Skip page header and navigation

IT Policies and Processes

Introduction

Details on the Information Technology Strategy along with a number of IT policies and processes can be viewed in detail below.

Processes

  • For Microsoft Teams and SharePoint sites containing highly confidential documents, IT can implement a policy to secure the site and all Office 365 documents contained within it.

    The policy will restrict the Team or SharePoint members to internal members only and prevent Office 365 documents from being opened by or shared with anyone outside the Teams or SharePoint Sites group members.

    If you think you have a Team or SharePoint site that you would like to secure and implement this policy for, or would like to discuss these options in more detail, please contact us via the IT Service Desk and submit a ticket with the request type ‘Office 365 Services’ – ‘Teams’.

    Microsoft Teams and SharePoint Site Labelling

    A Microsoft Team and/or the SharePoint site behind the Team can have a sensitivity label applied to it at the site level.

    Site labels have been set up and could be applied to a Team or SharePoint site to increase the security of that site and to improve Data Loss Prevention (DLP).

    Examples of Sensitivity Labels defined which can be applied as appropriate include:

    Label 1 – Highly Confidential (Block unmanaged device access) 

    • Privacy – Set to Private, restricts to only approved members of the organization. Once set this is locked and can not be changed unless the site label is removed or edited by an IT admin.
    • External User Access – Set to disabled. Owners cannot add people outside of the organization to the group as guests.
    • External Sharing – Set to ‘Only people in the organization’. Content on can only be shared with people inside the organization.
    • Conditional Access – Set to block access for unmanaged devices. Unmanaged devices cannot access the SharePoint site (inc. files within a Team). Unmanaged devices are any device that are not hybrid AD joined or managed in Intune. Currently this includes UWTSD provided iOS mobile phones. Chrome desktop users also need the Windows Accounts Chrome extension installed for the device to be seen as managed.

    Label 2 – Highly Confidential (Requires MFA) 

    • Privacy – Set to Private, restricts to only approved members of the organization. Once set this is locked and cannot be changed unless the site label is removed or edited by an IT admin.
    • External User Access – Set to disabled. Owners cannot add people outside of the organization to the group as guests.
    • External Sharing – Set to Only people in the organization. Content on can only be shared with people inside the organization.
    • Conditional Access – Set to apply an existing authentication context to require MFA. Users must have MFA set up in order to access the Teams files or SharePoint site.

    Microsoft Teams/SharePoint site Default Labelling for Office 365 Files

    Within Microsoft Teams or a SharePoint site the document library where files are kept can have a default sensitivity label applied. Once applied all existing Office 365 files (once edited) and newly created files will have the sensitivity label applied by default.

    The default sensitivity label applied per Team/SharePoint site will have the following configuration resulting in all O365 documents being labelled automatically where each document cannot be decrypted/opened outside of the Teams/SharePoint sites members.

    • Encryption – Files are encrypted and permissions are assigned immediately. User access never expires and offline access is allowed. Permissions are assigned to the members of the Teams/SharePoint Office 365 group where members will be set with Co-Owner permissions. Any user that is not a member of the O365 group will not be able to decrypt/open the files(s).
    • Content Marking – A header is added to each file marking the file for example as ‘Highly Confidential – Team members only’.
  • The University has a policy of disposing of redundant IT equipment which is covered by several areas of legislation, mainly:

    • Waste Electrical and Electronic Equipment (WEEE) Regulations – covers the disposal of both useable and unusable equipment. Under this legislation:
      • as electrical equipment is classed as hazardous waste, its disposal has to be handled by licensed contractors
      • we retain legal responsibility for donated equipment unless we release it to licensed organisations who can take on these responsibilities
    • Data Protection Act – we have to ensure that data does not leave the University
    • Copyright Legislation – we have to ensure that we do not illegally pass ownership of copyright materials to third parties.

    To arrange disposal of IT Equipment please follow the below steps:

    1. Log a call to request removal of IT equipment
    2. Service Desk attends to view kit to confirm it is to be recycled
    3. Equipment is disposed of securely and data destruction certificates are provided.
    4. IT inventory system is updated
  • Refund Criteria

    Refund requests will only be considered for students who meet all of the following criteria:

    • The students print credit balance must be equal to or greater than £5. If the student print credit is below this amount the refund will not be approved.
    • Refund requests will only be considered for students that are in their final year of study or who have completed their course.
    • Refund requests will only be considered between 1st April–31st August each year.
    • Students requesting a refund must not have any financial blocks against their UWTSD student account.
    • Students can only make one refund request per academic year.

    Refund Process

    If you meet all of the above criteria, you can request a refund by following the below steps:

    • Create an IT Service Desk ticket
      •  Visit the Service Desk
      • Select the request type “User Computing Environment” followed by “Print Credit Refund Request”
    • The following information must be included when the ticket is created:
      • Name of Course Completed
      • Contact Telephone Number
      • Bank Account Sort Code
      • Bank Account Number
    • IT Service desk will confirm the print balance and attach a balance report to the IT Service Desk Ticket.
    • IT Service Desk will then deduct the requested refund amount from your print credit balance.
    • Confirmation will be emailed to both the student and finance@uwtsd.ac.uk who will automatically process the approved request.
    • The student is responsible to liaise directly with Finance to confirm when their refund will be processed.
    • The University reserves the right to refuse any refund request.
  • The University is developing a number of programmes to reduce the environmental impact of our IT use. We also work closely with the INSPIRE Project to help create a sustainable future.

    Green IT initiatives at the University include:

    • The introduction of SCCM as a power management system across all University PCs (including libraries and computer rooms). This means that University PCs shut down after a defined period of inactivity, reducing their energy usage.
    • The UWTSD capital computer replacement programme has been extended from a three-year to a five-year cycle. Computers replaced under this scheme are used in schools to further extend their lifespan.
    • Information Technology and Systems procurement strategy which ensures that suppliers provide low power demand equipment and that they reduce and recycling of all waste packaging
    • Allowing more access for staff who are working from home via Citrix and other services.
    • Printers and photocopiers across campuses have been (or will be shortly) replaced by energy efficient multi-function devices (MFDs). Default printing is set to print double-sided to save paper
    • Continuation to virtualise of over 100 physical servers into a single SAN infrastructure to reduce power consumption
    • Server room refurbishments to provide more efficient air cooling and temperature control
    • Use of iPads for meetings rather than using printed copies for attendees

    Top Tips

    Switch off

    • Set your computer to go to sleep automatically when you are not using it.
    • Turn off your PC and monitor when you leave.
    • Use intelligent extension sockets, which automatically switch off everything when you switch off your PC.
    • Find other ways of working without leaving your PC on overnight and at weekends.

    Reduce printing

    • Avoid printing and photocopying by posting electronic copies of employee manuals, safety documents, and other shared material.
    • Get rid of your personal printer before it is eventually removed as other better options (MFDs) are available for staff.
    • Print on both sides of the paper (duplex) and in greyscale when possible.
    • Recycle old documents or reuse them for scrap paper, or drafts.

    Be energy efficient

    • Save energy by using laptops instead of desktop PCs. A laptop, docking station, and 22” monitor uses around 25W less when being actively used, and 5W less when inactive, than a PC and 22” monitor.
    • Only one device for each member of staff.
    • Use of power efficient computers and monitors.
    • Use the excellent video conferencing facilities and Lync to reduce the need to travel.