MATA Site Policy


Acceptable Use Of Moodlerooms Policy

Overview:

  • This policy defines appropriate and inappropriate use of Medical & Aesthetic Training Academy (MATA) Moodlerooms systems.
  • Inappropriate use of Moodlerooms Systems exposes MATA to risks such as loss, disclosure or corruption of information; compromise of network systems and services as well as inappropriate or unauthorised access
  • These risks could result in damage to MATA, as well as fines or claims for damages resulting from a breach of legislative, regulatory or contractual obligations.

Audience:

  • Anyone who has access to the Moodlerooms system
  • It also extends to information held on behalf of third parties and partners

Owner:

  • Head of Information ecurity, Head of ata rotection, Head of egal & usiness affairs

Introduction:

Information is an asset, and like any other business asset it has a value and must be protected. This value is not just financial but is based on the consequences of the information or Information systems, being compromised and the negative impact that would have on individuals and MATA. MATA will continue to protect its interests against the inappropriate use of its Information Systems.

For the purpose of this policy, Information ystems is defined as MATA Moodlerooms systems

It is not the intention of this policy to impose unnecessary restrictions on you that conflict with MATA’s culture of openness, trust and integrity. However, your awareness and co- operation is essential for maintaining the effective security of MATA’s Information Systems.

Purpose:

This policy has been written to help you understand what MATA defines as appropriate and inappropriate use of its Information Systems and to remain within those limits during your work with MATA. Inappropriate use exposes MATA to risks such as malware attacks, inappropriate or unauthorised access, corruption, loss or disclosure of information, or a compromise of network systems and services.

It is important that you understand what is required of you and what you need to do to comply with this policy. You must be aware of your responsibilities and understand that failure to comply with this policy may result in disciplinary action being taken against you. If you have any questions about this policy please contact our support team on: [email protected]

Audience:

This policy applies at all times when using the Moodlerooms system. This policy also applies to anyone who has access to the Moodleroom system.

General Use Of Moodlerooms:

Your behaviour: You must act honestly and with integrity at all times to protect MATA’s reputation, in accordance with MATA’s values.

Your role: You must understand your role and responsibilities with regard to the Moodleroom systems. If this is unclear then you must consult MATA’s support team.

Information security incidents: You must report all actual or suspected information security incidents immediately to MATA’s support team using the Information Security Incident Reporting Procedure. Where the incident involves personal information then you must also immediately report the incident to the support team.

Business use: You must not use Moodlerooms for any business activities which are not related to your course with MATA .

Information privacy: Your personal privacy is respected and access controls are in place, but you must understand that MATA may monitor your use with Moodlerooms for security purposes and also to check your compliance with this policy at any time and potentially without notifying you.

Accessing Moodlerooms: When accessing Moodlerooms you must only carry out the activities you are authorised. You must not access or try to access any MATA information where you are not authorised to do so, for example logging into accounts which are not your. Doing so may be a crime under the Computer Misuse Act 1990.

You are responsible for any activity carried out under your username. You must not let anyone else use your Moodleroom username when logged in with your own username and password.

Protecting Restricted Information:

Working with Restricted information: You must not print, share, post, publish, upload or email any information that is likely to be, or has already been classified as Restricted information unless you are authorised to do so. If you need to handle Restricted information then you must take the appropriate measures to maintain its confidentiality, e.g. by using encryption or ensuring its physical security.

Secure use of the internet:

Remote access: When you use a public/shared device to access Moodlerooms remotely you must reject any prompt to save your username or password in the browser for future use. You must also ensure that you log out of the remote access service completely when you are finished and close any open browser.

Where possible you should log out of the device completely and either shut it down or restart the device. It is your responsibility to ensure that your remote access occurs in an appropriate environment.

Secure use of electronic communication:

Sending Restricted information: If you need to communicate any Restricted information or information you consider sensitive then it must be encrypted.

Passwords:

Creation of strong passwords: You must create your unique passwords in accordance with the Moodlerooms Policy.

Keep passwords secure: You must keep all your passwords safe. Dowrite them down in any manner that would make it easy to decipher and do tell anyone your login details or password.

Exemptions and delegated authority: We recognise there may be instances when you do need to share your password, however you must only do this with a valid justification and only after notifying MATA support team. You must thereafter change your password at the earliest opportunity.

Removable storage media:

Using removable storage: If you are copying restricted information to removable storage media (e.g. USB drives, CD/ DVDs etc.) then you must encrypt it in compliance with the Data Encryption Policy and keep it secure at all times.

Secure configuration of Moodlerooms information:

Security tools on Moodlerooms: You must not attempt to bypass or tamper with any of the security measures that MATA has in place.

Specific monitoring: Your communications may be monitored when it appears that Moodlerooms are being misused or used inappropriately. There may be other reasons why your communications are monitored, e.g. in your absence after a formal request is made. This will be in accordance with an authorised investigation.

Monitoring personnel: Access to information obtained through monitoring is controlled and limited to trained and designated staff to ensure an acceptable level of confidentiality and privacy.

Investigation of individuals using Moodlerooms Systems

Why we may investigate your use on Moodlerooms: MATA respects your privacy and does not investigate your activity on Moodlerooms without MATA however is ultimately responsible for all communications on Moodlerooms. It is thereformportant that you understand that MATA can investigate your Moodlerooms communications for the following reason including:

  • To comply with legal obligations
  • To ensure that Moodlerooms policies and procedures are adhered to ‣
  • To prevent or detect unauthorised use of Moodlerooms
  • When necessary, to conduct authorised investigations into an individual user.

Copyright:

Protecting copyright: You must not download, store, copy or transmit the works of others without their permission as this may infringe copyright. Please consult MATA’s support team for further information. If you use copyright protected material without their consent, you may be guilty of an offence under the Copyright, Designs and Patents Act 1988.

Reviewing and amending this policy

Amendments: MATA reserves the right to review and amend this policy on a regular basis. This is the responsibility of Information Security Governance & Compliance.