IT code of practice regulations

1. Scope

These regulations apply to anyone using the IT facilities provided or arranged by the University of Sheffield.

Facilities include

• hardware
• software
• data
• network access
• third-party services
• online services
• IT credentials

2. Governance

When using IT, you remain subject to the same laws and regulations as in the physical world.

Laws

Your conduct should be lawful. Ignorance of the law is not considered to be an adequate defence for unlawful conduct.

If you're accessing services from another jurisdiction, you must abide by all relevant local laws, as well as those in the location of the service.

University regulations

You're bound by the University's general regulations and the "Regulations on the Use of Computing Facilities" when using the IT facilities.

Read the University's general regulations

If additional policies or processes are needed for specific IT facilities, such as for those with privileged access, these will be communicated to you and you must abide by them.

Third-party regulations

You must abide by the regulations of any other organisation whose services you access, such as Janet, Eduserv and Jisc Collections. When using services via eduroam, you're subject to both the regulations of the University of Sheffield and the institution where you're accessing services.

Some software licences procured by the University will set out obligations for the user. These should be adhered to.

If you use any software or resources covered by a Chest agreement, you are deemed to have accepted the Eduserv User Acknowledgement of Third-Party Rights. 

See the accompanying IT code of practice guidance for more detail.

Breach of any applicable law or third-party regulation will be regarded as a breach of these IT regulations.

3. Authority

These regulations are issued under the authority of the Director of IT Services, who acts on behalf of the University Executive Board IT sub-group. The Director is also responsible for interpreting and enforcing the regulations, and they may delegate this authority to other people.

You must not use the IT facilities without the permission of the Director of IT Services or the person or body the facilities belong to.

You must comply with any reasonable written or verbal instructions issued by people with delegated authority in support of these regulations. If you feel that any instructions are unreasonable or aren't in support of these regulations, you may appeal to the Director of IT Services or the head of the department that the facilities belong to.

4. Intended use

We provide the IT facilities for uses that support the aims of the University. For example, they may be used to support a course of study, for research or in connection with your employment by the University.

You can use these facilities for personal activities, provided that they don't infringe any of the regulations or interfere with others' valid use. However, this is a privilege that may be withdrawn at any point.

If you wish to use these IT facilities for non-University commercial purposes or personal gain, you need explicit approval from the Director of IT Services.

Use of certain licences is only permitted for academic use and where applicable to the code of conduct published by the Combined Higher Education Software Team (Chest).

See the accompanying IT code of practice guidance for more detail.

5. Identity

You must take all reasonable precautions to safeguard any IT credentials issued to you, such as

• a username and password
• an email address
• a smart card or other identity hardware

You must not

• allow anyone else to use your IT credentials. No one has the authority to ask you for your password, and you must not disclose it to anyone
• attempt to obtain or use anyone else's credentials
• impersonate someone else or otherwise disguise your identity when using the IT facilities
• reuse your University credentials on any external service, such as your University username and password

6. Infrastructure

You must not do anything to jeopardise the integrity of the IT infrastructure. For example, you must not do any of the following without approval:

• Damage, reconfigure or move equipment.
• Load software onto University equipment other than in approved circumstances.
• Reconfigure or connect equipment to the network other than by approved methods.
• Set up servers or services on the network.
• Deliberately or recklessly introduce malware.
• Attempt to disrupt or circumvent IT security measures of any device, network, system or account, including authentication controls.

You must abide by the University's IT code of connection when connecting devices to the University network.

7. Information

You must abide by the University's policies and procedures when using the IT facilities to publish information.

Handling personal data

If you handle personal, confidential or sensitive information, you must

• take all reasonable steps to safeguard it
• observe University Data Protection and Information Security policies and guidance (student or staff login required), particularly on removable media, mobile and privately owned devices

Copyright

You must not infringe copyright, or break the terms of licences for software or other material.

You must not attempt to access, delete, modify or disclose information belonging to other people without their permission. If this isn't possible, you must gain explicit approval from the Director of IT Services and the head of the department concerned.

Inappropriate material

You must not create, download, store or transmit material that is

• unlawful
• indecent
• offensive
• threatening
• discriminatory
• extremist

The University has procedures to approve and manage valid activities involving such material, which must be observed.

Refer to our ethics policy

When we may share your information

The University reserves the right to access and share information held against University accounts when there is a legislative and regulatory need, such as a Subject Access Request under the Data Protection Act 2018. Only information relevant to valid Subject Access Requests will be shared.

8. Behaviour

Real-world standards of behaviour apply online and on social networking platforms, such as Facebook, Blogger and Twitter.

You should adhere to University guidelines on social media, as well as departmental guidelines where necessary.

You must not

• cause needless offence, concern or annoyance to others
• send spam (unsolicited bulk email)
• deliberately or recklessly consume excessive IT resources, such as processing power, bandwidth or consumables
• use the IT facilities in a way that interferes with others' valid use of them

9. Monitoring

The University monitors and records the use of its IT facilities to

• perform academic and administrative functions
• meet legal and regulatory obligations to sector bodies and government
• effectively and efficiently operate and make plans for the IT facilities
• detect and prevent infringement of these regulations
• investigate alleged misconduct

The University will comply with lawful requests for information from government and law enforcement agencies.

You must not attempt to monitor the use of the IT facilities without explicit authority from the Director of IT Services.

10. Infringement

Infringing these regulations may result in sanctions under the University’s disciplinary processes.

Penalties may include the temporary or permanent withdrawal of services. Offending material will be taken down.

Information about infringement may be passed to

• appropriate law enforcement agencies
• any other organisations whose regulations you have breached

The University reserves the right to recover any costs from you that were incurred as a result of your infringement.

You must inform us if you become aware of any infringement of these regulations.

How to let us know about an IT incident

More information

The issues covered by these regulations are complex.

If you need further information, we'd encourage you to read the accompanying guidance notes. These give more detailed information that we hope you will find useful.

If these don't contain the information you need, contact the IT Service Desk.

See the accompanying IT code of practice guidance for more detail.