IT regulations

The aim of these regulations is to help ensure that University of Staffordshire’s IT facilities can be used safely, lawfully and equitably.

The issues covered by these regulations are complex and you are strongly urged to read the accompanying IT regulations guidance. This gives more detailed information that we hope you will find useful.

1. Scope

These regulations apply to anyone using the IT facilities (hardware, software, data, network access, WiFi, third party services, online services or IT credentials) provided or arranged by Staffordshire University.

2. Governance

When using IT, you remain subject to the same laws and regulations as in the physical world.

It is expected that your conduct is lawful. Furthermore, ignorance of the law is not considered to be an adequate defence for unlawful conduct.

When accessing services from another jurisdiction, you must abide by all relevant local laws, as well as those applicable to the location of the service.

You are bound by Staffordshire University’s general regulations when using the IT facilities, Student academic regulations can be viewed on the website and staff regulations are available here.

You must abide by the regulations applicable to any other organisation whose services you access such as Blackboard, Microsoft, Janet, Eduserv and Jisc Collections.

When using services via Eduroam, you are subject to both the regulations of Staffordshire University and the institution where you are accessing services.

Some software licences procured by Staffordshire University will set out obligations for the user – these must be adhered to.

Breach of any applicable law or third-party regulation will be regarded as a breach of these IT regulations.

3. Authority

These regulations are issued under the authority of the Executive Director of Digital & Technical Services who is also responsible for their interpretation and enforcement, and who may also delegate such authority to other people. You must not use the IT facilities without the permission of Digital Services.

You must comply with any reasonable written or verbal instructions issued by people with delegated authority in support of these regulations. If you feel that any such instructions are unreasonable or are not in support of these regulations, you may contact the Executive Director of Digital & Technical Services.

4. Intended use

The IT facilities are provided for use in furtherance of the mission of Staffordshire University, for example to support a course of study, research or in connection with your employment by the institution.

Use of these facilities for personal activities (provided that it does not infringe any of the regulations and does not interfere with others’ valid use) is permitted, but this is a privilege that may be withdrawn at any point.

Use of these IT facilities for non-institutional commercial purposes, or for personal gain, requires the explicit approval of the Executive Director of Digital & Technical Services.

5. Identity

You must take all reasonable precautions to safeguard any IT credentials (for example, a username and password, email address, smart card or other identity hardware) issued to you. You must not allow anyone else to use your IT credentials. Nobody has the authority to ask you for your password and you must not disclose it to anyone.

You must not attempt to obtain or use anyone else’s credentials. Sharing, selling, trading, or otherwise transferring your IT credentials to any other individual or entity is prohibited.

To enhance security, Multi-Factor Authentication (MFA) is mandatory for accessing some IT systems and data. Staff and students must have access to and be prepared to enrol a personal device as an authenticator to access IT systems.

You must not impersonate someone else or otherwise disguise your identity when using the IT facilities.

6. Infrastructure

All university managed devices are preconfigured with the appropriate standard image and configuration as determined by Digital Services to ensure consistency, security, and optimal performance across the IT infrastructure. You must not do anything to jeopardise the integrity of the IT infrastructure by, for example, doing any of the following without approval:

• Damaging, reconfiguring or moving equipment;
• Loading software on Staffordshire University’s equipment other than in approved circumstances, where permission has been granted by Digital Services, and appropriate software licences are in place;
• Reconfiguring or connecting equipment to the network other than methods approved by Digital Services;
• Setting up servers or services on the network;
• Connecting additional equipment to the network;
• Deliberately or recklessly introducing malicious software, such as malware;
• Deliberately or recklessly introducing software or hardware which could negatively impact the experience of others, e.g. a Cryptominer;
• Attempting to disrupt or circumvent IT security measures.

Personally owned devices may connected to the university wireless networks, however, the security profile of personal devices (Antivirus configuration, security patching etc.), remains the responsibility of the device owner.

7. Information

If you handle personal, confidential or sensitive information, you must take all reasonable steps to safeguard it and must observe Staffordshire University’s Data Protection and GDPR Guidance, available at www.staffs.ac.uk/GDPR, particularly with regard to online storage, removable media, mobile and privately-owned devices. Any device used to access sensitive data must be up to date with security patches, must be configured to encrypt data, must have the screen locked when not in use, and must be physically secured at all times.

You must not infringe copyright or break the terms of licences for software or other material.

You must not attempt to access, delete, modify or disclose information belonging to other people without their permission, or explicit approval from Legal Services.

You must not attempt to create, download, store or transmit unlawful material, or material that is indecent, offensive, threatening or discriminatory. Staffordshire University has procedures to approve and manage valid activities involving such material available from the ‘College of Ethical Reviewers’ and schools Ethics Coordinators, which must be observed.

All electronic documents and data created during employment at the university are the property of the university. Upon leaving the university, staff members will lose access to university data and IT systems. Employees are prohibited from retaining any aggregated university data, including but not limited to copies of their mailbox or backups of their staff storage areas. It is the responsibility of all staff to ensure that no university information is removed or retained upon termination of their employment.

8. Behaviour

Real world standards of behaviour apply online and on social networking platforms, such as Facebook, TikTok and X (Formerly Twitter).

You should also adhere to Staffordshire University’s guidelines on social media.

You must not cause needless offence, concern or annoyance to others.

You must maintain appropriate professional boundaries between individuals, as would be expected.

You must not send or attempt to send unsolicited bulk email (spam).

You must not deliberately or recklessly consume excessive IT resources such as processing power, bandwidth or consumables.

You must not use the IT facilities in a way that interferes with others’ valid use of them.

You must not use the IT facilities to support terrorist activity, or to access or attempt to access to material promoting terrorism.

9. Monitoring

Staffordshire University monitors and records the use of its IT facilities for the purposes of:

●     The effective and efficient planning and operation of the IT facilities and University services;

●     Detection and prevention of infringement of University regulations;

●     Investigation of alleged misconduct;

●     Ensuring that, while managers may access the email and IT systems of staff members on sick leave or annual leave to maintain departmental operations, such access is not abused.  

●     Monitoring and investigating any suspected cybersecurity incidents/breaches to protect the integrity and security of University data and systems;

●     Asset Control

Staffordshire University will comply with lawful requests for information from government and law enforcement agencies.

You must not attempt to monitor the use of the IT facilities without explicit authority.

10. Infringement

Infringing these regulations may result in sanctions under the institution’s disciplinary processes as detailed in the students’ academic regulations or staff regulations. Penalties may include withdrawal of service, fines or dismissal/expulsion from the University. Offending material will be taken down. For contractors, affiliates, applicants and other users outside the scope of University regulations, any breach of these regulations may result in legal action being taken.

Information about infringement may be passed to appropriate law enforcement agencies, and any other organisations whose regulations you have breached.

Staffordshire University reserves the right to recover from you any costs incurred through your infringement.

You must inform Digital Services Service Desk within 24 hours if you become aware of any infringement of these regulations, or IT security breaches. If there is potential access of personal data beyond intended users, then the Data Protection Officer must also be informed.