IT Policies

IT Regulations

The regulations detailed in this document apply to anyone using IT Resources for any purpose at the University, including staff (temporary and permanent), students and visitors. This includes personally owned equipment connected to the University’s network from an external location, or on UW premises.

IT Regulations v2.8

Information Security Policy

The purpose of this policy is to provide guidance for safeguarding the availability, integrity, confidentiality, and authenticity of all the information they hold or access, whether electronic or physical. This document constitutes the University of Worcester’s Information Security policy, and with the associated policies provides guidance for staff and students. All members of the University have a responsibility to work within the guidelines of these policies.

Information Security Policy ISP-001 v1.1

Information Classification and Handling Policy

This policy sets out the framework for how data is classified and how it should be handled safely in accordance with that classification. This is to ensure compliance with data protection legislation and other legal and contractual obligations. This policy applies to all items of data that are processed through the University of Worcester and all University of Worcester Staff, Students, Contractors, Guests and third-parties.

Information Classification and Handling Policy

IT Hardware Policy

The purpose of this policy is to provide guidance for the procurement, management and disposal of all IT hardware for the University of Worcester. The policy covers IT hardware purchases relating to the annual planning cycle, ad hoc purchases or upgrades of computer desktops, laptops, iMacs and MacBooks, and peripherals and tablets.

IT Hardware Policy v1.9

IT Software Policy

The purpose of this policy is to ensure that the University can manage its software assets effectively, securely and in accordance with legal regulations, licensing rules, and auditing requirements.  

This policy applies to any software whether obtained under ‘shareware’ or ‘freeware’ arrangements or acquired under suppliers’ educational support agreements that is installed as part of the staff or student software image.  This policy does not cover software hosted via a third party (Software as a Service - SaaS) or corporate systems such as Finance, HR, Accommodation and Student Records and the environments on which they run. 

Software Policy v1.2

Local Administration Policy

This policy sets out the responsibilities of the University, its staff and its students to comply fully with the process to request and use of local administrator accounts.

Local administrator accounts provide elevated privileges on University computing devices. This allows users to gain significantly greater access to systems, applications and data.

The purpose of this policy is to:

• Reduce our exposure to Cybersecurity threats.
• Meet GDPR/Data Security obligations.
• Prevent inappropriate creation and use of local administrator accounts.

This policy applies to all University of Worcester Staff, Students, Contractors and Guests.

Local Administration Account Policy v2.1

Personally Owned Device Policy

The purpose of this policy is to define the rules, controls, and behaviours required for the use of personally owned devices when accessing university information systems and data

This policy applies to all personal devices used by staff, partners, suppliers, contractors, and other authorised users who use personal devices to access university information and information systems. 

Personally Owned Device Policy v1.1

Staff Mobile Phone Policy

The University recognises that to ensure the most effective running of services, communications and business activities, it is necessary for some staff to have access to mobile communication devices.

The purpose of this guidance is to:

• Ensure that the purchase and use of all mobile devices on behalf of the University is correctly assessed, authorised and monitored.
• Establish the expectations and responsibilities placed on all University mobile device users.

Staff Mobile phone policy v2.1

IT Telephony Policy

The University utilises Microsoft Teams as its primary communication tool. Standard features of Teams include text chat, voice calls, and video calls.

These features can be used to contact anyone with a Microsoft account which includes staff, students, and any external party with the Teams client.

In addition, a Teams add-in can be provided which offers the same functionality of a traditional telephone handset where staff will be allocated a telephone number.

IT Telephony Policy v2.0

User Access Control and Password Policy

The objectives of this policy are to ensure IT accounts are controlled and managed to minimise any security risks. The policy applies to:

• All individuals with access to university information and information systems, including staff, students, visitors, and contractors.
• All information processed, accessed, shared, or stored by the University in accordance with its operational activities, regardless of location or format.
• All university information systems used to process data including, software, computers, networks, mobile devices, and cloud services.

User Access Control and Password Policy ISP-005 v1.3

Staff Email Policy

The purpose of this policy is to set out the conditions under which the University’s email system, and the client used to access email, Outlook may be used, and the principles for managing messages created or received as part of the University’s business.

This policy applies to all staff and other authorised account holders (i.e. those with @worc.ac.uk email addresses).

Staff Email Policy v1.2

Microsoft OneDrive Policy

This policy sets out the responsibilities of the University, its staff and its students to comply fully with relating to the administration and use of the OneDrive for Business at the University of Worcester.

This policy applies to all University of Worcester Staff, Students, Contractors and Guests.

OneDrive for Business Policy v2.2

Microsoft Power Platform Policy

This policy outlines the guidelines for the effective and secure use of Microsoft Power
Apps and Power Automate and Power BI which make up the Microsoft Power Platform at the
University of Worcester.

This policy applies to all University of Worcester Staff and the development and use of Power Apps, Power BI and the use of pre-built flow templates and custom flow builds through Power Automate.

Microsoft Power Platform Policy v1.0

Microsoft SharePoint Policy

The main objective of this document is to set guidelines related to the use and administration of the SharePoint at the University of Worcester.

SharePoint Policy v6

Microsoft Teams Policy

This policy sets out the responsibilities of the University, its staff and its students to comply fully with relating to the administration and use of Microsoft Teams at the University of Worcester.

This policy applies to all University of Worcester Staff, Students, and Guests.

Microsoft Teams Policy v2.1

Print and Copy Policy – Students

The purpose of this policy is to provide clarity regarding the print and copy facilities that are available to students that attend the University of Worcester. This policy covers student print credit, credit refunds, partner students access to printing facilities and the availability of printing for students across the University of Worcester locations.

This policy applies to all University of Worcester Students.

Print and Copy Policy – Students v1.0

MyDay Policy

The purpose of this policy is to provide clarity regarding the myDay platform. This policy details the governance of the MyDay platform and the request process for MyDay features. 

MyDay Policy v1.0