UNIVERSITY of GLASGOW

IT Services

Regulations and code of conduct for the use of information technology facilities in the University of Glasgow

Introduction

These Regulations apply to the use of all computer software, digital information, data networks and computer systems used for University purposes by any Staff, Students, Visitors or others granted access. This includes use of any computer system or digital information accessed over the campus data network or remotely via the Joint Academic Network (JANET) or otherwise.

  • The Rules in Part 1 apply to any member of the University making use of IT Facilities described above.
  • The Rules in Part 2 apply to members of the University in relation to software copyright and the 'Code of Conduct for the use of Software' described therein.
  • The Rules in Part 3 apply to any member of the University in relation to the use of data and application of the 'Data Protection Principles' described therein.
  • The Rules in Part 4 relate to the use of computer systems by members of the University. It is the responsibility of Users to become familiar with the Rules that apply to the particular IT Facilities and systems they utilise for University purposes.
  • The Rules in Part 5 relate specifically to the use of computer systems run by the Computing Service.

Any Staff, Students, Visitors or others granted access to Information Technology facilities who breach these Regulations may be dealt with by the appropriate Disciplinary Procedures in force within the University of Glasgow. A breach of these Regulations may constitute a criminal offence.

Definitions
"Appropriate Authority"
an individual or a group of individuals under whose control a System is placed;
"System" or "IT Facility"
a system or facility which is within the scope of these Regulations as described above;
"User"
any person or persons granted authority to use a System or Systems whether such authority is granted to them individually or by reason of their being a member or part of a group which is authorised to use a System. Authority will only be granted to a person or group where that person or group agrees to be bound by these Regulations.
"User ID"
a form of unique identifier which is given to a User by the Appropriate Authority which, together with a personal password of the User, is used to identify and authenticate the User when accessing a System.
Acceptable Use of IT Facilities

This section, which is available separately, is an integral part of the regulations, but is intended to convey the ethos of the full regulations in an informal style.

  • Before any use is made of computing or networking facilities in the University you must register as a user. If you are a student or a member of staff of the University you are required to adhere to the University's policies and procedures. If your status is properly recorded in the relevant administrative databases you can register as a computer user by a standard process. If you are not a student or a member of staff, as part of the registration process you will sign a form which states that you have read the Regulations and Code of Conduct for the Use of IT Facilities and agree to be bound by them. These are a formal statement of the rules that apply to the use of the facilities. Copies of these regulations are posted on notice boards and are published in the University Calendar. This document is an informal guide to what constitutes acceptable behaviour when using the university's computing facilities and which will help guarantee conformance with these regulations.
  • When you register you will be given a userid and a password. This userid is your personal identification and along with your password serves to authenticate you to the system and to grant access to the facilities you are authorised to use. You must keep your password secure and secret. You should not allow any other individual to access the computer facilities by way of your userid nor should you use or attempt to use the facilities through someone else's userid. You should not do anything that attempts to find out another users userid/password combination. All of these activities are technically offences under the Computer Misuse Act. In general, your use of the computing facilities should not interfere with or cause difficulties for other users. Any attempt to gain access to information or facilities owned by another user and to which you have not been granted authorisation is prohibited.
  • As a user you will have access to electronic mail facilities. These are provided to improve communications among staff and students for matters relating to their roles within the University and for career development. Personal use is permitted so long as it is demonstrably reasonable and judicious. It should be noted that sending electronic mail to a bulletin board or even to a list of recipients constitutes publishing the contents and the Guidelines for Electronic Publishing should be followed.
  • As a user you will also have access to the vast quantities of information that is available on the internet, particularly via the World Wide Web. Again these facilities are provided to enable access to information relevant to your work within the University and for career development. Personal use is again permitted so long as it is demonstrably reasonable and judicious. Specifically this should not involve access to material of a nature which might bring discredit to you or the University, e.g. material of a pornographic, criminal or offensive nature. If you need to access information as part of your particular university work which might be questionable, you should clear this use in advance with your Head of Department and the Director of the Computing Services should be notified.
  • There are many ways that as a user you will be able to make information available to other users, both other users of the University's network or externally to users of the internet. In particular, many of you will be able to publish material on the World Wide Web. The Guidelines for Electronic Publishing should be followed, and nothing should be published in this way which could be considered to be discreditable. Again, if publication of questionable material is essential as part of your academic work, this should be cleared with your Head of Department and the Computing Services Department.
  • The University operates on the basis of trust. However, if there are reasonable grounds for suspecting that an individual is engaging in activities which are in breach of the regulations or of the various guidelines, the University reserves the right to investigate fully. In the event that misuse is suspected the University will take appropriate action to investigate the matter which may include direct monitoring of the use made by the user. Such monitoring will require the permission of the Secretary of the University Court or his/her nominee. If misuse is established, disciplinary action will be taken, referring the matter to the police in the event of contravention of legislation.
  • As a feature of your use of the computing facilities you will gain access to a large amount of software and other computer based information. Virtually all of this material is subject to copyright. Copies of this material may not be made without the approval of the copyright owner; software in particular may not be copied for use on other machines nor may it be passed on to other people or even other users within the University unless explicit permission to do so has been obtained.
Part 1: General Rules

1. Users must ensure that their use of IT Facilities complies with all applicable laws. These include the following:

  • Data Protection Acts 1984 and 1998
  • Telecommunications Act 1984
  • Computer Copyright Software Amendment Act 1985
  • Copyright, Designs and Patents Act 1988
  • Computer Misuse Act 1990
  • Criminal Justice and Public Order Act 1994

2. Members of the University using computing equipment owned, leased or operated by the University or connecting their own equipment to the University Network must comply with the regulations set down by any Appropriate Authority within the University. Users must ensure that network connections are not utilised for unauthorised access to Systems. Users seeking further information about network usage should consult the Director of the Computing Service. Rules that apply to centrally operated equipment are delineated in Part 5. Where other special rules may apply, the advice of the Director of the Computing Service, or other Appropriate Authority should be sought before any commitments are made. These special rules will cover payments due to the University for the use of its equipment and will protect the University from any claims for damages etc. which may arise from such use.

3. The University will not accept unreserved responsibility for any loss of software or data which as not been entered into a system backed up regularly by the University, nor for any inconvenience caused to users of IT Facilities by such loss or by any breakdown of computing equipment.

4. IT Facilities may not be used in a way which improperly interferes with other Users' legitimate use of the facilities. Users may not by any wilful or deliberate act endanger the integrity of the equipment, its system programs or any other stored information. 'Hacking' and other unauthorised use of computing equipment, whether situated on University premises or elsewhere, is explicitly forbidden.

5. Any commercial exploitation of programs developed using University IT Facilities must be carried out according to regulations issued by the University from time to time. Information on these regulations can be obtained from the Director of Research and Enterprise.

Part 2. Rules for Use of Software

6. Users must ensure that all the requirements of the agreements or contracts under which licensed software is made available by the University (including Public Domain or 'Shareware' conditions of use) are maintained and must comply with any published usage restrictions. They must also comply with the Code of Practice for the Use of Software, given below.

Code of Practice for the Use of Software
  1. Software will be used for educational purposes only, unless explicit arrangements have been made for other purposes. A definition of 'Educational Use' is provided below.
  2. The University will maintain a central record of software available for use in the Institution together with details of licensing arrangements. (Records of centrally licensed software are maintained by the Computing Service. Departments are responsible for maintaining lists of currently held software and for establishing the legality of all their holdings.)
  3. All users of software are expected to make themselves aware of the conditions under which it may be used before starting to use a particular product.
  4. The University will organise arrangements for back-up, copying and distribution of software and documentation subject to the conditions of the licence. (This activity is supported by the Computing Service.)
  5. In the event of termination of the licence, users will be notified and should endeavour to remove all active copies of the software and take steps to ensure that archive copies are not used.
Definition of 'Educational Use'

The Educational Use of a Software Product is use by any person authorised under the terms of the Licensee for the purposes of the normal business of an Educational Establishment. Such use of the Software Product includes the following:

  1. Teaching.
  2. Research.
  3. Personal educational development.
  4. Administration and management of courses and the educational policy of the Educational Institution.
  5. Development work associated with any of the above.

The following are excluded:

  1. Consultancy or services where the Software Product is commercially exploited.
  2. Work of significant benefit to the employer of students on industrial placement or part-time courses.
Part 3. Rules Concerning the Use of Data

7. Members of Staff processing personal data are responsible for ensuring that this is carried out in accordance with the Data Protection Acts (1984 & 1998) and with the Data Protection Principles (see below). Any holdings of personal data must be registered internally with the University's Data Protection Officer. The control of students using such data is the responsibility of the member of staff supervising them. The Secretary of Court shall have the power to withdraw access to IT Facilities from any person deemed to be in breach of the requirements of the Act, and to require the modification or deletion of personal data in order to ensure compliance with the Act. Copies of Guidelines on the Act are available from the Data Protection Officer. It is the user's responsibility to comply with these guidelines; in particular the Senate Regulations concerning the disclosure of examination marks must be observed. Users must treat as privileged any information not provided or generated by themselves which may become available to them through their use of IT Facilities; no part of such information may be copied, modified, disseminated or used without the permission of the appropriate person or body.

8. Users of personal data should take appropriate security measures against unauthorised access to, or alteration, disclosure or destruction of, that data and against its accidental loss or destruction.

The Data Protection Principles
  1. Personal data shall be processed fairly and lawfully and not processed unless certain conditions are met and in the case of "sensitive" personal data further conditions are met. [processing includes collection]
  2. Personal data shall be obtained for one or more specified and lawful purposes and must not be processed in any manner that is incompatible with that purpose or purposes.
  3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
  4. Personal data shall be accurate and, where necessary, kept up to date.
  5. Personal data held for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
  6. Personal data shall be processed in accordance with the rights of data subjects under the 1998 Act.
    [An individual shall be entitled at reasonable intervals and without undue delay or expense:
    • to be informed by any data user whether he holds personal data of which that individual is the subject; and
    • to access to any such data held by a data user;
    and where appropriate:
    • to have such data corrected or, in some cases, destroyed. ]
  7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
  8. Personal data shall not be transferred to a country outside the European Economic Area, unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
Part 4. Rules for the Use of All IT Facilities

9. Each System will be under the control of an Appropriate Authority.

10. The Appropriate Authority of a System has the power to set out the conditions of use of that System by a User and to modify these from time to time.

11. The conditions of use will include the Appropriate Authority issuing a User ID to a user and will require the User to adopt a personal password for the purposes of identifying and authenticating the User when accessing a System.

12. Any authority granted to a User to use a System is limited to the User to whom authority has been granted, in particular:

  1. authority given to a User may not be extended or transferred to any other person or persons;
  2. the User may not allow any other person (whether a User or otherwise) to access a System by way of his/her personal User ID and personal password. A User is required to keep and maintain as secret his/her personal password;
  3. a User must not use or access a System for any illegal or unauthorised purpose;
  4. a User must not store or to make publicly accessible any data, text, image or programme which is unlawful or, whether lawful or not, is discreditable to the University or does not accord with the aims or objectives of the University.

Access to a system without appropriate authority constitutes, at least, a technical offence under the Computer Misuse Act.

13. The Director of the Computing Service shall have the power to remove from the University data network, any System which is interfering with the operation of the network or which is being used for purposes which contravene these regulations.

Part 5. Rules for the Use of Computing Service IT Facilities

14. No person or persons may use the facilities of the Computing Service without due authorisation given, where required, by the Computing Service on behalf of the University. Computing Service facilities may be utilised by members of the University in accordance with the appropriate arrangements for access and booking.

15. Permission to access computer systems and data networks is given on the understanding that the facilities are used only for approved purposes and only by the person or persons by whom or on whose behalf the request or booking was made. Use must not be made of computing resources allocated to another person or group of persons unless such use has been specifically authorised by the Computing Service.

16. Any user of confidential information is responsible for the confidentiality of this information. The Service cannot give any warranty or undertaking about the security or confidentiality of data or other material submitted to or processed by the Computing Service or otherwise deposited or left in the Computing Service areas, except for data and other material covered by the Data Protection Act and notified to the Computing Service under the provisions of Rule 3.

17. Although the Computing Service will take all possible care to prevent the corruption of information, it cannot guarantee the integrity of information stored on its equipment. Users should make particular arrangements to protect their information from the effects of computer viruses. It is the responsibility of the User to maintain adequate backup copies of valuable information.

18. In the event of an apparent breach of these rules by a User, the Director of the Computing Service has the authority summarily to withdraw the facilities allowed to the User.

19. Use of Computers by Students.

19.1 Permission is granted to students to access computer systems to carry out only bona fide University work and other approved purposes. Where a specific allocation of computer resources has been made, a student is not entitled to authorise any other person to use his/her facilities, nor to use facilities provided for anyone else, save with the permission of a Member of Staff having overall responsibility for the work. If a student has been given access to group facilities, use of them must be strictly limited to the purpose for which access to them was authorised. Students must observe local rules that apply in the case of particular microcomputer clusters.

19.2 Bona fide University work is that authorised and supervised by a responsible Member of Staff. Work carried out in fulfilment of course requirements meets this condition; other work is permitted only subject to its being authorised by and supervised by a Member of Staff.

19.3 Where a student violates the Regulations and Code of Conduct set out above, minor infringements shall be dealt with by the Director of the Computing Service or his/her nominee. The Director of the Computing Service may report major breaches of the Regulations and Code of Conduct to the Clerk of Senate/Assistant Clerk of Senate for action under the Code of Discipline where there was prima facie evidence of intention to breach the Regulations and Code of Conduct, and where sanctions beyond those set out in the Code dealing with minor infringements might be invoked.