STFC acceptable use of Information and Communication Technology (ICT) systems and services policy.
Also available in PDF format:
The Research Council’s ICT systems, services and facilities are provided to enable employees and other authorised individuals to perform their jobs effectively and efficiently. All normal use of these systems in pursuit of individual Research Council business within an employee’s authority to act is allowed. Illegal activity is not allowed.
The purpose of this policy is to identify proper usage and behaviour for Research Council/establishment ICT systems with the overall aim of protecting the rights and privacy of all employees, and the integrity and reputation of the Research Council. It should be read in conjunction with the Personal Use of Social Media Policy.
Some limited and reasonable personal use of the Research Council’s ICT systems by employees is allowed provided that it is not excessive and does not:
This policy applies to all employees of the Research Council. The principles of the policy will also be applied, as far as is reasonably practicable, to non-employees working at Research Council/establishment locations and making use of Research Council/establishment ICT systems (e.g. facilities users, Panel Members, Council members, contractors, visitors).
The policy sets the minimum common standards of ICT acceptable use. Where additional organisational, institute, local, site or project standards of acceptable use are set, these must be consistent with the minimum standards set by this policy.
Breaches of the policy will be dealt with under the Disciplinary Policy and/or, as appropriate, Fraud Policy. Examples of unacceptable activities are set out in Annex A.
Sensitive or personal information must be appropriately protected in line with Government and Research Council policy.
The UK Shared Business Services (UK SBS) provides HR services across the Research Councils. However some employees are deployed at establishments/facilities/ships that do not access services from SBS. In these cases reference to the SBS or System (Employee Self Service) will not apply and employees should refer to their Research Council HR team for assistance.
Whether a worker is deemed to be a worker or employee is not always clear under employment legislation. In cases where managers or individuals have any doubt as to whether this Acceptable Use Policy should apply, assume that it does and then seek advice from the Research Council HR team.
|V2.0||01 July 2014||New Government Security Classification Scheme covered (para 1.5 – 1.8)|
|V2.0||01 July 2014||Clarification provided for personal emails (para 2.2.1)|
|V3.0||01 November 2014||Details provided at 2.1.7 on where to obtain Data Protection Policy|
If you have any questions on Information Security or the Acceptable Use Policy, please feel free to contact the Information Security Officer.
This policy sets the common minimum standards for the acceptable use of ICT systems and services. Set out below are examples of activities and uses which are specifically excluded. The list is not comprehensive and is divided into two sections (“Unacceptable” and “Forbidden”) to help highlight the most serious activities. The consequences of undertaking any of the activities listed below (or other instances) will be determined through the normal disciplinary procedures. All such activities are considered to be serious and are likely to be viewed as misconduct. It is likely that undertaking a forbidden activity, or repeating an unacceptable activity, will be viewed as gross misconduct.
Unsolicited receipt of discriminatory, abusive, pornographic, obscene, illegal, offensive or defamatory messages (e.g. email SPAM/text messages) will not be treated as a disciplinary offence. With the exception of illegal material, anyone who receives such material should follow local guidance on how to report it to the appropriate person. An employee who accidentally accesses a pornographic or other inappropriate web page should report the matter to their line manager. No disciplinary action will be taken in such cases. If the line manager is unavailable, the employee should contact their local IT Security Officer.
Anyone accidentally viewing what they believe is illegal material (e.g. child pornography) must immediately stop what they are doing, take a note of where they found the illegal material and close the software application displaying the material; this includes email. The individual must not view the illegal material again and must take appropriate measures to ensure that others cannot view the material. They must inform their line manager and the relevant IT Security Officer, who will decide how to proceed. It may be a criminal offence to continue to view, allow others to view, or not to report some illegal material.
* Tenant organisations and some third parties may be permitted these activities if they are explicitly included in appropriate tenancy agreements or equivalent.