IT Acceptable Use Policy

IT Equipment and Systems Provided
Staff members are provided with access to appropriate IT equipment and systems, including:

• Computer hardware such as Desktop, Laptop or BOYD;
• the Internet;
• Outlook email and electronic communications;
• ECA / MST Intranet, SharePoint;
• Microsoft 365 and all the applications under license;
• specific software appropriate for your role;
• printing and scanning options;
• College databases.

Acceptable Use of IT Resources

All individuals who access and use College IT equipment are required to:

• keeping your own login and password private ensuring that the password is not easily identified. Passwords must not be printed and affixed to a user’s computer;
• select long and strong passwords that are not easily guessed;
• Do not share those passwords with other individuals;
• A password management tool is strongly recommended;
• appropriately archiving documents where appropriate;
• logging off or turning off your own PC or laptop when you cease using the network for an extended period of time;
• Lock your device when it is not in your line of sight
• Do not allow anyone other than a staff member to use your laptop or PC with the permission of the IT Manager;
• no software is to be installed on to a networked laptop or PC without the permission of the IT Team;
• all maintenance or enhancements are to be made to a networked laptop or PC by the IT Team;
• mandatory installation of the College Endpoint Security Software and kept up to date;
• Limited use of College IT equipment for personal use. Personal use should be incidental and not interfere with the staff members’ job responsibilities.

In regard to electronic communication such as email, the College will reasonably protect the privacy of members of staff and their communication but it should be understood that the organisation retains ownership of the content of any messages and data sent from, received by, or stored in or upon the organisation’s computer and may be scrutinised at any time. Communication systems are the sole property of the College regardless of the form and/or content of these messages and data.

Unacceptable Use

Below is a list of unacceptable uses which will not be tolerated. The list is not exhaustive and members of staff and volunteers are accountable for inappropriate or illegal activity, as well as any breaches of security or confidentiality relating to their use of IT Equipment or systems:

• viewing or distributing sexually explicit, pornographic, racist, sexist, or material disparaging race, origin, sex, sexual orientation, age, disability, religion or political beliefs;
• viewing or sending messages intended to harass, intimidate, threaten, embarrass, humiliate or degrade any persons or that contain defamatory references;
• access, distribute, store or display illegal, pirated or offensive material;
• conducting illegal activity;
• engaging in on-line gambling;
• using electronic communications resources for commercial uses not intended to benefit the College;
• downloading or distributing pirated software or data, entertainment software, music or games;
• propagating viruses, worms, Trojan horse, ransomware, trap door program codes or the like;
• copying, destroying, deleting, distorting, removing, concealing, modifying or encrypting messages or files or other data on any computer, network or other communications system without the permission of an authorised person;
• communicating in the name of the College or contacting the media via a chat room or other electronic communication means without the College’s authorisation and releasing protected information via a newsgroup or chat room;
• attempting to access or accessing another member of staff's computer, computer account, e-mail or voice mail messages, files or other data without their consent or the consent of an authorised person (COO or IT Manager);
• using resources for personal use that interferes with business operation, business productivity or distracts members of staff from their responsibilities;
• accessing and propagating private and confidential information on the College’s data particularly relating to personal information.
• Users must not violate copyright laws, software license agreements, SaaS license agreements, or streaming service license agreements.

Staff members are obligated to report any suspected or actual breaches to the IT Manager or the Chief Operations Officer.  

Policy Breach Consequences

Any College staff member identified as breaching the IT Acceptable Use Policy or committing unlawful behaviour may be subject to disciplinary action, and / or criminal prosecution (see Termination of Employment policy).
Corrective disciplinary action will depend on the severity of the situation and may include, but is not limited to one or more of the following as deemed appropriate by the College:

• counselling – which may be in conjunction with another disciplinary action – see following
• transfer, reassignment of responsibilities or leave of absence
• verbal reprimand, written warning, probation, reclassification, suspension or termination.

 Related Documents
This policy applies in conjunction with the following policies:

• Code of Conduct
• Corrective Action & Discipline Procedure
• Cyber Security Policy
• Data Breach Policy
• Privacy Policy
• Social Media Policy
• Termination of Employment Policy