This Policy covers documentation of policy, procedures, and standards relating to:

• University Information Assets
• University IT and Network Resources

This Policy applies to all Users of the University’s IT resources which includes, without limitation, its networks (accessed on site or remotely) and/or communications devices hereinafter the University’s IT resources.  This Policy takes precedence over any policies which may be developed at a local level.

3.1 IT Services

IT Services is responsible for:

• Monitoring use of University IT Resources to ensure this Policy is not breached;
• Acting on breaches to this Policy and bringing any breaches to the attention of DEWG or External Hosting Group (see IT Policy Breach).
  
  

3.2 Users

Each User is responsible for:

• Complying with this Policy and all other relevant policies and procedures;
• Ensuring all passwords assigned to them are kept confidential;
• Reporting all breaches of this Policy to helpdesk@ucc.ie or itsecurity@ucc.ie

4.1 Principles of Acceptable Use

This Policy is based on the following principles:

1. Users must use the University’s IT Resources and University’s Information Assets in a responsible, safe and lawful manner.
2. Users must respect the integrity of computer systems, communication devices and networks to which they have access.
3. Users must respect the integrity of the data to which they have access.
4. Users must store and process University data in compliance with the Records Management Policy and the relevant Data Protection Legislation.
5. Users must follow any standards and guidelines (including those set out in this Policy) relating to the use of the University’s IT Resources and University Information Assets.

4.2 Unacceptable Use

Users must not use the University’s IT Resources to:

1. Other than in the course of performing their duties, knowingly access, download or distribute illegal or inappropriate material, including material that is in any way pornographic, obscene, abusive, racist, libellous, defamatory or threatening.
2. Engage in any form of bullying or other behaviour which is illegal or likely to cause harassment to others.
3. Use social media to degrade, bully or intentionally offend Staff, Students or other Users or use these tools to bring the reputation of the University into disrepute. Please reference the University’s Social Media Policy for more details.
4. Gain unauthorised access to the account, systems or equipment of any third party - attempts at ‘hacking’ may result in criminal prosecution in Ireland or elsewhere.
5. Use another Users account.
6. Perform any activities which contravene the laws of the State, or the destination country in the case of data being transmitted abroad.
7. Undertake commercial activities or to otherwise further commercial objectives which are not a part of your work/studies in the University.
8. Infringe the copyright, patent or other intellectual property rights of any person including, by downloading unlicensed software or other unauthorised materials.
9. Infringe the data protection or other privacy rights of any person. Please refer to the Data Protection Policy.
10. Use of University systems or resource to facilitate plagiarism or cheating in exams or assignments.
11. Access, modify, or interfere with computer material, data, displays, or storage media belonging to the University or another User, except with their permission.
12. Connect unauthorised equipment to the University network.
13. Load or execute unlicensed software or other material on the University’s IT Resources where this is likely to breach the licensing conditions or other Intellectual Property rights.
14. Knowingly introduce any virus, malware or other destructive program or device into the University’s systems or network.
15. The User should take all reasonable steps to ensure that they do not inadvertently introduce such programs or devices into the systems or network.
16. Store sensitive or confidential University data on personal devices.

If you process (or intend processing) personal data about others on a computer, you are obliged to comply with the provisions of the Data Protection Act 2018 as amended, updated or replaced from time to time and the University’s Data Protection Policy

The University IT resources are to support the activities of the University.  Although limited personal use of the University’s IT Resources is allowed, the usage should never conflict with the primary business purpose for which they have been provided and the the University’s responsibilities.

4.3 Passwords and Access

Users have a responsibility to safeguard any credentials granted to them by the University.  In order to limit security risks, all Users must abide by the following:

• Attempts should not be made to by-pass or render ineffective security measures provided by the University.
• Do not:
• Share user IDs or usernames
• Divulge passwords to other users
• Seek to impersonate other users
• Leave their computer unattended without logging out or locking
• User Passwords must not be shared between users, except where they are released as part of the approved procedure. An approved procedure exists for releasing passwords where accounts are required and staff are unavailable, “Procedure Relating to Access by or Disclosure to a Third Party of Information in a Staff Member's Files or Email Account” : 

4.4 E-Mail

Each Staff member within the University is provided with an email account to assist with their work for the University. Each registered Student and graduate of the University is provided with an email account for their use.  This account is the primary way that the University will communicate with students, graduates and alumni. Email account holders must comply at all times with this Policy.

The email account of a Staff member, and any information contained in it including content, headers, directories and email system logs, remains the property of the University.  Usage of the email system for academic and professional purposes is encouraged (journals, review papers, professional bodies, etc.). Incidental use of an e-mail account for personal purposes is allowed and is subject to the same policies and regulations as official use.  However, systematic use on behalf of individuals or organisations that are not associated with the University or its business is not allowed

Users are responsible for the integrity of their mailbox.  IT Services cannot restore any emails deleted accidentally or otherwise.  All email messages may be subject to the Freedom of Information Act 2014 (as amended, updated or replaced from time to time).

Arising out of the need to protect the University’s network, the University cannot guarantee the confidentiality of information stored on any network device belonging to the University.

Great care should be taken when attaching documents to ensure the correct information is being released.

• An email should be regarded as a written formal letter. Any defamatory or careless remarks can have very serious consequences. The use of indecent, obscene, sexist, racist or other inappropriate remarks whether in written form, in cartoon form or otherwise, is strictly prohibited.
• To prevent computer viruses being transmitted through the network, care must be taken when dealing with suspect e-mails and attachments of unknown origin are received. Suspect e-mails should be deleted immediately and never forwarded to other Users.
• Staff and Students are not authorised to retrieve or read any e-mail messages that are not sent to them except when authorised under the approved procedure: Access to Staff Accounts  .  
• Email messages must not be automatically forwarded (redirected) to external non-university accounts
• If you receive any offensive, unpleasant, harassing or intimidating messages via e-mail, you are requested to inform the University immediately by emailing helpdesk@ucc.ie.

4.5 Bulk Email

All those who wish to send bulk email to Staff in UCC, including formal email lists must comply with the following:

• Do not send emails to the list which are obscene, abusive or threatening.
• Be courteous and show tolerance towards other users of the list.

Be mindful of the fact that any messages will be widely published. Therefore, users are expected to exercise restraint when voicing controversial opinions. In particular they must:

• Respect the variety of cultures and beliefs that are likely to be represented across such a large audience.
• Ensure that any messages they send cannot be construed as being in any way defamatory (for information on defamatory statements please contact the Office of Corporate and Legal Affairs).
• Ensure that they do not damage the reputation of the University or undermine its overall mission.
• Take care not to forward emails that were intended only for them to bulk distribution list, such as AllExchangeUsers.

Take care to minimise the negative impact or disruption on other users of the email system. For this reason:

• Forthcoming events should be publicised using the Events Calendar at http://www.ucc.ie/en/about/submit/, not on the mailing lists.
• Chain letters/emails of any sort should not be sent.
• There must be no third-party commercial advertising using UCC email lists, unless authorised in advance by OCLA, HR or the Head of Student experience.
• Messages originating elsewhere in a private capacity must not be forwarded to the lists without the permission of the original sender.
• Only material in keeping with the purpose of the lists should be sent and, in particular, should not include messages for which other dedicated services are provided.

Some lists are for official announcements only (e.g. AllStaff, AllAcademicDeptUser or AllAdminDeptUsers). These lists will be used for formal communication from designated University offices to staff. Permission to send to these lists will be restricted and authorisation will be granted by members of UMTS on request. Replies to this type of message must not be sent to the whole list. All formal University business will use these lists.

Messages must be kept as short as possible and must contain only text:

• Images, logos, 'watermark' backgrounds, etc. are not permitted since they greatly increase the size of a message.
• Emails to the list must not include any attachments. Where there is a need to provide staff with copies of reports, forms etc., these should be made available on the web and a link to the document included in the message.
• In general, messages should be sent only once. Exceptionally, official reminders and security/safety related messages may be repeated.

In the event of an IT Security issue the University reserves the right to stop bulk email lists until the threat has been mitigated.

4.6 Internet

The University’s Internet connections are intended for activities associated with:

• The functions of the University;
• The exercise by Users of their responsibilities and duties;
• The professional/academic development of Staff and Students.

Internet access and e-mail shall not, for example, be used for the following:

• Personal gain or profit
• To represent yourself as somebody else
• To advertise or otherwise support or engage in illegal activities
• To provide lists or information about the University or the University’s Staff or Students to others and/or to send other confidential information without approval

4.7 Personal Websites

The University recognises that from time to time Staff or Students of the University will setup websites, blogs or wikis that, while related to their academic or professional disciplines, are personal sites and not formal University sites. The purpose of these rules is to strike the appropriate balance of providing colleagues with the academic freedom to engage in open discourse, while also protecting the reputation of the University and that of its Staff and Students.  In addition, these rules ensure that the individual views and opinions discussed openly on such sites are not portrayed as the formal position of the University.

4.7.1 Use of University Trademark and Logo

Personal websites should not display the University crest, logo or other University trademarked/copyrighted materials, including the University designs, or otherwise appear to be an official University web page, unless with the permission of the Office of Corporate and Legal Affairs.

Personal websites hosted on UCC infrastructure must not be used for commercial purposes in a way which conflicts with the University Conflict of Interest Policy

4.7.2 Use of Disclaimer

On personal websites, you are required to identify views expressed as your own and do not hold yourself out as representing the University. If you identify yourself as being a member of Staff of the University, make clear that any views expressed are not necessarily those of the University.

Accordingly, all personal websites created and placed on the University's web servers and/or displaying University or copyrighted material must include the creator's name, and on each page the following statement: 'A disclaimer applies to this page'. The word 'disclaimer' in the statement shall be a link to the following disclaimer:

“This website is the personal responsibility of the person named in the website. Statements made and opinions expressed on personal websites are strictly those of the authors and not University College Cork – National College of Ireland, Cork (“THE UNIVERSITY”). THE UNIVERSITY does not preview, monitor, approve or endorse the contents of personal websites, and does not accept responsibility for any loss, damage, harm or injury occasioned by the contents of such websites including, without limitation, content which may be unlawful, offensive, harmful, threatening, abusive, harassing, tortuous, defamatory, vulgar, obscene, discriminatory, libellous, invasive of another’s privacy, hateful or racially, ethnically or otherwise objectionable material or content which otherwise infringes the rights of any third party on any personal page. THE UNIVERSITY is not responsible for the material contained in, or links connected to, personal websites and cannot be held liable for their contents.”

4.7.3 Limitations on Uses of Personal Websites

The use of personal websites for the following purposes is strictly prohibited:

• Any use which may have the effect of violating any laws (or exposing the University to unacceptable legal risk).
• Any use which may adversely impact on University computing or on network resources.
• Any use which the University considers may be defamatory or libellous.
• Any use which may infringe the rights of any third party in respect of personal data, intellectual property or other confidential or proprietary information.
• Making accessible materials which could have the effect of damaging the reputation and goodwill of the University.
• Are otherwise in breach of this Policy.

These provisions are not intended to curtail normal academic discourse as guaranteed by S14 of the Universities Act 1997, but to provide an appropriate platform for this discourse that complies with the law of the land and one which does not damage the University or other parties.

The University reserves the right to remove personal websites (or links to externally located personal websites) when the limitations set out above are breached or where the staff member resigns, retires or a student graduate or leaves.

Decisions regarding the removal of personal websites and/or links to externally located personal websites for any reason will be made by DEWG, who can be contacted at dewg@ucc.ie .  For more information please refer to the Web & Social Media policy. Where urgent action is required in relation to a personal website or associated links (e.g. in the event of breach of this Policy) and it is not possible to consult the Digital Estate Working Group in the time available, then the Chairperson of the Committee or his/her nominee can decide on the action to be taken. The decision must be ratified by the Committee at the earliest opportunity, where the decision is not ratified, then the situation must be restored as closely as possible to that which existed before the action was taken.

The University reserves the right to amend this Policy at any time in any manner in which the University sees fit at the absolute discretion of the University or the President of the University.

Any such revisions will be noted in the revision history of the policy, which are available to you on the website and by continuing to use the University’s IT Resources following any updated you will be deemed to have accepted the revised terms of this Policy.

8 Further Information

Contact Email:itsecurity@ucc.ie

Contact Name:

Contact Telephone Number: