Acceptable Use of It Policy – Staff

Scope Of This Policy

• Those that use the School’s electronic mail services and/ or the internet and computers/ mobile devices are expected to do so responsibly and to comply with all applicable laws and procedures of International School Pune, and with normal standards of professional and personal courtesy and conduct.
• Emails and the internet can be extremely valuable tools in an educational context, encouraging the development of communication skills, and transforming the learning process by opening up possibilities that, conventionally, would be impossible to achieve. International School Pune encourages the use of electronic mail as a medium for paper mail replacement and as a means of enhancing communications.
• The internet
• Email
• Mobile phones and smartphones
• Desktops, laptops, netbooks, tablets
• Personal music player
• Devices with the capability of recording and/ or storing still or moving images
• Social networking and blogging
• Instant messaging (including images and video messaging via apps such as (WhatsApp and Snapchat), chat rooms, blogs and message boards
• Webcams, video hosting sites (such as YouTube)
• Gaming sites
• Virtual Learning Environments such as Teams and G-Suite
• Smart boards
• Other photographic or electronic equipment e.g. Smart watches, GoPro and drones.
• This policy applies to the use of technology on School premises
• This policy applies to the use of technology off School premises if the use involves students or members of the School community, or where the culture or reputation of the School are put at risk. Additional rules on the use of technology in boarding houses should be provided in the Boarders’ Handbook.
• Other related policies:
  • Behaviour Policy
  • Anti-bullying Policy
  • Online Safety Policy
  • Safeguarding Policy.

Aims Of The Policy

• To educate and encourage staff to make good use of the working procedures and educational opportunities presented by access to technology
• To safeguard and promote the welfare of staff, in particular by anticipating and preventing the risks that may arise from:
  • Exposure to harmful or inappropriate material (such as radicalization, racist, extremist, pornographic or offensive materials).
  • The sharing of personal data, including images, video and audio.
  • Inappropriate online contact or conduct.
  • Cyberbullying and other forms of abuse.
• To minimize the risk of harm to the assets and reputation of the School.
• To empower staff to take responsibility for their own safe use of technology.
• To ensure that staff use technology safely and securely and are aware of the both external and peer to peer risks when using technology.
• To prevent the unnecessary criminalization of staff.

Email And Internet Use

• Email and the internet/ intranet are business tools provided to staff and other users at a significant cost. It is expected that this resource will be used primarily for business related purposes. Reasonable access and use of the internet/ intranet and email facilities is also available to recognised representative of professional associations e.g. Union Officers and Inspectors.
• International School Pune businesses must always be conducted through official email addresses, which must be secured with password controls. Staff should respond to emails during working hours in a timely and appropriate fashion.
• Email should be treated as a form of written communication and, as such, the content should be appropriate, accurate and data protection compliant.
• Extreme care must be taken with attachments from third parties, particularly unidentified third parties, as these may contain viruses.
• Email must not be used to receive, send or forward messages that are defamatory, obscene or otherwise inappropriate. If such an email is received, whether unwittingly or other otherwise and from whatever source, this must not be forwarded to any other address and must be reported immediately.
• Email media must not be used for knowingly viewing, transmitting, retrieving or storing any communications that is: discriminatory or harassing, derogatory to any individual or group, obscene or pornographic, defamatory or threatening, illegal or controversial to International School Punes policies or business interests.
• All forms of chain mail are unacceptable and the transmission of usernames, password or other information related to the security of the School’s computers/ devices is not permitted.

Using The School’s IT Systems/ Equipment

• Computers/ laptops, School telephones, mobile phones, other mobile devices loaned to employees by the School are provided solely to support their professional responsibilities.
• All staff (permanent and contract) are responsible for the safe and proper use, care and security of equipment and systems provided. Devices must be secured appropriately especially when leaving the School premises (i.e. not left unattended) and protected from unauthorized access or use (i.e. not assessed by family members). Any loss, damage or unauthorized access must be reported immediately.
• Staff (permanent and contract) must not use School equipment, networks or system access, download, send or receive, store, create, copy or distribute any material which may be malicious, illegal, libelous, immoral, dangerous or offensive (this includes but is not limited to pornographic, sexual, violent or criminal content and racist, sexist, or otherwise discriminatory material).
• Any appropriate and authorized electronic communication with students must be through official School network, channels, and systems an on School equipment.

Social Networks

• Social networking applications include but are not limited to:
  • International School Pune Website
  • Online discussion forums, for example Facebook
  • Media sharing services, for example YouTube
  • Professional networking sites, for example LinkedIn
  • Micro blogging applications, for example Twitter
• Where the School operates official networking sites, these must be managed and used in accordance with this policy. This includes the following requirements:
• Use of official (i.e. not personal) email addresses and user accounts.
• Appropriate feedback and complaints information must be published in a prominent place which is easily accessible to other users.
• The School logo and other branding elements should be used to indicate the Schools support. The School logo should not be used on social networking applications which are unrelated to or are not representative of the Schools official position.
• Users should identify themselves as their official position held within the trust/ the Schools on social networking applications.
• Any contributions on any social networking application must be professional, uphold the reputation of the School and be in accordance with data protection requirements.
• Users must not promote or comment on personal matters (including personal/ financial matters), commercial ventures, political matters or campaigns, religion or other matters.
• Personal use of social media and other on-line applications which may fall into the public domain should not be such that it could bring the School into disrepute and/ or call into question an individual’s suitability to work with children.

Personal Use Of School Equipment/ Networks

• The School’s email, telephone, equipment, systems and internet service may be used for incidental personal purposes, with the approval of the line manager that it does not:
  • Interfere with the School’s operation of computing facilities or email services.
  • Interfere with the user’s employment or other obligations to the School
  • Interfere with the performance of professional duties
  • Is of a reasonable duration and frequency
  • Is performed in no-work time
  • Does not over-burden the system or create any additional expense to the School.

• Such use must not be for unlawful activities, commercial purposes not under the auspices of the School, person financial gain, personal use inconsistent with other School policies or guidelines, ordering of goods to be delivered to the School address, or in the School’s name.

Security

• The School follows sound professional practices to secure e-mail records, networks, data and system programmes under its control. As with standard paper-based mail systems, confidentiality of e-mail cannot be 100% assured. Consequently, users should consider the risks when transmitting highly confidential or sensitive information and use appropriate measures of security.
• Enhancement of the base level security to a higher or intermediate level can be achieved by the use of password for confidential files. It should be remembered e-mails forwarded from another individual can be amended by forwarder. This possibility should be considered before acting on any such email.
• In order to effectively manage the security of the email system, the following should be adhered to:
  • Open mailboxes must not be left unattended
  • Care should be taken about the content of an e-mail as it has the same standing of a memo or letter.
  • Report immediately to IT department when a virus is suspected.
  • Use appropriate security measures such as encryption/ password protection to transmit confidential or sensitive information
  • Ensures all devices and system access are password protected
  • Use secured memory sticks (all laptops, memory sticks and devices used must be encrypted)
  • Ensure that students are not exposed to any inappropriate images or web links
  • Respect all copyrights and not copy, retrieve, modify or forward copyright materials except as permitted by the copyright owner.
• Users must not:
  • Use, transfer or tamper with other people’s accounts and files
  • Use anonymous mailing services to conceal identity when mailing through the Internet, falsify e-mails to make them appear to originate from someone else, or provide false information to any Internet service which requests name, email address or other details.
  • Use electronic media and services in a manner that is likely to cause network congestion or significantly hamper the ability of other people to access and use the system
  • Store sensitive or confidential data on their own equipment – this extends to personal cameras, mobile phones and other similar devices without permission from the Principal.
  • Use the internet/ intranet facilities or equipment to deliberately create any virus, worm, Trojan horse or any such other programme that is harmful to normal computer operations.
  • Monitor or intercept the files or electronic communications of other workers or third parties
  • Hack or obtain access to systems or accounts they are not authorized to use
  • Use other people’s log-ins or passwords
  • Breach, test, or monitor computer or network security measures without authorization.
• Where any security breach or inappropriate connection or ICT activity occurs, the user must immediately disconnect/ log out and report immediately.
• For the sake of transparency, the Head of ICT will only monitor another member of staff’s email if a member of SLT (or a member of staff who is not a member of SLT but who has raised the matter with the Principal, the Deputy Head Pastoral/DSL or CFO/Bursar) has cause for concern; and only then in the presence of either the Principal, Deputy Head Pastoral or CFO.  In addition, the Deputy Head Pastoral/DSL monitors email communications between students and staff to ensure that professional standards are maintained.

Privacy And Monitoring

• The School respects users’ privacy. Email content will not be routinely inspected or monitored, nor content disclosed without the originator’s consent. However, workers should not have any expectation or absolute privacy in his or her use of the School systems or equipment (including but not limited to networks/ servers/ internet usage/ Wi-Fi). Under the following circumstances, such action may be required:
  • When required by law.
  • If there is a substantiated reason to believe that a breach of the law or in the School’s policies has taken place.
  • When there are emergency or compelling circumstances, such as in a disciplinary investigation
  • If the School suspects that the employee has been viewing/ transmitting offensive or illegal material.
  • If the School suspects that the employee has been spending an excessive amount of time on activity which is not work-related
  • Where required for compliance checks e.g. auditors, data protection
• The School reserves the right, at its discretion, to review any employee’s electronic files and messages to the extent necessary to ensure electronic media and services are being used in compliance with the law, this policy and other School policies.
• Employees should not have any expectation of privacy to his or her internet usage. The International School Pune will endeavour to notify affected individuals of any monitoring which will be take place and the reason for it, what information will be recorded and retained, and for how long, who will have access an how such information will be used, which will include using such information for disciplinary purposes where applicable, save in exceptional circumstances (see below). The School reserves the right to inspect any and all files stored in computers or on the network in order to assure compliance with this policy. Auditors or any other representative of the authorities must be given the right of access to any document, information or explanation that they require.
• Use of employee’s designated personal files area on the network servers provide some level of privacy in that it is not readily accessible by other members of staff.

These files areas may however be monitored to ensure adherence to the School polices and the law. The employee’s personal file area is disk space on a centralised area allocated to that particular employee. Because it is not readily accessible to colleagues it should not be used for the storage of documents or other data that should be open and available to others.

• Managers will not routinely have access to an employee’s personal file area. However, usage statistics/ management information on usage size of drives or a report outlining the amount of information held on an individual’s personal file area may be made available.
• Any worker who is unsure about whether or not something he/ she proposes to do might breach policy should seek advice from the Principal. Deputy Head Pastoral (DSL) or CFO (Bursar).
• International School Pune considers the following to be valid reasons for checking an employee’s email (although this list is not exhaustive):
  • If an employee is absent for any reason and communications must be checked to ensure the smooth running of the School to continue;
  • If the School suspects that the employee has been viewing or sending offensive or illegal material, such as material containing racist terminology or nudity (although the School understands that it is possible for workers inadvertently to receive such material and they will have the opportunity to explain if this is the case);
  • If the School suspects that an employee has been using the email system to send and receive an excessive number of personal communications (or any personal emails if this is prohibited); and if the School suspects that the employee is sending or receiving emails that are detrimental to the School or its students.
• The School may monitor communications without notification in certain, specific circumstances, including but not limited to:
  • Establish the existence of facts relevant to the School e.g. whether a contract was entered into by email;
  • Ascertain compliance with regulatory or self-regulatory practices e.g. checking that the School is complying with external or internal regulations;
  • Ascertain or demonstrate standards that are or ought to be achieved by workers using the system;
  • Investigate or detect unauthorized use of the telecommunication system, which would include checking that workers are not breaching the School’s policy on email and internet use;
  • Ensure the effective operation of the system, for example through virus monitoring.
• Procedures for checking communications:
  • If there are grounds to suspect that an employee’s email and/ or files needs to checked, The Principal, Deputy Head Pastoral (DSL) and the Head of ICT (Network Manager) will meet to view the relevant email and/ or file. This requires the Network Manager disabling the employee’s access without notice, in the presence of the Principal and Deputy Head after which informed decisions will be made regarding next steps.

Email And Internet Use At Home

• Access to the internet from an employee’s home using a School owned computer/ mobile device or through School-owned connections must adhere to all the policies that apply to use within the School. Family members or other non-employees must not be allowed to access the Schools computer system or use the School’s computer facilities, without the formal agreement of the Principal.

Email Protocols

Users must:

• Not ignore emails. The system is designed for speedy communication. If the message requires a reply, a response should be sent promptly.  Staff should aim to reply to any parental email within 24 hours, even if it is just a ‘holding response’ to acknowledge receipt but to ask for more time to investigate a matter before a more detailed reply can be sent.
• Not use anonymous mailing services to conceal the identity when mailing through the Internet, falsify emails to make them appear to originate from someone else, or provide false information to any Internet service which requests name, email address or other details.
• Not abuse others even in response to abuse directed at themselves.
• Not use electronic media and services in a manner that is likely to cause network congestion or significantly hamper the ability of other people to access and use the system.
• Not use email, either internally or on the Internet, to sexually harass fellow employees, or harass or threaten anyone in any manner.
• Not use, transfer and tampering with other people’s accounts and files.
• Respect all copyrights and cannot copy, retrieve, modify or forward copyrighted materials except as permitted by the copyright owner.
• Not use the internet/ intranet facilities or equipment to deliberately propagate any virus, worm, “Trojan horse” or any such other programme that is harmful to normal computer operations.
• Not access any obscene or pornographic sites. Sexually explicit or other offensive material may not be viewed, archived, stored, distributed, edited or recorded using the Schools networks or computing resources. Any unintentional access to inappropriate internet sites must be reported immediately to the respective line manager or Principal. Any failure to report such access may result in disciplinary action.
• Except in cases when explicit authorization has been granted by the Principal, employees are prohibited from engaging in, or attempting to engage in:
  • Monitoring or intercepting the files or electronic communications of other employees or third parties.
  • Hacking or obtaining access to systems or accounts they are not authorized to use.
  • Using other people’s log-ins or passwords.
  • Breaching, testing, or monitoring computer or network security measures.
  • Email or other electronic communication that attempts to hide the identity of the sender or represent the sender as someone else.
  • Interfering with other people’s work or computing facilities.
  • Sending mass email without consultation with the Principal or a senior manager.
  • Using the Internet for personal commercial purposes.

Data Protection

• The Data Protection Act 2018 and GDPR regulations 2018 prohibits the disclosure of personal data except in accordance with the principles of the Act. This prohibition applies to email in the same way as other forms of media. Information gathered on the basis that it would be seen by specified employees must not be given to a wider audience.

• The School has a responsibility for any data processed or stored on any of its equipment. Any employee monitoring will be carried out in accordance with the principles contained in the Code of Practice issued by the Information Commissioner under the provisions of the Data Protection Act 1998 and GDPR 2018.

• In order to comply with its duties under the Human Rights Act 1998, the School is required to show that it has acted proportionately, i.e. are not going beyond what is necessary to deal with the abuse and that need to investigate outweigh the individual’s right to privacy, taking into account the School’s wider business interests.

• Auditors (internal or external) are able to monitor the use of School IT equipment and storage of data. They are bound by the provisions of the Human Rights Act 1998, the Data Protection Act 1998, associated codes of practice and other statutory provisions and guidance, including the Regulation of Investigatory Powers Act 2000 in respect of any activity that could be classed as directed surveillance.

Mobile Phones And Other Electronic Devices

• It is accepted that individuals may bring personal mobile phones to School. Personal mobiles should have security codes to prevent unauthorised access by other persons and must be stored securely and not accessible to students at any time.
• Under normal circumstances, employees are not permitted to use their personal mobiles phones to call, text, email or in any other way message students/ parents/ carers; nor may they divulge their personal telephone number(s) or other contact details to students under any circumstances.
• Workers are required to ensure mobile telephones are switched off/ to silent during working hours and accessed only during authorised breaks.
• Any personal use of such equipment must be restricted to an employee’s break times or outside of normal working hours and must not impact on their duties in any way.
• Additionally, specific permission must be obtained prior to connecting any device to School networks/ systems and the device(s) must have adequate virus protection.
• Employees must ensure that no personal information regarding School business, its students or staff is stored on such personal equipment.
• Where specific permission is granted to use personal equipment for work purposes and usually only in exceptional circumstances, the employee must be vigilant that personal files/ data are not inadvertently accessed or displayed.
• No pictures or videos may be taken within School or at any School-related activity, on personal devices.

Personal Social Networks

• The School recognizes individual rights to privacy and a private life. Employees are, therefore, advised to be mindful of their duties and obligations to uphold the reputation of the School, to comply with the Code of Conduct and other policies and contractual terms in their use of personal social media – being mindful of the real possibility for material to be posted, shared and made public inadvertently or by other contacts.
• The School may require the removal of content which it considers inappropriate.
• It is totally unacceptable for any worker to discuss students, parents, work colleagues or any other member of the School community or any School-related business on any type of social networking site.
• Other postings on personal sites may also impact the reputation of the School, or suitability/ conduct of the employee; for example, if an employee is off ill but makes comments on a site to the contrary.
• Workers must not accept or propose contact, nor engage in any conversation with students on any personal social networking sites and should be circumspect in personal networking contact with former students, particularly those under the age of 18 years.
• Individuals working in the School should not use or access social networking sites of students.

Acceptable Use Of Technology Agreement
Staff, Board Of Directors And Visitors

The computer systems are provided by the School and is made available to students, staff, Directors, and visitors to support and enhance their education, research and work at School. The Acceptable Use of Technology Agreement has been drawn up to protect all parties. With these privileges come the following responsibilities:

• Staff, Directors, and visitors will use the School’s email, internet, intranet and any related technologies for professional purposes;
• All computers or Internet use should be for study purposes, and enhance your work done in the classroom.
• Access should only be made via your authorized username and password which should not be shared; you alone are responsible for your user area. These usernames and passwords should never be disclosed to anyone.
• The disclosure of private, sensitive, and confidential information should not be allowed through the remote access. Users should not attempt to access the remote access system in any environment where the security of the information contained in the remote access system may be placed at risk e.g. cybercafe.
• Information available through the remote access system is confidential and protected by the law under the Data Protection Act 2018. To that aim, users must not distribute or disclose any information obtained from the remote access system to any person/ persons with the exception of the pupil  to which the information relates or to other adults with parental responsibility.
• Activity that damages or changes the School’s computer systems, or activity that attacks or corrupts other systems, is forbidden and may be an offence under the Computer Misuse Act 1990.
• Staff, Directors, and visitors will not install any hardware or software without the permission of the Network manager.
• Copyright of materials must be respected; copying of software is not permitted.
• Users are responsible for all email sent and for contacts that may result in email being received; messages must be polite and responsible, only School email will be used.
• Do not reveal personal information, the home address or phone numbers of yourself or other people.
• The use of computer network for personal financial gain, gambling, political purposes or advertising is forbidden.
• Posting anonymous messages and forwarding chain letters are forbidden.
• Use of the network to access inappropriate material such as pornographic, racist or offensive material is forbidden.
• Staff, Directors, and visitors should not give out their personal details such as mobile phone number, personal email address or social network identify to students.
• All School ICT equipment must be kept secure, whether in School or off site including travelling from and to work.
• Staff, Directors and visitors will only take / store or use pictures of students and / or staff for professional purposes.
• The School reserves the right to examine or delete any files that may be held on its computer system or to monitor any Internet sites visited.

Acceptance Of This Policy

I have read and understand the Acceptable Use Policy for Staff. I accept this acceptable use policy:

Staff Name: …………………………………………………………

Signature: …………………………………………………………

Date: …………………………………………………………