Institute of Professional
Legal Studies (IPLS)
Acceptable Use Policy for Computers and Information Technology [Interim
policy]
Purpose
This policy defines the
responsibilities of staff and trainees when using the computing and information
technology facilities and services provided by IPLS.
Adherence to this policy will help IPLS deliver effective and
secure computing and information technology facilities and services.
Scope
This
policy applies to all IPLS:
|
|
computing and network resources, including host computer
systems, workstations, software, data sets, and communications networks
controlled, administered, or accessed directly or indirectly by IPLS computer
Users (“IT Resources”) |
|
|
employees and trainees (whether permanent, temporary or part-time),
honoree staff, contractors, sub-contractors, consultants, business partners
or official visitors who may operate or access IPLS IT Resources (“Users”) |
Compliance
Compliance with this policy is mandatory for all Users.
NOTE: This policy is yet to be
approved by the Council of Legal Education and constitutes an interim policy of
IPLS.
Sanctions
for policy violations
A breach of the provisions of this
policy may directly or indirectly result in any or all of the following
consequences:
|
|
restriction or termination of a User’s access to IT
Resources, the summary suspension of such access, and/or rights pending
further disciplinary action; |
|
|
the initiation of legal proceedings by law enforcement
officials including but not limited to, criminal prosecution under
appropriate laws; |
|
|
the requirement to provide compensation for any loss or
costs resulting from improper use of services; |
|
|
disciplinary sanctions, which may include dismissal or
expulsion. |
Many course and work-related activities require the use of IT
Resources. In the event of an imposed restriction or termination of access to
some or all IT Resources, a User enrolled in such courses or involved in
computer-related work activities may be required to use alternative facilities,
if any, to satisfy the obligations of such courses or work activity.
However, Users are advised that if such alternative
facilities are unavailable or not feasible, it may be impossible to complete
requirements for course work or work responsibility. IPLS views misuse of
computers as a serious matter, and may restrict access to its facilities even
if the User is unable to complete course requirement or work responsibilities
as a result.
General
Principles
Users are expected to use IT Resources in a responsible and
efficient manner, as described in this policy.
IPLS does not routinely inspect or monitor IT Resources but
does reserve the right to do so, including individual login sessions if:
|
|
there are reasonable grounds to suspect a User is violating
this policy or any other IPLS policy or regulation |
|
|
required to by and consistent with New Zealand law; or |
|
|
for systems maintenance, problem resolution and capacity
planning purposes or for similar reasons related to performance or
availability. |
Policies
1. A User may not without
authority gain access or attempt to gain access to IT Resources
Users must:
|
i) |
satisfy all reasonable demands by authorised staff to
demonstrate that they are permitted to use the IT Resources |
|
ii) |
identify themselves, upon request, to authorised staff by
presentation of valid identification. If a User cannot produce valid
identification then they must stop using the IT Resources and leave the
facility if requested to do so |
|
iii) |
only log in to IT Resources using their authorised computer
account or accounts |
|
iv) |
not allow any other person to use their individual User ID
and password to access IT Resources or any software or network forming part of or enabling
access to IT Resources. Users are responsible for any use of their
computer account. If an individual User ID is shared or the password divulged
the holder of the account may lose account privileges and be held personally
responsible for any actions that arise from the misuse of the account. |
2. A User may not obtain or
attempt to obtain from the IT Resources any information which they have not
been authorised to access
Users must:
|
i) |
not attempt to discover or change any other person's
password |
|
ii) |
not attempt to modify system facilities to illegally obtain
extra resources |
|
iii) |
use only those resources, facilities and data that have
been made available for general access, or those which the User has been
authorised to access |
|
iv) |
not attempt to subvert the restrictions associated with any
computer system, computer account, network service or personal computer
protection software. |
3. A User may not use the IT
Resources to make unauthorised use of any other system, whether within IPLS or
outside it
The IT Resources are provided for IPLS-related activities
such as approved course work and research and other directly related tasks.
IPLS permits staff and students to use IT Resources for personal use providing
it is not inconsistent with their employment or their conditions of enrolment.
Users must not:
|
i) |
conduct, promote or advertise an unauthorised personal
commercial enterprise |
|
ii) |
conduct or attempt to conduct unauthorised security
experiments or security scans involving or using IT Resources |
|
iii) |
intentionally or negligently (i.e. wilfully ignoring good
practice) introduce computer viruses or worms |
|
iv) |
copy, reproduce in any form,
translate, adapt, modify, vary, decompile, disassemble or reverse engineer
any software or network forming part of or enabling access to IT Resources. |
4. A User may not wilfully impede
or attempt to impede the operation or activity of any other authorised User
Users must:
|
i) |
use the IT Resources in a considerate, ethical
and lawful manner |
|
ii) |
not abuse or misuse IT Resources; e.g. spam email
systems |
|
iii) |
not remove material (e.g. printouts) belonging to other
Users |
|
iv) |
leave all support materials provided by IPLS (e.g. manuals,
CD-ROMS, etc.) in the facility |
|
v) |
take care when downloading, installing and running “unknown”
software, i.e. programs written by people you don't know or trust. If in any
doubt, Users should ask their Branch Administrator to check for compatibility
and security issues |
|
vi) |
not alter their network identity to deceive or confuse
others |
|
vii) |
not attempt to modify system facilities to degrade the
performance of any system. |
5.
A User may
not use or attempt to use IT Resources so as to cause costs to be incurred:
1) by IPLS, without the consent of a duly authorised
person;
2) by any person or organisation other than IPLS,
without the consent of that other person or organisation
Users must:
|
i) |
not damage IT Resources or equipment |
|
ii) |
not intentionally develop or use programs that infiltrate a
computing system, or damage or alter the software components of a computing
system |
|
iii) |
satisfy the licensing requirements for all software
installed or used on IPLS computers, e.g. commercial software (including
shareware) must have a valid license for each User |
|
iv) |
only connect non-IPLS client devices (e.g. laptops
belonging to trainees or contractors) to the network if the following
criteria are met: |
|
- connection is via approved facilities |
|
|
v) |
keep all food, drink, chewing gum etc. away from IT
Resources. Such material can damage equipment if dropped or spilled. |
6.
A User may
not use the system to display, to transmit or to make available for
transmission through computer networks, any work or publication, including
files containing any text, image, sound or multimedia, that:
(i) is abusive or defamatory; is
likely to threaten the safety of any person, or causes racial disharmony,
sexual harassment or racial harassment in terms of the Human Rights Act 1993
(ii) contravenes the rights of
any person under the Privacy Act 1993
(iii) reproduces all or part of
any electronic or other publication in breach of copyright
(iv) has been composed knowingly
so as to appear to have been produced by another person
(v) knowingly misquotes, abridges
or alters the publication of any other person so as to alter the meaning of
that publication without either the prior approval of that person or a clear
statement as to the identity of the author of the altered publication.
Users must not:
|
i) |
transmit, access or make available material that is
perceived to be pornographic, offensive, discriminatory, abusive, defamatory,
threatening or harassing in nature |
|
ii) |
collect, store, access, disclose or correct personal
information held by IPLS without authority in contravention of the rights of
any person under the Privacy Act 1993 |
|
iii) |
illegally use, copy, transfer, decompile or disclose any
commercially licensed computer software installed on IPLS computers or on any
other network |
|
iv) |
engage in any activity that is in breach of copyright; e.g.
copying, downloading or distributing copyright music files |
From time to time Users may find it necessary to receive
information or access websites in a manner that would otherwise breach this
policy. It is anticipated that this would occur where such material would be
topical to a particular research topic. When this is necessary, the User should
obtain specific written authorisation from the IPLS National Director prior to
accessing such sites.
7.
A User may
not breach any Guideline that may, from time to time, be issued by the IPLS
National Director.
Users must:
|
i) |
not jeopardise the security of any system or service |
|
ii) |
keep their computer password confidential |
|
iii) |
where systems currently permit it, select a password that
conforms to the IPLS minimum password standard [refer to guidelines in
Appendices below] |
|
iv) |
either log-off or secure their computer screen with a
password protected screensaver when leaving it unattended |
|
v) |
ensure that they comply with all applicable information
security policies notified to them through email, through IPLS communications
or by other accepted and recognised means. |
