UCL Policy on Electronic Mail ( )

Similar documents
Acceptable Use Policy

Acceptable Use Policy

Communication and Usage of Internet and Policy

DONE FOR YOU SAMPLE INTERNET ACCEPTABLE USE POLICY

Acceptable Use Policy

Effective security is a team effort involving the participation and support of everyone who handles Company information and information systems.

II.C.4. Policy: Southeastern Technical College Computer Use

Jacksonville State University Acceptable Use Policy 1. Overview 2. Purpose 3. Scope

Acceptable Use Policy

University Policies and Procedures ELECTRONIC MAIL POLICY

ACCEPTABLE USE ISO INFORMATION SECURITY POLICY. Author: Owner: Organisation: Document No: Version No: 1.0 Date: 10 th January 2010

PTLGateway Acceptable Use Policy

Corporate Policy. Revision Change Date Originator Description Rev Erick Edstrom Initial

Acceptable Use Policy

Acceptable Use Policy

This Policy applies to all staff and other authorised users in St Therese School.

Student Network, Computing & Software Usage Regulations Version th July 2006

Electronic Network Acceptable Use Policy

Acceptable Use Policy (AUP)

Cleveland State University General Policy for University Information and Technology Resources

NebraskaLink Acceptable Use Policy

PS Mailing Services Ltd Data Protection Policy May 2018

Draft. Policies of Colorado State University University Policy. Category: Information Technology

PURPOSE: To establish policies and procedures for the use of University-owned and -operated information technology resources.

TELEPHONE AND MOBILE USE POLICY

Acceptable Use Policy

Glenwood Telecommunications, Inc. Acceptable Use Policy (AUP)

ACCEPTABLE USE POLICY

DATA PROTECTION LAWS OF THE WORLD. Bahrain

Computer Use Regulations

USAGE POLICIES. is defamatory, offensive, abusive, indecent, obscene, or constitutes harassment;

REGULATION BOARD OF EDUCATION FRANKLIN BOROUGH

Computer Use Policy for Students and Alumni

Policy. London School of Economics & Political Science. Remote Access Policy. IT Services. Jethro Perkins. Information Security Manager.

Acceptable Use Policy

You may contact The Translation Network by at You may also call The Translation Network at

Grand Avenue Primary and Nursery School ICT Data management. Contents

region16.net Acceptable Use Policy ( AUP )

TERMS & CONDITIONS PLEASE READ THESE TERMS AND CONDITIONS CAREFULLY BEFORE USING THE SITE

STUDENT ACCEPTABLE USE OF IT SYSTEMS POLICY

Breckenridge Financial Supplies Website Use Policy

POLICY BURLINGTON TOWNSHIP BOARD OF EDUCATION. PROGRAM 2361/page 1 of 8 Acceptable Use of Computer Network/Computers and Resources M

Policy General Policy GP20

ICT Acceptable Use Policy (AUP)

13. Acceptable Use Policy

Ulster University Standard Cover Sheet

IT Appropriate Use - Best Practice for Guidelines. Section 1 - Purpose / Objectives. Section 2 - Scope / Application. Section 3 - Definitions

Data Processing Agreement

Acceptable Use Policy

ISC10D026. Report Control Information

Information Security Management System ISO/IEC 27001:2013

Acceptable Usage Policy (Student)

FreedomNet Solutions Acceptable Use Policy ( )

Each member of the St. Margaret s Community has the privilege to access Google Apps provided by the school s network

ELECTRONIC MAIL POLICY

UNIVERSITY OF MASSACHUSETTS AMHERST INFORMATION SECURITY POLICY October 25, 2017

UCA Management Policy and Guidelines

VFS GLOBAL PVT LTD PRIVACY DISCLAIMER

Guest Wireless Policy

ICT User Policy. for use in Essa Academy Essa Primary Academy Essa Nursery and Support Services

University of Liverpool

TERMS OF USE Terms You Your CMT Underlying Agreement CMT Network Subscribers Services Workforce User Authorization to Access and Use Services.

INFORMATION TECHNOLOGY SECURITY POLICY

Responsible Officer Approved by

E RADAR. All Rights Reserved. Acceptable Use Policy

Employee Security Awareness Training Program

Internet, , Social Networking, Mobile Device, and Electronic Communication Policy

Access Control Policy

Synchrotron Light Source Australia Pty Ltd

EA-ISP-009 Use of Computers Policy

UNIVERSITY OF MASSACHUSETTS AMHERST INFORMATION SECURITY POLICY September 20, 2017

Freedom of Information and Protection of Privacy (FOIPOP)

ICT Acceptable Use Policy for Students

UTAH VALLEY UNIVERSITY Policies and Procedures

Midstate Telephone & Midstate Communications. Acceptable Use Policy

COMPUTER USE POLICY Staff

Acceptable Use Policy

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

Acceptable Use Policy

Acceptable use policy for SLT idc services(ver 1.2)

Computer Use and File Sharing Policy

Staff Information System Acceptable Use Policy

Policy. London School of Economics & Political Science. Network Connection IMT. Jethro Perkins. Information Security Manager. Version 1.

Data Protection Policy

EMPLOYEE USE OF TECHNOLOGY AGREEMENT

Data protection. 3 April 2018

The AUP applies to all Snowball products and services but is in particular applicable to internet services.

UWC OF WESTERN CAPE (UWC)

Emergency Nurses Association Privacy Policy

Electronic Communications with Citizens Guidance (Updated 5 January 2015)

Brazosport Independent School District Employee/Agent Acceptable Use Agreement For Internet/Network Access and Use

PS 176 Removable Media Policy

By accessing or using My59/59club/ Tell site, you agree to be bound by these Terms of Service.

Acceptable Use Policy Updated 1/16/2018

TIA. Privacy Policy and Cookie Policy 5/25/18

ID. Category of personal data Source of the data

IT ACCEPTABLE USE POLICY

Data Protection Policy

Information Security Policy

COUNTY OF RIVERSIDE, CALIFORNIA BOARD OF SUPERVISORS POLICY. ELECTRONIC MEDIA AND USE POLICY A-50 1 of 9

Transcription:

LONDON S GLOBAL UNIVERSITY UCL Policy on Electronic Mail (EMAIL) Information Security Policy University College London Document Summary Document ID Status Information Classification Document Version TBD Approved Public Approved by the Information Risk Governance Group 10 April 2017 University College London, Gower Street, London WC1E 6BT Tel: +44 (0)20 7679 2000 www.ucl.ac.uk

1. Introduction Electronic mail (email) is an important means of communication for UCL and it provides an efficient method of conducting much of UCL's business. This document sets out UCL's policy on the use of email, including use for teaching, research and administration. 2. Scope This policy has the scope defined in section 1.4 of the UCL Information Security Policy and includes, but is not limited to, any UCL system providing email services or any email service accessed from a UCL facility or any email service provided on behalf of UCL or a UCL department by a third party. The policy affects both users and managers of all such email services. 3. Appropriate Use of UCL Email Services 3.1. Use of email services is subject to all the same laws, policies, and codes of practice that apply to the use of other means of communications, such as telephones and paper records, and shall comply with the UCL Computing Regulations. All students of UCL and those staff whose duties require it, should have a UCLprovided email account which is to be used for email communications carried out for UCL related activities. 3.2. Users may not use UCL email services and/or facilities, to transmit: commercial material unrelated to the legitimate educational business of UCL, including the transmission of bulk email advertising (spamming); bulk non-commercial email which is likely to cause offence or inconvenience to those receiving it. This includes the use of email exploders (i.e. listservers) at UCL and elsewhere, where the email sent is unrelated to the stated purpose for which the relevant email exploder is to be used (spamming); unsolicited email messages requesting other users, at UCL or elsewhere, to continue forwarding such email messages to others, where those email messages have no educational or informational purpose (electronic chain letters); email messages which purport to come from an individual other than the user actually sending the message, or with forged addresses (spoofing); material which is offensive or inappropriate; material that incites criminal activity, or which may otherwise damage UCL's research, teaching, and commercial activities, in the UK or abroad; material to which a third party holds an intellectual property right, without the express written permission of the rightholder; UCL Policy on Electronic Mail (EMAIL) Page 1 of 6

material that is defamatory, libellous, harassing, threatening, discriminatory or illegal (see the Guide to Non-discriminatory Language on the Human Resources Division web-site); material that could be used in order to breach computer security, or to facilitate unauthorized entry into computer systems; material that is likely to prejudice or seriously to impede the course of justice in UK criminal or civil proceedings; messages that could imply the creation of an order or contract contrary to UCL Financial Regulations. 3.3. Caution should be exercised when drafting email which references personal data. Encryption may be used to ensure confidentiality, but if there is any uncertainty about such email, advice should be sought from the Data Protection Officer. 3.4. Whilst UCL provides staff with access to email systems for the conduct of UCLrelated business, incidental and occasional personal use of email is permitted so long as such use does not disrupt or distract the individual from the conduct of UCL business (i.e. due to volume, frequency or time expended) or restrict the use of those systems for other legitimate users. (See definition of reasonable personal use in the UCL Computing Regulations.) 3.5. Users must not knowingly allow anyone else to send email using their accounts. Users will be deemed liable for any email or activity from their accounts. 3.6. The Information Security Group (ISG) may use email to test user susceptibility and to improve security awareness. 4. Email Servers Email servers must be registered with ISD in order to be able to send outgoing external email or receive incoming external email. Such servers must not act as open relays nor may they run open proxies. 5. Viruses and other malware All reasonable steps must be taken to prevent the propagation of computer viruses or other malware by email. Incoming and outgoing email must be routed via mail servers (including any such services operated by third parties on behalf of UCL) which must run adequate malware detection software. Systems must run up-to-date anti-malware software where available; the operating system must also be patched regularly 6. Penalties for Improper Use of Email Services Failure to comply with this email policy could result in access to the service being withdrawn or, in more serious cases, to disciplinary action being taken, and/or civil action, and/or criminal prosecution. In determining whether email messages are in breach of this policy managers may seek advice from the Director of ISD. UCL Policy on Electronic Mail (EMAIL) Page 2 of 6

7. Privacy and Security 7.1. Email, like all methods of communication, cannot be assumed to be secure. It cannot be assumed that email will be correctly delivered or that the sender is as claimed in the mail headers. Steps must be taken to minimise the risk of interception or breaches of confidentiality. These steps include: not divulging your user passwords to anyone (including in email) not knowingly allowing anyone else to send email from your account You should also consider the following guidelines when sending email: ensuring that you identify and use the correct recipient email address considering anonymising references to specific individuals confirming the identity of an email sender where there is reason to question this adopting a risk-based approach to deciding what information is appropriate to be sent by email. Where an issue is particularly sensitive or confidential, email is unlikely to be a sufficiently secure method of communication and should be avoided. 7.2. The use of email disclaimers is discouraged. 7.3. Users should be aware that deletion of an email message by both sender and receiver does not mean that the message no longer exists on their systems or on the systems through which it passed. Conversely, when a message has been transmitted, it is not necessarily the case that a record of it will exist or be accessible. 7.4. Ex.-staff email will be deleted one year after they leave UCL unless otherwise authorised. For further advice see the UCL Records Management retention schedule available here: http://www.ucl.ac.uk/library/docs/retention-schedule.pdf 7.5. Users may not, under any circumstances, monitor, intercept or browse other users' email messages. UCL reserves the right to inspect, copy and/or remove user data in order to investigate operational problems or for the detection and investigation of suspected misuse. This includes the authorized interception and monitoring of communications as provided for by The Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000, made under the Regulation of Investigatory Powers Act 2000. For example, monitoring of user accounts might occur if the University has reason to believe that its computer facilities were being misused to send unsolicited commercial emails. UCL Policy on Electronic Mail (EMAIL) Page 3 of 6

Any monitoring of UCL systems and networks may be carried out only in accordance with the UCL Policy on Monitoring Computer and Network Use. UCL reserves the right to access and disclose the contents of a user's email messages, in accordance with its legal and audit obligations, and for legitimate operational purposes. UCL reserves the right to demand that encryption keys, where used, be made available so that it is able to fulfil its right of access to a user's email messages in such circumstances. For the avoidance of doubt, this section does not preclude third parties who operate services on behalf of UCL from carrying out lawful monitoring and disclosure on their systems and networks. 7.6. Any device holding mail messages, email addresses (or any other confidential material) must be password protected. 8. Status of this document This document is a part of UCL's information security policy and has been approved by UCL's Information Risk Governance Group. UCL Policy on Electronic Mail (EMAIL) Page 4 of 6

Document Control Sheet Revision History Date of this revision: 14.02.2017 Date of next revision: TBD Revision date Summary of Changes 14.02.2017 3 Appropriate Use of UCL Email Services Replaced on UCL business with for UCL related activities. Added 3.6 The Information Security Group (ISG) may use email to test user susceptibility and to improve security awareness. 4 Email Servers Deleted Departmental Replaced Information Systems with ISD 5 Viruses Added and other malware to the heading Viruses Added or other malware to of computer viruses or other malware by email. Deleted central or departmental from routed via central or departmental mail.. Replaced hubs with servers Replaced virus with malware Added Systems must run up-to-date anti-malware software where available. All desktop systems should have anti-malware software installed and kept up to date; the operating system must also be patched regularly. 7.4 Deleted There is no UCL policy on retention of email. Added Ex.-staff email will be deleted one year after they leave UCL unless otherwise authorised. For further advice see the UCL Records Management retention schedule available here: http://www.ucl.ac.uk/library/docs/retentionschedule.pdf 7.6 Replaced personal organizer, etc. with device Replaced should with must 8 Status of this document Replaced Information Strategy Committee with Information Risk Governance Group UCL Policy on Electronic Mail (EMAIL) Page 5 of 6

Approvals Endorsed by the Information Strategy Committee Endorsed by the Security Working Group Endorsed by the Information Risk Management Group Approved by the Information Risk Governance Group 1-Dec-2009 22-Feb-2017 30-Mar-2017 10-Apr-2017 UCL Policy on Electronic Mail (EMAIL) Page 6 of 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback