Purpose of VTC IT Resources :
VTC IT resources are managed and operated by Information Technology Services Division (ITSD) to provide, quality, equitable, and cost-effective information and communication service to VTC staff and students. VTC IT resources are for official purposes approved by VTC. All individuals affiliated to VTC are responsible for (1) use IT Resources in an effective, ethical and lawful manner (2) follow best practices provided in this document, both in letter and in spirit.
The VTC Network :
VTC Network is a high-speed network which connects all VTC campuses to the central network equipment in Headquarters.
Authorization to use VTC Network :
Use of VTC Network must be authorized in advance. VTC Network is open to all VTC staff and students for purposes stated above, which should be considered as a privilege rather than right. To be authorized, a staff or student should follow steps listed below :
A staff or student must have a valid Computer and Network Account (CNA) before using any VTC IT resources.
- Staff should apply CNA for using VTC IT resources. Student CNA will be created automatically according to information from Student Records System (SRS) or information from SHAPE Admission Offices.
The Computer and Network Account (CNA) :
CNA is the key for individual to access VTC IT resources. CNA users should read this policy carefully before activating their CNA. By activating a CNA, it means that user have read, understood and agreed to observe the policy. CNA users will then abide by all the prevailing policies, rules, best practices and standards applicable to the use of VTC IT resources, which is announced by Information Security Committee (Infosec Committee) or as promulgated on VTC Information Security website from time to time.
This policy will be reviewed and updated to incorporate new rules and regulations as deem necessary and appropriate. VTC reserves the right to suspend or terminate a user's CNA and the services provided, if he/she is being found breaching this policy.
Acceptable Use Policy of VTC Network :
Use of VTC Network shall conform to the following principles:
Be consistent with the purposes of VTC Network,
Avoid interfering with the work of other users of the VTC Network,
Avoid disrupting the network host systems (nodes) in VTC Network,
Avoid disrupting network services,
Avoid violating any laws or regulations which govern access of VTC system, network, or Internet
Acceptable Use Policy of CNA :
CNA is non-transferable and user is not allowed to let other people use his/her account. Password of his/her account shall be kept confidential at anytime.
CNA users shall immediately report any system security violation, or any suspected system security violation to their local technical support / representatives.
Irresponsible use of VTC IT resources like abuse VTC’s electronic mail system is prohibited. CNA user must make sure that his/her email and all the mail attachments are virus-free.
For each CNA, an appropriate amount of storage is allocated for storing e-mail messages and attachments. Therefore, CNA user is advised to back up important messages and attachments, and delete outdated messages and attachments. They are also advised to empty the trash folder frequently.
Departing staff's CNA will be deleted on the following day after his/her last service day according to the information from HRMIS, he/she should transfer the ownership of mailing list and/or department account to other colleagues before leaving.
Student CNA will be automatically deleted by the time he/she no longer be an active student. Therefore, student CNA user is recommended to back up all his/her e-mail messages and attachments before the day come.
Best practices :
The following best practices with examples can help users apply the above mentioned principles :
VTC IT resources are provided for the support of teaching, learning, consultation and administration purposes only. It is not to be used for commercial purposes, such as marketing, advertising or business transactions between commercial organisations. Example :
Setting up websites that are irrelevant to the teaching, learning, consultation or administrative purposes is strictly prohibited.
Commercial advertising is forbidden. But discussion of a product's relative advantages and disadvantages by users of the product is allowed and encouraged. Vendors may respond publicly to questions about their products as long as the responses are not in the nature of advertising.
Any user is not allowed to transfer or resell the VTC IT resources, which has been allocated to him/her, in various possible forms, such as network bandwidth and connection time, access rights, computer budget, etc.
Example: Sharing accounts and passwords between users may result in security breaches and should be prohibited.
Activities which will interfere in the intended use, cause congestion or impair the healthy state of the VTC Network are unacceptable and prohibited. Research and experimentation on network should be carried out with great caution. Negligence in the conduct which will lead to the contrary of the aforementioned best practices is irresponsible and unacceptable. Example:
Downloading or uploading multiple large files (e.g. entertainment files, software or games) irrelevant to the teaching, learning, consultation or administrative purposes is strictly prohibited.
Experiments on the network which will lead to exhaustive flooding of its available bandwidth should be avoided. Networking experiment for teaching purposes should be done in an isolated environment to avoid impairing the healthy state of VTC Network.
Any waste of VTC IT resources is unacceptable. Example:
Repetitive retrieval of copies of the same files by a user who does not keep a copy on his/her own system is considered a waste of network resources and should be avoided.
Sending SPAM email (unsolicited bulk commercial email) wastes the VTC IT resources and may cause negative impact to VTC’s image. Such activity is strictly prohibited.
Any communication which violates applicable laws and regulations, including but not limited to those related to copyright, data privacy and transmission of obscene and indecent materials, is not allowed. Offenders may be subject to disciplinary actions and/or incur civil/criminal liabilities. Examples:
The installation, modification and/or use of any software in the user's office computer without proper licensing are strictly prohibited. Software licensed only for the user's personal use cannot be installed in his/her office computer.
Copyrighted materials, including those downloaded from the Internet, should not be stored in the VTC IT system or disseminated to others without the prior permission of the copyright owners.
Users must not compromise the confidentiality and privacy of other users of VTC IT resources and the integrity of data and information mounted on or transmitted through the VTC Network. A breach of these principles is generally considered a legal offence and users concerned may be liable to civil and/or criminal liabilities.
Example: Unauthorised reading, altering, intercepting of, electronic eavesdropping on, any network communications over the network or data kept on systems on the network are examples of violation of these principles.
Irresponsible use of electronic mail to harass or offend others users of the network are prohibited and may lead to suspension/ cancellation of the CNA, other disciplinary actions as appropriate and/or even lead to civil or criminal consequences. Users should observe good conduct and common courtesy to respect other users.
Example: Sending out chain letters, broadcasting/ circulating messages, disseminating messages that contain statements of personal attack/criticisms or unverified incidents/rumors or any other forms of network communications that harass or offend other users of the network, and the use of false identities/ email addresses are considered irresponsible use.
VTC Email is an official communication channel among staff and students. It should be used for learning and teaching purpose only. VTC Email accounts shall not be used for other purposes such as:
Register public websites, such as forum/discussion group, chat rooms or eBay
Conduct commercial activities, such as marketing or business transactions
Send irrelevant or chain mails to a large number of recipients
Broadcast messages which are likely to harass or offend others
Users are responsible for taking adequate security measures to protect the VTC's computer equipment and facilities from physical damage or loss, and guard against unauthorized access to the VTC IT resources.
Example: Installation of unauthorized Internet connection (e.g. dial-up, broadband Internet access), server (e.g. DHCP server), network equipment (e.g. modem, switch), remote access software (e.g. pcAnywhere, terminal service) and wireless access point introduces security holes to the VTC Network. If such activities are required for teaching, learning, consultation or administrative purposes, they should be implemented at an environment isolated from the VTC Network.
Users are responsible for taking adequate security measures to protect the VTC IT resources from unauthorized access and/or modification.
Example: If users are using systems that are developed or acquired by their own to handle the VTC's information, adequate security measures must be implemented according to VTC’s Information Security Policy.
Monitoring use of VTC IT Resources :
VTC Network is a high-speed network which connects all VTC campuses to the central network equipment in Headquarters.
Purpose of monitoring
VTC adopts various measures to log and monitor use of VTC IT resources for the following purposes :
to maintain a stable IT environment for academic and business activities in VTC
to provide necessary information for VTC management to ensure proper and effective use of VTC IT resources
to ensure the integrity and security of the confidential academic and business information
Scope of monitoring
VTC reserves the rights to log any user activities on VTC IT resources. The log may contain (but not limited to) CNA ID, date, time, email recipient address, email header, URL of website, etc. For email services, VTC reserves the right to access the content of emails held in a staff/student mailbox when there is reasonable suspicion of violation of the VTC’s policies.
Use of information gathered from monitoring
Logs and recorded information of emails collected during monitoring process will be used for ensuring compliance with VTC’s policies. Log files will be kept and be erased for a specific period of time (usually 1 year). In order to respond the legal processes or investigation of activities which suspected to breach VTC’s policies, VTC reserves the right to access content of logs and recorded information. Authorization to access the logs and recorded information is restricted to authorized staff of the ITSD or Computer Centres at operational units. Access to contents of emails requires the authorization of the Chairman of Infosec Committee or senior management.
Right of Authorized ITSD/Computer Centre Staff
Users are expected to take reasonable measures to ensure their use of the VTC IT resources are conformed to the above best practices and Regulations. For the avoidance of doubt, acting on complaint is considered as a reasonable measure.
Without prejudice to the provisions under the Personal Data (Privacy) Ordinance, in case of suspected violation of this policy, authorized staff of ITSD or Computer Centres at operational units shall have the right to access VTC IT resources of user concerned, suspend his/her use of VTC IT resources for investigation purposes, and/or where the circumstances warrant, to report the case to relevant authorities and to take appropriate actions as required by relevant authorities.
Interpretation of the Policy and Enquires
This policy is not exhaustive. The final authority for this policy lies with Infosec Committee. It is the responsibility of user to contact Infosec Committee, in writing, regarding questions of interpretation. Until such issues are resolved, questionable use should be considered as "not acceptable" and hence be avoided.
For enquiries, please contact local support via department.