Skip Ribbon Commands
Skip to main content
Sign In

: : IT Policies & Practices (Acceptable Use Policy)
IT SECURITY ADVICE


  1. Clear your browser's cache and history after each session, especially if you are using a shared/public PC.

  2. Do not store your NPNet Login ID/Password when using the browser.

  3. Never use the same NPNet Login Password for other Internet services such as free email (eg Yahoo! mail), online shopping and other online subscription services.

  4. Always LOGOUT from your online session before leaving your system, even for a short while.
                                               

TOPICS

1   GENERAL REQUIREMENTS
2   DATA HANDLING
3   ACCOUNT IDs & PASSWORDS
4   ENDPOINT DEVICES (PCs, NOTEBOOKS or SMARTPHONES) AND PORTABLE STORAGE MEDIA
5   USE OF AUTHORISED SOFTWWARE AND HARDWARE
6   EMAIL USAGE
7   INTERNET ACCESS, USAGE AND SOCIAL NETWORKING
8   NETWORK AND REMOTE ACCESS
9   INCIDENT REPORTING
10 RIGHTS OF THE POLYTECHNIC
11 FAILURE TO COMPLY

GLOSSARY
1 GENERAL REQUIREMENTS

1.1
Users1 shall use the campus IT Resources3 according to the purpose for which they are provided, which is for the administrative, teaching and learning activities of NP.




1.2
Users shall familiarise themselves with the Polytechnic's IT Security Policies and Guidelines posted in the Intranet. 






1.3
Users shall use the campus IT Resources according to the laws and regulations of the Singapore Government. 



1.4
Staff and associates shall comply with Government Instructions Manual (IM) and other regulations and guidelines when handling Government classified data or Personal data.



1.5
Users shall not abuse or misuse the IT Resources and shall take all reasonable measures to safeguard against any potential abuse, misuse, malicious attacks or theft. Abuse or misuse of the IT Resources includes, but not limited to, the doing of any act that would contravene the provisions of:
a. Copyright Act; 
b. Computer Misuse Act;
c. Spam Control Act;
d. Films Act;
e. Penal Code; 
f. Undesirable Publications Act; 
g. Broadcasting & Television Act; 
h. Indecent Advertisements Act; 
i. Common Gaming Houses Act; 
j. Maintenance of Religious Harmony Act; 
k. Singapore Broadcasting Authority Act (in particular, Internet Code of Practice); 
l. Official Secrets Act; and
m. Personal Data Protection Act.






1.6Users shall not, under any circumstances and in any manner, transfer or copy any software, computer program, personal data, classified information or trade secret that is the subject of any copyright, special licence or other intellectual property right from NP Premises or IT Resources without NP’s prior written consent.



1.7Users shall not use, modify or adapt corporate IT resources for any commercial purpose or personal financial gains, unless duly authorised by NP in writing.



1.8
Users shall not attempt to monitor another user’s data communications nor access, read, copy, change or delete another person’s files or software without authorisation.






1.9
Users shall not harass or intentionally deny or degrade another person’s legitimate access to IT resources.



1.10
User shall not circumvent any technological access control or protection measures which have been applied to a work or audio-visual item or a performance. Examples of circumvention are cracking of passwords, unscrambling of encrypted information or removal of digital watermarks.




1.11
Users shall not install and use diagnostic and/or vulnerability scanning tools on NP production systems and network under any circumstances, as such tools may be used to compromise the security of the systems.







1.12
Users shall not cause damage or otherwise attack or degrade the performance of NP network or systems.



1.13
Upon termination of employment (for staff), termination of contract (for associates) or cessation of study (for students), users shall promptly declare and return to NP all NP assets, software, files, manuals and material of whatever description and copies thereof, and any or all material which in the opinion of NP is of a secret or confidential nature relating to the Polytechnic's business or affairs which are in his possession or under his control. 





 
2 DATA HANDLING
2.1 Users1 shall not obtain data or IT services without authorisation or through fraudulent means.
2.2Users shall use all personal data obtained for the purpose which they were collected from individuals or obtained from other organisations.  Personal data collected may not be reused for a different purpose without first seeking consent from the individuals.  Users shall not pass on the data to another organisation without explicit approval from the data owner.
2.3Staff shall abide by the IM8 Policy on Data Management and NP’s Data Administration Policy when releasing NP data to individuals or other organisations. The Data Administration Policy is available in the IT Service Portal.
2.4Staff shall exercise due diligence to ensure the confidentiality, availability, accuracy and consistency of NP’s data, as well as data obtained from other organisations.
2.5Staff shall safeguard data in their possession in accordance to the data classification and sensitivity of the data. Staff shall exercise due diligence when applying the relevant methods of protection such as:
a. Physical security;
b. Encryption of classified data or personal data residing on NP-issued and centrally-managed (NICE) notebooks and/or
    NP-issued portable storage devices, e.g. portable harddisks, thumbdrives and SD Cards; and
c. Adherence to relevant policies and procedures.
 
3 ACCOUNT IDs & PASSWORDS
3.1 Users1 shall be responsible and accountable for all activities conducted via his/her accounts.

3.2Users shall keep their computer accounts and accompanying password confidential. Users shall not attempt to share or disclose their accounts to anyone. Users shall not email the information to a third party.
3.3Users shall not use a computer account that has been issued to another user.
3.4Users shall change their passwords every 90 days to prevent break-in.
3.5Users shall change passwords whenever there is any indication of possible system or password compromise.
3.6Users shall not keep a record of password (e.g. on paper, soft copy file or handheld device) unless this can be stored securely.
3.7Users shall avoid re-using or recycling old passwords.
3.8Users should change the temporary or issued passwords at first logon.
3.9Users shall not include passwords in any automated log-on process, e.g. stored in a macro or function key.

3.10Users shall not use the same password for business and non-business purposes. For example, your personal hotmail, yahoo or gmail account shall not have the same password as your NP accounts.

3.11Users shall select quality passwords which are:
a. Easy to remember;
b. At least 8 characters long,;
c. A mix of upper and lower case letters and numbers, and special characters where supported by the system;
d. Not based on anything that can be easily guessed or obtained using person related information, e.g. names,
    telephone numbers, and dates of birth, etc.; and
e. Not consist of words included in dictionaries.

 
4 ENDPOINT DEVICES (PCs, NOTEBOOKS or SMARTPHONES) AND PORTABLE STORAGE MEDIA
4.1 Staff shall use only NP-issued and centrally managed (NICE) equipment on the Staff network.  Only NICE equipment such as notebooks and mobile devices may be used to access classified corporate services such as corporate eMail, VPN, NPal and Sharepoint. Staff shall not have local administrative rights to NICE notebooks.


4.2 Personal endpoint devices may be used on the NP Wireless network which is provisioned for Teaching & Learning purposes.

4.3
Users shall ensure that their systems are adequately protected before connecting to NP’s Campus Network.  The minimum protection includes:
a. An up-to-date anti-virus software installed and activated;
b. A Personal firewall installed and activated; and
c. Latest software security patches installed.



4.4

Users shall exercise due diligence to ensure all critical and security patches for their endpoint devices are applied within 1 week from the date of patch release.


4.5

Staff have up to 5 invalid login attempts when using NPNet accounts.  The account would be locked on the 6th invalid login attempt for 25 minutes.  This is to prevent robots from hacking the system.  The account would be released after 25 minutes.
 

4.6

Users shall turn off communication ports, such as WiFi or Bluetooth, when not required.


4.7

 Users shall be accountable for the confidentiality of data residing within their control. Users shall not share out directories on their endpoint devices.


4.8

Staff  shall use only authorised Portable Storage Media to store classified data or personal data. Only Portable Storage Media that meet FIPS 140-2 Level 3 Certificate (or equivalent standard) with authentication and minimally AES-256 bit encryption are authorised for storing classified or personal data. Portable Storage Media refer to thumbdrives, flash memory cards, portable hard disks and optical storage media.


4.9

Staff shall use the authorised storage media for following approved functions: (a) Data Transfer between WOG notebook and NICE notebook, (b) Transfer of large files or large volume of data where email or network is not feasible, and (c) IT Support involving Classified data.  Staff may also take the portable storage media out of campus if necessary as pre-approved by the Principal.


4.10

Consumer-grade Portable Storage Media may be used to store Teaching and learning materials which are unclassified, or for IT Support involving unclassified data.  For example, patching of server and equipment without internet access, and support for student notebooks.


4.11


Users shall not place their notebook, portable electronic storage media and authentication token near an exterior window or public access area where it could be subject to physical theft.


4.12


Users shall not leave their notebook, portable electronic storage media and authentication token unattended.  If it is not possible, these shall be securely locked away when not in use, or the notebook secured with a high quality cable lock by attaching it to something immovable.


4.13


Users shall not store their portable storage media and authentication tokens together with the notebooks when bringing them out of NP.

When Travelling
4.14Unless carry-on restrictions are imposed, users shall hand-carry their notebook, portable electronic storage media and authentication token when travelling overseas.


4.15

When clearing customs, users should hold onto their notebooks, portable storage media and authentication tokens until the person in front has gone through the metal detector.


4.16

When travelling to countries with carry-on restrictions, the checked in notebook shall not contain any classified or personal data in the local hard disk.  Email stored on the local hard disk shall not exceed 1 month.  Classified data should be stored on the intranet  to minimise the risk of losing portable storage media.  Portable storage media containing classified data or personal data, and authentication token shall be kept with the staff at all times.


4.17

Staff shall bring minimum classified data or personal data required for the business travel. All classified data or personal data stored in portable devices shall be encrypted.

 
5 USE OF AUTHORISED SOFTWARE AND HARDWARE

5.1

Users
1 shall use only authorised software5 on corporate endpoint devices. Authorised software is one which is licensed for use, legally acquired and approved by NP for use. These include Freeware, Shareware and Open Source Software.


5.2

Users shall use only authorised software and/or hardware from their endpoint devices within our campus network. Users shall write in for explicit permission to install and use software and/or hardware that is not authorised by NP.  Software and/or hardware that may compromise the security of NP systems are not authorised for use by NP.  Examples of such software and/or hardware include those which may affect the performance of campus network infrastructure or those which may result in loss of confidentiality, integrity or availability of data.

5.3All software used on corporate endpoint devices and within our campus network shall meet legal requirements, such as having valid licenses. Users shall participate in the annual Software License Audit.


5.4

Users shall not expose the Polytechnic to infringement proceedings resulting from a breach of Singapore Law, including but not limited to the following areas:
a. Copyright;
b. Patent;
c. Trade mark;
d. Registered design; and
e. Any other intellectual property laws.


5.5

Under the Copyright Act, individuals, their supervisors, as well as the Polytechnic, are liable for any infringement to the Act. As such, the use or copying of purchased software so that it can be used on a computer other than the computer for which it is licensed is strictly prohibited.


5.6

Unless approval has been granted, users shall not modify or remove software or hardware which NP provides as part of the campus IT Resources3.


5.7

Users shall not install, execute, or assist or abet another to install or execute a program that could result in the damage or excessive load to any component or part of the IT Resources or place excessive load on the Computer Resources. This includes, but is not limited to, computer viruses, worms, Trojan horses or any other malicious program.


5.8

Users shall scan software for viruses or other malicious program before installing or using on NP-issued endpoint devices or within NP campus network.

 
6 EMAIL USAGE

6.1

Users
1 shall not spam or send unsolicited commercial mail to others.


6.2

Staff and associates2 shall not indiscriminately forward corporate email to an Internet service provider email account.


6.3

Users shall avoid sending out large email to a large mailing list of recipients. Whenever possible, large attachments should be hosted in a separate repository and only a link shall be provided in the email.


6.4

Users shall housekeep their mailbox regularly. Email that needs to be kept for department records shall be moved out of the user mailbox and kept in the respective departmental repositories.


6.5

Staff shall use the NP email address (@np.edu.sg) for official correspondences. For purpose of enriching teaching and learning, staff may explore the use of other email systems.


6.6

Staff shall make use of the following Email delivery functions to maintain authenticity, integrity and security of their email:
a. SIGN function to digitally sign their email when authenticity is required;
b. To further ensure data integrity, staff shall use the PREVENT COPY function to avoid alterations; and
c. Staff shall use the Encrypt function to ensure that the readership is limited to only those in the circulation list.


6.7

To further safeguard our email correspondence, it is highly recommended that staff add the following clause to their email footer: “This message may contain privileged/confidential information. If you are not the intended recipient of this email, please delete it and notify the sender immediately.” This helps us in assessing the extent of the damage as a result of incorrect recipients.


6.8

For staff who are maintaining distribution lists, the following additional clauses shall apply:
a. Your messages shall state the means for the recipients to unsubscribe from the distribution list;
b. The recipient's name shall be removed within 10 working days from the day the unsubscribe request is submitted;
    and
c. The subject for advertising mail shall be prefixed with <ADV>.

 
7 INTERNET ACCESS, USAGE AND SOCIAL NETWORKING

7.1

Users
1 shall be discerning when accessing websites, especially links provided through spam or unsolicited email. Users shall avoid websites of unknown or disreputable origin.


7.2

Staff should not allow automatic execution of codes* or plug-ins on their endpoint devices. Staff should configure their systems to prompt for permission before executing trusted codes. *Examples of codes are Active X, Java, Javascript, etc.


7.3

Users shall be responsible for the Content that they upload, post, email, transmit or otherwise make available via NP's IT Resources3 and shall ensure that intellectual property rights are not infringed in any way.


7.4

For social networking and publishing content associated with NP, users shall take responsibility for the content and shall include a disclaimer stating that they are conveying a personal view-point and not from a corporate NP position.


7.5

Users shall not upload or download, send or post, enter or publish any content to the Internet that is objectionable or illegal under the Singapore Law.


7.6

Users shall not upload or download, send or post, enter or publish any content to the Internet that is against the public interest, public order, national interest, racial and religious harmony, or which offends good taste or decency, or is otherwise indecent, obscene, pornographic or defamatory.


7.7

Users shall not upload or download, send or post, enter or publish any content to the Internet that is confidential, distasteful or prejudicial to the good name of the Polytechnic.


7.8

Users shall be mindful of the public nature of the Internet and shall not discuss or disclose classified or personal data, and proprietary information of NP or of any organisation without authorisation.


7.9

The intellectual property rights to all NP teaching materials (e.g. lecture notes, videos, courseware, tutorials, worksheets etc.) belong to the Polytechnic.  Students shall not upload, send or post, enter or publish any NP teaching materials to the Internet.  Staff shall not publish or otherwise make available any NP teaching materials on the Internet except in accordance with the policy of NP or its School/Division.


7.10

Users shall be respectful of NP, staff/lecturers/tutors, students and their rights for privacy.


7.11

Users shall be mindful of the need to safeguard personal and official information. Users shall not disclose, publish and/or host such information on external websites without proper authorization from the owner(s). Personal and official information shall be used for its intended purpose and shall be securely discarded immediately after use.


7.12

Users hosting forums, discussions and other sites supporting posting by visitors of the site shall ensure that the sites are moderated or actively monitored for acceptable contents.


7.13

Users intending to use corporate branding and identity such as NP's logo and the '.np.edu.sg' domain name, in online or on printed materials shall seek advice and clearance from the Corporate Communications Office.

 
8 NETWORK AND REMOTE ACCESS

8.1

Users
1 shall not install and operate their own wireless Access Points emulating or interrupting the performance of campus network infrastructure wireless Access Points.


8.2

All campus network infrastructure wireless Access Points shall be operated and managed by Computer Centre. Computer Centre reserves the right to remotely disconnect any unregistered devices that are interfering with the normal performance of campus network infrastructure.


8.3

Users shall manage the access to rooms where staff wired outlets are available. Only NICE computers are authorised to be connected to a staff wired outlet.


8.4

When connecting from home and campus wireless network, users shall use only NICE endpoint devices and enable the Virtual Private Network service to access staff intranet services.
8.5Staff shall access the Singapore Government Network (SGNet) from a WoG notebook.


8.6

Staff shall not concurrently connect to wireless network (e.g. campus wireless network and mobile broadband) and staff wired connection to avoid becoming a bridge between the insecure wireless environment to our secured staff network.

 
9 INCIDENT REPORTING

9.1

Users
1 shall immediately report any security violations, weaknesses, suspected violations of laws or policies and any loopholes or potential loopholes in the security of the IT Resources to the Computer Centre via email to ITSecurityManager@np.edu.sg.  Security incidents include, but are not limited to, misuse of email, malware infection and unauthorised act by a person to obtain classified data or personal data.


9.2

Users shall cooperate fully in investigations of misuse or abuse of the IT Resources. User files may be examined under the direction of NP management should NP in its absolute discretion decide that the security of the IT Resources is in any way threatened.


9.3

In the event of a malware infection, users shall immediately disconnect their infected system from both wired and wireless network, and contact CC Helpdesk or email to IT Security Manager  at ITSecurityManager@np.edu.sg to initiate appropriate follow up actions.


9.4

In addition, users shall retrieve all removable storage media from locked cabinets and subject them to the necessary investigation, cleaning and recovery process.


9.5

Users shall not knowingly connect an endpoint device infected by malware onto the campus network.


9.6

Users shall immediately report any lost endpoint devices, portable storage media or loss/compromise of NP Classified data or personal to  the IT Security Manager via email to ITSecurityManager@np.edu.sg.

 
10 RIGHTS OF THE POLYTECHNIC


10.1

The Polytechnic shall have the right to access and disclose any information stored on NP-issued endpoint and peripheral devices.


10.2

The Polytechnic shall have the right to access and disclose any email messages composed, sent or received using NP Email Systems.


10.3

The Polytechnic shall have the right to control, monitor and disclose information stored on NP-issued equipment, users’ Internet access activities and email.


10.4

The access and disclosure of email messages shall be authorised by Principal, and shall be conducted under strict control and supervision.

 
11 FAILURE TO COMPLY

11.1

The Polytechnic reserves the right to take disciplinary proceedings against the offending user in the event that he/she conducts himself/herself in any manner considered to be irresponsible or is abusive of the computing facilities accorded to him/her.


11.2

Users
1 who fail to comply with this Acceptable Use Policy and other relevant Terms and Conditions of Use shall be subjected to penalties imposed. The penalties may include, but not limited to, withdrawal of computing services and/or termination of service, or dismissal from course of study.

 
GLOSSARY
1 Users – All Staff, associates and students of NP who has been authorised to access NP’s IT Resources.
2 Associates – Any third party staff who are not directly employed by NP or business partner who requires access to campus IT Resources to fulfil their contractual or other obligations to NP. Examples: Vendor staff, visiting or guest lecturers, International Fellows, etc.
3 IT Resources - The computing facilities, applications and related systems and infrastructure, networks, information and data, and the human resources involved in the provision and maintenance of the services, applications and infrastructure.
4 *Personal Computers – Personal computers, notebooks, network computers and personal digital assistants that are used to store, process or access NP Resources.
5 Authorised Software – Software which is licensed for use, legally acquired and approved by NP for use. These include Freeware, Shareware and Open Source Software.
Last updated:
Best viewed at 1024 x 768 resolution with Internet Explorer 7+ & Mozilla Firefox 11+.
Copyright © Ngee Ann Polytechnic. All rights reserved.
535, Clementi Road, S599489.
Telephone: (+65) 6466 6555
Rate this website