RAVENSBOURNE COLLEGE OF DESIGN AND COMMUNICATION

COMPUTER SYSTEMS SECURITY, E-MAIL AND INTERNET POLICY

1. E Mail, Telephone and Internet Policy

This policy explains:

• How you may use e mail, telephones and the Internet using the College’s
facilities;

• How you or the College may be liable in law for misuse of e mail or the
Internet;

• How your interests and the College’s interests can be protected; and

• Disciplinary action which may be taken against you if you fail to comply with
the rules set out in this policy.

You must read this policy and apply it to your everyday work. If you have any
questions as to the meaning or effect of this policy you should contact your manager
or a member of the Human Resources Department.

This policy is not however a definitive statement of the purposes for which the
College’s facilities must not be used. You must conduct yourself, at all times, in a
trustworthy and appropriate manner so as not to discredit or harm the College or its
staff and in accordance with the spirit of this policy statement.

This policy applies to all College telephone and computer users of the College
(including, without limit, all Directors, employees and third parties) who use e mail,
bulletin boards, intranet, the world-wide web and the Internet through computers
based at the College’s premises or through any computers located at other sites
(including private equipment) via the College’s network or using the College’s
telephone lines.

Failure or refusal to comply with this policy is a disciplinary offence that may lead to
disciplinary action, up to and including, dismissal without notice. For further details
please refer to the College’s Disciplinary Procedure.

NB All communications and stored information sent, received, created or contained

within the College’s systems are the property of the College and accordingly should
not be considered private.

Telephone Use

Whilst the College accepts that on occasions that personal calls need to be made,
these should be kept to a minimum. Any employee deemed to be making or
receiving an unreasonable amount of personal calls will be subject to the College’s
Disciplinary Procedure.

You should be aware that mobile telephones can be disrupting and distracting,
therefore please consider your colleagues and ensure that your phones are in your
possession to ensure minimum disruption. We would appreciate during meetings
and interviews that your phones are switched to silent or vibrate.

May 2005 Page 1 of 6 1

Personnel/HR Policies and Procedures/8.10 Computer Policy
RAVENSBOURNE COLLEGE OF DESIGN AND COMMUNICATION

COMPUTER SYSTEMS SECURITY, E-MAIL AND INTERNET POLICY

General Security of the Computer Systems

1 Access to information held on the College’s computer system is restricted to those

employees who are required to use it during the course of their work, for work
purposes only. You should not therefore access information stored that is
irrelevant to your work.
2 Employees are responsible for ensuring the security of their own password(s).
3 An employee will be held personally responsible for any transaction(s) undertaken
under their log-in password, therefore, as an additional security measure the
College strongly recommends that an employee changes their password
regularly.
4 The use of someone else’s identity and password to access the internet or send
email is strictly forbidden and will result in disciplinary action.
5 For staff who knowingly share their password with another member of staff or
student, the disciplinary process could be invoked
6 You must act responsibly and appropriately when using the College’s computers
and when sending email, whether internally or externally.
7 All college data should be saved to network drives so that it is backed-up.
Employees are responsible for securing workstations at the end of the working
day e.g. logging out.
8 Employees should not facilitate access to restricted passwords, but should use
proxy facilities where available or refer access facility issues to line managers.
9 All College software must be authorised by the Head of ICT with reference to a
senior manager when a major change is involved.
10 No software should be installed or used without prior authorisation of CNDI and
relevant licences from copyright owners.
11 Breaches of suspected computer security must be reported to the Director of
Finance, and can be contacted on: g.cowcher@rave.ac.uk
12 All members of staff have a duty to comply with both the letter, and the spirit, of
the Data Protection Act 1998 a copy of which can be found at
www.legislation.hmso.gov.uk/acts/acts1998/19980029.htm

Misuse of computers, including the misuse of e-mail, is a serious disciplinary offence

that may result in dismissal.

Examples of misuse considered as gross misconduct (which is not an exhaustive list)

are set out below:

• Data fraud and data theft;

• System sabotage;
• Hacking:
• Deliberate breach of any College security procedures;
• Deliberate breaches of the Data Protection Act 1998;
• Wilful unauthorised access, or attempted unauthorised access, or allowing a
third party to access any College computer system.
• Deliberately making, acquiring or using unauthorised copies of computer
software, or deliberately introducing a computer virus or undertaking any

May 2005 Page 2 of 6 2

Personnel/HR Policies and Procedures/8.10 Computer Policy
RAVENSBOURNE COLLEGE OF DESIGN AND COMMUNICATION

COMPUTER SYSTEMS SECURITY, E-MAIL AND INTERNET POLICY

action which results, or potentially could result, in the corruption or loss of

College data.

Examples of misuse considered as serious misconduct (which is not an exhaustive

list) are set out below:

• Using unauthorised software;

• Using the system for unauthorised private work or game playing.

On leaving the College’s employment ICT Services will disable an employee’s log-in
account at the direction of Human Resources.

If an employee suspects any member of staff of abusing the College’s computer

system, they should report this to their line manager. Should the employee feel
unable to approach their line manager, they may speak to the ICT Ombudsman, in
confidence, about the issue. The role of the Ombudsman is to act as an impartial
third party when allegations of computer misuse arise. The ICT Ombudsman is
Stephen BowmanLiz Pearson, Director of Strategy & Communications
DevelopmentInformation Services and can be contacted on:
l.pearson@rave.ac.uks.bowman@rave.ac.uk.

Because of the nature of the work undertaken by staff within ICT and MIS there may
be occasions where they will come across confidential information which is
unavoidable. ICT and MIS staff are required to ensure that confidential information
remains confidential; this of course applies to all staff.

Use of the E-mail System and Internet

The e-mail system is available for communication on matters directly concerned with
the Business of the College (unless expressly authorised by your line manager).

These guidelines are intended to facilitate proper use of the e-mail system. Failure to
adhere to these guidelines will render employees liable to disciplinary action.

The College understands that from time to time reasonable personal use of the e-
mail system or the Internet may be necessary, however, the College would expect an
individual to ensure this is kept to a minimum and no more than 30 mins1 hour in a
total a week. Access to personal emails and the internet must be undertaken in an
employee’s own time, ie during the lunch break.

Excessive or unauthorised use of the E-Mail system or the Internet is considered to

be a serious disciplinary offence which may result in dismissal.

The College also considers the downloading of films, music, or other similar material
to be inappropriate.

Examples of misuse considered as gross misconduct, which may result in dismissal,

are set out below, (this list is not exhaustive):

May 2005 Page 3 of 6 3

Personnel/HR Policies and Procedures/8.10 Computer Policy
RAVENSBOURNE COLLEGE OF DESIGN AND COMMUNICATION

COMPUTER SYSTEMS SECURITY, E-MAIL AND INTERNET POLICY

• Sending any message that could constitute harassment or bullying;

• Accessing pornography;
• Distributing copyright information and/or any software available to the user 
without prior written permission of copyright holders.
• Sending abusive, rude or defamatory messages via the e­mail.
• Examples of misuse considered as serious misconduct and which may form
the basis of disciplinary proceedings are set out below, (this list is not
exhaustive):
• On-line gambling;
• Access to the e-mail using another employee’s password;
• Sending private and confidential College documents over the Internet to
unauthorised recipients (NB. HESA Returns etc);
• Publishing copyright or confidential content without authorisation on the
Internet;
• Deliberately accessing, without express permission from a line manager, sites
which contain the following material; hate sites (racial or other), terrorism,
dating, controlled drugs, criminal skills, chat, jokes or chain mail.

Should an employee be unsure whether their use of the College e-mail or internet
systems is within the authorised parameters, they should seek advice from their line
manager.

Unauthorised use of email and/or the internet may expose both you personally and/or
the College to Court proceedings attracting both criminal and civil liability. You will be
held responsible for any claims brought against the College for any legal action to
which the College is, or might be, exposed as a result of your unauthorised use of
email and/or the internet.

General Usage Guidelines

Courtesy

As e-mails can easily be misconstrued you must therefore consider very carefully
whether e-mail is the most appropriate form of communication in particular
circumstances. If you decide that it is, you should carefully consider the content of all
e-mails and who the appropriate recipients should be. It is inappropriate to send e-
mails and/or attachments to people (whether they are other employees of the College
or third parties) if the e-mail does not relate to them or if the attachment should not
be read by them. Pay particular attention to style and content of all e-mails when
sending mails externally, treating them in the same way as letters on the College’s
headed notepaper. The College does not permit personal remarks or personal
attacks in any shape or form. IIn addition, sending e-mails needlessly to other
people wastes their time and needlessly sending long files or attachments will cause
delays in the system.

All staff emails should be kept to a minimum, and only be sent where absolutely
necessary. Please as mentioned above think about who you are sending your email

May 2005 Page 4 of 6 4

Personnel/HR Policies and Procedures/8.10 Computer Policy
RAVENSBOURNE COLLEGE OF DESIGN AND COMMUNICATION

COMPUTER SYSTEMS SECURITY, E-MAIL AND INTERNET POLICY

to, the content of the email and whether or not you may cause offence or hurt
feelings.

Defamation

E mails and the Internet are considered to be a form of publication and therefore the
use of the Internet and e mail may result in communication constituting a libel
contrary to the provisions of the Defamation Act. Both words and pictures produced
on the Internet are capable of being libellous if they are untrue, ridicule a person and
as a result damage that person’s reputation. For these purposes, as well as any
individuals, a “person” may include the College or Institution. You must not put any
defamatory statement onto the Internet or on the College’s computer system whether
in e-mails or otherwise. As well as you being personally exposed to potential legal
action for defamation, the College can also be exposed both for the actions of you as
its employee and also as an on-line provider.

Obscenity

It is a criminal offence to publish or distribute obscene material or to display indecent

material in public. The Internet or any computer ‘message boards’ (such as the
forum) qualify as a public place. The accessing or sending of obscene or indecent
material using the College’s system is strictly forbidden.

Discrimination and Harassment

The College does not tolerate discrimination or harassment in any form whatsoever.
This principle extends to any information distributed on the College’s system
(including the Forum) or via the Internet. You may not put on either system any
material which discriminates or encourages discrimination or harassment on racial or
ethnic grounds or on grounds of gender, sexual orientation, marital status, age,
ethnic origin, colour, nationality, race, religion, belief or disability. Please also bear in
mind the College’s policy on discrimination and harassment.

Breaches of this policy will lead to disciplinary action. In the event you receive or
become aware of obscene, indecent, offensive, inflammatory, discriminatory or
socially offensive material you should notify your manager immediately so that
appropriate action may be taken.

Data Protection

Only designated employees [within Human Resources or IT] may place staff
information (including photographs) onto the College’s system. In all cases the
individual to whom the personal data relates should have been made aware that this
information would be placed on the system. Photographs should not be placed on the
system without an individual’s consent. If you are in any doubt you should check with
a member of the Human Resources Department/your Manager.

Monitoring

May 2005 Page 5 of 6 5

Personnel/HR Policies and Procedures/8.10 Computer Policy
RAVENSBOURNE COLLEGE OF DESIGN AND COMMUNICATION

COMPUTER SYSTEMS SECURITY, E-MAIL AND INTERNET POLICY

At the request of the Director the College reserves the right, without notice, to
access, listen to or read any communication made or received by you on its
computers or telephone system for the following purposes:

• To establish the existence of facts

• To ascertain compliance with regulatory or self regulatory practices and
procedures
• For quality control and staff training purposes
• To prevent or detect crime (including ‘hacking’)
• To intercept for operational purposes, such as protecting against viruses and
making routine interceptions such as forwarding e mails to correct destinations
• To check voice mail systems when you are on holiday or on sick leave.

The College also reserves the right to monitor time spent by employees accessing
the Internet for browsing. The College may monitor sites visited, the content viewed
or information downloaded where necessary.

The College also reserves the right to make and keep copies of telephone calls or e-
mails and data documenting use of the telephone, e-mail and/or the Internet
systems, for the purposes set out above. The College may bypass any password
you set.

Revised March 2006

May 2005 Page 6 of 6 6

Personnel/HR Policies and Procedures/8.10 Computer Policy