The next meeting of the University of
Oxford Colleges’ ICT Committee will be held on Tuesday 21st October 2008 at
14.15 hours at The Isis Lecture Room, OUCS,
A G E N D A
Colleges’ ICT Committee Meeting
1. Apologies for absence
2. Minutes of the meeting held on 29th April 2008
3. Matters Arising
7. Report from other committees and groups
7.1 ICT Forum - Report
7.2 Software Licensing Group - Report
8. Conditions of use – Professor Paul Jeffreys (presentation)
9. HR Systems Review – Tony Brett
10. New CICTC WebLearn Beta website
11. Items raised by representatives
12. Any Other Business
13. Date of Next
Meeting: Tuesday 27th January 2009 at 2.15pm, Isis Room, OUCS,
Items (1)-(3) are for report from the meeting of the PRAC ICT Sub-Committee held on the 22nd May 2008. Additional information is included in Item (1) from the subsequent decision and report of the Groupware Project Board on the preferred solution for the collegiate University.
1) It was reported that funding of £1.4 million had been confirmed by the Capital Steering Group (CSG) and by PRAC. The Groupware Requirements Panel had completed its activities and the Groupware Project Board and the Short-Listing Panel had been formed and were meeting according to a fixed schedule. An Invitation to Tender had been published with a closing date on the 9th May. The entire process is fully documented at: http://www.ict.ox.ac.uk/odit/projects/groupware/project/. An evaluation document, prepared with assistance from the Purchasing Office, had been included with the tender document. The tender had been for a package comprising a Groupware solution, consultancy to support implementation, management of licences, and hardware, all to be interoperable with existing systems – this was a much more complex exercise than at many other universities, but one which was intended to provide the best overall solution for the collegiate University. The aim was to prioritise the needs of the end users. The Short-Listing Panel identified four potential solutions (Microsoft, Novell, IBM and Zimbra (open source)), each of which was demonstrated to a wide cross-section of users in Trinity Term. The Short-Listing Panel submitted a shortlist of three solutions (Microsoft, IBM and Zimbra) to the Project Board which made the final selection of Microsoft Exchange on the 4th July with a full report available on the Groupware website listed above. The second phase of the Groupware selection process addressed the cost effectiveness, the balance of in-house effort versus support from contractors, the best licence management, hardware selection and the timescale for implementation. A plan for implementation would be developed by September and the experience of early adopters (from Michaelmas Term onwards) will help to identify and correct any weaknesses in the system.
2) Central Machine Room
investigations had identified Begbroke as a possible
site, but the Estates Directorare have
now proposed the basement of the new
3) Core User Directory
A workshop on the 18th May had provided feedback on the project profile. There was a strong consensus that a central directory was required; some of its attributes had been identified and the next stage would be to test it. The gathering of the requirements would end in June with testing then beginning. Professor Paul Jeffreys is leading the project and reporting to the Academic Registrar.
1. New Head of Learning Technologies for OUCS
Melissa Highton from the
2. Two New Services From OxCERT
The OxCERT webpages,have been revamped to make them more informative and relevant and two new services have been launched. First, a series of monthly reports detailing the incidents OxCERT has been handling (suitably anonymised). Second, the security advisories will also be available online. Access to the full text of reports and bulletins will be restricted to hosts on the University network; in the future we hope to switch to using webauth.
The OxCERT pages are at http://www.oucs.ox.ac.uk/network/security with the reports at http://www.oucs.ox.ac.uk/network/security/reports/ and security bulletins at http://www.oucs.ox.ac.uk/network/security/bulletins/.
3. Increased Quotas on Linux.ox
Quotas on linux.ox.ac.uk have been increased to 250MiB from 50MiB. Existing accounts have been upgraded and this will be the default for new accounts.
4. Long Form Email Addresses
5. HFS Changes
From Wednesday 1st October 2008, the HFS service will no longer back up operating system files for Windows Desktop machines. The logic behind this is that this data can only be restored to an identical system, and then only in rare circumstances. Excluding these files reduces the size of backups sent across the network for Windows machines, reduces duplication on our servers and results in speedier backups for Windows users. The backup of user data remains unaffected. Further details can be found at http://www.oucs.ox.ac.uk/hfs/policy/excluded.xml#winsys
VPN Client issues with
There is yet another new release of the Cisco VPN client
7. Stale Router Blocks
There are a large number of long-standing router blocks in place on the network. In most of these cases we suspect that the systems in question have long disappeared from use on our network or else have been cleaned without the block being listed. Please review the blocks listed for your network at https://networks.oucs.ox.ac.uk/webauth/blocks and let OxCERT know which can be lifted by mailing firstname.lastname@example.org.
8. Sophos Credentials Change
The credentials on the Personal Edition of Sophos Antivirus will soon change. (This is to prevent Sophos from continuing to update once people have left the University.)
Note that this change should only affect Sophos installed using the Personal Editions of the installer onto personal desktops and laptops. The credentials used by the University Editions of Sophos, and advertised for updating the enterprise products (EMLibrary, PureMessage etc.) will not expire.
Our planned schedule for implementing the change and informing registered users is given below.
1. 1st week of September: release versions with new credentials
2. Early October (c. 13th): email users who are registered to download Sophos asking them to update by end October
3. Late October (c. 27th): reminder email to registered users who haven't yet downloaded the new version
4. Tuesday 4 November: old credentials expire
Cutting off credentials at the Sophos end is a manual process and something they normally avoid doing. As a result the final point in the schedule can slip. We will inform you once we have confirmed that the old credentials no longer work.
9. OWL Phase 2
The Networks group in OUCS is busy planning the introduction of OWL Phase 2 following the award of a grant to introduce wireless networking in public areas across the University. For a high-level, public, non-technical description of the OWL Phase 2 project see http://www.oucs.ox.ac.uk/network/wireless/services/owlphase2/
For IT Staff in the colleges and departments we have a more technical description of how OWL Phase 2 will work, scenarios for deployment, and so on. Access is restricted to machines on the
University network: http://www.oucs.ox.ac.uk/network/wireless/itss/owlphase2/
We feel this is an ideal time to survey the use of wireless networking in both colleges and departments, to better direct this project's resources, as well as plan our services for the next year. A questionnaire has been published, and we ask for ONE submission on behalf of each college and department: http://weblearn.ox.ac.uk/site/asuc/oucs/networks/surveys/wifiques08/
10. Peer to Peer Guidance Updated
The documentation regarding peer-to-peer software and the reasoning behind the policy on the University network has been updated. http://www.ict.ox.ac.uk/oxford/rules/p2p.xml.
There is no change to the existing policy. A relaxation of the rules was considered but following discussion by the Network Advisory Group, the decision was taken not to request any such changes to the University IT regulations at this time. We shall continue to review the policy periodically in the light of future developments.
11. OssWatch wants to Adopt Strategic Projects
OSS Watch started a new round of funding in August, a major new activity in this round is the adoption of "strategic projects". That is, software development projects that want to create a development community but don't know where to start. OSS Watch are able to offer experience and resources to assist in development of community freeing project members to focus on software development. OSS Watch can be contacts at email@example.com
12. Groupware Update
OUCS will keep ITSS up to date on the University Groupware Project by sending round a short email once a month with a briefing once a term. Here's the news at the beginning of October:
Progress so far
The University has decided on Exchange and Sharepoint as the underlying software We have engaged an experienced Microsoft consultant as Internal architect to drive the project forward and deliver an implementation plan.
We are advertising for various posts - see http://www.oucs.ox.ac.uk/jobs/ for details.
The current timeline looks like the initial early adopters will be taken on board at the start of March. It is anticipated that most Herald users will be migrated in summer 09, with migration of other systems later.
The official launch of the Groupware Project will take place
on 15 Oct at the
There is a possibility that Exchange Labs could be used for
people with some loose
We are really interested in engaging with ITSS to ensure requirements are met wherever possible, and thank all those who have spent time on this so far. To this end Adrian Parks has already circulated ITSS about active directory, and I have started contacting people about their email provision.
For all queries please contact firstname.lastname@example.org.
The background documents, minutes etc can be found at:
13. Podcast Crazy
From all the publicity, you will know that our site in iTunes U went live last Tuesday morning.There are some links to the press coverage at: http://www.oucs.ox.ac.uk/podcasts/press/
Last Tuesday, Pete Robinson did an interview for Radio Oxford and Carolyne Cullver (Head of External Communications) did an interview for the local ITV news programme. The latter went out on Tuesday both at 6.30pm and 10.30pm. Both interviews are excellent; both are linked from the above page.
Over the few days since the launch, our site has been
prominent in the "News and Notable" section of iTunes U, occupying 4
of the 5 top slots. This section is
generated automatically by what people are looking at that is also new. In the
One of the most popular podcasts was Stiglitz
on Credit Crunch which appears both on the iTunes U's main page and on
Also on launch day, media.podcasts.ox.ac.uk got somewhere between 3631 and 3908 downloads and there were between 444 and 611 downloads of media files from podcasts.ox.ac.uk. (There's a boring technical reason for giving a range rather than a figure. Don't ask!)
At the end of recordings, people get referred to:www.ox.ac.uk/welcome.
This is a new web page aimed at sending people to other parts of
JISC has agreed to fund a project based at OUCS called
"Erewhon" for the next 18 months. Its aim
is to use intelligent geolocation services and
improved mobile access to provide a dramatic increase in the range and types of
access to information in the
15. OUCS Shop Counter Closes
After many successful years, counter Service at the OUCS has ended. It is replaced by an on-line shop and a new vending machine.
16. OUCS Vending Machine
The IT Consumables vending machine has arrive and is now doing business in the Help Centre. It started operations on Friday around 12:30 pm and had sold out of ethernet cables by Monday around the same time! It was restocked yesterday, so cables are available again. We will have a price list up as soon as possible at www.oucs.ox.ac.uk/shop/vending.xml
17. WebLearn Beta pilot: beta.weblearn.ox.ac.uk
WebLearn Beta, the system that will eventually replace the current WebLearn service, has been running as a pilot since June 2008.
Recent enhancements to the pilot service include: hosting now undertaken by the OUCS Systems Development team on new clustered hardware; integration with the new Oak LDAP service; introduction of a hierarchy of 'sites' and devolved administration; support for mathematical notation (in the wiki); enhancements in accessibility; synchronisation with external calendars; blanket use of SSL; better error reporting; bug fixes; and the addition of new tools including: (Course) Evaluation, Tutorial Sign-up tool, Tasks,Tests and Surveys (assessment).
Both the Wiki and Resources tools have been improved in terms of ease-of-use, user interface and functionality, for example, the Wiki now has a WYSIWYG editor and new style sheet and Resources now has a Citations Tool (reading list) and a new style sheet for the 'Access' view. There have also been improvements to Search, Preferences, Email Archive and Tests and Quizzes.
Feel free to test drive the new service, all University members can login by using their Oxford Single Sign On username and password.
The WebLearn to WebLearn Beta migration time scales:
1. Jun 2008: Year long pilot service commences (underway)
2. Jun 2009: Dual production service starts
3. Jun 2011: Bodington-based service deprecated (read only service)
4. Jul 2012: Bodington-based service turned off (proposed)
For questions email: email@example.com
18. WebLearn Beta Training Sessions
To help more users get started, OUCS has organised more WebLearn Beta training sessions. These sessions are based on the one-hour lunch session delivered in May and June this year with more time for hands-on activity and to ask specific questions. You can choose to work on a real site you may have during the session. We are running the course twice more on the following dates. . Feel free book one of the sessions even if you attended the early one-hour session.
§ 14.00-16.00 7th Nov.* Friday, ISIS OUCS
§ 10.00 -12.00 25th Nov. *Tuesday, Evenlode OUCS
Please book online at http://www.oucs.ox.ac.uk/itlp/courses/detail/
19. Changes to Registration Services Available For ITSS
Under the 'General' option, comments recorded for the unit
now show the
Expiring email addresses, university cards and
20. Last chance for the ECDL
We are ending our support for the basic European Computer Driving Licence (ECDL) in April 2009. However, over the summer we will be offering a number of ECDL drop in sessions. You can book drop-in sessions and test sessions online We will also have scheduled ECDL sessions in Michaelmas 2008 and Hilary 2009. We will continue to offer Advanced ECDL in the next academic year. For future dates please visit our ECDL pages If you have any queries about the ECDL, please contact us. www.oucs.ox.ac.uk/itlp/ecdl
21. OxTalent ICT Awards 2008
Thanks to the great support received from colleagues at OUCS and other departments in the University, the OxTalent ICT Awards 2008 was a big success. Awards were announced at a Show and Tell event held at OUCS in June.
The 2008 competition winners were:
§ Mona Sakr: Bluestocking
David Harris: The Other Within: Analysing the
English collections at the
§ James Gibson & Lewys Jones: MatSoc Academic Portal
§ Mike Nicholson: PodOxford
§ Marion Manton: Phoebe
Dr. Paddy Bullard : The Journal to Stella:
§ Christine Eckhard-Black: Kaiser Karl der Große Learning Object
§ Naieya Madhvani: IT related questionnaire design
§ Tong Chen: Medical Sciences Student Record System
§ Senel Simsek: Turkish for Self-Study
Further details of the winning projects can be found online at: http://www.ict.ox.ac.uk/oxford/groups/oxtalent/itawards/winners2008.html
22. Learning Opportunities
Do you know about the comprehensive range of courses, workshops, and seminars that are available for all those who work at the collegiate University? In addition to courses of general interest (for instance, IT skills, communication skills, languages, etc), there are others designed for different groups - academics, researchers (including research students), and administrative, technical and support staff.
Have a look at the overview page at http://www.learning.ox.ac.uk/oli.php?page=350 and follow the links to find out about courses relevant to you.
23. £1 Million Grant Award
A team led by the London Knowledge Lab, and including the
On 1st October we launched SOLO, a new resource
and discovery service based on the Ex Libris
software, Primo. This is a strategic
development that should in due course allow us to bring all of our many
catalogues, collections and finding aids into a single and powerful search
interface. At present it includes
records from OLIS (
SOLO provides both simple and advanced search interfaces with a range of pre-limits, including library. It also has the powerful facility known as faceted browsing which allows large result sets to be refined intuitively. Users can log on using Oxford SSO for personalized services, including the ability to save results and searches, export to RefWorks (and in due course EndNote), set up alerts, create tags and write reviews.
A second tab provides for cross-searching a selection of bibliographic and full-text databases using the same subject categories as OxLIP and OxLIP+.
The software is “young” with some rough edges, and development is ongoing. We are inviting feedback which is providing useful information to help us frame enhancement requests to the supplier.
At the same time we have gone fully live with OxLIP+, based on the Ex Libris MetaLib product, which will supersede OxLIP. OxLIP+ provides the same functionality: the ability to locate individual bibliographic databases and e-collections by title or by subject (using the same categories as OxLIP). However, it also provides for grouping and cross-searching many of the databases simultaneously when that is required. In addition, users can log on with their Oxford SSO for personalized services in a "My Research" area where they can keep searches, databases and citations. Remote users do not require VPN when using OxLIP+.
In September the IP addresses for OLIS services were changed. This was to bring in new hardware and to enhance our services with a new OLIS firewall and with new load balancers, more powerful web servers, and improved HTTP networking. There was also a longstanding requirement to move off the old OUCS machine room subnet.
The work required the taking down of all services and was accordingly publicised with full explanation well in advance. The system was down from 09.15 to 10.00 pm on Sunday 28th September and the servers were NATted as part of the process. Testing of all facilities was complete by 12:30.
The actual address changes were these
The detailed implications for IT support staff can be found at http://www.lib.ox.ac.uk/olis/ip-change.html
architecture has been further developed and is gaining much interest from the
global repository community. Details of the architecture can be found on the
ORA software developer’s blog at http://oxfordrepo.blogspot.com/. Main
components include use of open source software and RDF and semantic web
technologies. Such a design has enabled the ORA team in collaboration with the
MSD webmaster to obtain funding from the JISC (Joint Information Systems
Committee) to run the
This project will enable efficient sharing of research information and creation of research knowledge using a lightweight, non-invasive solution based on semantic web technologies. It will use RDF ontologies and taxonomies to define and categorize data objects to forge connections between researchers, grants, projects and publications and to provide web-based services to disseminate and reuse this information in new contexts and for new purposes (such as a University Blue Pages of research activity). Coupled with technological development, half the project will be devoted to stakeholder input, collaboration and buy-in.
It is important
that ORA continues to be integrated into the research
We are making progress with arranging devolved services for groups around the University. One such example is the Forced Migration Online project (Refugee Studies) where, as part of a JISC-funded project (OARS), a Fedora repository has been implemented to hold and manage FMO digital objects. Other devolved services are being planned.
is still a very new and
developing service and as such needs input from the
OULS' work with Google, to attempt to digitize our out-of-copyright C19th holdings, is moving into its final phase now that the majority of material within scope of the endeavour has been identified and either digitized or passed-over. Items which have been successfully digitized appear in Google Book Search (http://books.google.com) within days, and have already provided access to hidden treasures from our collections for readers around the globe. Local efforts are now focussed on how best to store, preserve, and exploit our own local copy of the digital data.
The Early English Books Online Text Creation Partnership project (EEBO-TCP, http://www.odl.ox.ac.uk/eebo/) is also going through a transitional phase. The initial 25,000 texts selected for Phase One of the project have now been transcribed and encoded to an extremely high standard, and have generated considerable interest from scholars working in a variety of fields in the early modern period. Using the experiences and feedback acquired during this first phase, the team is now actively seeking continuation funding from a variety of sources, to extend the corpus by a further 50,000 texts, and thereby provide comprehensive coverage of all the key texts published in England between c.1470-1700.
Our JISC funded digitization
projects have both been progressing well. The "Electronic Ephemera"
mass-digitization project, for which JISC provided nearly £1M funding to
digitize a selection of more than 65,000 items from the John Johnson Collection
of Printed Ephemera, went live earlier this year -- and be accessed free by
anyone in Oxford via our commercial partners' site at
http://johnjohnson.chadwyck.co.uk/home.do On a much smaller-scale, our
twelve-month joint JISC-NEH funded project, "The Shakespeare Quartos Archive",
to digitize and transcribe every extant Quarto copy of "Hamlet" has
been progressing well. An Academic Advisory Forum was held in
Technical developments within the ODL itself, include continuing efforts to move some existing collections of digitized resources onto the LUNA platform. For example, during the summer we completed work on loading the digitized images derived from 25,000 slides and filmstrips of medieval and renaissance manuscripts held by the Bodleian (created in collaboration with ArtStor), onto the site at http://www.bodley.ox.ac.uk/medievalimages/. Work also began in earnest on uploading digitized versions of the Bodleian's holdings of Blockbooks (http://www.bodley.ox.ac.uk/csb/blockbooks.html), providing free access to high-quality digital surrogates of some important examples of early European printing of C15th.
The ODL continued its active involvement in R&D in the field of digital preservation and archiving, in particular those aspects relating to the preservation of digital collections (both personal and institutional). Thanks to a $1.2M three-year grant awarded to the Bodleian by the Andrew W Mellon Foundation for the "FutureArch" project (see http://futurearchives.blogspot.com/ for further information and links), we will be able to help shape and build the shared preservation infrastructure necessary to support the management of these important materials.
Conference: The feedback received after the conference was very positive and I think everyone had an enjoyable and interesting day. The only significant criticism was the difficulties over the lack of food at lunchtime and this will be addressed for next year. Plans are already under way for the next years conference and we are looking at appointing good plenary speakers. If any of you have contacts or have seen some interesting speakers recently please let the ICTF know.
ICTF Elections: It was very encouraging to have so many people standing for election to the Steering Committee. The counting of the votes did become a little over complicated and long winded, mainly because it was a complete committee change. This will not happen in forthcoming years as only some members will be standing for election. Thank you to all of you who stood for election and for everyone who voted. The committee members are:
Jeremy Worth – Chair of ICTF
Sarah Lawson – Secretary to ICTF Steering Group
Co–opted members: Jon Lockley & Katherine Ferguson
The first formal meeting of the Steering Committee is the 20th November
The First full ICTF meeting is Thursday 11th December @ 2.00 pm The Venue to be confirmed.
There are two important SIGS already being started:
The Groupware SIG – please contact Ashley Woltering if you would like to be involved.
The Web CMS SIG – Please contact Janet McKnight if you would like to be involved.
We are working with OUCS on a possible IT Support Staff secondment project.
& Membership for all ITSS to the BCS
An ITSS trip to
Finally please come to the ICTF Exhibition held in the exam schools on the 18th December 2008 – free bottle of wine (nice wine!) to the first 100 delegates to register.
New Software available:
Windows Server 2008
Adobe Photoshop Elements 7
Adobe Lightroom V2
The agreement for the use of SAS on Windows systems terminated on 31st July 2008. We will continue to provide SPSS rental licenses on Windows and Mac for both departmental, college and personal use without license charge until at least 30th November 2010.
The Ultimate Steal
Microsoft Office Ultimate 2007 is available to Staff and Students for £38.95 from www.theultimatesteal.co.uk
A reminder that the agreement for the use of Ingres up to and included version 2.6 terminates on 31st December 2008
This relates to the older versions of Ingres which include technical support, you can continue to use Open Source versions of Ingres which are not related to this agreement.
Annual maintenance for OES (on Netware or SLES) or SLES should be purchased from the Computing Services Shop if you are using Novell Software
This maintenance fee is currently being contributed to by just 6 units of the University, if this is a true reflection of usage then we will need to consider either a significant fee increase or termination of the agreement.
Professor Paul Jeffries
Conditions for Connection to the Centrally Provided IT Infrastructure
Further details about IT co-ordination and policy may be found at the website of the Office of the Director of IT.
The devolved nature of the ICT structure of the collegiate University means that many areas of responsibility for the management and security of the computer systems and networks must also be devolved to departments and colleges. However, it is essential that common standards are accepted and implemented throughout the collegiate University. Without adherence to common standards for computer management, the University ICT systems would be vulnerable to compromise – a term used to mean any security violation brought about by ‘hacking’ – from both within and outside the University. Such compromises can result in incidents such as loss of data, breaches of confidentiality and network flooding, bringing all internal network traffic to a halt. Compromised computers may also be used to initiate attempts to compromise other computers outside the University, or to launch floods of ‘spam’ email – bringing disrepute to the University and the real possibility of some or all of the University’s computer systems being placed on the international ‘blacklists’ used to block access and email from suspect locations. This would affect the University as a whole, not just the department or college within which the compromise took place.
While it is essential that departments and colleges within the University use robust management practices to achieve the best possible levels of security for their computer systems, the University recognises that departments and colleges must be able to choose a model for implementation that best suits the type of work that they are carrying out, that conforms to accepted national or international standards for a particular academic discipline, or is otherwise constrained by necessary practical considerations.
Statement of University Policy
The University devolves responsibility for implementation and management of computer systems and networks within departments and colleges to those units. Within normal constraints of auditing, accounting and value-for-money, the department or college may choose the ICT systems that it decides will best enable it to carry out its goals.
In order to maintain the highest standards of security and integrity for the computer and network systems of the University as a whole, all departments and colleges connecting ICT systems to the University backbone network must conform to the University’s connection policy, as laid out in this document.
1. IT management Structure
The unit must have in place a structure to manage all aspects of its use of ICT. This will normally consist of a departmental/college IT Committee or equivalent, chaired by a senior member of the department/college. For smaller departments this may be subsumed within a structure organised at a divisional or faculty level. This committee will be responsible for ensuring compliance with all sections of these Conditions of Use. Where responsibility for any part of the ICT provision is delegated to a third party, e.g. the University’s ICT Support Team, the responsibilities of each party for compliance with these Conditions must be defined by appropriate Service Level Agreements.
2. Recruitment and Training of Staff
IT staff responsible for operation of the unit’s ICT systems must be competent to undertake these tasks, and the need for further training must be regularly reviewed. There must be arrangements in place to ensure that systems are adequately supported during planned or unplanned absence of staff.
3. Nominated contacts
The unit must nominate at least two people who can be contacted by OUCS if action is required because of a network failure, system compromise, etc. These contacts will be expected to have acting management responsibility for the unit’s ICT systems – i.e. they must be able to take action themselves, or to arrange for action to be taken by others. They will be expected to respond to email or phone requests within 4 working hours. Units must be aware that if contact cannot be made, or if the unit is unable to act speedily, OUCS will take all necessary steps to protect the integrity of the University systems, which may result in some or all of the unit’s computer systems being blocked from network access.
The unit must also provide a standard IT contact email address to which information, notices etc. can be sent. It will be assumed that this email address will be monitored at least once every working day, and that all messages sent to it will be acted on.
4. Internal Network/IT infrastructure – documentation
Documentation must be maintained detailing the unit’s network and IT infrastructure, including connectivity of all network switches, routers, etc. It is essential that this documentation is available in a way that remains accessible in the event of any network or systems failure within the unit, e.g. in hardcopy form. This documentation must be made available to OUCS if required to investigate a network or other failure or any compromise within the unit that impacts on other parts of the University.
5. Network Connection – standards
Connection to the University backbone network is usually by means of a ‘FRODO’ box. This connection marks the boundary of the responsibility of OUCS to maintain the backbone network – all connections on the unit’s side of the FRODO box are the responsibility of that unit. Units must follow the advice and directions for use of this connection as issued by the Central Computing Services (OUCS).
6. Network Connection – security, monitoring, and firewall
The unit is responsible for maintaining security within its own network, monitoring for improper usage and preventing unauthorised access. OUCS operates a firewall between the University network and the internet (JANET) connection, but a unit may choose to operate its own firewall(s) to provide additional security at the boundary of its network or on individual systems. The unit should be able to monitor its internal network to detect systems generating excessive amounts of traffic, either locally or onto the internet, and to investigate the causes of such traffic.
7. Patch state; virus checking
All systems that are accessible to the network (including programmable devices such as switches and ‘intelligent’ peripherals) must be maintained in an adequate patch state, with security-related patches applied promptly both to the operating system and all applications. Where appropriate to the platform, systems must run software to check for viruses and other ‘malware’, which must be kept up-to-date. (Exceptions may be made for systems which run ‘locked-down’ software and so are not liable to compromise.)
8. Data security policy
The unit must operate and enforce a data security policy in accordance with the University’s Data Security Policy. This policy lays down comprehensive standards that must be adopted for management, control and disposal of data, and access to that data.
9. User Information
The unit must ensure that its users are regularly reminded of the University’s Regulations Relating to the use of Information Technology Facilities. The unit will be expected to take disciplinary action against any person found to be in breach of these regulations.
10. Persons allowed access
The unit is responsible for ensuring that only authorised persons are allowed access to its systems and networks. Access with systems administrator privileges must be restricted to specifically authorised ICT staff. Any access requirement to systems holding confidential or critical data must be assessed and only permitted if required for the work of the unit.
Wherever possible, ‘public access’ facilities should be provided using IP address space which is specifically assigned for use by visitors to the University. Use of any such facility must either be controlled by an authentication procedure (such as those for OWL or EDUROAM) or monitored (for example by staff being present in the room or by CCTV).
11. User accountability and logging
Any multi-user system must log information about who has used that system, times of access, source address, etc. Communication systems that enable connection to the network using IP numbers not directly allocated to an individual (e.g. NAT, DHCP) must also retain adequate logging information so that the connecting system can be traced. This information must be retained for a period of at least 60 days, and for a longer period where advised by OxCERT.
All other systems must be protected from unauthorised use, usually by a password requirement. This includes any computer, including individual desktop machines, that has access to the internet, so that individual responsibility for any access to the internet can be established. Individuals should be advised to take steps (such as screen-locking) to prevent unauthorised access to unattended computers.
12. Privacy and monitoring of use
Privacy of data belonging to users must be maintained, and system administrators must not access a user’s data without the user’s permission, except as laid out in the Regulations Relating to the use of Information Technology Facilities. If routine monitoring or recording is carried out of data or web sites accessed, etc., this must be made clear to all users of the system.
13. Incident reporting
Systems administrators must report any breach of security, unauthorised access to data, etc., to appropriate bodies in the University. This will always include the OxCERT team at OUCS. If activity of a criminal nature is suspected, it must be reported to the University Marshal, who will advise if involvement of the Police is required.
14. Response to incidents, copyright violations, etc.
The unit must have procedures in place to deal with security incidents in a timely manner. This will include isolation of any system that is compromised, and suspension of access for any person who may be responsible for misuse. The unit must also have procedures to deal with outside complaints of breach of copyright, etc. (often received in the form of a “cease and desist” notice served on the University or on JANET(UK)), to ensure that the system concerned is cleared of any infringing material, and to take action against the user concerned.
1. Policy Statement
1.1 The University’s computer and information systems underpin all the University’s activities, and are essential to its research, teaching and administrative functions. The University’s Policy on Security of Information recognises the need for members, employees and visitors to have access to the information they need to carry out their work, and also recognises that security of information must be an integral part of its ICT structure. To achieve these goals it is necessary for all persons using the University’s ICT systems to be aware of and comply with the University’s security procedures and also with legal requirements.
1.2 The objectives of this policy are:
1.3 This policy applies to all persons given access to University computing systems, including senior and junior members, employees, visitors and contractors. It covers all University-owned computer and network systems, and also any privately or college-owned systems that may be used to hold any information, data, programs, etc that belong to the University or are used in the work of its members or employees. Throughout this document ‘data’ is used to include any form of information that is held on an ICT system.
2. Responsibilities for Implementation
2.1 The collegiate University operates a devolved ICT structure, and responsibility for security of data within departments, colleges and other units rests with the Heads of Department, college or Unit. This applies to all units, including those responsible for provision of central and University-wide services. They must ensure that for all systems under their control:
· data is held and processed in accordance with this policy and relevant legislation;
· adequate security procedures are in place;
· proper procedures exist to determine who should be authorised to use those systems;
· all persons using the systems are aware of and comply with this policy.
2.2 Responsibility for management and security of the backbone computer network, and provision of central support and advice rests with the Director of Computing Systems and Services, OUCS.
2.3 Statutory obligations on all members of the collegiate University are defined in the “Regulations Relating to the use of Information Technology Facilities” as approved by Council. This includes definition of the circumstances under which the University may monitor use of its ICT systems, and the levels of authorisation required for this to be done.
2.4 Ownership of this policy rests with the PRAC ICT subcommittee (PICT). PICT is responsible for reviewing this policy on an annual basis, having regard to changes in legislation that may affect the policy; for ensuring that all members of the collegiate University are aware of the policy; for monitoring compliance within all units of the University; and for receiving reports on breaches of security, etc.
3. Responsibilities of Divisions, Departments, Colleges and other Units within the University
3.1 The Head of Department, college, administrative unit, etc must set up a structure to ensure that this policy is implemented. This will normally consist of a departmental/college IT Committee or equivalent, chaired by a senior member of the department/college. For smaller departments this may be subsumed within a structure organised at a divisional or faculty level, although final responsibility for ensuring that policy is enforced will remain with the Head of Department or unit. Where responsibility for any part of the ICT provision is delegated to a third party, e.g. the University’s ICT Support Team, the responsibilities of each party for compliance with this policy must be defined by appropriate Service Level Agreements.
3.2 The Head of Department, college or unit must ensure that there are sufficient IT staff, with adequate levels of training and competence, to ensure that systems are, as far as possible, secure from failure, unauthorised access and compromise from both within and outside the collegiate University.
3.3 A risk assessment process must be carried out as part of the business case for any new ICT system that may be used to provide shared services, or to hold confidential or critical data. This must be repeated periodically on existing systems. This risk assessment must include:
· assessment of the business value of the data held on that system;
· identification of confidential or critical data, which could potentially cause damage or loss to the collegiate University or to individuals if disclosed, and for which special security precautions will be required;
· the impact on the department and/or the collegiate University of loss of the data;
· the impact of unauthorised access to the data;
· procedures necessary to ensure security and integrity of the data;
· the effect of any changes to University policy or to legislation;
3.4 Adequate procedures must be in place to ensure that data can only be accessed by persons authorised to do so, and, if deemed necessary by the risk assessment, systems must be monitored to ensure that access is only for authorised purposes. If any multi-user system is used to hold confidential or critical data, details of all persons accessing the system should be logged, and that information retained for a period appropriate to the service. Further logging, including details of data accessed or amended, may be necessary: this should be determined as part of the risk assessment of the system. There must be robust procedures in place to ensure that if an authorised person leaves the department or college or otherwise becomes ineligible, authorisation is withdrawn and access barred without delay.
3.5 Data identified by the risk assessment as being confidential or critical should, wherever possible, be stored in encrypted form, and should not be transferred or transmitted, by email or otherwise, without encryption being used throughout the transaction
3.6 All systems must be maintained adequately, backed-up, kept at an up-to-date patch level, and run anti-virus software.
3.7 Contingency plans must be in place to deal with systems failure, loss of data, or unauthorised access to data. These plans should be appropriate to the outcome of the risk assessment.
3.8 Any breach of security, unauthorised access to data, etc, must be reported to appropriate bodies in the University. The central computing services will maintain a register of security incidents relating to the network, which will be available for audit and will be summarised in regular reports to PICT.
3.9 It is the responsibility of the department or college to ensure that before any equipment is sold on, transferred or scrapped, it is cleared of all data (including any software licensed to the University). If this is handled by an outside contractor, adequate contractual safeguards must be enforced.
3.10 All new staff, students, contractors and others with access to the department/college or its network or computer systems or data must be given a copy of this policy, and of any associated departmental/college policies and procedures, and be reminded of these on a regular basis. Compliance with this policy must form part of any contract with a third-party that may involve access to network or computer systems or data.
4. Services Provided by Central Units
4.1 Oxford University Computing Services (OUCS) are responsible for particular aspects of the security of the University’s networks, and for providing services, advice and support to other units. These responsibilities include:
5. Offsite Access and Transfer of Data
5.1 Data that is not for public dissemination and is to be accessed from outside the collegiate University should be protected by authorisation procedures that require identification specific to each user and are at a level commensurate with the identified risk.
5.2 Wherever possible, data that is of a confidential or critical nature will be kept on on-site systems, and users who need to access it from outside the collegiate University will do so by secured network access. Exceptions may be made for data required for tasks such as preparation of examination questions and assessment of students, which members would normally expect to do on their own off-site computers, but this must be subject to a risk assessment and safeguards as in section 5.3. University authorities responsible for regulations regarding classes of data (e.g. the Proctors) should undertake this risk assessment and issue guidelines on behalf of all units.
5.3 If users are allowed to transfer data to systems or storage media that are to be taken outside the collegiate University, a risk assessment must be carried out. Any data of a confidential or critical nature, or for which unauthorised access would have a deleterious affect on the collegiate University (financial, reputational or otherwise), or on any individual, must be encrypted at all times.
5.4 If any data is to be transferred to a third-party, a risk assessment must be carried out, and advice sought from the University Data Protection Officer. Contractual arrangements must be in place to ensure the safety and integrity of the data while in the hands of the third-party. If data is to be transferred outside the European Economic Area, special attention must be paid to the provisions of the Data Protection Act 1998.
5.5 Wherever possible any data transfer should be made by network connection (with all data that is confidential or critical encrypted), rather than by downloading to a CD, etc. If this is not possible, the data should be encrypted, with the key to that encryption sent separately from the data.
6. Physical Security
6.1 The risks of unauthorised access are not limited to breaches of computer or network security. All users should ensure that systems are not left open to access by intruders to buildings, or by unauthorised colleagues. Data not open for public access should not be accessed in public areas; offices housing systems containing non-public data should be kept locked. Computers should be ‘screen-locked’ while unattended. Wherever possible non-public data should only be kept in encrypted form. Any printed records of passwords, etc must similarly be protected from unauthorised access.
7. Compliance with Legislation
The collegiate University must abide by all
· the Computer Misuse Act (1990),
· the Data Protection Act (1998),
· the Regulation of Investigatory Powers Act (2000),
· the Freedom of Information Act (2000),
· the Special Educational Needs and Disability Act (2001).
7.2 The requirement for compliance devolves to all users, who may be held individually responsible for any breach of law.