Acceptable Usage Policy
Scope and Purpose of Code
The purpose of this code is to establish general regulations governing the use of Information Technology (IT) resources within the Institute and to define the rights and responsibilities of users. The IT infrastructure provides an essential part of our working environment and represents a significant investment by the Institute and it must be used with care and with consideration for others. If misused there is a risk of actions, deliberate or not, that are harmful in various ways including (a) interference with the rights of others (b) violation of the law (c) interference with the research activities of the Institute (d) endangering the integrity of the Institute’s computer network.
The code applies to all persons authorised to use the Institute’s IT resources. Users are also required to comply with the acceptable use policy of HEAnet, the Institute’s primary internet service provider. A copy of the HEAnet acceptable use policy is attached to and forms part of this code of conduct.
Nothing in this document attempts or should be interpreted in a manner that attempts to limit academic freedom.
Access to IT resources will normally be given with the assistance of the Institute’s IT staff and and will typically involve the allocation of an individual password. The integrity of the password system is the primary defence against breaches of computer security and it must be treated accordingly. Users should not divulge their password to any other person and are responsible for keeping it secret. In particular it should not be written down in an obvious place, nor transmitted over insecure channels (eg in non-encrypted form) and users should as far as possible avoid re-using the same password for access to non-Institute sites. The IT staff should be consulted if there is any doubt over what constitutes safe and unsafe behaviour. Users will typically be held personally responsible for all activities carried out under their username.
Internet, e-mail and other IT systems are provided as part of the general research environment of the Institute and its constituent schools and to help staff in the performance of their duties. Occasional personal use of these facilities is permissible, but should be kept to a minimum and must not be such as to bring the Institute into disrepute. Any use of the Institute’s IT facilities for personal commercial purposes is strictly forbidden.
Any software or hardware which could significantly affect other users, or interact with the system in a nontrivial fashion, or require changes to global system parameters or libraries, may only be installed by the IT support staff.
No person should deliberately or through carelessness jeopardize the integrity, performance or reliability of the Institute’s computer equipment, software and other IT systems, nor selfishly seek to monopolise shared system resources to the detriment of other users.
Users must not seek to intercept network traffic, files or data to which they are not entitled.
The use of IT facilities is subject to an evolving set of both Irish and European Laws and users are expected to use the Institute’s facilities in a manner compliant with these laws. If a user is unsure of whether something is covered by law they should consult the IT staff. The Institute’s IT staff are responsible for ensuring that the Institute’s IT systems are fully compliant with software license requirements. All users are required to support them in this. Users are however responsible for ensuring that their own activities and uses of the IT facilities are in compliance with both Irish and European Law.
Monitoring and privacy
In general the Institute undertakes as far as possible to respect the privacy of personal files and e-mail. Technical support staff are forbidden to examine the contents of a user’s communications and files out of mere curiosity or at the arbitrary behest of any individual.
While the Institute does not deliberately seek to monitor the activities of users of the IT system, users should be aware that many details are automatically captured in system logs. Also in exceptional circumstances where it is necessary for the protection of staff and visitors, or where there is a strong suspicion of abuse, or where it is a legal requirement, or where it is necessary for system security (eg after a virus attack), the Institute may monitor the use of IT facilities and examine a user’s personal files. When it is found necessary to examine any personal files in an intrusive manner the user will be informed.
Violations of Code
Violations of this policy will result in disciplinary action and could also result in legal action. Users should report any misuse of the Institute’s IT systems to the Director of the School concerned or the Registrar’s office and, where appropriate, also inform local IT support staff.
This AUP was adopted by the Computer Committee, 14 October 2003