THE NEVILLE LOVETT COMMUNITY SCHOOL
EQUIPMENT AND INFORMATION SECURITY POLICY (2009) 1.
Care of Equipment IT hardware (laptop/PC) is expensive electronic equipment and care should be taken to protect it from misuse and theft. Staff MUST NOT: •
Eat or drink close to computer equipment.
•
Leave equipment unattended in either a public place or a vehicle. (If leaving equipment in a vehicle is unavoidable, it must be stored securely out of sight and the vehicle must be locked.)
•
Leave portable computers in an unsecured environment either in or out of the School.
Staff MUST: •
Leave portable computers in a classroom only after ensuring that it is secured with a security lock (provided).
•
Return portable computers during long periods of absence. Equipment is supplied for school use, not personal use and must be available at all times.
•
All computers must be either logged off or locked by the user before being left for any period of time.
The equipment is insured through the normal terms and agreements with Hampshire provided normal and reasonable steps have been taken for its security. 2.
Protection of the IT Environment Access to the computer system is protected by the use of personal passwords. To ensure this is not compromised the following should be observed: •
Staff should select their own passwords and change them at regular intervals. NLS Equipment & Information Security Policy (2009) Page 1 of 4
•
Passwords should be generic, i.e. they should not be a word commonly associated with the user (such as personal names, dates of birth, car registrations etc.) The use of obscene or offensive words should be avoided.
•
Staff should not divulge their passwords to unauthorised users or students.
3.
Illegal Access If you have reason to believe that your computing environment has been compromised by illegal access or tampering inform the IT Support Team immediately.
4.
Virus Protection Some viruses will only disrupt the system speed or display but others can corrupt and wipe-out an entire database. Steps have been taken to protect the School network against a virus attack but new strains are appearing all the time. Staff MUST NOT: • •
5.
6.
Open email attachments from sources that are not known to them. Open email attachments that contain an executable (.exe) file or command (.com) programme, including games, screen savers and screen mates. Licensed Software
•
Staff should not load any unauthorised software on any School owned computer or the network – this includes screen savers and ‘free’ software from magazines.
•
Staff should ensure that the IT Support Team has the original license for any software on their computer(s). The IT Support Team reserve the right to remove unlicensed software. Internet/E-Mail Usage
School provided Internet/Intranet and E-Mail facilities, like computer systems and networks are considered School resources, and are intended to be used for educational purposes only. The Internet is to be used in a manner that is consistent with educational standards of conduct and as part of the normal execution of a staff member’s job responsibilities. Use of the Internet/Intranet
NLS Equipment & Information Security Policy (2009) Page 2 of 4
and e-Mail may be subject to monitoring for security and/or network management reasons. School e-Mail accounts, Internet IDs and web pages should not be used for anything other than School sanctioned communications. It should be made clear to recipients that opinions expressed by individuals are not necessarily those of the School. The School supports appropriate personal use of Internet resources during nonwork hours provided that the use is consistent with the terms of this policy and does not incur cost to the School. Staff should be aware that both educational and personal usage can be monitored for unusual activity. The following are considered unacceptable practices and may subject the member of staff to disciplinary action, including written warnings, revocation of access privileges and termination of employment. The School reserves the right to report any illegal activities to the appropriate authorities. •
Visiting Internet sites containing obscene, hateful or otherwise objectionable materials;
•
Sending or receiving material that is obscene or defamatory, or which is intended to annoy, harass or intimidate another person;
• • •
Sending or forwarding electronic chain letters; Soliciting e-Mail that is unrelated to School activities, or soliciting nonSchool business for personal gain or profit; Representing personal opinions as those of the School;
•
Accepting/opening e-Mail attachments from unauthorised/unknown sources;
•
Intentionally interfering with the normal operation of the network, including propagation of computer viruses, or sustained high volume network traffic which substantially hinders others in their use of the network;
•
Examining, changing or using another person’s files, output or user name without explicit authorisation;
•
Other inappropriate uses of the Internet/Intranet or network resources that may be identified by the IT Support Team or Senior Leadership Group.
Be aware that whilst in your charge you are responsible for the use of the machine whether by you or another person.
NLS Equipment & Information Security Policy (2009) Page 3 of 4
7.
Relevant Legislation Staff must ensure that they are familiar with the terms of the relevant legislation and do not contravene such in the course of their daily duties or when using School equipment. 7.1.1
The Data Protection Act 1998 This Act makes provision for the regulation of the processing of information relating to individuals, including the obtaining, holding, use or disclosure of such information. Responsibility for the day to day compliance of this Act lies with every member of staff and failure to comply may fall not only on the School, but also on an individual member of staff if negligence or deliberate disregard of the Act by that person can be proven. To comply with the Act it is essential that staff do NOT: •
Use information other than for the purpose for which it is intended – indulging in curiosity is an offence;
•
Disclose information to others who are not covered by the Data Protection Registration;
•
Leave PCs/laptops unattended whilst logged into any system which might leave sensitive information accessible to others;
•
Leave printed output or discs containing personal data lying around unattended or unsecured.
7.1.2
The Copyright, Designs and Patents Act 1998 This Act covers the illegal copying and theft of software. It is an offence to copy, publish, adapt or use computer software without the specific authority of the copyright owners. To comply with the Act it is essential that staff do NOT: •
Install any software on School owned equipment;
•
Copy software or modify it without permission;
• 7.1.3
Loan or install any software owned or licensed by the School on any other computer without prior written permission. The Computer Misuse Act 1990
NLS Equipment & Information Security Policy (2009) Page 4 of 4
This Act aims to ensure that computer equipment, software and peripherals are only used by authorised personnel for authorised purposes. It was introduced in an attempt to limit damage by ‘hackers’ and viruses. To comply with the Act staff must NOT: •
Enter any unauthorised computer system or program;
•
Access data for which they have no authorisation;
•
Modify, change or delete data which they are not authorised to access.
Signed: …………………………………
Chair of Governors
Date Adopted by Governing Body: ………………………………. Next Review: Summer Term 2012
NLS Equipment & Information Security Policy (2009) Page 5 of 4