Use of Computer Systems Policy
University data must be protected against unauthorised access and modification and those using university information systems must do so within the framework of the law and other regulations.
The technical controls that are used within the University provide an essential element of the required protection. However, these only deliver part of the solution, the most effective defence being achieved through awareness and good working practices.
This document which forms the University's Use of Computer Systems Policy (incorporating Internet, web and email usage) in support of the University's Information Security Policy, defines both acceptable and unacceptable usage of IT/IS facilities, contributing to the overall goal of systems and information management The University's Information Security Policy and a full list of Supporting Policies within the Information Security Management System (ISMS) framework can be found at http://campus.leeds.ac.uk/isms.
This Policy concerns:
- The use of University owned assets; and,
- University network facilities, regardless of whether these are used through the connection of University assets or through the connection of private equipment (where this has been authorised).
It applies to the following:
- All full-time, part-time and temporary staff employed by, or working for or on behalf of the University;
- staff who are employed by the NHS who are located at the University;
- students studying at the University;
- contractors and consultants working for or on behalf of the University;
- all other individuals and groups who have been granted access to the University's IT/IS and network facilities, including visitors.
It is the personal responsibility of each person to whom this Policy applies to adhere fully with its requirements. However, Deans and Heads of Schools/Services* are responsible for implementing this Policy within their respective faculty/department and for overseeing compliance by staff under their direction or supervision.
This Policy concerns all computer systems and network
facilities operated by the University, regardless of
location, where responsibility for user management and
control resides with members of the University, or is
outsourced to third parties.
* Also generically infers Heads of Centres & Institutes throughout.