Document Control

Rev.	Author	Date	Comments
0.1	Richard Bartlett	28 Jan 2014	Original proposal to Council of School for approval
1.0	Richard Bartlett	12 Apr 2016	IT Committee approved final version with Application and Support sections.

 

This policy sets out the minimum standard which should be met by all IT Service Providers to the School, to ensure that those services are efficient, effective, and comply with the relevant legal, government and University obligations. The User Experience describes what staff should expect to receive from their Department’s IT Service Provider, and the Departmental Responsibilities describe the requirements which the Department’s IT Service Provider must fulfil in order to protect the data in their care.

Scope

This policy covers all Institutions under the School of Clinical Medicine, and their IT Service Providers (whether within or outside the School).

The User Experience

1. Staff should have access to a reliable desktop system of sufficient capacity and performance which provides them with access to the applications and data they need to do their job.
2. Students should have access to the computing facilities and network services necessary for their course
3. Staff should have access to IT Support from suitably qualified staff, to provide help in the event of a system fault or where they need information about how to use a system or access data.
4. In the event of a failure of their desktop system, staff should have access to an alternative system to ensure they can continue to work, even if it provides reduced functionality.
5. Staff and students should be able to access the network and central systems provided by their department or the University during working hours, except where advanced notice has been given of system downtime, or in the event of unforeseen critical error (downtime in that event not exceeding 1% of working hours per ).

Departmental Responsibilities

6. Systems connected to the University network can only be accessed by authorised persons, through network control mechanisms and some form of centralised authentication service.
7. Authentication attempts (successful or not) are logged, such that it is possible to identify who was apparently using a system at any given point in time.
8. Teaching, research and administrative data is stored centrally (not on the desktop hard drive or removable storage), protected against unauthorised access and accidental disclosure, and backed up to a separate storage system to protect against data loss in the event of a system .
9. Data is accessible only to those who need it, particularly in the case of personal data covered by the Data Protection Act, including data which is partially anonymised or patient identifiable data.
10. Users are aware of, and comply with the School Acceptable Use Policy, which includes those obligations arising from the Rules Made by the Information Services Committee and the JANET Acceptable Use and Security Policies.

Application and Review

Each Institution in the School should report the level to which they comply with this standard to the School IT Committee.  If there is any change to the level of compliance due to changes within the operation of an Institution (or their IT Service Provider) they should report this to the School IT Committee.

The standard will be reviewed annually by the School IT Committee, and any changes will be proposed by that Committee and submitted for approval to the Council of School.  If changes to the standard are approved all Departments should confirm their compliance with the standard to the School IT Committee.

Support

Where Institutions require support to comply with the standard (either technical advice, implementation support, provision of service or financial subsidy) they should first contact the Head of General Division in the School Office, who will direct them to the appropriate School or University section.