Skip to content
  • info@equracollege.org.uk
  • Twickenham, United Kingdom
  • How to Apply
  • Fees & Funding
  • Visit/ Open day
REGISTER NOW

IT Acceptable Use Policy (Staff)

1. Purpose

This policy sets out how staff must use Equra College London (“Equra”) IT systems, accounts, devices, networks and digital services. It protects students, staff, organisational information, academic standards and system security.

2. Scope

This policy applies to all staff, contractors, volunteers and anyone authorised to use Equra systems, including:

  • Email, cloud storage, shared drives and collaboration tools
  • Learning platforms, student systems and assessment tools
  • Website/admin panels and marketing systems
  • Finance/HR systems
  • Equra devices and authorised personal devices used for Equra work
  • On-site and remote working environments

3. General obligations

Staff must:

  • Use Equra systems for legitimate business and academic purposes
  • Follow information security requirements and training
  • Protect confidentiality, privacy and assessment integrity
  • Use professional communications and maintain appropriate boundaries
  • Report incidents, risks and suspected breaches promptly

Staff must not:

  • Share accounts or passwords
  • Access data they do not need for their role
  • Bypass security settings or monitoring controls
  • Use systems for unlawful activity or to harass, intimidate or discriminate

4. Account security and access

4.1 Unique accounts
Each user must have a unique account. Shared accounts are not permitted except where formally approved and controlled.

4.2 Passwords and MFA

  • Strong passwords must be used and not reused across systems
  • Multi-factor authentication must be enabled where available
  • Passwords must not be shared by email or message

4.3 Access changes
Managers must notify IT promptly when a staff member changes role or leaves so access can be updated or removed.

5. Device and remote working rules

5.1 Approved devices
Equra work should be done using Equra-managed devices where possible. If personal devices are authorised, they must meet minimum controls (screen lock, encryption where possible, up-to-date patches, malware protection where appropriate).

5.2 Physical security
Devices must not be left unattended in public places. Paper records must be stored securely.

5.3 Remote working
Staff must:

  • Avoid using public Wi-Fi for sensitive activity unless secure methods are used
  • Ensure screens cannot be viewed by others in public spaces
  • Store documents only in approved systems, not on personal email or unapproved storage

6. Email and communications

Staff must:

  • Verify recipients before sending sensitive information
  • Use approved secure sharing methods for confidential files
  • Avoid sending confidential data to personal email accounts
  • Use appropriate tone, professionalism, and role boundaries in all communications

Staff must not:

  • Disclose confidential information without a lawful basis and authorisation
  • Share student data in group chats or informal channels without approval

7. Data protection and confidentiality

Staff must:

  • Handle personal data lawfully and minimise data collection
  • Access only what is required for their role
  • Keep safeguarding and wellbeing information strictly restricted
  • Follow retention rules and approved filing locations
  • Use secure disposal methods for paper and digital records

8. Learning platforms and academic integrity

Staff must:

  • Protect assessment materials and release them appropriately
  • Avoid sharing exam/assessment content via unsecured channels
  • Ensure marking, feedback and moderation records are stored in approved systems
  • Follow published rules on AI tools, plagiarism checks and academic integrity processes
  • Maintain audit trails where required

9. Acceptable content and professional conduct

Staff must not use Equra systems to:

  • Create, access or share illegal content
  • Share offensive, discriminatory, hateful, or sexually explicit content
  • Bully, harass, intimidate or victimise others
  • Spread defamatory or malicious information
  • Engage in excessive personal use that interferes with duties

10. Software, downloads and system changes

Staff must not:

  • Install unapproved software on Equra devices
  • Use unauthorised browser extensions or tools that capture data
  • Change security settings or device controls without authorisation
  • Use tools designed to bypass security or gain unauthorised access

Where a system change is needed, staff must request approval through the designated IT route.

11. Monitoring and logging

Equra may monitor system use proportionately to:

  • Maintain security and operational integrity
  • Investigate incidents and protect academic standards
  • Maintain audit trails for sensitive systems

Monitoring is carried out lawfully and with appropriate safeguards.

12. Reporting incidents and suspected breaches

Staff must report immediately:

  • Loss/theft of a device
  • Suspicious emails or account compromise
  • Accidental disclosure to the wrong recipient
  • Malware, unusual system behaviour or unauthorised access
  • Any suspected data breach

Reports should be sent to: info@equracollege.org.uk (or the published IT/Data Protection contacts).

13. Breaches and consequences

Breaches of this policy may result in:

  • Access restriction or removal
  • Investigation under Equra procedures
  • Disciplinary action where applicable
  • Notification to authorities where legally required

14. Review

This policy will be reviewed annually or sooner if required.