• No results found

Software compliance policy

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Software compliance policy"

Copied!
7
0
0

Loading.... (view fulltext now)

Download now ( 7 Page )

Full text

(1)

1

Software compliance policy

Name of policy, procedure or regulation Purpose of policy, procedure or regulation

Who formally approved this policy, procedure or regulation?

Who has responsibility for its update?

To whom does this policy, procedure or regulation apply?

a) Date of approval b) Proposed date of review Introduction

Staffordshire University recognises the importance of the legal and ethical use of software assets. This document provides guidelines for employees to follow to ensure that we are both legal and ethical in the use of our software assets.

All software installed on University owned machines is for business use only in the context of academic delivery or commercial activity and should not be used by employees for personal interests

The software asset management system provides a control mechanism by monitoring all software used across the University by staff or students using our networked equipment.

Purpose The policy facilitates:

 The legal and ethical use of software assets installed on any University device and accessing the University network

 The co-ordination of the use of software within Staffordshire University

Dec 2014 2016

Software compliance policy To provide a coordinated approach to software asset management

ITRSG

Information Services in consultation with Faculties and Services

(2)

2

 The management of all university-owned software in use by

University staff/students

 Rationalisation of the software licenses in use to gain best value Why we need the Policy

It is the policy of Staffordshire University to respect all computer software copyright and adhere to the Terms and Conditions of any license to which Staffordshire University is a party. Staffordshire University does not condone the use of unlicensed software.

Staffordshire University depends on its computer systems and supporting software to provide a high quality and efficient service to all of its customers.

Individual employees have a responsibility to protect these systems and ensure that their activities do not breach legal or regulatory compliance requirements.

The Policy is designed to achieve this by clearly defining and clarifying the responsibilities of all employees, or other designated company representatives.

The Policy will facilitate the mitigation of potentially significant risk exposures by Staffordshire University including but not limited to:

 The risk to Staffordshire University of commercial/legal disputes if licensing terms are not properly observed

 Damage to corporate reputation  Unexpected financial impact  Breaches of security

 Operational interruptions  Unsupportable operations

How we apply and control the policy

The use of software across Staffordshire University will be monitored on a regular basis and information provided to the Asset Champions. Any breach, or suspected breach, of the policy will be fully investigated. Where it is considered that an employee has deliberately or negligently failed to follow the requirements of the policy, disciplinary action will be taken by an appropriate senior manager.

Any employee deliberately using unlicensed software or software not approved by the University will be subject to disciplinary procedures and/or civil or even criminal proceedings.

(3)

3

Policy on use of software

General Policies

Staffordshire University has purchased fully licensed copies of computer software from a variety of publishers and vendors. Licensed and registered copies of software programs are placed on computers within the university and appropriate backup copies made in accordance with the licensing agreements and company policies.

No other copies of this software or its documentation can be made without the express written consent of the software publisher and/or Staffordshire University.

Software from Other Sources

Staffordshire University will provide copies of legally acquired software to meet all legitimate needs in a timely fashion and in sufficient quantities for all of our computers.

The use of software obtained from any other source could present security and legal threats to the company, and such use is strictly prohibited. Additional Copies

In some cases, the license agreement for a particular software program may permit an additional copy to be placed on a portable computer or home computer provided only one user uses both installations. Free student licenses are also provided by some vendors as part of the agreement. Unauthorised Copies

The unauthorised duplication of copyrighted software or documentation is a violation of the law and is contrary to established standards of conduct for Staffordshire University employees.

Internal Controls

Staffordshire University reserves the right to protect its reputation and its investment in computer software by enforcing strong internal controls to prevent the making or use of unauthorised copies of software.

These controls will include periodic assessments of software use, announced and unannounced audits of institutional computers to assure compliance, controlled installation rights, the removal of any software installed with or without permission found on

Staffordshire University property for which a valid license or proof of license cannot be determined, and disciplinary actions, in the event of violation of this policy.

(4)

4

Staffordshire University Employee Responsibilities

The use of software provided for business purposes by the company, requires that a Staffordshire University employee or other designated company representative will:

 Agree to abide by the Policy

 Assume responsibility for use of the software in line with normal business purposes and Information Security policies in force.

Staffordshire University Senior Management Responsibilities Senior managers will support the asset champions to enforce this policy ensuring that appropriate time and resource is provided to the champion.

How to ensure compliance with the policy

In order to help employees meet the responsibilities stated the following must be observed:

 All Staffordshire University software purchases must be agreed with the department’s asset management champion and sourced through approved suppliers (wherever possible) to ensure that cost effective, efficient and stable systems and services are maintained to corporate standards (see software procurement policy)

 Software provided by Staffordshire University must only be used for business purposes

 Only approved and authorised software will be supported by Staffordshire University. Where any exceptions are requested, the “request for administrative rights” Proforma must be completed and sent to IS Admin for inclusion and discussion at the next IT Resources Steering Group meeting

 Software legally owned by employees for their own personal use, is not permitted to be installed on University owned machines. All software must be appropriately sourced from a University supplier  Software can only be installed by authorised employees. Employees

will not be given administration rights to load software. All software requirements above the standard image should be discussed with the faculty/service champion

 Software that is required for specific or specialised short-term activities will also need the prior permission of the department’s asset management champion

 All purchases are subject to the Purchasing regulations managed by Finance

(5)

5

Definitions

Employee

For the purpose of the Policy, the term “employee” is used generically to include all employees, contractors, consultants, 3rd party suppliers and

service providers to Staffordshire University. Authorised

Authorised means any employee or designated representative whose role requires that they may install or de-install software.

Purchased or Licensed Software

For the purposes of the Policy “software” should be interpreted to mean, any program or code that runs on a Staffordshire University computing device. The definitions should be interpreted to include plug-ins such as Adobe Acrobat Reader and Macromedia Flash Player. The definition should not be interpreted to include data files. If you are in doubt about the definition of software, clarification may be obtained from the Client Technology and Applications Manager, Information Services

The Law

COPYRIGHT, DESIGNS and PATENTS ACT 1988 and the Digital Economy Act 2010

This is the primary legislation governing intellectual property. It extends legal protection to software in the form of both civil and criminal penalties for the abuse of intellectual property rights. The legislation is applicable to both corporates and individuals. It should be noted that the duplication of software for commercial gain is a criminal offence under the Act and that the penalties for such an offence may include substantial fines and/or imprisonment.

Installation of Software Authorisation to Install

The installation of software will occur via authorised personnel within Staffordshire University or designated service provider. These parties have system administrator access to computer systems that will enable them to carry out the installation. The asset management champion is able to view all software license information and will investigate any areas of non compliance

(6)

6

De-installation, upgrade or decommissioning of software

As with the installation of software the de-installation, upgrade or decommission of software by end users is not permitted. Accordingly, only authorised persons as outlined above may carry out the transfer of software from one computer to another. Users who require the de-installation, upgrade or decommission of software should action this via department’s asset management champion. The asset management champion should liaise with Information Services Client Technology and Applications team for advice and guidance.

Disposal of software

The Asset management champion is responsible for ensuring that software media and activation keys are disposed of correctly. These should be defaced to ensure they cannot be re-used.

Software asset management systems

Staffordshire University uses a software asset management system (Snow) to manage its software and related licenses.

All asset management champions have access to this system and are required to input license information for any software purchased which is not included in the University standard image.

Asset champions will receive monthly reports of any non-compliant software held by individuals within their department for further investigation and appropriate action.

Software procurement procedure

Staffordshire University uses a standard procedure for software procurement. See separate procedure document

(7)

7

Employee Self Assessment Guideline for the Staffordshire University

Software Compliance Policy All staff:

 Read and study the Staffordshire University Software Compliance Policy

 Read the guideline below to confirm to yourself that you are confident that you understand and appreciate the need to follow the company’s policy on the use of software.

I have read a copy of the Staffordshire University policy on the use of software and I understand and am fully aware that:

 The Company has legal and copyright obligations.

 Any software licenses provided by Staffordshire University for use by an employee remain the property of the Company.

 Only authorised employees may install/de-install software

 Employees logging on to University-owned devices are agreeing to the IT regulations of the University

 It is a legal requirement that employees are prohibited from personally purchasing software (media or internet downloads) for installation on any equipment owned by Staffordshire University.

 The use of software across Staffordshire University will be monitored on a continual and regular basis. Any breach, or suspected breach, of the policy will be fully investigated and where it is considered that an employee or other designated company representative (contractor or external consultant), has deliberately or negligently failed to follow the requirements of the policy, disciplinary action may be taken.

 Employees must make all reasonable efforts to protect all software and associated information (e.g. manuals, media) provided by Staffordshire University from theft, damage or corruption.

 Employees must not add, modify, change or upgrade any of the software provided by Staffordshire University for their use without the prior permission of the department asset management champion.

 Employees must not copy or duplicate any software provided by the company or allow any such software to be copied by anyone else.

 Employees leaving the employment of Staffordshire University must return and obtain a receipt prior to their departure, for all computer materials - including software and associated information provided by the company.

References

Download now ( PDF - 7 Page - 120.25 KB )

Related documents

Cognex Vision Software

Launch the GigE Vision Configuration Tool Launch the Cognex GigE Vision Configuration Tool to assign IP addresses to each GigE Vision network adapter port and the camera connected

Seminar on Property and Supply Management System

The procuring entity’s Budget Office shall evaluate each end-user’s submitted PPMP and, if warranted, include it in the procuring entity’s budget proposal for

Come What May (Unaccompanied)

Words and Music by DAVID BAERWALD Arranged by Neal Richardson.. mp Nev er - knew I could feel like this, like I’ve nev er - seen the sky

Caste and punishment: the legacy of caste culture in norm enforcement

In both the HHH and the HLH treatments, the potential victim of a norm violation (player A) and the third party punisher (player C) are from the same specific caste – in this

Parental mental health and child welfare: Review of professional education (summary) Nicky Stanley and Pat Cox

While education guidance for most of the professional groups covered by the review recognises the impact of parental mental health problems on children and acknowledges

Ethnicity and Ethnic Identity as Predictors of Drug Norms and Drug Use Among Preadolescents in the US Southwest

For each of the drug use outcomes (lifetime alcohol, cigarette, and marijuana use and number of seven drugs ever used), the equations first assess the differences by ethnic

Avaya 2050 IP Softphone for Windows Release : Read me Document

Permission to use, copy, modify, and distribute this software and its documentation, with or without modification, for any purpose and without fee or royalty is hereby