Skip Ribbon Commands
Skip to main content
Sign In

: : IT Policies & Practices (Acceptable Use Policy)
IT SECURITY ADVICE


  1. Clear your browser's cache and history after each session, especially if you are using a shared/public PC.

  2. Do not store your NPNet Login ID/Password when using the browser.

  3. Never use the same NPNet Login Password for other Internet services such as free email (eg Yahoo! mail), online shopping and other online subscription services.

  4. Always LOGOUT from your online session before leaving your system, even for a short while.
                                               
TOPICS

1   GENERAL POLICY
2   DATA HANDLING
3   ACCOUNT IDs & PASSWORDS
4   DESKTOP SYSTEMS (PCs, NOTEBOOKS & PDAs) AND ELECTRONIC STORAGE MEDIA
5   USE OF AUTHORISED SOFTWARE
6   EMAIL USAGE
7   INTERNET ACCESS, USAGE AND SOCIAL NETWORKING
8   NETWORK AND REMOTE ACCESS
9   INCIDENT REPORTING
10 RIGHTS OF THE POLYTECHNIC OVER STORED DATA AND EMAIL
11 FAILURE TO COMPLY

GLOSSARY
1 GENERAL POLICY
1.1
Users1 shall use the campus IT Resources3 according to the purpose for which they are provided, which is for the administrative, teaching and learning activities of NP.
1.2
Users shall familiarise themselves with the Polytechnic's IT Security Policies and Guidelines posted in the Intranet.
1.3Users shall use the campus IT Resources according to the laws and regulations of the Singapore Government.
1.4Staff and associates2 shall comply with Government Instructions Manual (IM) and other regulations and guidelines when handling Government classified data.
1.5Users shall not abuse or misuse the IT Resources and shall take all reasonable measures to safeguard against any potential abuse, misuse, malicious attacks or theft. Abuse or misuse of the IT Resources includes, but not limited to, the doing of any act that would contravene the provisions of:
a. Copyright Act,
b. Computer Misuse Act,
c. Spam Control Act,
d. Films Act,
e. Penal Code,
f. Undesirable Publications Act,
g. Broadcasting & Television Act,
h. Indecent Advertisements Act,
i. Common Gaming Houses Act,
j. Maintenance of Religious Harmony Act,
k. Singapore Broadcasting Authority Act (in particular, Internet Code of Practice) and
l. Official Secrets Act.
1.6Users shall not, under any circumstances and in any manner, transfer or copy any software, computer program, confidential information or trade secret that is the subject of any copyright, special licence or other intellectual property right from NP Premises or IT Resources without NP’s prior written consent.
1.7Users shall not use, modify or adapt corporate IT resources for any commercial purpose or personal financial gains, unless duly authorised by NP in writing.
1.8Users shall not attempt to monitor another user’s data communications nor access, read, copy, change or delete another person’s files or software without authorisation.
1.9Users shall not harass or intentionally deny or degrade another person’s legitimate access to IT resources.
1.10User shall not circumvent any technological access control or protection measures which have been applied to a work or audio-visual item or a performance. Examples of circumvention are cracking of passwords, unscrambling of encrypted information or removal of digital watermarks.
1.11Users shall not install and use diagnostic and/or vulnerability scanning tools on NP production systems and network under any circumstances, as such tools may be used to compromise the security of the systems.
1.12Users shall not cause damage or otherwise attack or degrade the performance of NP network or systems.
1.13Upon termination of employment (for staff), termination of contract (for associates) or cessation of study (for students), users shall promptly declare and return to NP all software, files, manuals and material of whatever description and copies thereof, and any or all material which in the opinion of NP is of a secret or confidential nature relating to the Polytechnic's business or affairs which are in his possession or under his control.
 
2 DATA HANDLING
2.1 Users1 shall not obtain data or IT services without authorisation or through fraudulent means.
2.2Users shall use all data obtained, including personal data, for the purpose which they were collected from individuals or obtained from other organisations. Personal data collected may not be reused for a different purpose without first seeking consent from the individuals. Users shall not pass on the data to another organisation without explicit approval from the data owner.
2.3Staff shall abide by the Data Administration Policy when releasing NP data to individuals or other organisations. The Data Administration Policy is available in the CC Helpdesk Self Service.
2.4Staff shall exercise due diligence to protect the confidentiality of NP’s data, as well as data obtained from other organisations.
2.5Staff shall safeguard data in their possession in accordance to the data classification and sensitivity of the data. Staff shall exercise due diligence when applying the relevant methods of protection such as:
a. Physical security;
b. Encryption of Confidential data residing on Personal Computers and/or removable storage devices, e.g. portable harddisks, thumbdrives and mobile phones; and
c. Adherence to relevant policies and procedures.
 
3 ACCOUNT IDs & PASSWORDS
3.1 Users1 shall be responsible and accountable for all activities conducted via his/her accounts.
3.2Users shall keep their computer accounts and accompanying password confidential. Users shall not attempt to share or disclose their accounts to anyone. Users shall not email the information to a third party.
3.3Users shall not use a computer account that has been issued to another user.
3.4Users shall change their passwords every 90 days to prevent break-in.
3.5Users shall change passwords whenever there is any indication of possible system or password compromise.
3.6Users shall not keep a record of password (e.g. on paper, soft copy file or handheld device) unless this can be stored securely.
3.7Users shall avoid re-using or recycling old passwords.
3.8Users should change the temporary or issued passwords at first logon.
3.9Users shall not include passwords in any automated log-on process, e.g. stored in a macro or function key.
3.10Users shall not use the same password for business and non-business purposes. For example, your personal hotmail, yahoo or gmail account shall not have the same password as your NP accounts.
3.11Users shall select quality passwords which are:
a. Easy to remember,
b. At least 8 characters long,
c. A mix of upper and lower case letters and numbers, (Where supported by the system, the use of special characters is encouraged to increase complexity.)
d. Not based on anything somebody else could easily guess or obtain using person related information, e.g. names,
telephone numbers, and dates of birth. Etc.,
e. Not consist of words included in dictionaries.
 
4 PERSONAL COMPUTERS (PCs, NOTEBOOKS & PDAs) AND ELECTRONIC STORAGE MEDIA
4.1 Users1 shall ensure that their systems are adequately protected before connecting to NP’s Campus Network. The minimum protection includes:
a. An up-to-date anti-virus software installed and activated,
b. A Personal firewall installed and activated, and
c. Latest software security patches installed.
4.2Users shall exercise due diligence to ensure all critical and security patches for their systems are applied within 1 week from the date of patch release.
4.3Staff shall use only NP-issued and centrally managed (NICE)  equipment on the Staff network.   Staff will not have local administrative rights to NICE equipment.  Personal computers and devices may be used on the NP Wireless network.  Only NICE equipment such as notebooks, desktops and mobile devices may be used to access classified, corporate services such as corporate eMail, VPN, NPal and Sharepoint.
4.4Staff have up to 5 invalid login attempts.  The account would be locked on the 6th attempt for 25 minutes.  This is to prevent robots from hacking the system.  The account would be released after 25 minutes.
4.5Users shall be accountable for the confidentiality of data residing within their desktop systems. Users shall not share out directories on their personal computers4 without requiring authentication. File and directories sharing shall be disabled as soon as possible.
4.6Staff issued with Portable Storage Media may use them outside of NP. Portable Storage Media includes thumbdrives, flash memory cards, portable hard disks and optical storage media.
4.7Staff shall store sensitive information, such as evaluations, appraisal forms, official papers and staff/student information, on officially issued Portable Storage Media and the contents shall be encrypted.
When Travelling
4.8Users shall not place their notebook and portable electronic storage media near an exterior window or public access area where it could be subject to physical theft.
4.9Users shall hand-carry their notebook and portable electronic storage media when travelling overseas. These shall not be checked in as check-in luggage.
4.10When clearing customs, users should hold onto their notebook and electronic storage device until the person in front has gone through the metal detector and should continue to keep an eye on them when they go through the X-ray belt and emerge on the other side of the screener.
4.11Users shall not leave their notebook and portable electronic storage media unattended. If it is not possible, the notebook shall be securely locked away when not in use or secured with a high quality cable lock by attaching it to something immovable.
 
5 USE OF AUTHORISED SOFTWARE
5.1 Users1 shall use only authorised software5 on corporate personal computers4. Authorised software is one which is licensed for use, legally acquired and approved by NP for use. These include Freeware, Shareware and Open Source Software.
5.2Users shall use only authorised software and/or hardware from their personal computers4 within our campus network. Users shall write in for explicit permission to install and use software and/or hardware that is not authorised by NP for use. Software and/or hardware that may compromise the security of NP systems are not authorised for use by NP. Examples of such software and/or hardware include those which may affect the performance of campus network infrastructure or those which may result in loss of confidentiality, integrity or availability of data.
5.3All software used on corporate personal computers4 and within our campus network shall meet legal requirements, such as having valid licenses. Users shall participate in the annual Software License Audit.
5.4Users shall not expose the Polytechnic to infringement proceedings resulting from a breach of Singapore Law, including but not limited to the following areas:
a. copyright,
b. patent,
c. trade mark,
d. registered design, or
e. any other intellectual property laws.
5.5Under the Copyright Act, individuals, their supervisors, as well as the Polytechnic, are liable for any infringement to the Act. As such, the use or copying of purchased software so that it can be used on a computer other than the computer for which it is licensed is strictly prohibited.
5.6Unless approval has been granted, users shall not modify or remove software or hardware which NP provides as part of the campus IT Resources3.
5.7Users shall not install, execute, or assist or abet another to install or execute a program that could result in the damage or excessive load to any component or part of the IT Resources or place excessive load on the Computer Resources. This includes, but is not limited to, computer viruses, worms, Trojan horses or any other malicious program.
5.8Users shall scan software for viruses or other malicious program before installing on corporate personal computers4.
 
6 EMAIL USAGE
6.1 Users1 shall not spam or send unsolicited commercial mail to others.
6.2Staff and associates2 shall not indiscriminately forward corporate email to an Internet service provider email account.
6.3Users shall avoid sending out large email to a large mailing list of recipients. Whenever possible, large attachments should be hosted in a separate repository and only a link shall be provided in the email.
6.4Users shall housekeep their mailbox regularly. Email that needs to be kept for department records shall be moved out of the user mailbox and kept in the respective departmental repositories.
6.5Staff shall use the NP email address (@np.edu.sg) for official correspondences. For purpose of enriching teaching and learning, staff may explore the use of other email systems.
6.6Staff shall make use of the following Email delivery functions to maintain authenticity, integrity and security of their email:
a. SIGN function to digitally sign their email when authenticity is required.
b. To further ensure data integrity, staff shall use the PREVENT COPY function to avoid alterations.
c. Staff shall use the Encrypt function to ensure that the readership is limited to only those in the circulation list.
6.7To further safeguard our email correspondence, it is highly recommended that staff add the following clause to their email footer: “This message may contain privileged/confidential information. If you are not the intended recipient of this email, please delete it and notify the sender immediately.” This helps us in assessing the extent of the damage as a result of incorrect recipients.
6.8For staff who are maintaining distribution lists, the following additional clauses shall apply:
a. Your messages shall state the means for the recipients to unsubscribe from the distribution list.
b. The recipient's name shall be removed within 10 working days from the day the unsubscribe request is submitted.
c. The subject for advertising mail shall be prefixed with <ADV>.
 
7 INTERNET ACCESS, USAGE AND SOCIAL NETWORKING
7.1 Users1 shall be discerning when accessing websites, especially links provided through spam or unsolicited email. Users shall avoid websites of unknown or disreputable origin.
7.2Staff should not allow automatic execution of codes* or plug-ins on their personal computers4. Staff should configure their systems to prompt for permission before executing trusted codes. *Examples of codes are Active X, Java, Javascript, etc.
7.3Users shall be responsible for the Content that they upload, post, email, transmit or otherwise make available via NP's IT Resources3 and shall ensure that intellectual property rights are not infringed in any way.
7.4For social networking and publishing content associated with NP, users shall take responsibility for the content and shall include a disclaimer stating that they are conveying a personal view-point and not from a corporate NP position.
7.5Users shall not upload or download, send or post, enter or publish any content to the Internet that is objectionable or illegal under the Singapore Law.
7.6Users shall not upload or download, send or post, enter or publish any content to the Internet that is against the public interest, public order, national interest, racial and religious harmony, or which offends good taste or decency, or is otherwise indecent, obscene, pornographic or defamatory.
7.7Users shall not upload or download, send or post, enter or publish any content to the Internet that is confidential, distasteful or prejudicial to the good name of the Polytechnic.
7.8Users shall be mindful of the public nature of the Internet and shall not discuss or disclose confidential and proprietary information of NP or of any organisation.
7.9The intellectual property rights to all NP teaching materials (e.g. lecture notes, videos, courseware, tutorials, worksheets etc.) belong to the Polytechnic.  Students shall not upload, send or post, enter or publish any NP teaching materials to the Internet.  Staff shall not publish or otherwise make available any NP teaching materials on the Internet except in accordance with the policy of NP or its School/Division.
7.10Users shall be respectful of NP, staff/lecturers/tutors, students and their rights for privacy.
7.11Users shall be mindful of the need to safeguard personal and official information. Users shall not disclose, publish and/or host such information on external websites without proper authorization from the owner(s). Personal and official information shall be used for its intended purpose and shall be securely discarded immediately after use.
7.12Users hosting forums, discussions and other sites supporting posting by visitors of the site shall ensure that the sites are moderated or actively monitored for acceptable contents.
7.13Users intending to use corporate branding and identity such as NP's logo and the '.np.edu.sg' domain name, in online or on printed materials shall seek advice and clearance from the Corporate Communications Office.
 
8 NETWORK AND REMOTE ACCESS
8.1 Users1 shall not install and operate their own wireless Access Points emulating or interrupting the performance of campus network infrastructure wireless Access Points.
8.2All campus network infrastructure wireless Access Points shall be operated and managed by Computer Centre. Computer Centre reserves the right to remotely disconnect any unregistered devices that are interfering with the normal performance of campus network infrastructure.
8.3Users shall manage the access to rooms where staff wired outlets are available. Only staff personal computers4 are authorised to be connected to a staff wired outlet.
8.4When connecting from home and campus wireless network, users shall enable the Virtual Private Network service to access sensitive corporate systems that are accessible by staff only.
8.5When connecting from home using home personal computers4, users shall ensure the systems are adequately protected. The minimum protection includes:
a. An up-to-date anti-virus software installed and activated,
b. A Personal firewall installed and activated, and
c. Latest software security patches installed.
8.6Staff shall access the Singapore Government Network (SGNet) from a desktop system directly connected to a staff wired connection. Staff shall not connect to the SGNet via a remote connection to a desktop system.
8.7Staff shall not concurrently connect to wireless network (e.g. campus wireless network and mobile broadband) and staff wired connection to avoid becoming a bridge between the insecure wireless environment to our secured staff network.
 
9 INCIDENT REPORTING
9.1 Users1 shall immediately report any security violations, weaknesses, suspected violations of laws or policies and any loopholes or potential loopholes in the security of the IT Resources to the Computer Centre. Security incidents include, but are not limited to, misuse of email, malware infection and unauthorised act by a person to obtain classified and protected information.
9.2Users shall immediately report any lost personal computers4, portable storage media or loss/compromise of NP Classified Information to HR through their Directors. This is to allow the department and HR to assess the gravity of the situation and follow-up actions.
9.3Users shall cooperate fully in investigations of misuse or abuse of the IT Resources. User files may be examined under the direction of NP management should NP in its absolute discretion decide that the security of the IT Resources is in any way threatened.
9.4In the event of a malware infection, users shall immediately disconnect their infected system from both wired and wireless network, and contact CC Helpdesk to initiate the cleaning and recovery process as soon as possible.
9.5Users shall retrieve all removable storage media from locked cabinets and subject them to the cleaning and recovery process.
9.6Users shall not knowingly connect a desktop system infected by malware onto the campus network.
 
10 RIGHTS OF THE POLYTECHNIC OVER STORED DATA AND EMAIL
10.1The Polytechnic shall have the right to access and disclose any information stored on corporate personal computers4 and peripheral devices.
10.2The Polytechnic shall have the right to access and disclose any email messages composed, sent or received using NP Email Systems.
10.3The access and disclosure of personal computers4, peripheral devices and email shall be jointly authorised by Directors Human Resource and Computer Centre, and shall be conducted under strict control and supervision.
 
11 FAILURE TO COMPLY
11.1The Polytechnic reserves the right to take disciplinary proceedings against the offending user in the event that he/she conducts himself/herself in any manner considered to be irresponsible or is abusive of the computing facilities accorded to him.
11.2 Users1 who fail to comply with this Acceptable Use Policy and other relevant Terms and Conditions of Use shall be subjected to penalties imposed. The penalties may include, but not limited to, withdrawal of computing services and/or termination of service, or dismissal from course of study.
 
GLOSSARY
1 Users – All Staff, associates and students of NP who has been authorised to access NP’s IT Resources.
2 Associates – Any third party staff who are not directly employed by NP or business partner who requires access to campus IT Resources to fulfil their contractual or other obligations to NP. Examples: Vendor staff, visiting or guest lecturers, International Fellows, etc.
3 IT Resources - The computing facilities, applications and related systems and infrastructure, networks, information and data, and the human resources involved in the provision and maintenance of the services, applications and infrastructure.
4 *Personal Computers – Personal computers, notebooks, network computers and personal digital assistants that are used to store, process or access NP Resources.
5 Authorised Software – Software which is licensed for use, legally acquired and approved by NP for use. These include Freeware, Shareware and Open Source Software.
Last updated:
Best viewed at 1024 x 768 resolution with Internet Explorer 7+ & Mozilla Firefox 11+.
Copyright © Ngee Ann Polytechnic. All rights reserved.
535, Clementi Road, S599489.
Telephone: (+65) 6466 6555
Rate this website