Computer security

Introduction:

This document defines the Christian Renewal School’s policy in respect of the “acceptable use” of its information and communications technology (ICT) facilities. The purpose of this policy is therefore to state clearly users’ obligations in using these facilities.

General:

Any data collected about people is to be respected as private and confidential, and should be stored in a secure manner. It is not to be copied, duplicated, swapped, shown to, given, lent, sold or transferred to any storage device or any other person or party unauthorised by the Principal.

Scope:

This policy applies to all staff, students, contractors, consultants, authorised guests and other personnel at the Christian Renewal School facilities, which encompass (but are not restricted to):

1. network infrastructure, including (but not exclusively) the physical infrastructure whether cable or wireless, together with network servers, firewall, connections, switches and routers

2. network services, including (but not exclusively) internet access, web services, email , wireless, messaging, “video conferencing” , texting, telephony and fax services

3. computing hardware, both fixed and portable, including (but not exclusively) personal computers, workstations, laptops, smartphones, PDAs, servers, printers, scanners, disc drives, monitors, keyboards, tablets and pointing devices

4. software and databases, including (but not exclusively) applications and information systems,

5. virtual learning and videoconferencing environments, language laboratories, software tools,

6. information services, electronic journals & ebooks

Passwords:

We will ensure that the School is protected by holding users responsible for safeguarding passwords and access identities. Passwords and identities must not be shared.

Acceptable use:

It is the policy of the School:

1. that the School’s ICT facilities are provided in support of the School’s teaching, learning, research, enterprise, and administrative activities

2. that the School’s ICT facilities and equipment may be used for any purpose that is in accordance with the aims, “special character” and policies of the School, including interworking with other organisations

3. that only registered users (i.e. those holding valid CRS usernames and passwords) or those given permission by the designated authority are permitted to use the School’s ICT facilities and equipment.

4. that users are expected to:

a. respect the rights of others, and conduct themselves in a quiet orderly manner when using the open-access facilities

b. comply with all valid regulations and legislation covering the use of Copyright and licensed
material, including software, whether those regulations are made by law, or the originator
of the material, or the distributor of the material or the School, or by any other legitimate
authority

c. make all reasonable efforts to send data that is ‘Virus Free’, and to protect themselves from
viruses and hacking attempts when connected to the School’s network either on or off
Campus. The School will not be held responsible for any damage to users’ systems or
information that occurs through such virus or hacking attacks.

d. conform to all other appropriate policies and guidelines from Ministry of Education
(including netiquette guidelines)

Personal use:

The School accepts that a member’s “Personal Use” of the School’s Facilities is within the scope of
“Acceptable Use”, subject to the provisos within this document.

It is the policy of the School:

1. that provided that personal use is occasional and reasonable and does not interfere with , nor
detract from an individual’s everyday workload and commitments, nor with the effective
functioning of the School or any part of it, and that it complies with all other terms of this
Acceptable Use Policy, then it will normally be tolerated

2. to reserve the right to withdraw access to ICT facilities and equipment for this category of use at
any time.

Unacceptable use:

It is the policy of the School to prohibit the use of its ICT facilities and equipment when used or
attempted to be used intentionally in contravention of the general principles outlined above. The
activities prohibited under this policy include (but are not restricted to) those listed below. Users
must not:

1. cause the good name & reputation of the School or Church or any part of it to be damaged or
undermined;

2. create or any offensive, obscene or indecent images, data or other material, or any data
capable of being resolved into obscene or indecent images or material;

3. access, create, change, store, download or transmit material which the School may deem to
be threatening, defamatory, abusive, indecent, obscene, racist or otherwise offensive;

4. place links to websites which have links to, or displays pornographic and inappropriate
material, facilitate illegal or improper use, or to blog or bulletin board which are likely to
publish defamatory materials or discriminatory statements; or where copyright protected
works such as computer software or music are unlawfully distributed ;

5. generate excessive noise, cause annoyance, inconvenience or needless anxiety to, or to
violate the privacy of, anyone else;

6. allow the ICT facilities and equipment to be damaged or contaminated by food, drink or
smoking materials;

7. interfere with the legitimate use by others of the ICT facilities and equipment, or interfere
with or remove computer printout or media belonging to others;

8. send unwanted, e-mail, chain letters, hoax virus warnings, pyramid letters or similar schemes using the School’s e-mail system;

9. falsify e-mails to make them appear to have been originated from someone else;

10. make use and possess, distribute, sell, hire or otherwise deal with any unauthorised copies of computer software for any purpose without the license of its owner;

11. install any software that is not licensed to the School and /or install without authorisation software licensed to the School on any of the School’s computer systems under any circumstances;

12. transmit unsolicited unauthorised commercial or advertising material;

13. use the ICT facilities and equipment for commercial , social or group distribution activities unless permission has been formally granted by the School;

14. gain unauthorised personal commercial benefit;

15. gain unauthorised access to facilities or services via the School network;

16. allow others to gain such unauthorised access, either wilfully by disclosing user names or passwords or neglectfully by failing to log out of the system, thereby permitting unauthorised use of a School account;

17. disseminate any material which may incite or encourage others to carry out unauthorised access to or unauthorised modification of the School’s or others’ computer facilities or materials;

18. introduce and transmit material (including, but not restricted to, computer viruses, Trojan horses and worms) designed to be destructive to the correct functioning of computer systems, software, networks and data storage, or attempt to circumvent any precautions taken or prescribed to prevent this.

19. attempt to circumvent the School’s firewall systems, or use file-sharing systems (sometimes known as P2P or peer-to-peer)

20. change, damage, dismantle, corrupt, or destroy (or cause to be changed, damaged, dismantled, corrupted or destroyed) any network component, equipment, software or data, or its functions or settings, which is the property of the School, its partners, staff, students, visitors, or anyone else, without the express permission of the SMT or Principal

21. cause any of the School’s ICT services to be overloaded, impaired, disrupted, curtailed or denied (other than in compliance with the direct instruction of the SMT or Principal

22. connect any non-approved computer network equipment (including wireless access points) to the School network without first gaining the written permission of the SMT or Principal (this excludes normal and reasonable use of computer equipment connected to the School’s Wireless access for Teacher use)

23. set up any network services (eg web servers, e-mail services etc) unless formally sanctioned by the SMT or Principal

24. register any domain name which includes the name of the School or any name which may mislead the public into believing that the domain name refers to the School;

25. use equipment (including mains leads) which has not first been Safety tested by School approved staff;

26. continue to use any item of networked hardware or software after a SMT or Principal or delegated ICT authority, has requested that use ceases : because of its causing disruption to the correct functioning of the School ICT facilities, or for any other instance of “Unacceptable Use”;

27. fail to comply with any action directed by SMT or Principal or delegated ICT authority to prevent or respond to any threats to the correct functioning of the School’s ICT facilities;

28. contravene the “special character” of the school;

29. create or transmit material that infringes the copyright of another person or institution, or infringe the Copyright laws of the NZ and other countries;

30. interfere with the legitimate activities of other users covered within the principles outlined above in “Acceptable Use”;

31. otherwise act against the aims and purposes of the School as specified in its rules, regulations, policies, and procedures adopted from time to time

32. contravene applicable laws and prevailing regulations and policies applied by bodies external to the School.
Prevention, Detection & Investigation of Misuse:

Monitoring may take place periodically. The School retains the right to access all information held on its information and communications facilities, to monitor or intercept any system logs, web pages, e-mail messages, network account or any other data on any computers system owned by the School. This will be for the purposes of preventing, detecting or investigating crime or misuse, ascertaining compliance with regulatory standards and School policies, or to secure effective system operation.

The School reserves the right to inspect and validate any items of School owned computer equipment connected to the network. Any other computer equipment connected to the Schools network can be removed if it is deemed to be interfering with the operation of the network.

It is the policy of the School:

1. to publish its Acceptable Use Policy and to promote this to all users of the School Network

2. to provide advice to staff and students, on request, on matters relating to acceptable use

3. to take swift and effective action within existing disciplinary and / or legislative frameworks against anyone found to be intentionally misusing the information and communications facilities.

In all cases where there is the potential for the School’s ICT facilities and equipment to be misused, it is the School’s policy to:

1. record the identity of the individual using the specific facility at any given time

2. retain these records for not less than three calendar months, and shall make them available to those senior managers appointed by the School to investigate complaints of misuse

3. destroy these records after twelve calendar months unless required in connection with a specific investigation.

Integrated School (Year 1-13) Whangarei Northland NZ