Policies & Procedures
Acceptable / Appropriate Use of ICT Policy
1.0 Policy Overview
IADT’s is committed to educational, research and development activities across a wide range of sectors, from technology to humanities to the creative arts. We recognise the importance of stimulating creativity and innovation, and we also value the individual needs of staff and students in their daily lives. The Information and Communications (ICT) infrastructure of our organisation plays a vital role in maintaining and developing our profile, as well as the education environment in which we work.
IADT’s intentions for publishing an Acceptable / Appropriate Use of ICT Policy are not to impose restrictions that are contrary to IADT’s established culture of openness, trust and integrity in relation to the use of current systems. The policy is to encourage the responsible use of the network resources.
Whilst there is a need to keep our creative endeavours as free from constraints as possible, we are also required to ensure that there are some boundaries in place, so that individuals and the Institute are protected from the effects of what are illegal, inappropriate and anti-social uses of ICT.
IADT is committed to protecting its employees, students, partners and the Institute from illegal or damaging actions by individuals, either knowingly or unknowingly.
Through partnership IADT’s stakeholders have established boundaries that conform not only to current legislation requirements, but also address the social and ethical boundaries that we are responsibly bound to place upon ourselves.
The purpose of this policy is to outline the acceptable and appropriate use of ICT resources within IADT.
This policy applies to employees, students, contractors, consultants, temporaries, and other workers at IADT, including all personnel affiliated with third parties, collectively the “ICT Users”.
Internet/Intranet/Extranet-related systems, including but not limited to computer equipment, software, operating systems, storage media, network accounts providing electronic mail, www browsing, FTP, telecommunication systems are the property of IADT.
These systems are to be used for the purposes of serving the interests of IADT, as a centre of teaching and learning in education, and therefore this policy applies to all equipment that is owned, leased by IADT, or any third party equipment based in IADT, or connected (directly or indirectly) to IADT’s network.
This policy supersedes all prior policies on the subject and will be supplemented or amended in the future to address changing business and technical issues.
Use of the IADT ICT constitutes a User’s acknowledgement of and consent to IADT’s right to conduct monitoring and disclosure, as described above and agreement to comply with the provisions of this policy.
4.1 General Use and Ownership
4.1.1 Users of ICT in the Institute should be aware that the data they create on the Institute systems or with IADT owned software remains the property of IADT within the scope of the IADT Research Policy [DRAFT}
4.1.2 While IADT's ICT Office network administration desires to provide the highest level of privacy, IADT does not provide ICT users with a guarantee of privacy or confidentiality in connection with the use of IADT ICT systems including: email and internet systems. ICT Users should therefore have no expectation of privacy or confidentiality in this regard. It is however recognized by ICT that data privacy is to be particularly extended to the confidential medical records held on the Medicom GP computing system and associated Student Counseling services electronic records
4.1.3 ICT users are responsible for exercising judgment regarding the reasonableness of personal use and IADT commits to ensure that an adequate and significant effort is made to inform all stakeholders of the need to exercise this good judgment.
4.1.4 For security and network maintenance purposes, authorised individuals within IADT may monitor equipment, systems and network traffic at any time. Remember that all files saved or accessed on IADT’s computers and network servers are date, time and UserID stamped, as are all visits to websites outside the Institute.
4.1.5 To protect its business, the interests of staff, students and others and to ensure compliance with this policy, Users should note that IADT reserves the right to access, monitor, review and (where necessary, disclose) Users’ telephone log and calls, voicemail, e-mail (including personal/private e-mail or e-mail accounts accessed from or using the IADT’s equipment), internet use and other common and communication facilities provided by the IADT which Users may use during their time with the IADT. IADT reserves the right to audit networks, systems and machines (including personal equipment connected to IADT ICT equipment). Exception to this ruling is the preservation of full confidentiality with regards to medical records held on the Medicom GP computing system. IADT will use this right reasonably, when necessary, in a targeted manner and for legitimate reasons but it is important that Users are aware that communication and activities on the IADT’s systems cannot be presumed to be private. A non-exhaustive list of examples of the type of monitoring which may be carried out appears in the section of this policy headed Data Protection. Examples of instances where monitoring may occur are set forth below:-
(i) Routine monitoring of e-mail traffic flow does occur. Such monitoring or examination may be made by technical personnel, ICT supervisory staff, or supporting third party ICT contractors for system maintenance or operations purposes.
(ii) As electronic mail and voicemail messages are the property of IADT. As with any other IADT documents or records, the contents of any stored messages or files may be reviewed by management for legitimate business reasons which may include (but not be limited to) reviewing e-mails during a workers absence to ensure work related e-mails can be dealt with, for the investigation of any disciplinary offence (including any breach of this policy), for the purpose of ensuring the provisions of this policy are being complied with (especially as regards the protection of confidential information and the Company’s intellectual property, for the defence of litigation and for the detection of fraud).
(iii) IADT may be required to disclose e-mail, voice mail and other electronically stored information to third parties pursuant to legal proceedings or governmental investigations or an access request made under data protection freedom of information rules. Also, IADT may, where it receives a complaint from a third party, access and review e-mail, voice mail and other electronically stored information and where IADT considers it is reasonable to do so.
(iv) When a User leaves IADT, management will be given access to his or her e-mail, voice mail and other electronically stored information.
4.1.6 ICT users accept that it is essential to properly safeguard the business of the Institute and to protect the rights of all stakeholders including: staff, students and clients of the Institute.
4.1.7 It must be remembered that electronic communications, including, e-mail or voice mail messages may be subject to disclosure pursuant to legal proceedings or on foot of a data protection or freedom of information request. Although e-mails are commonly perceived to be instant and disposable in nature, they are often stored on a backup tape. Further, recipients of messages may well have forwarded such messages onto third parties who Users may not know about. Generally, users should assume that all communications may be open to potential third party examination.
4.2 Security and Proprietary Information
Effective security is a team effort involving the participation and support of every IADT employee, student and affiliate who deals with information and/or information systems.
4.2.1. It is the responsibility of every computer user to know or refer to the relevant guidelines as defined by IADT, FOI and the Data Protection Act confidentiality code and to conduct their activities accordingly.
4.2.2. Authorised users are responsible for the security of their passwords, accounts and any assigned equipment. Keep passwords secure and do not share accounts. System level passwords should be changed quarterly; user level passwords should be changed every sixty days.
4.2.3. Because information contained on portable computers is especially vulnerable, special care should be exercised. Protect laptops in accordance with the “Laptop Security Tips”. (Future development).
4.2.4. Postings by staff or other members of the Institute from an IADT email address to newsgroups should contain a disclaimer stating that the opinions expressed are strictly their own and not necessarily those of IADT, unless posting is in the course of Institute duties and where the originator has the necessary authority to act on behalf of the Institute in such matters.
4.2.5. All hosts used by the staff/students that are connected to the IADT Internet/Intranet/Extranet, whether owned by IADT or not as the case maybe, shall be continually executing approved virus-scanning software with a current virus database and the OS should be patched to the latest releases, unless overridden by departmental or group policy.
4.2.6. Staff and other users of IADT email systems must use extreme caution when opening e-mail attachments received from unknown senders, which may contain viruses, e-mail bombs, or Trojan horse code.
4.2.7. IADT in its use of the Internet and mail services is bound by HEAnet’s acceptable usage policies which is available at http://www.heanet.ie/about/policy.html .
4.3. Unacceptable Use
Under no circumstances is an ICT user of IADT authorised to engage in any activity that is illegal under current legislation while utilising IADT-owned resources or while connected to IADT owned resources.
4.3.1 System and Network Activities
The items listed below are by no means exhaustive, but attempt to provide a framework for activities which fall into the category of unacceptable use.
18.104.22.168. Violations of the rights of any person or company protected by copyright, trade secret, patent or other intellectual property, or similar laws or regulations [including, but not limited to, the installation or distribution of "pirated" or other software products that are not appropriately licensed for use by IADT].
22.214.171.124. Unauthorised copying of copyrighted material including, but not limited to, digitisation and distribution of photographs from magazines, books or other copyrighted sources, copyrighted music, and the installation of any Copyrighted software for which IADT or the end user does not have an active license is strictly prohibited.
126.96.36.199. Software requiring a licence must not be installed until the licence is deposited with the IT Manager.
188.8.131.52. Exporting software, technical information, encryption software or technology, in violation of international or regional export control laws, is illegal. The appropriate management should be consulted prior to export of any material that is in question.
184.108.40.206. Introduction of malicious programs into the network or server (e.g., viruses, worms, Trojan horses, e-mail bombs, etc.).
220.127.116.11. Revealing your account password to others or allowing use of your account by others.
18.104.22.168. Using an IADT computing asset to engage in procuring or transmitting material that the use, transmission or display of which may constitute bullying or harassment in violation of the Employment Equality Acts 1998 to 2004 or the Equal Status Acts 2000 to 2004 or the Institutes Mutual Respect Policy is strictly prohibited.
22.214.171.124. ICT users of an IADT computing asset actively procuring or transmitting any material that is, in IADT’s sole discretion, unlawful, threatening, abusive, libelous, or encouraging of conduct that would constitute a criminal offence, give rise to civil liability, or otherwise violate any current legislation. If in doubt about the acceptability of any material contact your function manager and/or the IT Manager for guidance.
126.96.36.199. Effecting security breaches or disruptions of network communication. Security breaches include, but are not limited to, accessing data of which the ICT user is not an intended recipient or logging into a server or account that the user is not expressly authorised to access, unless these duties are within the scope of regular duties
188.8.131.52. Making fraudulent offers of products, items, or services originating from any IADT account
184.108.40.206. Port scanning or security scanning is expressly prohibited unless prior notification to the IT Manager is made.
220.127.116.11. Executing any form of network monitoring which will intercept data not intended for the ICT user’s host, (unless this activity is a part of the employee's normal job/duty.
18.104.22.168. Circumventing user authentication or security of any host, network or account, (unless this authority is part of the employee’s normal job/duties.
22.214.171.124. Interfering with or denying service to any user other than the ICT User’s host (for example, denial of service attack or seizing operator privileges).
126.96.36.199. The provision of remote access to users is not permitted except through prior agreement with the ICT Office.
188.8.131.52. Using any program/script/command, or sending messages of any kind, with the intent to interfere with, or disable, a user's terminal session, via any means, locally or via the Internet/Intranet/Extranet.
184.108.40.206. Providing information about, or lists of, IADT employees or students to parties outside IADT, unless this activity is in discharge of IADT authorised duties and responsibilities.
220.127.116.11. Using internet relay chat (IRC) by a user on any IADT computer assets with the exception of those under direct control of the ICT Office. IRC includes robots such as bots and clones.
18.104.22.168. The IADT ICT may be used to support charitable, professional organisation or community activities if approved by management. The resources may not be used, however, to solicit for commercial ventures, religious or political causes, outside organisations, or other non-job-related solicitations. ICT must not be used to advocate, further or otherwise support any business activities (other than those of IADT) or illegal activities.
22.214.171.124. Users must make no attempt to gain access to the e-mail, voice mail or files of other Users. Users must not test, or attempt to compromise computer or communication system security measures. Incidents involving unapproved system cracking (hacking), password cracking (guessing), file decryption, or similar unauthorized attempts to compromise security measures may be unlawful, and will be considered violations of the policy. Likewise, short-cuts bypassing systems security measures, as well as pranks and practical jokes involving the compromise of systems security measures are absolutely prohibited. Exceptions to this policy may be made by management for the purpose of conducting tests of system security.
This list maybe added to in the future as additional network services are made available either locally in IADT or through the Internet.
4.3.2 Email and Communications Activities
Email is covered under ICT Communications AUP (future development) but a sub-set of the main unacceptable uses are listed below:
126.96.36.199. Sending "junk mail" or other advertising material to individuals who did not specifically request such material (email spam).
188.8.131.52. Any form of bullying/harassment – including - via email, telephone or paging, whether through language, visuals, content, attachments, frequency, or size of messages. The Institute’s ‘Mutual Respect’ Policy – [Draft] will be called upon for guidance in handling this form of communication abuse.
184.108.40.206. Unauthorised use, or forging, of email header information.
220.127.116.11. Solicitation of email for any other email address, other than that of the poster's account, with the intent to harass or to collect replies.
18.104.22.168. Creating or forwarding "chain letters", "Ponzi" or other "pyramid" schemes of any type.
22.214.171.124. Use of unsolicited email originating from within IADT's networks of other Internet/Intranet/Extranet service providers on behalf of, or to advertise, any service hosted by IADT or connected via IADT's network.
126.96.36.199. Only send e-mail messages to those individuals for whom the e-mail message is relevant. The cumulative effect of unnecessary messages on e-mail systems can seriously degrade the performance of the system
5.0 Enforcement / Discipline
Any ICT user found to have violated this policy may be subject to disciplinary action in line with the disciplinary procedures pertaining to each of the stakeholder groupings in the institute – these include the disciplinary procedures agreed with the TUI; IMPACT, SIPTU and Technicians, the NUI and USI.
If any person is found to be in breach of the Institute Licensing and Copyright policy -[future development] - they shall in addition have to have such an alleged breach addressed through the normal disciplinary procedures and may be held personally liable to the licence/copyright owner for any damages that may arise.
ICT users must immediately advise the relevant members of staff of any suspected acts of violation, breach in the security system or virus so that such alleged acts may be investigated fully.