Acceptable use policy

Regulations for the use of information and communications technology (ICT) Facilities provided by STEM Learning Ltd (National STEM Learning Centre).


1. Introduction
2. Definitions
3. General guidance
4. Privacy
5. Management and accounts of data
6. Data protection and copyright
7. Computer misuse
8. Obscene and offensive material
9. Electronic mail
10. Software
11. Suspected breaches of the regulations
12. Document control


This Acceptable Use Policy (AUP) covers the use of the ICT facilities within and provided by STEM Learning Ltd (including the National STEM Learning Centre and Network and all other STEM Learning Ltd programmes). It is in place to ensure that all users have reasonable access to the facilities, that their use is within relevant legislation, complies with STEM Learning Ltd’s policies and that all users and providers of the facilities understand and satisfy the responsibilities they bear.

This document gives specific guidance on the acceptable use of ICT facilities and the possible consequences of any misuse. It is not a complete statement of the current law. 

This AUP covers all staff, course tutors, delegates and associates using the ICT facilities of STEM Learning, or other equipment connected to STEM Learning's network (including connections via a VPN service). In general STEM Learning will treat misuse of the ICT facilities as a breach of its own regulations and take suitable disciplinary action, whether or not it is a matter for the criminal courts. 

Non-members of STEM Learning (e.g. conference guests, visitors or employees of organisations using the STEM Learning network) must agree to this AUP as a condition of being allowed access to the STEM Learning network. It must be understood that ICT facilities cannot be designed to prevent every form of misbehaviour and it is therefore unsafe to assume that because something is possible it is necessarily permitted (for example, the ability to view an illegal website does not affect the fact that this action is against the law). 

 Any questions about this policy should be directed to the Head of IT in the first instance.


‘STEM Learning’ and the ‘Centre’ - All refer to STEM Learning Limited and the National STEM Learning Centre.

‘The Network’, ‘STEM Learning Network’ or ‘Network service’ - Refers to all network facilities provided by STEM Learning Limited (including internal connectivity and access to external networks such as JANET). 

‘ICT Facilities’ – Refers to the Information & Communications Technology (ICT) Facilities are the computers, tablets, printers, scanners, cameras, telephones, software applications, online services and like devices/systems used for the creation, storage, transmission and manipulation of information, and all infrastructure needed in their support (switches, network fabric, etc). 

General guidance

Users are expected to use STEM Learning's ICT facilities for STEM Learning course or work related activities. Limited personal use by a STEM Learning employee is allowed provided that it does not prevent others from pursuing their legitimate work or interfere with the user's own work. A user's line manager or director can provide guidance on what is reasonable. Personal use by the employee in their own time will normally be acceptable providing it complies with this AUP. STEM Learning accepts no liability for any loss or damage caused by personal use of the network (e.g. for Internet Banking). 

Users must abide by the JANET Acceptable Use Policy at all times.

Where applicable, users must also abide by the University of York's regulations for the use of Computing Facilities.

Network equipment (e.g. computers, laptops, wireless equipment, hubs, switches etc.) may only be connected to the network with specific authorisation from the IT Team. Connecting equipment, even if not owned by STEM Learning, to the STEM Learning network, grants STEM Learning the authority to require access to that system if necessary to investigate a breach of policy. 

Many computers within STEM Learning have a virus protection system installed. Users must not interfere with the operation of this system. The IT Team must be notified if a system is infected.


STEM Learning reserves the right for an appointed person, or persons, to copy and examine any files or information resident on STEM Learning systems. STEM Learning also reserves the right for appointed personnel to monitor network traffic at any time for purposes of network maintenance or security. 

In all cases, access to personal data (files, email, desktop etc.) will comply with the requirements of the Data Protection Act 2018, the Human Rights Act 1998 and the Investigatory Powers Act 2016 - in particular, only authorised staff may take such actions and only when authorised by a suitable person or by the user concerned. Abuse of such authority will be a serious disciplinary offence. 

STEM Learning retains logs of all web browsing and email traffic (but not the contents). These logs will be kept confidential except as authorised under the Investigatory Powers Act. However summaries containing no personal information may be distributed for operational purposes. 

Management of accounts and data

Access to STEM Learning's ICT facilities will normally be withdrawn at the end of each course period (in the case of delegates) or when a user ceases to be a member of STEM Learning. Any files left at that time may be removed without notice. 

Use of ICT facilities is conditional on prior registration with, and granting of access rights by, the IT Team unless certain facilities are specifically exempted from the need for registration. Such an allocation is made on the understanding that the resource will be used only for the purpose for which it was requested.

Each user is responsible for all accounts registered in their name and for all actions conducted when logged in as that account. Where a shared account is appropriate a nominated person will be considered responsible for the account. 

Passwords for personal or delegate accounts must not be disclosed. If it is suspected that a password has been discovered by another person it must be reported to the IT Team immediately. Passwords for shared accounts must only be given to users authorised to use that account. If an authentication method other than passwords is used it should be protected in the same manner. 

A user issued with accounts other than their main one is responsible for ensuring that these accounts are not misused and are removed when no longer needed. 

It is the responsibility of the user to ensure that the data in their account(s) is protected. Reasonable precautions will be taken to ensure the reliability of the STEM Learning servers, but no guarantee of the correct functioning of program or equipment is given.

Data protection and copyright

Users may not create, access or transmit material in such a way as to infringe a copyright, moral right, trademark or other intellectual property right. 

Software and computer-readable datasets made available on the STEM Learning network may only be used subject to the relevant licensing conditions and, where applicable, to the Code of Conduct published by the Combined Higher Education Software Team (CHEST). 

Users shall treat as confidential any information that may become available to them through the use of such facilities and which is not clearly marked as suitable for unrestricted dissemination; such information shall not be copied, modified, disseminated, or used either in whole or in part without the permission of the person or body entitled to give it. 

Participation in distributed file-sharing networks is not permitted except where agreed in advance with the IT Team. 

No user may use ICT facilities to hold or process data relating to a living individual save in accordance with the provisions of current data protection legislation (which in most cases will require the prior consent of the individual or individuals whose data is to be processed). Any person wishing to use ICT facilities for such processing is required to discuss their requirements with the IT Team.

Computer misuse

Users shall not by any wilful, deliberate, reckless, negligent or unlawful act interfere with the work of another user or jeopardize the integrity of data networks, computing equipment, systems, programs, or other stored information. 

Gaining or attempting to gain unauthorised access to any facility or service within or outside STEM Learning, or making any attempt to disrupt or impair such a service, is not permitted. 

The scanning of another machine to determine which services or software is running or installed is regarded as a hostile action. Such scanning is therefore prohibited, whether the target machine is on the STEM Learning network or elsewhere, unless specifically authorised by the IT Team. 

Network sniffing (the viewing of network traffic not directed at the equipment used to listen) is not allowed on the network without explicit permission from the IT Team. 

Users may not undertake (either deliberately or recklessly) activities which may result in the following:

  • the waste of staff effort or network resources, including time on any system accessible via the STEM Learning network; 
  • the corruption or disruption of other users' data; 
  • the violation of the privacy of other users; 
  • the disruption of the work of other users; 
  •  the introduction or transmission of a virus into the network. 

Obscene and offensive material

The following actions are all prohibited: 

  • the creation, transmission, storage, downloading or display of any offensive, obscene, indecent, or menacing images, data or other material, or any data capable of being resolved into such images or material
  • the creation or transmission of material which is designed or likely to cause annoyance, inconvenience or needless anxiety, or to harass another person
  • the creation or transmission of defamatory material about any individual or organisation

STEM Learning reserves the right to filter or block any material deemed to be in breach of this AUP.

Electronic mail

The owner of an account is responsible for all messages sent using that account. 

Users wishing to send an email that includes information that should not be disclosed to anyone other than the intended recipients should make this clear in the message.

This should be done in a short paragraph at the start of the message. If the content of the email contains copyright material, sections that should not be passed onto others or statements that are personal and do not represent the views of STEM Learning then this must be made clear in the message. Email and any other files stored on STEM Learning systems may be used as evidence in a court or industrial tribunal. Information contained in emails created or received by staff as part of their job/contract of employment may also be disclosable under the Environmental Information Regulations 2004 or the subject access provisions of the Data Protection Act 2018. STEM Learning may be required to give over all relevant files/emails as evidence or information contained in emails/file stores in response to a request where the account holder is unable to provide access to the information themselves. For this or other reasons it may be necessary for an authorised member of staff to search a user's email account; this may include messages deleted from the system but held on backup tapes. 

Users must not send offensive or abusive email or propagate chain mail. Statements made in email messages are considered to be "in permanent form" for the purposes of the Defamation Act 1996 and so the sender or STEM Learning or both could be held responsible for any libellous statements made in an email. 

It is recommended that staff keep their STEM Learning email account for work related emails only and open another (external) account for personal use. 

It is not permitted to send any email that does not correctly identify the sender of that email or attempts to disguise the identity of the computer from which it was sent. 

The transmission, without proper authorisation from ICT or Marketing, of email to a large number of recipients, or the sending or forwarding of email which is intended to encourage the propagation of copies of itself is prohibited. Specific tools are provided to handle mass email in a controlled and safe manner; please contact the Marketing Team for further information.


Much software (and many databases and datasets) is only licensed for use on the systems upon which it is installed. Unauthorised copying of such items is commonly known as "piracy" and is an offence under the Copyright, Designs and Patents Act 1988. 

No attempt should be made to copy software or databases/datasets from STEM Learning or other computer systems unless written authority to do so has been obtained from the owner of the information. 

Some software is freely distributable and in this case copies may be taken for personal use without authorisation. However, users are advised to investigate carefully and abide by the terms under which such copying is allowed. 

STEM Learning does not take responsibility for any consequent damage or liability incurred by the copying, installation or running of any software or datasets. 

Software obtained from STEM Learning for use offsite must be used subject to the proper procedures as set out in the relevant licence. STEM Learning subscribes to the CHEST Code of Conduct for the use of Computer Software or Datasets in Higher Education. Breaches of the Code shall be deemed to be breaches of STEM Learning Regulations.

Suspected breaches and regulations

Minor infringements of the regulations will be addressed by the course tutor (for delegates) or the line manager or Infrastructure Coordinator (for staff and associates). For serious offences proceedings may be initiated under either or both of the STEM Learning disciplinary procedure and any appropriate legislation. 

Equipment may be disconnected from the STEM Learning Network without notice to maintain the Network service, to prevent damage to the Network or any Network Service or if a breach this AUP is suspected.


Document control

Document Classification: Public 

Document Date: 09/11/2015 

Last Reviewed: 10/09/2019 

Next Review Due: 10/09/2021