IT Policies & Practices (Acceptable Use Policy)
This Acceptable Use policy (AUP) is applicable to NP Students, vendors, industrial partners as well as members of the public. For NP Staff, please refer to this link (login required).
A. PURPOSE
The Acceptable Use Policy (AUP) outlines rules and guidelines for using NP's IT resources, including networks, devices, and software. It defines acceptable and prohibited behaviours, aiming to protect assets, ensure security, and maintain a productive work environment. Violations can lead to disciplinary actions.
B. TARGET AUDIENCE
This document is applicable to all NP students, alumni, parents, vendors, industry partners and members of the public who use NP’s IT resources.
C. GOVERNING POLICIES
1. GENERAL REQUIREMENTS
1.1 Users shall use the campus IT Resources according to the purpose for which they are provided, which is for the administrative, teaching and learning activities of Ngee Ann Polytechnic (NP).
1.2 Users shall use the campus IT Resources according to the laws and regulations of the Singapore Government.
1.3 Users shall not abuse or misuse the IT Resources and shall take all reasonable measures to safeguard against any potential abuse, misuse, malicious attacks or theft.
1.4 Users shall not, under any circumstances and in any manner, transfer or copy any software, computer program, personal data, classified information or trade secret that is the subject of any copyright, special licence or other intellectual property right from NP or IT Resources without NP’s prior written consent.
1.5 Users shall not use, modify or adapt corporate IT resources for any commercial purpose or personal financial gains, unless duly authorised by NP in writing.
1.6 Users shall not attempt to monitor another user’s data communications nor access, read, copy, change or delete another person’s files or software without authorisation.
1.7 Users shall not harass or intentionally deny or degrade another person’s legitimate access to IT resources.
1.8 User shall not circumvent any technological access control or protection measures which have been applied to a work or audio-visual item or a performance. Examples of circumvention are cracking of passwords, unscrambling of encrypted information or removal of digital watermarks.
1.9 Users shall not install or use diagnostic and/or vulnerability scanning tools on NP systems and network, unless authorised by NP in writing.
2. DATA HANDLING
2.1 Users shall not obtain data or IT services without authorisation or through fraudulent means.
2.2 Users shall use all data obtained, including personal data, for the purpose which they were collected. Personal data collected may not be reused for a different purpose without first seeking consent from the individuals. Users shall not pass on the data to another organisation without explicit approval from the data owner.
2.3 Users shall securely delete or destroy the data after it has served its intended purpose.
3. ACCOUNTS IDS AND PASSWORDS
3.1 Users shall be responsible and accountable for all activities conducted via his/her accounts.
3.2 Users shall keep their computer accounts and accompanying password confidential and not share or disclose their accounts to anyone.
3.3 Users shall not use a computer account that has been issued to another user.
3.4 Users shall change their passwords at least once every 12 months or whenever there is any indication of possible system or password compromise.
3.5 Users shall not keep a record of password (e.g. on paper, soft copy file or handheld device) unless this can be stored securely.
3.6 Users should change the temporary or issued passwords at first logon.
3.7 Users shall not use the same password for business and non-business purposes. For example, your personal Hotmail, Yahoo or Gmail account shall not have the same password as your NP accounts.
3.8 Users shall use strong passwords to protect their accounts:
a. Use pass phrases for easy recall, e.g. sentences;
b. Minimum length of 12 characters;
c. A combination of Upper case (A-Z), Lower case (a-z), Digits (0-9) or Special characters (!@#$%^&*);
d. Avoid commonly used or easily guessed words, e.g. names, account/user ID, telephone numbers, and dates of birth, etc.
4. PERSONAL COMPUTERS (PCs, NOTEBOOKS or SMART DEVICES)
4.1 Users shall ensure that their personal computers are adequately protected before connecting to NP’s Campus Network. The minimum protection includes:
a. An up-to-date anti-virus software installed and activated;
b. A Personal firewall installed and activated;
c. Latest software security patches installed;
d. Rebooting your personal computers and devices regularly for upgrades and patches to take effect; and
e. Lock screen when away from your personal computers and devices;
5. USE OF AUTHORISED SOFTWARE AND HARDWARE
5.1 Users shall use only authorised software on NP’s systems and network. Authorised software is one which is licensed for use, legally acquired and approved by NP for use. These include Freeware, Shareware and Open-Source Software.
5.2 Users shall not expose the Polytechnic to infringement proceedings resulting from a breach of Singapore Law, including but not limited to the following areas:
a. Copyright;
b. Patent;
c. Trade mark;
d. Registered design; and
e. any other intellectual property laws.
5.3 Under the Copyright Act, individuals, their supervisors, as well as the Polytechnic, are liable for any infringement to the Act. As such, the use or copying of purchased software so that it can be used on a computer other than the computer for which it is licensed is strictly prohibited.
5.4 Unless approval has been granted, users shall not modify or remove software or hardware which NP provides as part of the campus IT Resources.
5.5 Users shall not install, execute, or assist or abet another to install or execute a program that could result in the damage or excessive load to any component or part of the IT Resources or place excessive load on the IT Resources. This includes, but is not limited to, computer viruses, worms, Trojan horses or any other malicious program.
6. EMAIL
6.1 Students shall use only official email accounts ‘@connect.np.edu.sg’ issued by NP for all NP-related correspondences. Students are encouraged to check their mailbox regularly.
6.2 Users shall not spam or send unsolicited commercial mail to others.
6.3 Users shall avoid sending out large email to a large mailing list of recipients.
7. INTERNET ACCESS, USAGE AND SOCIAL NETWORKING
7.1 Users shall be discerning when accessing websites, especially links provided through spam or unsolicited email. Users shall avoid websites of unknown or disreputable origin.
7.2 Users shall be responsible for the content that they upload, post, email, transmit or otherwise make available via NP's IT Resources and shall ensure that intellectual property rights are not infringed in any way.
7.3 Users shall not upload or download, send or post, enter or publish any content to the Internet that is:
a. Illegal as defined under the laws of the Republic of Singapore;
b. Against the public interest, public order, national interest;
c. Incite religious or racial intolerance or are otherwise deemed inappropriate;
d. Distasteful;
e. Objectionable;
f. Indecent, obscene, pornographic, intimidating or defamatory;
g. Prejudicial to the good name of Ngee Ann Polytechnic;
7.4 Users shall be mindful of the public nature of the Internet and shall not discuss or disclose classified or personal data, and proprietary information of NP or of any organisation without authorisation.
7.5 The intellectual property rights to all NP teaching materials (e.g. lecture notes, videos, courseware, tutorials, worksheets etc.) belong to the Polytechnic. Users shall not upload, send or post, enter or publish any NP teaching materials to the Internet.
7.6 Users shall be respectful of NP, staff/lecturers/tutors, students and their rights for privacy.
8. INCIDENT REPORTING
8.1 Staff shall immediately report any verified or suspected security incidents, violations, or potential loopholes to the IT Security Manager at ITSecurityManager@np.edu.sg. Security incidents include, but are not limited to, misuse of email, malware infection, ransomware, phishing, scam, loss of equipment or storage media and unauthorised attempts to obtain classified data or personal data.
8.2 Users shall cooperate fully in investigations of misuse or abuse of the IT Resources. User files, personal computers may be examined under the direction of NP management should NP in its absolute discretion decide that the security of the IT Resources is in any way threatened.
8.3 In the event of a malware infection, users shall immediately disconnect their infected system from the network and contact NP IT Helpdesk or ITSecurityManager@np.edu.sg to initiate appropriate follow up actions.
8.4 Users shall not knowingly connect an endpoint system infected by malware or suspected to be tampered with, onto the campus network.
8.5 Users shall exercise due diligence when dealing with sensitive information and payment.
8.6 Users shall not follow the instructions in suspicious emails.
a. Do not click on link or attachment in the email.
b. Do not download file from unknown websites or internet resources.
c. Do not provide credentials (i.e. account name and passwords).
d. Do not pay ransom in the event of ransomware attacks.
9. FAILURE TO COMPLY
9.1 The Polytechnic reserves the right to take disciplinary proceedings against the offending user in the event that he/she conducts himself/herself in any manner considered to be irresponsible or is abusive of the computing facilities accorded to him/her.
9.2 Users who fail to comply with this Acceptable Use Policy and other relevant Terms and Conditions of Use shall be subjected to penalties imposed. The penalties may include, but not limited to, withdrawal of computing services and/or termination of service, or dismissal from course of study.
D. GLOSSARY
1. Users – Individuals who access and/or use NP's IT Resources.
2. IT Resources – This refers to NP’s computing facilities, services, systems, infrastructure, information and data.
3. Personal computers – Any computing device not owned by NP such as Desktop PCs, Notebooks or mobile devices.
4. Authorised Software – Software which is licensed, legally acquired and approved by NP for use. These include Freeware, Shareware and Open-Source Software.
5. Personal Data - This refers to data belonging to an individual.