Information Services Computer Misuse/Abuse Procedures for Students, Staff, Alumni and External Users

Similar documents
STUDENT DISCIPLINARY PROCEDURE: NON-ACADEMIC MISCONDUCT

Disciplinary Policy and Procedure

Disciplinary procedures for all employees

IMPERIAL COLLEGE LONDON ORDINANCE D8. THE DISCIPLINARY PROCEDURE This Ordinance is made pursuant to Part III of the Appendix to the College s Statutes

Employee Discipline Policy

THE UNIVERSITY OF NOTTINGHAM SENATE DISCIPLINARY COMMITTEE - RULES OF PROCEDURE

DISCIPLINARY PROCEDURE FOR TEACHERS NOTES OF GUIDANCE FOR RELEVANT BODIES

DISCIPLINARY PROCEDURE FOR TEACHERS NOTES OF GUIDANCE FOR RELEVANT BODIES

STUDENT DISCIPLINARY PROCEDURES MAY 2009 CM

UNIVERSITY OF ESSEX STUDENTS UNION DISCIPLINARY PROCEDURE (SEPTEMBER 2015)

Disciplinary Procedure for Staff

against Members of Staff

Bye-Laws of Imperial College Union

Our Lady s Catholic Primary School

DISCIPLINARY AND DISMISSAL PROCEDURE

LANCASHIRE COUNTY COUNCIL DIRECTORATE FOR CHILDREN & YOUNG PEOPLE

Disclosure & Barring Service Policy

2016 No. 41 POLICE. The Police (Conduct) Regulations (Northern Ireland) 2016

This code is applicable to all employees of Finbond Mutual Bank, including temporary employees.

PENALTY NOTICES NON-SCHOOL ATTENDANCE CAMBRIDGESHIRE COUNTY COUNCIL LOCAL AUTHORITY CODE OF CONDUCT

PLUMBING INDUSTRY LICENSING SCHEME (SCOTLAND AND NORTHERN IRELAND) DUTIES OF A LICENSED BUSINESS

Disclosure and Barring Service Policy (SHINE Multi Academy Trust)

DISCIPLINARY PROCEDURE FOR TEACHERS INCLUDING PRINCIPALS AND VICE-PRINCIPALS IN GRANT-AIDED SCHOOLS WITH FULLY DELEGATED BUDGETS

Disciplinary Procedure

Disciplinary procedure

EDPS - European Data Protection Supervisor CEPD - Contrôleur européen de la protection des données

Education Workforce Council

PSD: COMPLAINTS & MISCONDUCT Policy & Procedures

DISCIPLINARY PROCEDURE FOR TEACHERS, INCLUDING PRINCIPALS AND VICE-PRINCIPALS, IN GRANT AIDED SCHOOLS WITH FULLY DELEGATED BUDGETS

Disciplinary Rules and Procedures for Staff

Delegated powers policy

Regulations for the consideration of criminal convictions for students on courses leading to professional registration

Chief Constable's Scheme of Delegation

The General Teaching Council for Scotland Fitness to Teach Rules 2017 These Rules are available in alternative formats on request

Disclosure and Barring Service

CHESTER-LE-STREET GOLF CLUB MEMBERS DISCIPLINARY POLICY AND PROCEDURE

Human Resources People and Organisational Development. Disclosure and Barring Service (DBS) Checks Guidelines for Managers and Employees

Scottish Archery Association

LeGaL Lawyer Referral Network Rules for Network Membership*

Code of Conduct and Disciplinary Procedures. Author: HASSRA Board of Management Date: January 2015 (updated)

UK ATHLETICS LIMITED ( UKA ) DISCIPLINARY RULES AND DISPUTE RESOLUTION AND DISCIPLINARY PROCEDURES

Northern Ireland Social Care Council (Fitness to Practise) Rules 2016

2. Definitions Bullying: the persistent and ongoing ill treatment of a person that victimises, humiliates, undermines or threatens that person.

ST THOMAS A BECKET CATHOLIC COLLEGE DISCIPLINARY POLICY AND PROCEDURE

DISCIPLINARY PROCEDURE

DBS Policy. Dulwich Hamlet Educational Trust Dulwich Hamlet Junior School and The Belham Primary School

CHESTER-LE-STREET GOLF CLUB DISCIPLINARY POLICY AND PROCEDURE

Disclosure Barring Service (DBS) Checks & Employing Ex-offenders

NKC STUDENTS UNION -- CONSTITUTION -- Version 1 March 2017

The position you have applied for is exempt from the Rehabilitation of Offenders Act 1974 (as amended in England and Wales).

DISCLOSURE AND BARRING SERVICE (DBS) POLICY

Whistleblowing & Serious Misconduct Policy

CRIMINAL RECORDS CHECK (DBS) POLICY. Author/Reviewer: Date Approved: Jan 2006

HOCKEY WALES DISCIPLINARY (RED CARD/ MMO) REGULATIONS

INVESTIGATION OF ELECTRONIC DATA PROTECTED BY ENCRYPTION ETC DRAFT CODE OF PRACTICE

COBIS Policy on Disclosure & Barring Service Checks for Member Schools COBIS Policy on the Recruitment of Ex-Offenders... 3

European College of Business and Management Data Protection Policy

Hampshire County Council. Code of Conduct (2006) for Issuing Penalty Notices in Respect of Unauthorised Absence from Schools (update 2013)

ANNEX 4 TO THE ORGANIZATION, MANAGEMENT AND CONTROL MODEL PURSUANT TO LEGISLATIVE DECREE NO. 231/2001 OPENJOBMETIS S.P.A. - EMPLOYMENT AGENCY -

Recruiter Accreditation Scheme Compliance Framework. December 2016

ORDINANCE 17 CODE OF STUDENT DISCIPLINE

PROSECUTION AND SANCTIONS

AIA Australia Limited

MANAGING THE APPLICANT ONLY DISCLOSURE AND CONTINUOUS UPDATING MODEL REGULATIONS

1. BG s Constitution, its Regulations and the various conditions of membership, registration and affiliation together require that:

Schedule Six Discipline Code

CES DISCIPLINARY POLICY & PROCEDURE

COMPLAINTS AND DISCIPLINARY POLICY

Voluntary Licensing Scheme for Agents. Terms and Conditions (February 2010)

1 Introduction. 2 Purpose and scope

All staff including managers who may have cause to take disciplinary action against a member of staff. Disciplinary Rules

Youth Out-of-Court Disposals. Guide for Police and Youth Offending Services

ISLE EDUCATION TRUST

Legal Referral Service Rules for Panel Membership

1 ESTABLISHMENT OF COMMITTEES AND ALLOCATION OF SEATS

Holy Trinity Catholic School. Whistle Blowing Policy 2017 BIRMINGHAM CITY COUNCIL WHISTLEBLOWING POLICY 2015 ADOPTED BY HOLY TRINITY CATHOLIC SCHOOL

The Intellectual Property Regulation Board (incorporating The Patent Regulation Board and the Trade Mark Regulation Board)

Dauntsey s School Recruitment Policy

DECLARATION FORM. Page1

1.4 This code does not attempt to replace the law. The University therefore reserves the right to refer some matters to the police (see section 4).

DATED DISCIPLINARY RULES AND PROCEDURE AND GRIEVANCE PROCEDURE

MBTA Transit Police CHAPTER 120. General Order No PAGE 1 OF 8

COUNCIL POLICY BACKGROUND

SCHOOL POLICY Safeguarding, Disclosure and Barring Policy

Whistleblowing Policy

STEP ESSAY ROUTE ACADEMIC INTEGRITY POLICY

Recruiting ex offenders policy

DISCIPLINARY PROCEDURE FOR TEACHING STAFF AT LOCALLY MANAGED SCHOOLS

EDEN HOUSING ASSOCIATION LIMITED DISCLOSURE AND BARRING SERVICE (DBS) POLICY

Recruitment of Ex-offenders Policy

POLICY - COMPLIANCE. Public Interest Disclosure Policy

Discrimination and Harassment Complaints and Investigations Administrative Procedure (3435)

ANTI-BRIBERY POLICY Rev Date Purpose of Issue/Description of Change Equality Impact Assessment Completed

TABLE OF CONTENTS. Duties of MEFF EXCHANGE. Minimum content of agreements between MEFF EXCHANGE and Members. Contracts and Exchange Register

Judicial Code. Contents

Suspension and removal procedure for statutory committee members

Page1. Employment of Ex- Offenders. Issue Date 01/01/2017 Issue 1 Document No: 105 Uncontrolled when copied

Disclosure and Barring Scheme Policy and Procedure

Economy, Transport and Environment. Enforcement Policy

DBS and Recruitment of Ex-Offenders Policy

Transcription:

Information Services Computer Misuse/Abuse Procedures for Students, Staff, Alumni and External Users 1. Introduction 1.1 This document describes the procedures for handling suspected cases of computer misuse/abuse, that is, misuse/abuse that breaches the Regulations for the Use of IT Facilities at the University of Kent (referred to as the Regulations throughout). A number of roles are explained in terms of specific functions within these procedures. These procedures also indicate the actions to be taken in the event of suspected computer misuse/abuse. 1.2 This procedure will be applied fairly and equitably, in accordance with the University's Equality and Diversity Policy and the principles of natural justice [see General Context The University s Disciplinary Framework Regulations on Student Discipline in relation to nonacademic matters]. 2. Definition of roles 2.1 IT Regulations Implementation Officer The IT Regulations Implementation Officer is normally the Deputy Director of Planning and Administration and is charged with responsibility for the implementation of the Regulations. In his/her absence, the Director of Information Services will have responsibility. 2.2 Investigating Officer The Quality and Standards Manager in Information Services will normally act as the Investigating Officer and will assess cases of suspected computer misuse/abuse and will initiate such investigations and actions as are appropriate under these procedures. In his/her absence, the Operations Manager in Information Services will fulfill this role. 2.3 Other roles The Network Controller has been identified by the University as the person designated as having the authority to perform interceptions on the University data network in accordance with the Regulations of Investigatory Powers (RIP) Act 2000 (Communications Data) (Additional Functions and Amendment) Order 2006. The Compliance Officer is the person with responsibility to ensure that the University data network is operated within UK law: principally the RIP Act and the Computer Misuse Act 1990 but also other relevant legislation. The Systems Administrator is the person with responsibility for and privilege to perform the technical management of a computerised system. Specified Systems Administrators will be explicitly authorised by the Network Controller to perform particular types of monitoring within the scope of these procedures. These Systems Administrators may be from Professional Services or Academic Schools. Page 1 of 7

The University s IT Security Team is headed by the Network Controller and has responsibility for the security of the University data network and attached systems. The Team will report suspected misuse/abuse to the Investigating Officer and liaise with Systems Administrators. 3. Withdrawal of access 3.1 The Investigating Officer may require Systems Administrators to withdraw specific computing facilities during an investigation of a suspected case of misuse/abuse: A user's access to IT facilities may be suspended; Computing equipment may be disconnected from the network; Computer equipment or files may be physically removed to a secure location; Access to specific services may be withdrawn. 3.2 In all cases other than the circumstances listed in paragraph 3.3 below, the case of misuse/abuse should be reported to the Investigating Officer before any action is taken. 3.3 A member of the IT Security Team may temporarily withdraw access to IT facilities or disconnect equipment from the University's network in the following circumstances: To ensure the security and continued operation of IT systems. To prevent the spread of malware (computer virus, worm, etc.) To preserve evidence for an investigation. To prevent the University being brought into disrepute. 4. Investigation of suspected misuse/abuse by students 4.1 If a complaint about misuse/abuse of IT facilities is reported to a member of Information Services, or a member of Information Services detects suspected misuse/abuse, the case must be reported immediately to the Investigating Officer. 4.2 On receipt of a complaint about, or a report of, a suspected case of misuse/abuse, the Investigating Officer will: Acknowledge the complaint, where appropriate. Initiate an appropriate investigation. Ensure that records are kept of all evidence collected, and actions taken, during the investigation, along with other relevant materials. 4.3 The Investigating Officer will collect evidence of the alleged offence. The Investigating Officer can make a formal request to the Network Controller that further investigations are conducted. The Network Controller will then authorise the relevant Systems Administrator (in the Operations team or another team in Professional Services or Academic Schools) to perform the requested investigation, including Page 2 of 7

looking through relevant log files for evidence. This will be done in compliance with the RIP Act (2000). For further information see Security Procedures for Systems Administrators. 4.4 If there is evidence of any IT misuse/abuse, the Investigating Officer will normally withdraw the user's access to all University and departmental IT facilities or to specific IT facilities or servers pending the completion of an investigation. 4.5 The user suspected of misuse/abuse may be invited to an interview with the Investigating Officer, or may be contacted and presented with the evidence collected (suitably anonymised where appropriate in sensitive cases) and given the opportunity to comment. This may include an adjournment if the user requests time to review the evidence before commenting. 4.6 Following the investigation and interview/contact, the Investigating Officer will come to one of the following conclusions: 4.6.1 If the Investigating Officer is of the opinion that there has been a breach of UK legislation he/she will notify the IT Regulations Implementation Officer who will review the case. The matter may then be reported to the Director of Information Services or other senior officer of the University to discuss how to proceed. 4.6.2 The Investigating Officer will make a decision on whether an offence against the Regulations has been committed and, if so, will then decide on the appropriate action as described in paragraph 4.8 below (if necessary) with the guidance of the IT Regulations Implementation Officer. 4.6.3 If there is evidence that the Guidelines for using various facilities (email, forums, blogs etc) http://www.kent.ac.uk/web/services/bulletinboards/index.html; http://www.kent.ac.uk/web/services/blogs/index.html have not been followed but it is not evident that the Regulations have been breached then an email warning may be sent. If the warning email message(s) are ignored, then the suspected offender can be considered as having breached the Regulations. 4.6.4 If, following the investigation, there is no evidence of IT misuse/abuse, then: All access to IT facilities will be restored and if necessary an apology for any inconvenience will be given. All materials collected during the investigation will be immediately destroyed. No further action will be taken. 4.7 Appropriate action The following actions are available to the Investigating Officer according to the nature of the alleged conduct. Page 3 of 7

4.7.1 Guidance: minor and/or inadvertent misuse The Investigating Officer will give the user advice and guidance on the appropriate use of IT facilities. The user's access to IT facilities (if temporarily suspended) will then be restored. 4.7.2 Informal warning: minor and deliberate misuse/abuse The Investigating Officer will give the user an informal warning in writing. The user will be required to write and sign a letter acknowledging his/her breach of the IT Regulations, agreeing not to re-commit the offence, and agreeing to abide by the IT Regulations in future. On receipt of the letter, the user's access to IT facilities (if temporarily suspended) will be restored. 4.7.3 Repeat minor and deliberate misuse/abuse following informal warnings in writing The Investigating Officer will refer the matter to the College Master and may inform the user s tutor [see Regulations on Student Discipline in relation to non-academic matters]. 4.7.4 Referral in the case of significant breaches of the IT Regulations: Referral to University Disciplinary Procedures for Students [See Regulations on Student Discipline in relation to non-academic matters]. The user's access to IT facilities will not normally be restored until the formal disciplinary procedures have been completed. All evidence and relevant materials are prepared for presentation to the appropriate University authorities. The user's tutor and Head of School and College Master will be notified. The Director of Information Services will refer the case to the appropriate University authorities. 4.8 All appeals by students against the decision of the Investigating Officer will be referred to the Director of Information Services who will forward the case to the College Master. 5. Investigation of suspected misuse/abuse by external users 5.1 If a complaint about misuse/abuse of IT facilities by an external user is reported to a member of Information Services, or a member of Information Services detects suspected misuse/abuse, an investigation as described in paragraphs 4.1-4.5 will be conducted. Note that "external users" are all users of the University's IT facilities who are not members of the University of Kent (i.e. staff, students, Page 4 of 7

and alumni) who have been given a Kent IT account after signing the Regulations. 5.2 If there is evidence that the Regulations have been breached, then all access to IT facilities will be withdrawn immediately, although mitigating circumstances may be taken into account. 5.3 All appeals by external users against the decision of the Investigating Officer will be referred to the Director of Information Services, or, in the case of his/her prior involvement in the case, to the Pro-Vice- Chancellor responsible for Information Services. In either case the decision will be final. 6. Investigation of suspected misuse/abuse by alumni 6.1 If a complaint about misuse/abuse of IT facilities by alumni is reported to a member of Information Services, or a member of Information Services detects suspected misuse/abuse, an investigation as described in paragraphs 4.1-4.4 will be conducted. Note that "alumni" are all users with a live@edu account that have agreed to abide by the Regulations. 6.2 If there is evidence that the Regulations have been breached, the Investigating Officer will email the account holder reminding him/her that they are bound by the IT regulations; they will be asked to respond to the Investigating Officer acknowledging the breach in regulations and asked to give an undertaking that regulations will be respected in the future. He/she will be reminded they risk losing their IT account if the regulations are breached in the future. 6.3 Any subsequent breach will lead to the email account being withdrawn, although mitigating circumstances may be taken into account. 6.4 All appeals by alumni against the decision of the Investigating Officer will be referred to the Director of Information Services, or, in the case of his/her prior involvement in the case, to the Pro-Vice-Chancellor responsible for Information Services. In either case the decision will be final. 7. Investigation of suspected misuse/abuse by staff 7.1. If a complaint about misuse/abuse of IT facilities by a member of staff is reported to a member of Information Services, or a member of Information Services detects suspected misuse/abuse, an investigation as described in paragraphs 4.1-4.4 will be conducted. 7.1.1 If a complaint about misuse/abuse of IT facilities by a member of staff is reported to Information Services or Information Services detects suspected misuse/abuse then the Investigating Officer may give the user advice and guidance on the appropriate use of IT facilities. The user's access to IT facilities will then be restored. Page 5 of 7

7.1.2 If there is evidence that the Guidelines for using various facilities (email, forums blogs etc) have not been followed but it is not evident that the Regulations have been breached, then an email warning may be sent. If the warning email message(s) are ignored, then the suspected offender can be considered as having breached the Regulations. 7.2 Where suspected misuse/abuse by a member of staff is reported to Information Services by Professional Services/Academic Schools or Human Resources (HR) (where HR are not already involved the Investigating Officer will notify HR). A full investigation will be carried out as described in paragraph 4.1 4.4. This will be undertaken by the Investigating Officer in conjunction with HR. In all cases the relevant Professional Service/Head of Academic School will be informed by HR. 7.3 If it is deemed appropriate based on the allegations made, action may be required to ensure that the investigation can be undertaken in a full and unhindered way. Action taken by HR may include review or suspension of part or all of the user s access to IT facilities, and/or suspension of employment on full pay. 7.4 If, following the investigation, there is no evidence of IT misuse/abuse then All access to IT facilities will be restored, apologies given and suspension of employment lifted, as necessary. All materials collected during the investigation will be immediately destroyed. No further action will be taken. 7.5 If, following the investigation, there is evidence of IT misuse/abuse a disciplinary interview will be arranged by HR. All investigatory action and, where appropriate, disciplinary action will be undertaken in accordance with the appropriate University disciplinary procedure, namely the Disciplinary and Dismissals Procedure Agreement for Staff in Grades 1-6 or the Code of Practice under Statute 7. 7.6 Advice from Information Services, via the Investigating Officer, will be sought at all stages of any such investigation/disciplinary interview and in the case of the latter, it is likely that he/she and or other officers within IS may be required to attend as an expert witness. 7.7 Cases of serious and/or repeated misuse may be deemed by HR as gross misconduct, and/or result in dismissal in accordance with the appropriate University disciplinary procedure. 8. Retention of evidence 8.1 All relevant data will be retained during the investigation and data collected during an investigation will be retained as supporting evidence in any disciplinary process. Page 6 of 7

8.2 Evidence used in a formal staff disciplinary action will be retained in accordance with University data retention policy. 8.3 Evidence used in an informal or formal student disciplinary action will be retained for up to four years and then destroyed. This information will be kept for the purpose of informing decisions on repeat offences. 8.4 All retained evidence will be held securely. It will only be accessible by the Investigating Officer, the IT Regulations Implementation Officer and the Director of Information Services. 8.5 Copies of any personal data held on individuals will be supplied under the provisions of the Data Protection Act (1998). 9. Review 9.1 This procedure will be reviewed annually or in the light of any new or amended relevant legislation. Page 7 of 7

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback