4.5. All persons who are licensed to use software or who control access to any computing and/or network resources must take reasonable care to prevent the illicit copying and use of software and documentation.
4.6. No person shall introduce any software or other material requiring a licence for which a valid licence is not in place.
4.7. Dimensions reserves the right for access to be granted to IT Services staff without notice to enable them to check for compliance against an inventory of licensed software and hardware. Any unlicensed software or hardware or illicit copies of documentation will be removed by such IT Services staff and reported to the IT Operations Manager, who may initiate disciplinary proceedings.
5.1. All staff responsible for computer equipment of any kind must take precautions to ensure that the physical environment it is operated in is secure in order to prevent illegal access to equipment and/or theft. The level of physical security must be appropriate to the type and location of the equipment.
5.2. In all instances where sensitive information of any kind is held, irrespective of whether or not Data Protection legislation applies, every effort must be taken to ensure that appropriate security measures are in place. If the required level of security measures is not clear then advice must be sought from the IT Operations Manager.
5.3. All information must be stored to guard against the consequences of media or mechanical failure. By default all Dimensions information should therefore be stored in a network storage area (shared area) and not on the computer desktop or local hard disk.
5.4. All computer procedures and data are subject to review by the Dimensions IT Services team without notice. In particular, the IT Services team are responsible for periodically reviewing adherence to Information Security Policy and assessing the appropriateness of security measures at a local level.
5.5. Further guidance on security of information and what constitutes reasonable measures appropriate to various types of computer equipment can be found in the Information Security Policy and associated Codes of Practice and Standards.
6.1. The internet is a huge resource full of useful information for our daily working lives, however, it also includes a wide variety of materials that are inappropriate for any work environment and in some cases be illegal. This section of the Conditions of Use applies equally to all individuals granted access to the internet in the course of conducting Dimensions' business, associated research and other work-related purposes and for any personal use.
6.2. The following activities are prohibited as such use may make both the user and Dimensions liable under law:
6.2.1. Downloading, installing and using unauthorised and unlicensed software on Dimensions computers.
6.2.2. Downloading and storing or displaying (other than authorised and lawful work or research) any obscene or indecent images, data or material or any data capable of being resolved into obscene or indecent images or materials.
6.2.3. Downloading or storing or displaying any (other than authorised and lawful work or research) any defamatory, sexist, racist, offensive or otherwise unlawful images, data or other material.
6.2.4. Creating, downloading, transmitting or displaying material which is designed or intended to annoy, harass, bully, inconvenience or cause needless anxiety to others.
6.2.5. Using Dimensions internet access to conduct private or freelance work for the purpose of commercial gain.
6.2.6. Creating, downloading or transmitting data or material which is designed for the purpose of corrupting or destroying other users data, computer installation or network.
6.2.7. Access to the internet by means other than an individual user's personal log-in.
6.2.8. Downloading, installing and using any software or routines for entertainment purposes such as but not limited to streaming video, audio or gaming.
6.3. Access to the internet is given for Trust business and healthcare related use; Dimensions will however allow the use of the internet for personal use, but only where this does not interfere with the normal work duties of the individual user or the work of others. It must be noted that there is no absolute right for staff to use the internet for private use.
6.4. It is expected that such use will be made out-of-hours times and in designated breaks such as lunch time. Personal internet use must adhere to this policy.
6.5. Dimensions will not be held liable for any financial or material loss to an individual user in accessing the internet for personal use.
7.1. Social media offer exciting and innovative ways for Dimensions to expand and elevate its presence and to publicise, enhance and promote the positive activities of Dimensions, its staff and the people we support.
7.2. It also provides a medium through which to promote healthy debate about controversial subjects or areas of research. Dimensions wholly support and encourage the use of these media for such purposes by its staff and the people we support subject to the rules outlined in this section and the Code of Conduct.
7.3. This section applies to all forms of social media and, for the avoidance of doubt, includes email. For the purposes of this policy, social media is defined as personally-provided material which is made available through web-based and other means over public and private networks. This would include, but is not limited to, collaborative projects, wikis, blogs, microblogs, content communities, social networking, virtual worlds, personal email, and any other media sharing similar characteristics.
7.4. This section applies to the use (''use'' or ''using'', for the purpose of this policy, means providing, posting, uploading, inputting, sending, submitting, commenting or using) of social media when the content (including links) refers to or is related to Dimensions and its activities or Dimensions' staff or people we support or their activities, whether indirectly or directly.
7.5. It applies whether a person is using this form of media for Dimensions' purposes or other purposes, whether:
7.5.1. A person is acting independently or as part of a group
7.5.2. A person is acting on behalf of themselves or on behalf of a group or organisation
7.5.3. It is internal or external to Dimensions
7.5.4. Or not use is authorised or instructed by Dimensions or its staff
7.6. To ensure social media are not misused the following rules apply:
7.6.1. The author of the particular form of external social media, for example a blog, is solely responsible for its content including the monitoring and checking of comments made on it by others.
7.6.2. Unless specifically stated, all views and opinions expressed by Dimensions staff (within social media) are the individual's own, and do not reflect any official position of Dimensions. The author must make it clear that they speak on their own behalf. Dimensions will not be responsible for or hold any ownership over the content.
7.6.3. Dimensions may make an exception to this rule in specific circumstances from time to time by giving written authority to a member of staff to use this form of media for Dimensions' purposes. The Head of Marketing or nominee will give written authority in accordance with this paragraph.
7.6.4. Social media content must not refer to or include material or information that:
7.6.4.1. Is in conflict with, or jeopardises, the interests of Dimensions, is in any way inconsistent with the individual's contractual duties to Dimensions or is in pursuance of unauthorised commercial activities
7.6.4.2. May damage the reputation of Dimensions or any of its staff
7.6.4.3. Unfairly criticises, communicates grievance, complaint or discontent, with Dimensions or any of its staff or people we support
7.6.4.4. Publicly attacks an individual or organisation, whether or not that individual is a member of Dimensions staff or a person we support
7.6.4.5. May cause annoyance, anxiety, offence, upset or harm to another individual or which may constitute bullying or harassment as defined in Dimensions' Bullying and Harassment at Work Policy
7.6.4.6. May be defamatory, pornographic, obscene, indecent, offensive, threatening, injurious or objectionable
7.6.4.7. Discriminates or is in breach of the Equality and Diversity Policy
7.6.4.8. Is confidential to Dimensions or the people we support
7.6.4.9. Constitutes personal data regarding the people we support or Dimensions staff and/or the publication of which would constitute a breach of the Information Security Policy
7.6.4.10. Invades an individual's privacy or seeks to impersonate another individual, organisation or entity, whether real or fictitious
7.6.4.11. The use of which constitutes a misappropriation or infringement of intellectual property rights
7.6.4.12. Endorses or promotes any product, opinion, or cause, or represents personal opinions as endorsed by Dimensions, any of its staff and people we support without express written authority from the Head of Marketing or nominee
7.6.4.13. May constitute or incite criminal activity
7.6.4.14. Nothing in this paragraph 7.6.4 is intended to have the effect of limiting freedom of expression
7.7. Use of internal social media, including the Suggestions Board in the DTMS Portal, is subject to the same rules of acceptable use apply as per section 7.6 of these Conditions of Use and the guidelines provided on the Suggestion Board page.
7.8. The use of social media in courses or teaching is covered by the following conditions:
7.8.1. Social media provides a useful and creative tool through which to promote and facilitate learning. Any person who uses social media as an educational medium must provide people we support with clear instructions regarding how they are to use and contribute to it as part of their learning experience, including the application of this Condition of Use.
7.9. In normal circumstances, Dimensions does not screen, moderate, approve, review or endorse the particular content of social media except where express written authority is given and Dimensions expressly identify a written exception.
7.10. Any complaints or concerns about content on these forms of media may be directed to the IT Services Team via email at it.helpdesk@dimensions-uk.org.
7.11. Dimensions will respond to claims pertaining to material that is in breach of this policy by immediately removing any content from general access, but will retain it for progressing any disciplinary or criminal procedures that may be necessary. If the material is on a system to which Dimensions does not have the necessary access to remove the content, the author or information owner will be required to remove it. Failure to remove the material may constitute a disciplinary offence.
7.12. The material may be reposted once the claim is evaluated if not found to be in breach of these Conditions of Use or general law at the time of the report.
8.1. All users of Dimensions computer and network services consent to the examination, monitoring or interception of data, communications or contents of computers by Dimensions for lawful purposes whenever deemed necessary, together with the authority to pass such data to third parties, either as required by law or to fulfil Dimensions' contractual obligations.
8.2. This work is normally carried out by the IT Services Team, on behalf of Dimensions, in order to meet operational and security needs of Dimensions and related investigatory activities. The lawful purposes may include:
8.2.1. Compliance with legal obligation
8.2.2. Prevention or detection of crime
8.2.3. Prevention or detection of misconduct
8.2.4. Investigation of alleged misconduct
8.2.5. Determining if communications are relevant to Dimensions where an employee is absent, for whatever reason
8.2.6. Establishing whether the use of the email system or the Internet is legitimate and in accordance with the Information Security policy and its associated Codes of Practice and Standards
8.2.7. Ensuring the effective operation of email and Internet facilities
9.1. Breach of the Conditions of Use is a disciplinary offence that may result in the suspension of access to Dimensions computing and/or network facilities, further disciplinary proceedings, or criminal proceedings. The following constitute disciplinary offences:
9.1.1. Incitement to conduct leading to a breach of any provision of these Conditions of Use shall itself constitute a disciplinary offence
9.1.2. Failure to comply with relevant local or international legislation while using or accessing Dimensions computing or networking facilities
9.1.3. Failure to comply with the conditions of Section 11 (Centrally-Provided Computing Facilities)
9.2. HACKING AND VIRUSES
9.2.1. Any person who wilfully and knowingly gains unauthorised access to a computer system or attempts to disable a computer system commits a disciplinary offence.
9.2.2. Any person who wilfully, knowingly and without authorisation introduces or attempts to introduce malware or other harmful or nuisance program or file, or to modify or destroy data, programs or supporting documentation residing on, or existing internal or external to a computer, computer system or network commits a disciplinary offence.
9.2.3. Any person who wilfully, knowingly and without authorisation denies access or attempts to deny access or otherwise interferes with the legitimate operation of computers or computer systems, or uses any Dimensions computer, computer system or network to carry out such actions against an external computer system, commits a disciplinary offence.
9.3. INFRINGEMENT OF SOFTWARE LICENCES AND COPYRIGHT
9.3.1. Any person who wilfully, knowingly and without authorisation uses a computer, computer system or network to access, disclose, publish, take or copy programs data or supporting documentation or any other material or attempts to do so in infringement of intellectual property rights, licence conditions, contractual rights, copyright or confidentiality, wherever the act occurs, commits a disciplinary offence.
9.3.2. Where Dimensions is rendered liable for any damages from such infringement, Dimensions reserves the right to recover such damages from the person infringing the intellectual property rights, the licence conditions, the contractual rights, copyright or confidentiality.
9.4. OFFENSIVE, INDECENT AND DEFAMATORY MATERIAL AND MESSAGES
9.4.1. Any person who knowingly and without authorisation uses a computer, computer system or network to access or carry out any of the following activities commits a disciplinary offence (unless they are carried out under the provisions stated in Section 9.5, Exceptional Circumstances):
9.4.1.1. The creation, storage or transmission of any offensive, obscene or indecent images, data or other material
9.4.1.2. The creation, storage or transmission of material which is designed to or is likely to cause annoyance, inconvenience, distress or needless anxiety
9.4.1.3. The creation, storage or transmission of defamatory material
9.5. Activities described in the preceding paragraph may be allowable if performed in ''Exceptional Circumstances'' by:
9.5.1. Staff specifically designated by the Head of IT to investigate security and other incidents, when their activities are in connection with those incidents
9.5.2. Staff in the course of recognised research and development, provided such research has been made known in advance to the Head of IT or nominee
9.5.3. People we support in the course of their supervised research provided such research has been approved in advance by the Head of IT or nominee
9.6. NETWORK MANAGEMENT AND NETWORK SECURITY
9.6.1. Any unauthorised person who attempts to monitor traffic on the Dimensions Network or any person who attempts to connect an unauthorised device with the intention of monitoring traffic (i.e. eavesdropping) commits a disciplinary offence.
9.6.2. Any person who knowingly enters a restricted area without authorisation commits a disciplinary offence. For the purposes of this condition, restricted area includes all ducting and other containments or conduits carrying network equipment or cables. Authorisation for access to restricted areas must be submitted in writing to the IT Helpdesk.
9.7. WILFUL DAMAGE
9.7.1. Any person who negligently or by any wilful or deliberate act jeopardises the physical integrity of any computing and/or network resource, computer equipment, associated environmental conditioning equipment or physical network and power connections or associated accommodation commits a disciplinary offence.
9.8. UNSOLICITED BULK EMAIL
9.8.1. Any person who sends unsolicited bulk email commits a disciplinary offence, unless it is for official Dimensions purposes, or being sent to a mailing list, which has been set up with the consent of the list members and the email is consistent with the purpose of the mailing list. Care must be taken to ensure compliance with The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011, the Data Protection Act 1998, and other such legislation, as may be enacted from time to time.
9.9. HARASSMENT
9.9.1. Anyone who uses Dimensions computing and/or network resources in order to carry out or facilitate racial, sexual or any other form of harassment commits a disciplinary offence.
9.10. ACCESS TO DATA
9.10.1. Anyone who wilfully and knowingly acts to impede a security, disciplinary or operational investigation commits a disciplinary offence. This includes the removal or destruction of relevant data or hardware and/or withholding passwords and encryption keys.
9.11. IMPERSONATION
9.11.1. Anyone who wilfully, knowingly and without authorisation makes use Dimensions computing and/or network resources in order to impersonate another individual, company or entity, whether real or fictitious, commits a disciplinary offence.
9.12. DISCIPLINARY OFFENCES COMMITTED EXTERNAL TO DIMENSIONS
9.12.1. Any person who wilfully, knowingly and without authorisation uses any Dimensions computing and/or network resources originating in Dimensions or connecting to any Dimensions computing and/or network resources to commit any of the actions listed above on a computing and/or network resources external to Dimensions commits a disciplinary offence.
9.12.2. Dimensions reserves the right to refer any such matter to relevant legal or policing bodies if the actions taken could be considered a criminal offence
9.13. FURTHER ACTION
9.13.1. In addition to any other disciplinary penalties applying to staff Dimensions reserves the right to:
9.13.1.1. Deny all further access to relevant computer, computer systems and computer networks indefinitely or for a defined period of time.
9.13.1.2. Recover all reasonable costs howsoever incurred in investigating and subsequent restitution of Dimensions computing and/or network resources resulting from any actions listed above.
9.13.1.3. Refer any possible criminal action to relevant law enforcement agencies or authorities.
10.1. DIMENSIONS LIABILITY
10.1.1. The attention of all staff is drawn to the fact that Dimensions will not accept liability for claims made by third parties arising out of the application and use of data, information or results obtained from Dimensions computing facilities.
10.1.2. Dimensions accept no responsibility for the loss of any such data or software or the failure of any security or privacy mechanism.
10.1.3. Liability will only be accepted by the Dimensions for provision to third parties of computing and network resources where a contract to this effect has been negotiated and signed by the Registrar and Secretary.
10.2. ADDITIONAL INFORMATION
10.2.1. The Dimensions Data Protection Officer is the Finance Director.
11.1. This Section applies to any 'computer', 'computer system', 'network', or 'service' under the central management or control of Dimensions through the IT Services Team. All users of such equipment or services are required to abide by the provisions of this Section, and all services covered by this Section are covered by the terms of this document as a whole.
11.2. REGISTRATION AND USE
11.2.1. All use of computing and/or network facilities shall be made on the understanding that the use is for Dimensions' purposes, and every registration of a user and subsequent allocation of computing and/or network resources shall be made on the understanding that use is solely for the registered user who is allocated the resource.
11.2.2. This Conditions of Use prohibits a person from allowing a third party to make use of computing or network facilities in an unauthorised manner.
11.2.3. Where Dimensions has specifically agreed that the use of computing and/or network resources without payment, the level of resources to be provided must be agreed beforehand with the Head of IT or nominee.
11.2.4. Where Dimensions has specifically agreed that the use of computing and/or network resources will involve payment the rate of payment will be as published in the IT Service Catalogue that contains equipment recharge and ongoing support charges.
11.2.5. Any other registered use may be the subject of a charge, to be agreed upon prior to initial use, the requesting cost centre being personally liable to reimburse such charge. Failure to reimburse by the date specified will lead to the suspension of access for that use, until reimbursement is made.
11.2.6. Inappropriate use (made by or authorised by staff or people we support) of computing and/or network resources may constitute a disciplinary offence and may render the user or authoriser liable inter alia for reimbursement of charges incurred. This includes any activity which wastes significant IT Service Team resources, including time of computer support staff and charges from third parties.
11.2.7. Where registered users are allocated a computer identifier (such as a user ID, password or other form of credentials), they must make all reasonable endeavours to ensure that its confidentiality and integrity are maintained. Registered users must report any suspected breach of such security to the IT Services Team immediately.
12.1. No computer equipment or associated facilities shall be removed from their location without authorisation that must be obtained in advance from the IT Services Team. Users are responsible for, and must take reasonable care of, any equipment loaned to them and may be required to pay the value of any equipment damaged or not returned.
12.2. Users must not interfere with the use by others of computing and/or network resources. In the event of suspected misuse of facilities by a user, the IT Operations Manager may temporarily suspend use of or access to computing and/or network resources, pending further investigation.
13.1. The above conditions may be supplemented from time to time by conditions relating to specific equipment made available to Dimensions staff or people we support by special arrangement.