Organisation Us Banner

IT Acceptable Use Policy

Scroll

1. Introduction

BIG International College aims to encourage and support the effective use of Information Technology to deliver learning and teaching to the highest standards. Achieving this also depends on the lawful, responsible, and appropriate use of the technologies and facilities provided to students, staff, and partners of the College.

The purpose of this IT Acceptable Use Policy is to define how IT resources may be used, including computer hardware and software, network services, internet access, email, and other electronic communication tools. It covers the use of IT facilities to access external systems, as well as the use of personal devices used for College business to access information through IT systems.

The policy applies to members of the College community and all other users of its facilities, including staff, students, visitors and contractors.

2 Acceptable Use

  • All users of the College's IT resources must comply with all applicable laws, regulations, and policies, including the Data Protection Act 2018 and General Data Protection Regulation (GDPR).
  • Access to the internet is strictly limited to persons granted access by an authorising Officer of BIGIC (INSERT ROLES).
  • Use of College IT facilities for personal activities is permitted, provided that it does not infringe the law or any College policies, does not interfere with the valid use of these facilities by other members of our community, and for staff, is not done inappropriately during their working hours.
  • All users of the College's IT resources are responsible for maintaining the security of these resources by using strong passwords, regularly updating software, and reporting any suspicious activity to the IT department.
  • The College has a statutory duty (the Prevent Duty), under Section 26(1) of the Counter Terrorism and Security Act 2015, to act to stop members of its community from being drawn into terrorism. In order to comply with this duty, the College reserves the right to monitor or block access to material that might incite extremism, radicalisation or violence.
  • Users must comply with any request made to them by College staff in connection with the enforcement of this policy.

2.2 Unacceptable Use

2.2.1 The following constitute unacceptable use of BIGIC’s IT systems and facilities:

  • Accessing, creating, downloading, sharing or transmitting illegal, indecent, offensive or obscene materials (e.g. pornographic/extremist/terrorist-related materials)
  • Downloading or accessing materials that infringe personal liberties or promote extreme political views or radicalisation
  • Creating websites (including webpages, vlog and blog posts) that are obscene, defamatory, infringe copyright, infringe personal liberties or promote extremist political views, terrorism or radicalisation
  • Accessing websites which support academic misconduct (i.e. ‘essay mills’ or ‘academic cheat sites)

3. Procedures

  • The College’s computer system is managed and monitored. In case of any computer problem during office hours, staff and students should advise the Facilities Manager
  • Staff have access to shared files through the network with documents being stored on a cloud-based system. No documents should be kept on a computer’s hard drive, for instance on the desktop, as such documents will not be backed up in case of system loss.
  • Heads of Department are responsible for ensuring that their departmental files are suitably accessible to authorised personnel, and that in the event of a staff member leaving this does not pose any limitations for the department that may affect the business of the institution.
  • Requests for new user accounts must be made through the Facilities Manager Any changes to current user accounts must be authorised by the Facilities Manager.
  • Passwords must be kept private and not disclosed to any other person.
  • Limited personal use of the Internet for sending or receiving personal e-mail is acceptable as long as it does not interfere with your work and providing you exercise good judgment. Please see the Social Media Policy for additional guidelines on the use of social media.
  • The College uses a comprehensive software programme to monitor email attachments for viruses. However, this is not a 100% effective method and viruses can still be transmitted. Therefore, care should be exercised, and email attachments should only be opened if the recipient is known, or the email is expected.
  • Phishing emails may be received from unscrupulous companies. These are emails apparently from established companies requesting College information, such as bank details. The companies the College deals with will never ask for this information by email and these emails should always be considered a hoax and deleted without replying.
  • Electronic communications may be permanent, disclosable, legally binding, and subject to laws on libel, copyright, and lawful interception.
  • Computer Misue Act 1990. The following activities are offences under the Computer Misuse Act 1990:
    • Password Offences and Hacking - A person is guilty of an offence if they cause a computer to perform any function with the intent of securing access to any programme or data, knowing that the intended access is unauthorised.
    • Computer modifications – A person is guilty of an offence if they perform modifications such as adding or deleting data, knowing that they are not authorised to do so.
    • Viruses – A person is guilty of an offence if they introduce a virus, even if they do not know where or what the effect will be.
    • Data Protection – A person is guilty of an offence if they fail to exercise appropriate security measures to protect data covered by the Data Protection Act.

4. Breaches of the Policy

4.1 Misuse of computers is a serious disciplinary offence and may constitute gross/serious misconduct. This is not an exhaustive list, but the following are some examples of misuse:

  • Fraud and theft
  • System sabotage
  • Introduction of viruses and time bombs
  • Using unauthorised software
  • Obtaining unauthorised access
  • Using the system inappropriately for non-business use
  • Sending flame mail or mail that is harassing by nature.
  • Hacking
  • Breach of company security procedures
  • Taking part in electronic chain letters
  • Accessing pornography
  • Engaging in on-line gambling
  • Downloading or distributing copyrighted information without authorisation.
  • Posting confidential information about BIGIC College, its community, or its customers or suppliers

4.2 Student breaches

4.2.1 Students alleged or suspected to have committed a potential breach of this policy will normally be referred into the procedures under the Student Disciplinary Policy (non-academic) to determine whether or not an alleged breach has occurred.

4.2.2 In certain circumstances an alleged breach may necessitate the use of Student Emergency Exclusions & Suspension Policy, or Precautionary Measures under the Harassment and Sexual Misconduct Policy and Procedure

4.2.3 Where such emergency measures are taken, these will be without prejudice and have no bearing on, nor constitute any indication of any College finding with regard to an alleged breach of this policy.

4.2.4 Where on the balance of probabilities the College establishes that a breach has occurred, the College will take into account whether the breach is minor or major and the nature of the breach, in determining any action, including the level of any sanction/penalty.

4.3 Staff breaches

4.3.1 Staff alleged or suspected to have committed a potential breach of this policy will normally be referred to HR, to determine whether there is a need to refer the matter into staff disciplinary procedures. Where necessary, staff may be suspended without prejudice pending an investigation.

4.3.2 Where on the balance of probabilities the College establishes that a breach has occurred, the College will take into account whether the breach is minor or major and the nature of the breach, in determining any action, including the level of any sanction/penalty.

5. Criminal Investigations

5.1 Where a staff member or student is alleged to have committed a criminal offence that may also breach this policy, the College may take action under the relevant policies to suspend or exclude them, without prejudice, while any criminal investigation is ongoing. In deciding the appropriate response, the College will take a risk-based approach, considering the nature and seriousness of the alleged offence and its duty of care to the wider College community.

5.2 Alleged IT Misuse Involving Suspected Extremist or Radicalising Materials (Prevent) Any suspected access, creation, downloading, sharing, or transmission of extremist or terrorist-related materials, or materials that may pose a risk of radicalising an individual or group, must be reported immediately to the Prevent Single Point of Contact (SPOC), the Student Services and Wellbeing Manager. If the Prevent SPOC is unavailable, the Principal must be contacted without delay.

6. Security and Monitoring

6.1 The College may monitor the use of its IT systems, including email, internet access, TEAMS, and other messaging platforms, to ensure systems are used appropriately and to reduce legal and security risks.

6.2 Any suspected breach of computer security will be referred to the Principal. Where a criminal offence may be involved, the Principal and the relevant line manager will decide whether the matter should be reported to the police.

6.3 Staff who believe that another employee or student is misusing the College’s IT systems may raise their concerns confidentially with the Principal. Further details on how breaches are handled can be found in Section 4, Breaches of this Policy.

7. Monitoring and Filtering

7.1 All data created or stored on College computers is the property of the College. While there is no formal expectation of personal data privacy on College systems, the College will avoid accessing personal emails wherever possible.

7.2 The College may use IT system logging where appropriate and may initiate investigations where there is reasonable suspicion of a breach of this or any related policy.

7.3 The College reserves the right, under specific and lawful conditions, to monitor activity on its IT systems, including internet use, email, and social media, to maintain system security, ensure effective operation, and prevent misuse.

7.4 The College also employs web-content filtering. Categories of content that may be blocked include, but are not limited to:

  • abused drugs
  • botnets and academic cheating tools
  • confirmed spam sources
  • cult and occult material
  • gambling
  • hate speech or targeted hate (including racism, transphobia, anti-Semitism, and religious intolerance)
  • illegal malware sites
  • marijuana-related content
  • spyware and adware
  • violence, including weapons

8. Allied Policies:

The following policies and documents are allied to this policy:

  • Student Emergency Exclusions & Suspension Policy
  • Student Disciplinary Policy (non-academic)
  • Harassment and Sexual Misconduct Policy and Procedure
  • Prevent Policy and Procedure
  • Student Complaints Policy and Procedure
  • Student Terms & Conditions
  • Support Through Studies Policy & Procedure