Code of practice for University IT Staff
Information Technology is now a highly complex domain, containing many different specialisms. The University recognises that it will get the best results from its Information Technology Professionals if they work together, regardless of structure, to a common set of standards and practices.
This code of practice sets out the standards of working practice required from all the University’s IT Professionals, when they are developing & delivering IT services for the University. It is not a job description. It applies whether they are based in the central IT Service or are providing local IT support at the department or college level.
The code covers behaviours and standards in the following six areas:
- Respect the interests of your customers/colleagues
- Follow agreed standards
- Promote good practice within the University
- Adhere to policy & regulations
- Maintain your professionalism
Appendix I includes references to the policies and regulations applicable to all IT professionals working within the University.
Any IT professional working within the University who feels they are being pressured to breach aspect(s) of this code of practice should escalate immediately to their manager to gain support in dealing with the situation. In cases where this is not possible or where support from outside normal departmental/college channels is required, they should escalate to the Service Operations Manager, IT Services.
1.1. Make sure that customers/colleagues understand the implications of any work you are undertaking for them – whether requested directly, or required to troubleshoot an incident or problem. You should not, for example, make changes to a user’s computer over which you have not been granted authority which could lead to loss of data or access to services without telling them in advance - even if this delays starting work.
1.2. Ensure you take appropriate measures to protect data stored by customers/colleagues which may be affected by work you are doing. Do not begin work unless you are confident you have done this. This may involve e.g. ensuring the contents of a user’s computer are backed up to a temporary disk before re-imaging; or confirming that backups are available to recover data before starting work repairing a server.
1.3. Ensure that you fully understand the risks and issues with making changes to IT configurations, software or hardware before undertaking them. Seek advice and guidance from other IT professionals before doing so if you are uncertain. If necessary, ensure you follow the appropriate process for planning, authorising and executing the work - e.g. Change Management within IT Services.
1.4. In emergency situations, where circumstances dictate you cannot behave in these ways – e.g. carrying out urgent repairs on equipment during field work away from the University – then as far as practical, ensure you apply these principles retrospectively.
1.5. Recognise where privileged access to systems or applications may expose you to information to which you would otherwise not have access. Respect the confidentiality of any information you access in this way.
1.6. Understand that customers/colleagues may not understand the complexities of IT. Be patient and understanding and always be prepared to explain issues and give answers. Ensure you are aware of the support and training available to users within the University from e.g. Leciester Learning Institute and direct users to it where necessary.
1.7. Understand that the University cannot accept liability for damage caused to, or loss of data from, personally owned devices. In cases where you are asked to carry out work involving a user’s own device e.g. personally owned mobile phone or laptop, ensure you limit your support only to activities needed to interoperate with University services. Do not undertake work which may put the device or data on it at risk (e.g. applying patches or repairing hardware). Only undertake this work, if you are willing, in a personal capacity on a “best endeavours” basis.
1.8. Only undertake work on IT equipment belonging to another organisation (e.g. another University) if you have the authority to do so and understand how it is configured. If IT equipment belonging to another organisation will be installed and used on University premises and you will be expected or likely to need to maintain it, you should obtain authorisation in advance.
2.1. Understand the importance and benefits of using standardisation when developing IT solutions and delivering service. Ensure that standard ways of delivering services are used, where they exist.
2.2. Seek advice from fellow IT professionals and/or IT Services if you are unsure whether a standard exists or applies to a piece of work you are undertaking.
2.3. In cases where standards cannot be applied, ensure you fully understand the implications of deviating. In a suitable shared location (e.g. departmental X drive folder) document the need and reasons for deviating, including the risks and any additional costs incurred of doing so; along with details of the non-standard solution and it’s maintenance processes. Follow appropriate business process for obtaining authorisation to deviate from a standard (e.g. within IT Services, Change Management; in departments, Head of Department approval).
2.4. Evaluate new technologies and services to assess their potential benefit. Ensure you highlight beneficial technologies to University IT management to allow them to be considered across the University and, where suitable, built into standards and services.
3.1. Identify opportunities for promoting the effective and efficient use of IT throughout the University. Provide feedback to customers/colleagues if you identify ways they can make more effective use of services; make recommendations to other IT Professionals and IT Services on ways services could be improved and new standards developed to better meet the needs of customers/colleagues.
3.2. Be conscious of your behaviour. Act in ways that promote the effective and safe use of IT. For example, never ask users for their passwords; if a user supplies one to you unsolicited, ensure they both understand why they should not have done so and make sure that they have changed their password.
3.3. Challenge inappropriate behaviours (such as password sharing) if you encounter them in fellow IT professionals or customers/colleagues. Where other mechanisms for achieving the same results exist (e.g. delegate access to email, shared folders on X drive) provide support for customers/colleagues to set up and use them. Seek help from IT Services, your departmental Information Assurance Officer or the Information Assurance Office if you need support handling these situations.
3.4. Promote adherence to the University’s Information Security and other appropriate policies.
4.1. Ensure you understand of the significance of University Information Security and other appropriate policies (e.g. purchasing, software). Understand how they apply to your work and the services you support and the procedures you are expected to follow to comply with them.
4.2. Ensure you also understand the significance of the wider legal and regulatory frameworks which apply to both your work and the work that your customers/colleagues do. These include (but are not limited to) data protection, regulation of investigatory powers, health and safety, copyright; and also the disability discrimination act. Act in ways which ensure you meet your obligations under these policies and legal and regulatory frameworks.
4.3. Seek guidance from the University’s Information Assurance Office (or other appropriate department) if you have any doubt as to the application of these policies or regulations to any work you are asked to carry out.
4.4. Take no actions which undermine these policies or regulations; or which put the University or yourself at risk of civil or criminal prosecution by their neglect.
5.1. Use the resources provided by the University and IT Services to maintain your specialist knowledge of the IT sector and continue your professional development. Seek help from your line manager and/or IT Services if you need training to maintain your skills. Keep abreast of new trends and developments within the industry. Maintain contact with other IT professionals within the University and beyond. Consider membership of an appropriate professional body (e.g. BCS, itSMF) to ensure you remain abreast of developments in the IT sector.
5.2. Understand the limits of your knowledge. Recognise cases where you are being asked to exceed these limits. Seek advice from fellow IT professionals with the necessary expertise – do not carry out work for which you lack the appropriate expertise.
5.3. Regardless of whether you work within the central IT Service or within departments, work collaboratively with all your fellow IT professionals to deliver IT services which are widely supportable; of the best quality; and delivered coherently for all University staff and students.
5.4. Respect issues of confidentiality and information security if you are made aware of sensitive information during the course of your work.
These policies and regulations apply to all IT professionals working at the University of Leicester.