Our Acceptable Use Policy is a set of guidelines all information service users are expected to follow, with the aim of:
Guidance falls into two basic categories; prohibitions and obligations. Prohibitions are activities or behaviours that you must avoid. Obligations are activities and behaviours that you are expected to perform or adopt as a responsible service user.
This Acceptable Use Policy applies to anybody that uses University of Chester information services, including staff, students, visiting lecturers, visitors, alumni and all other classes of user.
The term information services includes university hosted and managed services and also third-party ones we have contracted with to supplement our service provision, an example of the latter would be the cloud-based Microsoft Office 365.
We will make reasonable efforts to publicise the existence and content of this policy (and any future updates or changes to it) by placing a copy on a publicly accessible website and, where practicable, linking to it wherever a user first interacts with our information services, e.g. on sign-up pages, applicant portals etc. We will also record positive acceptance of the terms within where possible.
Even where assent has not been recorded, continuing to access any of our systems after being informed of the existence of this policy will be taken to mean you consent to the terms within it.
If you do not accept the terms of this policy you must cease to use our systems immediately and inform us of your refusal to be bound by it so we can revoke your system access.
If you feel that any part of this policy requires clarification, or have any concerns around the behaviour of other service users, or feel you have identified a weakness in our systems please report this by:
You are expected to familiarise yourself with the entirety of this policy however the main points are summarised below for convenience and ease of comprehension.
You are responsible for whatever is done using your user account. To protect yourself you should not share your password (or any other authentication methods used to control access to your account) with others, nor should you share login sessions. You should educate yourself about common identity theft tactics, such as phishing, to ensure you don’t fall victim to them.
You should make sure that any device you use to connect to our services is as secure as possible. Ensure the devices you use were released recently enough that the operating system and firmware on them are still actively supported by the manufacturer and that you apply all available security updates and patches. Protect your devices with anti-malware software. Enable passcodes or biometrics where possible to prevent unauthorised access to your devices.
Treat information as the valuable resource it is; follow the procedures put in place to help you store and access information securely and to prevent unauthorised disclosure. Respect confidentiality.
You are expected to use our services in a responsible manner. You must not do anything that negatively affects fellow service users (for example cyberbullying, harassment, monopolising limited resources), nor indulge in conduct that harms the reputation of the university, or that is illegal.
You must familiarise yourself with and adhere to any supplemental Acceptable Use Policies relating to third-party services you access via your university account. Misuse of other services using a university account has the same penalties as misusing internal services.
We monitor service usage and are able to trace policy violations. We also have the right to review data stored on our systems and delete it if necessary to protect our services.
You must not physically plug your devices into our networking infrastructure unless expressly permitted to do so. You must not install your own networking equipment in our buildings or try to run your own shared network services over our infrastructure. You are not permitted to exploit our systems for commercial gain.
Be aware that violating the terms of this policy may trigger university disciplinary procedures and could result in temporary or permanent suspension of access, or more serious sanctions.
The university is subject to contractual and legal duties that require us to monitor and log network traffic. The monitoring we perform allows us to trace the user responsible should any of the rules in this policy be violated.
Each service user is provided with a user account protected with a password (and sometimes additional security verification methods). Any actions performed on our systems by a given user account will be attributed to the registered owner of that account. Claiming somebody else was using your account at the time of a policy violation will not be accepted as a defence.
To protect yourself and the university you must not:
You must:
You must:
If you are using a university issued device some of the processes above will be managed for you, though you are still expected to facilitate the update process where required (e.g. accept update prompts, reboot when asked).
Much of the university information systems provision is concerned with the creation, modification, storage and sharing of data. Information is a valuable resource and one that should be treated with care.
Data is often shared within specific boundaries (such as within an email conversation, or inside a Teams site) and all users are expected to respect those boundaries and maintain confidentiality unless otherwise agreed with the data owner.
Where you are working with university data the service or information owner will often provide guidelines on how data is to be treated, for example these might include restrictions around copying or sharing information of specific levels of sensitivity. It is your responsibility to familiarise yourself with any information classification schemes and handling rules relating to the data you are permitted to access and to ensure you follow the guidance. This is especially important where the data is classed as sensitive personal information of the types protected by the Data Protection Act and the GDPR.
The university has made available a number of courses relating to our information services and ancillary subjects such as data protection and information security, some of which are mandatory for staff. These courses are available on Portal via the ‘Training and Skills’ tile. It is your responsibility to complete any such mandatory courses and apply the recommended practice when working with university data. Staff who fail to complete mandatory training or are found to have wilfully ignored the guidance provided may be subject to HR disciplinary procedures and/or revocation of system access.
When accessing sensitive information, you should take notice of the surrounding environment to ensure your screen cannot be seen by others or captured on camera.
You should also take appropriate steps to physically secure any device that holds university data, or which is configured to remember how to connect to our services. For example, if you are leaving your laptop in your car consider locking it in the boot rather than leaving it on one of the seats where it would be visible to potential thieves.
You must not use our systems or resources to facilitate conduct that is against the law, including but not limited to:
Beyond that you may not use our systems or resources to facilitate activity that is contrary to any codes of conduct that apply to your user class (examples are listed in the References section below), our Safeguarding policies, or that risks inflicting reputational damage or other harm upon the university, including but not limited to:
Please note you are expected to obey any rules of acceptable conduct on all services you access via our resources (via university owned devices and over our network/internet connection) including social media.
Additionally, you must not use our services in a way that might reasonably be expected to cause monopolisation of resources and hence reduce service availability to other users.
The university has partnered with external organisations to expand the range of services we are able to offer to our users. In many cases we have integrated the sign-in process of the remote service with our own, so that you can use the same account to switch seamlessly between them.
You should be aware that most of these services have their own Acceptable Use Policies, and you are expected to familiarise yourself with them and comply with the terms. Misuse of third-party services will be reported to us and may result in similar sanctions as misuse of university managed ones.
As mentioned above the university is required to log and monitor network traffic so that activity is attributable to specific users. This means we cannot guarantee an absolute right to privacy when using our network or university provided devices and no such right should be assumed.
In addition, the university reserves the right to undertake searches of our information systems, devices, and any data hosted upon them (including, but not limited to: email accounts, messaging services, file shares, SharePoint and Teams sites) where necessary to conform with statutory obligations (such as GDPR subject access requests or our duties under Prevent), or to prevent data breaches, or to protect users from harmful content, or to maintain the integrity and correct function of our services. These searches will only be undertaken when authorised by the relevant authority.
Please note such searches can sometimes result in data deletion (examples might include the deletion of a file containing a virus, or the removal of a phishing email from a mailbox). The university accepts no liability for any loss resulting from such deletions.
We occasionally receive reports of service abuses from third parties. These range from allegations of copyright infringement sent by media companies, to notifications of suspicious activity observed by our service providers. It is the policy of the university to investigate these reports in order to identify the person(s) responsible and to apply appropriate sanctions as set out in the Enforcement section below.
Unless given explicit permission to do so you are not allowed to plug your own devices into physical network ports within our buildings. Please connect to our Wi-Fi network instead.
While you are permitted to connect devices to our Wi-Fi network you are not permitted to install your own networking infrastructure or equipment on campus or within any university building, including our accommodation buildings. In other words, you are not permitted to try to extend our network or set up your own network on our sites. Similarly, you are not permitted to provide network services to other users via our infrastructure (by hosting a shared media server or a webserver for example). Failure to comply with instructions from Learning and Information Services on this matter will result in disciplinary proceedings.
While very limited commercial activity may be acceptable (subject to prior notification and review) you are not permitted to run a money-making enterprise that is significantly dependent on university service provision. For example; you are not permitted to mine Bitcoin or other crypto currencies by utilising our network.
Using our information services in a way that contravenes this policy amounts to misconduct and will be dealt with in accordance with standard university disciplinary procedures. Depending on the level of non-compliance sanctions may include temporary or permanent revocation of access to specific information systems. More serious violations may result in expulsion for students or termination of employment for staff.
Policies and codes of conduct applicable to employees can be found on Portal in the following location: https://portal1.chester.ac.uk/hrms/Pages/PoliciesandProcedures.aspx
Please note in particular the Employee Essentials Handbook, the Staff Code of Conduct, the Dignity and Respect policy, the Safeguarding Policy and the Social Media Guidelines.
Policies and codes of conduct applicable to students can be found on Portal in the following location: https://portal1.chester.ac.uk/studentfutures/Pages/student-policies-guidance.aspx
Please note in particular the Student Code of Conduct, the Dignity and Respect policy and the Safeguarding Policy.