Self-managed and personal machines policy

Notes

• If you use a self-managed or personal machine to handle sensitive data, then you must follow the requirements of the encryption of devices policy, whether or not the machine is connected to the University network
• See also Self-managed security - if you have a self-managed machine, it is your responsibility to ensure that it is kept secure against unauthorized access.

Conditions

Network connections for users' self-managed machines (including personal machines) are made subject to the following conditions:

1. All access is subject to the University's Computing Regulations. By connecting to the network you are agreeing to be bound by these regulations.
2. Machines which are found to be disrupting the service for other users, or which are observed or reported to be compromised, or where users otherwise breach these conditions will normally be disconnected from the network until such time as any issues are resolved. We run regular scans to identify vulnerabilities with web applications, unpatched software and configuration weaknesses, all which can pose a significant threat to network security.
3. Users must abide by the School's policies applicable at the time.
4. Users are reminded that they must comply with all relevant statutory provisions, in particular the Computer Misuse Act 1990, the Data Protection Act 2018, the data protection laws and regulations (resources), the Regulation of Investigatory Powers Act 2000 and the Freedom of Information (Scotland) Act 2002. Note that the Head of School's explicit permission may be required for certain activities, even on self-managed machines, so that the University's statutory obligations are met. Seek advice if in doubt.
5. In order to comply with the University's Policy on taking sensitive information and personal data outside the secure computing environment it is required that users encrypt any Personal Data held on portable devices, including laptops, CDs, DVDs and USB memory sticks.
6. Users must abide by the various Acceptable Use Policies of any networks they access or traverse. Note in particular that all external-to-EdLAN traffic is carried over the Janet network (the UK-wide academic network) and is subject to the Janet AUP.
7. Users must ensure that the software and systems on their machines are kept fully patched and appropriately configured against security vulnerabilities. Licenses for non open-source software must be obtained as required. Adequate and current anti-virus protection must be installed. Users must also ensure that an effective screenlock is activated.
8. Users must ensure that they disable any wireless access-point-type behaviour. Users may associate with existing wireless networks, but must not create new wireless networks without prior agreement. The School's Wireless Policy has more details.
9. Users are reminded that to comply with the Health and Safety at Work etc Act 1974 and its associated Regulations, all mains-powered equipment is required to undergo a periodic electrical safety test. Equipment which fails such a test must not be used.
10. Users must respond in a timely manner when any vulnerability on their machine has been identified.
11. Users must run regular backups to ensure that copies of data are available for restoration in the event of a disk or system failure.

Please send in a support request in the usual way if you would like to discuss your self-managed machines.