Agent portal acceptable use policy

 Violate any provisions in this, or any other policy, including:

• The University Information Security Policy
• The University IT Acceptable Use Policy
• The University IT Password Policy
• Student Introduction Services Agreement (contract signed between every agency and the University of Westminster)
• Agent Code of Conduct 
• Put the University in a position of liability
• Contravene the terms of your agent contract
• Cause damage or disruption to University systems

• Comply with the terms and conditions in this policy
• Understand that the University reserves the right to check for insecure and vulnerable devices connecting to our systems and to block access from such devices.
• Use University systems for official business

• Break the law while using University systems
• Knowingly transmit any data or upload documents that contain viruses or any computer code designed to adversely affect the operation of the portal. This includes uploading any corrupted documents or virus, worm, malware, trojan horse or any other ‘nuisance’ programmes, such as file sharing or peer-to-peer software, to any University system or take any action to circumvent or modify any precautions taken by the University to prevent ‘infection’ of the system.
• Use rooted or jailbroken devices to access any part of the system
• Access, or attempt to access, any system without authorisation

Users must:

• Always keep your individual username and password secure and private.
• Notify your relevant contact in the International Recruitment Team immediately if you think your username and password have been compromised, shared or hacked. They will initiate investigations into this with the relevant University teams.

Users must not:

• Disclose or share your username and password with people inside or outside your organisation, including with subcontracted agencies or third parties.
• Publish your written username or password on systems or documents inside your organisation or anywhere accessible to the public (e.g. shared files, intranet or internet pages).
• Where there are indications that an account is being accessed by multiple users, the University reserves the right to deactivate the account.

The Agent Portal uses 2 Factor Authentication (2FA) as an additional security control. 

Users must:

• Set up 2 Factor Authentication (2FA) on an appropriate device.
• Verify your identity using 2FA each time you log in to the portal.
• Ensure the device used for 2FA is always kept secure, has a pin code, fingerprint or facial recognition and/or a lock screen set after a timeout period.
• Report lost or stolen devices which are used for 2FA to the University immediately.

Users must:

• Use the portal for the submission and management of postgraduate applications to the University of Westminster only.
• Ensure that unauthorised persons do not have access to data about individuals provided within the portal and treat all such data as confidential.
• Ensure that unattended laptops or mobiles are always logged out from the portal.
• Ensure data is managed in line with the Student Introduction Services Agreement (clause 11).

Users must not:

• Share the information provided via the portal or accessible from within the portal with any third party.
• Use the details available on the portal to contact applicants except for the purpose of progressing their application to the University of Westminster.
• Share correspondence between the University and the applicant with any unauthorised third parties. Admissions correspondence is confidential between the University, the applicant and the agent authorised to act on their behalf. Exceptions can be made where offer letters are required to obtain bank loans, or external funding by a recognised organisation and with the consent of the applicant.

The University may at any time permit the inspection, monitoring, or disclosure of information held in IT systems: 

• When required by and consistent with the law. The University evaluates any request for such action against the precise provisions of the Freedom of Information Act 2000, the Data Protection Act, the Regulation of Investigatory Powers Act 2000, or other applicable laws. 
• At the written request of one senior member of University staff, the University Secretary and Chief Operating Officer, a Deputy Vice-Chancellor, a Head of College, the Director of HR or the Director of ISS, if there are reasonable grounds to believe this policy has been violated. 

Any such monitoring, access or investigation will be carried out by an appropriate and competent member of Information Systems & Services staff under the guidance of the Cyber Security Team. 

If you believe there has been a breach of any of the terms and conditions in this policy, you must immediately notify the International Recruitment Team or [email protected] and no later than 48 hours of the breach. The International Recruitment Team will raise an IT Service Desk ticket to log potential security incidents reported by international agents, and the University Cyber Security Team will investigate. 

The University considers failure or refusal to comply with this Acceptable Use Policy to be a serious matter which may lead to withdrawal of access to the portal and/or termination of your agent contract.

The University also reserves the right to carry out system management, problem resolution, maintenance and capacity planning to ensure the performance and availability of its systems.