ICT AUPs are hardly sexy, but they of course reflect how an institution thinks of its computing resources and of its users. We drew up a revised AUP last calendar year and have just gone live with it for this new academic year.
In the development of ICT at St Paul’s, we have put the emphasis upon users being both informed and responsible. The course for our first years (13 year–olds) is open to all in our community to make use of and, within the constraints of a busy school’s life, we try to communicate widely key points about online life — from the way stuff endures online, is read by unknown publics, etc, to the exercising of thoughtfulness and the nurturing of a good ear for context and (therefore) register. Underlying all this, two things: the value in creating and nurturing your online identity, and the whole business of learning to be accountable for what you post or send.
The debt to danah boyd in our AUP will be evident, but we’ve also drawn upon a number of other writers. Last year’s introductory lesson on blogs and wikis cited danah, but also included this:
In all online activity, you must post responsibly and wisely. How we behave online affects our reputation — and the reputation of others. Here are some simple guidelines for participating in online life: ‘be civil’ (Jeremy Keith's Irish music site, The Session); ‘be polite and respectful in your interactions with other members’ (Flickr); ‘use common sense while posting’ (Last.fm); ‘Use your best judgement. Don't forget your day job’ (IBM, pdf); ‘IBM's integrity & reputation, as well as your own, are in your hands’ (IBM Virtual World Guidelines).
I like the point an IBM blogger made concerning IBM’s Corporate Blogging Guidelines, something I apply in my mind to a good ICT AUP, too: ‘a commitment that we all have entered into together’. Schools, with their transient populations, have to renew their commitment continually, not only every year but many times each year. This is the guts of teaching and of good schools. It’s tiring, but very rewarding.
Another reason why AUPs test schools: ‘most schools and districts are operating under Acceptable Use Policies that were written before there was a Read/Write Web’ (David Warlick, in 2007). As I’ve said before, no-one I know saw what we were really doing when we started connecting our schools to the web. The shared perception was that we were enlarging our libraries. When we began more fully to appreciate that we’d in fact joined the read/write web, the need for a very different kind of AUP was evident.
An AUP should, to borrow Roo’s words from his 2008 post about IBM’s conduct guidelines, Policing vs Guidelines, be ‘annually revisited (though not necessarily annually revised)’. This is what we’re running with this year:
ICT: policy for good use
This policy is binding. It has been kept as simple as possible and is intended to encourage creative, imaginative use of our computing facilities. If you exercise due care and consideration, you will be observing its spirit.
The school provides both networked, desktop computers and wireless access to the internet through the school’s own filtered connection. Wireless access (which does not provide direct access to the school’s network) is available in specified locations for authorised users to use via their own devices.
Identity and responsibility (online and digital)
Respect and maintain the integrity of digital identities — yours and others’. For example: log on only as yourself; keep your login details private and make them secure; do not leave any device logged in and accessible to others.
Exercise informed judgement about disclosing your personal details and do not give out another person’s details without their clear consent.
Except for Coletines, financial transactions by pupils are permitted where you act within the constraints of the school’s rules and with your parents’ approval.
In the digital realm, once something is posted online it has a persistence that is not like something that is said. It is also searchable and replicable and you cannot be sure who your audience is or will be. Once something is posted online, its effects are often magnified and can be mirrored out of context. All of this requires experience to understand. Remember: when you post, you have not only your own reputation to consider but also that of others and that of the school. Every member of the community has to take responsibility for his or her actions online. If you are in doubt, it is best not to post, send an email, etc.
Network and hardware integrity
Respecting and maintaining the network and the computers the school provides is largely common sense. For example, if the functioning of the system were to be impaired by the introduction of a virus, it would have a possible impact not just on the school’s network but on all devices using the school’s facilities. Attachments sent to you should be assessed case-by-case: unexpected or suspicious files should not be opened.
Many different devices exist which can be connected to a network or a computer. Every user needs to exercise judgement: for example, storage devices (eg, USB sticks) with non-executable files on them are clearly fine, but should have been virus-checked first by you. Harder to assess can be executables designed to run safely from a USB stick (etc) — eg, a browser. If in doubt, consult with a member of the ICT staff.
Devices that are themselves computers (in whatever form) should not be linked to the wired network without first consulting either the Director of ICT or the IT Manager.
Laptops and other portable devices can access the internet (and, via this route, the school’s systems) by using the wireless network — accessible from a number of points within the school. Anti-virus provision for all mobile and portable devices is the owner’s responsibility.
Downloading files: again, exercise judgement and be aware that viruses can be hidden in documents and images (for example) and not just in executable files. To guard against accidents, the school’s own machines do not allow unauthorised software installation. Think about what you are doing and always seek advice if in doubt.
Respecting the network’s integrity extends to how messages are sent. There are many ways of spamming people, or generating needless messages, and no-one should be doing this. Another example of unacceptable practice would be attempting to send messages anonymously or pseudonymously.
It is standard practice in organisations to audit users’ internet activity and all staff and pupils are audited in this way. Audit trails are rarely examined but exist as a safety net should things go wrong. Should you find yourself looking at or opening material you consider the school would think inappropriate (or material you find disturbing), simply inform a member of staff so we can work with you to address the matter.
- On our intranet, there are hyperlinks to further info for: disclosing your personal details and financial transactions by pupils are permitted where you act within the constraints of the school's rules.
- “Coletines” refers to pupils in our junior school, Colet Court.