|
THIS POLICY REPLACES ALL PREVIOUS POLICIES ON ELECTRONIC
COMMUNICATION AND INTERNET USAGE
1.
DECLARATION OF INTENT
The
Flavius Mareka FET College encourages the use of
electronic communications to share information and
knowledge in support of the College’s mission of further
education and training and to conduct the College’s
business.
To
this end, the College supports and provides interactive
electronic communication services and facilities for
telecommunications, mail and publishing.
This Electronic Communications and Internet Usage Policy
establishes principles, rules, and procedures applying
to all members of the College community to specifically
address issues particular to the use of electronic
communications.
2.
OBJECTIVE
The
objectives of this policy are to:
(i)
establish the College policy on privacy,
confidentiality, and security in electronic
communications.
(ii)
ensure that College electronic communication resources
are used for purposes appropriate to the College's
mission.
(iii)
ensure that electronic communication resources are used
in compliance with South African law and College
policies.
(iv)
prevent disruptions to and misuse of College electronic
communication resources, services, and activities.
3.
TERMINoLOGY
For
the purposes of this policy, the following definitions
apply:
“Computer network”
|
|
two or more computers that can share
information, typically connected by cable, data
line, or satellite link.
|
"Electronic communication facilities and
resources"
|
|
without limitation, telephones (landline
telephones, cellular telephones and voicemail
facilities); electronic mail facilities;
facsimile machines and modems; computers and
servers; data processing or storage systems;
networks; input/output and connecting devices;
related computer records; programmes; software;
documentation that supports electronic
communication services; and network tools
(including internet access facilities and web
browsers).
|
“Electronic communication records”
|
|
the contents of electronic communications
created, sent, forwarded, replied to,
transmitted, distributed, broadcast, stored,
held, copied, downloaded, displayed, viewed,
read, or printed by one or several electronic
communication systems or services.
This definition of electronic communication
records applies equally to attachments to such
records and transactional information associated
with such records.
|
“Electronic
communication
systems”
|
|
the system used as a means of sending and
receiving messages electronically through
connected computer systems or the internet, such
as e-mail or voice mail.
Any messaging, collaboration, publishing,
broadcast, or distribution system that depends
on electronic communication resources to create,
send, forward, reply to, transmit, distribute,
broadcast, store, hold, copy, download, display,
view, read, or print electronic records for
purposes of communication across electronic
communication network systems between or among
individuals or groups, that is either explicitly
denoted as a system for electronic
communications or is implicitly used for such
purposes.
|
“Internet”
|
|
an international network of independent computer
systems. The World Wide Web is one of the most
recognised means of using the internet.
|
"IT representative"
|
|
Information and Communication Technology Unit
Manager, or his/her nominee.
|
“Use of electronic communication services”
|
|
to create, send, forward, reply to, transmit,
distribute, broadcast, store, hold, copy,
download, display, view, read, or print
electronic communications with the aid of
electronic communication services.
|
“Users”
|
|
all employees and students of the College who
are authorised to use the College’s internet
and/or electronic communication systems.
|
"Written authorisation"
|
|
includes authorisation that is issued
electronically. |
4.
SCOPE OF APPLICATION
This policy applies to all Flavius Mareka FET College
employees, whether full-time or part-time, or Council-
or Department-appointed, or paid on a salaried or an
hourly individual basis and to all the students enrolled
in College programmes or courses with authorised access
to electronic communication facilities and resources.
Furthermore, this policy applies to:
(i)
all
electronic communication resources owned or managed by
the College.
(ii)
all
electronic communication resources provided by the
College through contracts and other agreements with the
College.
(iii)
all
uses of College electronic communication resources.
(iv)
all
College electronic communication records in the
possession of College employees or other users of
electronic communication resources provided by the
College.
(v)
the
contents of electronic communications and to the
electronic attachments and transactional information
associated with such communications.
This policy applies only to electronic communication
records in electronic form. The Policy does not apply
to printed copies of electronic communication records or
printed copies of transactional information.
5.
GOVERNING PRESCRIPTS
5.1
Legislation
§
The Promotion of Access to Information Act,
2000
§
The
South African Constitution, 1996
"Everyone has the right to privacy, which includes the
right not to have
(a) .................
(d) the privacy of their communications infringed."
5.2
College Policies
§
Code of Conduct for Employees
§
Code of Conduct for Students
§
Code of Conduct for the College Council
§
Code of Conduct for the Academic Board
§
Code of Conduct for Faculty
§
Code of Conduct for the Students Representative Council
6.
GUIDING PRINCIPLES
6.1
General
(i)
The
College shall respect the user's right to privacy as
that right is guaranteed by the Constitution. Yet in the
context of the College's electronic communication
facilities, which are provided for the purpose of the
College's operational needs, restrictions on the user's
rights in certain defined circumstances, as herein
contained, are nevertheless unavoidable.
(ii)
All
electronic communication facilities owned or controlled
by the College shall, in principle, be accessible to the
College at all times for:
¢
maintenance
¢
upgrades
¢
system-driven monitoring actions aimed at countering or
minimising the loss of personal data
¢
any
other lawful operational or related purposes.
(iii)
Although the College respects the user's right to
privacy as set out in clause 6.1(i) above, any personal
communication sent, stored or received via the College's
network may without further notice to the user be
monitored, intercepted, refused or inspected by the
College in the exercise of its responsibility for the
operation of electronic communication facilities. The
typical reasons for such action may include the
following (the list below is not, however, presented as
exhaustive):
¢
To
ensure that the College's communications facilities are
not being used to receive or transmit content that is of
a discriminatory or offensive nature or can be related
to the alleged violation of a law or infringement of any
other person's rights.
¢
To
determine the presence of illegal material or unlicensed
software.
¢
To
implement system-driven antivirus software.
¢
To
counteract crime.
¢
To
ensure that communication facilities are not being used
for inappropriate purposes.
¢
To
respond to legal proceedings that call for producing
electronically stored evidence.
¢
To
conduct an investigation in connection with alleged
misconduct or in terms of other empowering provisions.
(iv)
The
user shall understand that in certain defined
circumstances he or she shall have no claim to the
effect that information transmitted or stored on the
College's electronic communication facilities is to be
or remain confidential, even if such information is
being used for personal communication. All electronic
communication facilities (and other computer security
tools) create an audit log detailing every request for
access or transaction in either direction. This
information shall be at the College's disposal in cases
such as those set out in paragraph 6.1(iii).
(v)
The
user's use of the electronic communication facilities
shall be dependent upon his or her express consent to
the College (refer to Annexure A), solely in certain
defined circumstances, to monitor all electronic
communications and to access all records created, stored
or transmitted by means of the said electronic
communication facilities. Such consent shall include
but not be limited to hard copies of electronic
communications.
(vi)
All
monitoring in connection with any alleged violation of (i)
a law or policy, (ii) the College's Codes of Conduct or
(iii) a provision of this agreement shall be subject to
prior review and written authorisation by the Principal
or his nominee.
(vii)
Any
monitoring of the user's electronic records in
connection with the performance by the Information and
Communication Technology Unit of its duty to ensure the
effective functioning of the College's IT infrastructure
shall be subject to prior review and written
authorisation by the duly delegated official designated
for this purpose from time to time.
6.2
Acceptable and Unacceptable Use
(i)
College-provided computer systems that allow access to
the internet and electronic communication systems are
the property of the College and are provided to
facilitate the effective and efficient conduct of
College business. Users are permitted access to the
internet and electronic communication systems to assist
in the performance of their jobs.
(ii)
The
College shall permit reasonable and limited personal use
of all these electronic communication facilities,
provided that the College expressly reserves the right
(for the purpose of its operational needs or as required
by a law):
¢
to
review and, where necessary, restrict or suspend the
user's use of the electronic communication facilities by
reason of the non-observance of the provisions of this
Policy.
¢
to
recover from the user the costs incurred during personal
use.
Personal use is prohibited if it interferes with the
user’s productivity or work performance, or with any
other employee’s productivity or work performance.
The
College is not responsible for any loss or damage
incurred by an individual as a result of personal use of
College electronic communications resources.
(iii)
College electronic communication resources shall not be
provided to individuals or organisations outside the
College except with the approval of the Principal. Such
services shall support the mission of the College.
(iv)
Users of electronic communication resources shall not
give the impression that they are representing, giving
opinions, or otherwise making statements on behalf of
the College or any unit or campus of the College unless
appropriately authorised to do so.
(v)
Users of electronic communication resources must abide
by College and campus policies regarding endorsements.
References or pointers to any non-College entity
contained in College electronic communications shall not
imply College endorsement of the products or services of
that entity.
(vi)
All
electronic communications intended to accomplish the
academic and administrative tasks of the College shall
be accessible to authorised users with disabilities in
compliance with law and College policies.
(vii)
The
contents of all electronic communications shall conform
to South African law and College policies regarding
protection of intellectual property, including laws and
policies relating to copyright, patents, and trademarks.
(viii)
The
user shall not use the communication facilities:
¢
for
the purpose of creating, sending or storing messages
that may be seen to be insulting, disruptive, offensive
to other employees, or could lead to a breach of
confidentiality.
¢
in
any manner that infringes upon another person's natural
or legal intellectual property rights (e.g. copyright).
¢
in
any manner that, at the sole discretion of the IT
Representative or his/her authorised delegate, places an
unjustified burden on the electronic communication
facilities, including but not limited to connecting
personal hardware to the College's electronic
communication facilities without prior consent.
¢
for
the purpose of violating the terms of any applicable
telecommunications licence or any laws governing data
flow (e.g. legislation relating to data protection,
privacy, confidentiality and security).
¢
for
the purpose of unlawfully penetrating or attempting to
unlawfully penetrate the computer network or network
security of any College system or of any other system,
or of gaining or attempting to gain unauthorised access
to any person's computer, e-mail or voicemail facilities
or equipment.
¢
for
the purpose of violating or attempting to violate any
provision of this policy; or any other law, prescription
or provision.
¢
for
the purpose of accessing, downloading, printing or
storing information with sexually explicit content as
prohibited by law.
¢
for
the purpose of downloading, transmitting or storing
fraudulent, threatening, obscene, intimidating,
defamatory, harassing, discriminatory, or otherwise
unlawful messages or images.
¢
for
the purpose of installing or downloading computer
software, programmes, or executable files contrary to
policy.
¢
for
the purpose of sending e-mail using another’s identity,
an assumed name, or anonymously.
¢
to
enable a non-user to send the message of some third
party, individual or organisation.
(ix)
Users of electronic communication services shall not:
¢
send or forward chain letters or their equivalents.
¢
exploit electronic communication systems for purposes
beyond their intended scope to amplify the widespread
distribution of unsolicited electronic messages (spam).
¢
send an extremely large message (letter-bomb) or send
multiple electronic messages to one or more recipients
and so interfere with the recipients' use of electronic
communication systems and services.
¢
intentionally engage in practices that impede the
availability of electronic communication services.
6.3
Allowable Users
6.3.1
College Users
College students; management; faculty and administrative
staff; and others affiliated with the College (including
those in programme, contract, or license relationships
with the College) may, as authorised by the Principal,
be eligible to use College electronic communication
resources and services for purposes in accordance with
this Policy.
6.3.2
Public Users
Persons and organisations that are not College users may
only access College electronic communication resources
or services under programmes sponsored by the College,
as authorised by the Principal, for purposes of such
public access in accordance with this policy.
6.4
Users’ Responsibilities
(i)
The
conduct of computer users who access the internet or
send e-mail containing the College’s domain address may
be perceived as reflecting on the character and
professionalism of the institution. When engaging in
such conduct, whether for personal or official purposes,
employees are expected to do so in a responsible and
professional manner.
(ii)
All
users are responsible for exercising appropriate care to
protect the College’s computer systems against the
introduction of viruses. When using the College’s
internet access or electronic communications, equipment
and capability, individuals must:
¢
use
the internet or electronic communication systems only in
accordance with College policy.
¢
maintain the conditions of security (including
safeguarding of passwords) under which they are granted
access to such systems.
¢
check with the appropriate College staff prior to
downloading or accessing a file or document if the
source of the file or other circumstances raises doubts
about its safety.
7.
PROCEDURES
7.1
Application
Eligibility to
access or use College electronic communication services
or electronic communication resources, when provided, is
a privilege accorded at the discretion of the College.
The following
procedures shall be adhered to when applying for use of
the College’s electronic communication facilities and
resources and access to the internet:
|
Step 1 |
Complete the relevant application form (refer to
Annexure B, C, D or E) and submit it to the
applicable unit or campus manager for
recommendation.
|
Student or Member of Staff |
|
Step 2 |
Recommend the application and submit it to the
ICT Manager.
|
Campus
or Unit Manager |
|
Step 3 |
Approve the application and configure the
computer system.
|
ICT
Manager |
7.2
Access Restriction
Use of College
electronic communication resources may be restricted or
rescinded by the College at its discretion when required
by and consistent with law, when there is substantiated
reason to believe that violations of law or College
policies have taken place, when there are compelling
circumstances, or under critical operational
circumstances.
Restriction of
use is subject to the approval of the Principal.
Electronic
communication resource providers may, nonetheless,
restrict use of College electronic communication systems
and services on a temporary basis as needed in emergency
circumstances.
7.3
Privacy and Confidentiality
7.3.1
Access without Consent
An electronic
communication holder’s consent shall be obtained by the
College prior to any access for the purpose of
examination or disclosure of the contents of College
electronic communication records in the holder’s
possession, except as provided for below.
The College
shall permit the examination or disclosure of electronic
communication records without the consent of the holder
of such records only:
(i)
when required by and consistent with law.
(ii)
when there is substantiated reason to believe
that violations of law or of College policies have taken
place.
(iii)
when there are compelling circumstances.
(iv)
under time-dependent, critical operational
circumstances.
When under the
circumstances described above the contents of electronic
communications records must be examined or disclosed
without the holder’s consent, the following shall apply:
|
Authorisation |
Except
in emergency circumstances, such actions must be
authorised in advance and in writing by the
Principal. This authority may not be further
delegated.
Authorisation shall be limited to the least
perusal of contents and the least action
necessary to resolve the situation.
|
|
Emergency Circumstances |
In emergency circumstances, the least perusal of
contents and the least action necessary to
resolve the emergency may be taken immediately
without authorisation, but appropriate
authorisation must then be sought without delay
following the procedure above.
|
|
Notification |
The responsible authority or designee shall, at
the earliest opportunity that is lawful and
consistent with other College policy, notify the
affected individual of the action(s) taken and
the reasons for the action(s) taken.
The College shall issue an annual report
summarising instances of authorised or emergency
non-consensual access pursuant to the provisions
of this Section 7.3.1. Access Without Consent,
without revealing personally identifiable data.
|
|
Compliance with Law |
Actions taken under “Authorisation” and
“Emergency Circumstances” shall be in full
compliance with the law and other applicable
College policies.
|
|
Recourse |
Individuals shall be provided with a mechanism
for recourse to appeal any actions taken under
“Authorisation” and “Emergency Circumstances”.
This mechanism is available to individuals who
believe that actions taken by employees or
agents of the College were in violation of this
Policy. In this regard:
(i)
an individual may appeal the action taken
by completing Annexure F, attached hereto.
(ii)
the individual must, within five working
days of the action, submit the appeal form to
the Principal, or to her or his manager, who
shall then forward it to the appeal authority.
(iii)
the appeal authority, who shall consider
the appeal, shall be:
¢
the
Principal
¢
the
ICT Manager
¢
the
relevant Campus Manager.
(iv)
the appeal authority may:
¢
uphold
the appeal, and/or
¢
confirm the appropriateness of the action taken.
|
7.4
Legality
A disclaimer
shall be added to each outgoing mail, as encapsulated in
the following example:
“This
email and any file attachment(s) are confidential and
intended solely for the use of the individual or entity
to which they are addressed. If you have received this
email in error, please notify the sender. Please note
that any views or opinions expressed in this email are
solely those of the author and do not necessarily
represent those of the College.
The recipient
should check this email and any attachments for the
presence of viruses. The College accepts no liability
for any damage caused by any virus transmitted by this
email.”
7.5
Security
The College
makes reasonable efforts to provide secure and reliable
electronic communication services. Operators of College
electronic communication resources are expected to
follow appropriate professional practices in providing
for the security of electronic communication records,
data, application programmes, and systems.
7.5.1
Security Practices
Providers of
electronic communication services shall ensure the
integrity and reliability of systems under their control
through the use of various techniques that include
routine monitoring of electronic communications.
Network
traffic may be inspected to confirm malicious or
unauthorised activity that may harm the College network
or devices connected to the network. Such activity
shall be limited to the least perusal of contents
required to resolve the situation. User consent is not
required for these routine monitoring practices.
Providers
shall document and make available to their users general
information about these monitoring practices. If
providers determine that it is necessary to examine
suspect electronic communication records beyond routine
practices, the user’s consent shall be sought. If
circumstances prevent prior consent, notification
procedures described under “Notification” above, shall
be followed.
7.5.2
Passwords
The user's
password shall remain confidential; including the
transmission of his or her password or username through
any medium (except through the particular College
network to which the password has given access) and
including but not limited to e-mail, and
internet-related chat.
The user shall
not at any time or for any reason use a password or
username belonging to another person, not even with
express permission.
The user
undertakes, should any person or entity attempt to
obtain his or her password, to report such incident to
the IT Representative forthwith.
The user shall
be responsible for terminating open sessions and logging
out of electronic communications facilities when any
such systems are left unattended. If the user fails to
comply with the aforesaid responsibility, he or she
shall be held responsible for any activities that may
take place as a result of such failure. This additional
responsibility shall include, without limitation, any
account or damage that may arise from the said
activities.
7.5.3
Integrity
No person
shall attempt to breach any security mechanisms that
protect electronic communication services or facilities
or any records or messages associated with these
services or facilities unless otherwise authorised by
other provisions of this Policy.
7.5.4
Authorisation
Service
providers shall use authorisation technologies
commensurate with security requirements of the service,
application, or system.
7.5.5
Recovery
Providers of
College-wide electronic communication services shall
implement recovery practices adequate to ensure rapid
recovery from security intrusions and service
interruptions.
7.5.6
Audit
Providers of
electronic communication services shall use
cost-effective audit technologies and practices to help
identify security violators and speed up recovery from
security incidents. The use of such audit technologies
and practices shall not conflict with other provisions
of this Policy, particularly regarding privacy and
confidentiality.
7.6
Retention and Back-up
7.6.1
Retention
Electronic
communications records are subject to the College record
management policy, which provides guidance for
administering the retention and disposition of all
records, regardless of the medium on which they are
stored.
7.6.2
Back-Up
It is the
responsibility of the user to ensure that back-ups of
his/her electronic communications are made to the
College server.
7.7
Consequences of Violation
7.7.1
Violations of Law and Policy
(i)
South African law prohibits the theft or abuse of
computers and other electronic resources such as
electronic communication resources, systems, and
services. Abuses include (but are not limited to)
unauthorised entry, use, transfer, tampering with the
communications of others, and interference with the work
of others and with the operation of electronic
communication resources, systems, and services.
(ii)
College policy prohibits the use of College property for
illegal purposes and for purposes not in support of the
mission of the College. In addition to legal sanctions,
violators of this policy may be subject to disciplinary
action up to and including dismissal or expulsion,
pursuant to College policies and collective bargaining
agreements.
(iii)
Violation
of any of the provisions of this policy may result in
one or more of the measures mentioned below, which shall
be commensurate with the severity/frequency of the
offence and shall be subject to the disciplinary process
detailed in the relevant College policy:
¢
The restriction or termination of the user's access to
the electronic communication facilities, including the
summary suspension of his or her access or rights
pending further disciplinary action.
¢
the institution of legal proceedings by the College,
including but not limited to criminal prosecution under
appropriate laws that may prevail in South Africa from
time to time.
¢
The taking of disciplinary steps against the user which
may lead, inter alia, to expulsion.
8.
ROLES AND RESPONSIBILITIES
8.1
The ICT Manager
(i)
implementing and updating the College Policy on
Electronic Communication and Internet Usage.
(ii)
administering and monitoring the College
electronic communication systems, facilities, resources
and services.
(iii)
ensuring that all individuals provided with
access to electronic communication facilities and
resources are duly authorised and have completed the
relevant compliance commitment form (refer to Annexure
A).
(iv)
ensuring the all authorised individuals have been
provided with a copy of the College Policy on Electronic
Communication and Internet Usage.
8.2
The User
8.2.1
General
(i)
To
safeguard passwords and other sensitive information
about any computer that has access to the College's
network, whether permanently linked to that network or
not.
(ii)
To
take reasonable precautions, including personal password
maintenance and file protection measures, to prevent the
unauthorised use of personal computers or data in such
computers by other users.
(iii)
To
use the electronic communication facilities only for the
purpose for which the user has been authorised and only
for activities relating to the user's work.
(iv)
To
respect the privacy of electronic communications by,
inter alia, not obtaining or attempting to obtain
any electronic communication or information that is not
intended for the user. In particular, the user shall
not attempt:
¢
to
intercept or inspect information on the College network
¢
to
use the College network to attempt to intercept or
inspect information en route through or connected to the
College network
¢
any
unauthorised alteration of the hardware and network
configurations of the College network. < | 
