ui.edu.ng · web viewthe network operating centre and network support layer is the network...
TRANSCRIPT
INFORMATION TECHNOLOGY and MEDIA SERVICES (ITeMS)
POLICY
Sponsored by
(c) 2016, Information Technology and Media Services
(ITeMS)
First Printing 2016
ISBN:
The production of this policy document is sponsored under a grant from the John D. and
Catherine T. MacArthur Foundation, USA
The contents of this document were approved by the Senate of the University of Ibadan on
XXXXXX, 201X.
For further information, contact:
Director,
Information Technology and Media Services (ITeMS) Directorate,
Office of the Vice Chancellor,
University of Ibadan, Ibadan,
Nigeria
e-mail: [email protected]
2014 - 2019: Dr O. Osunade +234-8033264855
FOREWORD
Professor A. I. OLAYINKA
12th Vice Chancellor
ACKNOWLEDGEMENTS
The efforts of all participants in the policy development workshops are thankfully acknowledged. The
list of all the participants are in the appendix.
The support of past Vice Chancellors, Professors Falase, Bamiro and I.F Adewole in advancing
Information Technology in the University are highly appreciated.
The current Vice Chancellor, Professor A.I Olayinka is acknowledged and appreciated for his
unflinching support of Information Technology and digital media.
Grants received from the MacArthur Foundation, USA for information Technology development at
University of Ibadan are thankfully acknowledged.
PREFACE
TABLE OF CONTENTS
FOREWORD.................................................................................................................................................................iv
ACKNOWLEDGEMENTS............................................................................................................................................v
PREFACE......................................................................................................................................................................vi
TABLE OF CONTENTS.............................................................................................................................................vii
INTRODUCTION..........................................................................................................................................................1
1.0 Preamble........................................................................................................................................................1
1.1 Information Technology and Media Services (ITeMS) Directorate.............................................................1
1.2 Framework for Information Technology and Media Services......................................................................3
1.3 Related Units to Information Technology and Media Services....................................................................3
1.4 Goals and Objectives of the Policy...............................................................................................................4
1.5 Scope of the Policy........................................................................................................................................4
1.6 Validity of the Policy....................................................................................................................................5
FINANCES.....................................................................................................................................................................6
2.0 Service Costing Policy..................................................................................................................................6
2.1 Payment Policy..............................................................................................................................................6
2.2 Investment and Funding Policy.....................................................................................................................7
2.3 Software Industry Economics Policy............................................................................................................8
PERSONNEL...............................................................................................................................................................10
3.0 ITMS Staff Training Policy.........................................................................................................................10
3.1 Digital Proficiency for All Staff..................................................................................................................11
3.2 Code of Conduct and Ethics........................................................................................................................13
3.3 ITeMS Personnel Policy..............................................................................................................................14
TECHNOLOGY...........................................................................................................................................................16
4.0 Bandwidth Usage Policy.............................................................................................................................16
4.1 Equipment Procurement Policy...................................................................................................................16
4.2 Equipment Maintenance Policy..................................................................................................................18
4.3 Local Content Development policy.............................................................................................................19
4.4 IT and Media Equipment Disposal Policy..................................................................................................20
4.5 Network Infrastructure Implementation Policy...........................................................................................23
4.6 Database / Enterprise Resource Planning Policy........................................................................................25
4.7 E-learning Policy.........................................................................................................................................25
4.8 Local Area Network (LAN) Policy.............................................................................................................26
4.9 Paperless Policy...........................................................................................................................................27
4.10 Mobile Devices Policy................................................................................................................................27
4.11 Remote Access policy.................................................................................................................................28
SERVICES....................................................................................................................................................................31
5.0 Email Policy................................................................................................................................................31
5.1 Online Resources.........................................................................................................................................31
MEDIA.........................................................................................................................................................................33
6.0 Filming and Photography Policy.................................................................................................................33
6.1 Logo Policy.................................................................................................................................................34
6.2 Community Broadcasting............................................................................................................................35
SECURITY AND PRIVACY.......................................................................................................................................37
7.0 Security Policy............................................................................................................................................37
7.1 Password Policy..........................................................................................................................................38
7.2 Anti-Virus Policy........................................................................................................................................41
MANAGEMENT..........................................................................................................................................................43
8.0 Authority Policy..........................................................................................................................................43
8.1 Jurisdiction Policy.......................................................................................................................................44
8.2 Username / Account Naming Policy...........................................................................................................44
STANDARDS...............................................................................................................................................................46
CREATIVE COMMONS.............................................................................................................................................47
SOFTWARE.................................................................................................................................................................48
11.0 Software Development, Support and Use...................................................................................................48
11.1 Software Infrastructure Policy....................................................................................................................48
11.2 Software Usage Policy...............................................................................................................................50
11.3 Software license compliance policy............................................................................................................51
11.4 Computer software Purchase Policy...........................................................................................................52
OPEN............................................................................................................................................................................55
12.0 Open Data Policy........................................................................................................................................55
RESEARCH..................................................................................................................................................................56
13.0 Software Research, Innovation and Development Policy...........................................................................56
13.1 (Turnitin) Plagiarism Policy........................................................................................................................57
PARTNERSHIPS.........................................................................................................................................................59
14.0 Public Private Partnership Policy................................................................................................................59
WEB..............................................................................................................................................................................60
15.0 Web Content Authorship Policy.................................................................................................................60
15.1 Web Portal Policy........................................................................................................................................60
15.2 Social Media Policy....................................................................................................................................61
DISASTER MANAGEMENT......................................................................................................................................62
16.0 Disaster Management for IT Systems and Media Services Policy.............................................................62
ENFORCEMENT AND SANCTIONS........................................................................................................................68
RELATED POLICIES..................................................................................................................................................70
APPENDIX...................................................................................................................................................................72
Workshop 1...................................................................................................................................................................72
Workshop 2...................................................................................................................................................................73
Workshop 3...................................................................................................................................................................74
Editorial Work..............................................................................................................................................................74
INTRODUCTION
1.0 Preamble
The University of Ibadan (U.I), founded in 1948 is the premier university in Nigeria. It consists of 13
faculties, 4 institutes, 10 centers, the College of Medicine and a postgraduate school. The vision of the
University of Ibadan, is to be a world-class institution for academic excellence geared towards meeting
societal needs. One of its missions is to transform into a research-driven institution by expanding the
frontiers of knowledge through provision of excellent conditions for learning and research.
The primary function of the University is to provide education, conduct research, public service
(consultancy and services) and disseminate and create knowledge. In carrying out this function,
intellectual media, communication technology, information systems and information technology are
developed and used. There is therefore a need for a defined system of execution and management of the
information technology, systems, communication and media assets to the advantage of the university
and the society at large.
The Directorate of Information Technology & Media Services (ITeMS)provides information
technology resources and media services to a large and varied group, including faculty, staff, students,
and guests at the University of Ibadan. All members of this community are responsible for using these
resources in an effective, efficient, and ethical manner that does not interfere with the reasonable use by
other community members or endanger the University's tax-exempt or legal status.
1.1 Information Technology and Media Services (ITeMS) Directorate
In order to leverage the convergence of information technology and media technology to positively
affect teaching, learning and research in the University; UI established the Directorate of Information
Technology and Media Services (ITeMS). The duty of the directorate is to use information technology
and media solutions to provide information, communication and entertainment to all members of the
community located locally or elsewhere.
The Directorate is the result of the unification of the Management Information System (MIS) unit, the
Information and Communication Technology (Internet) project, Diamond FM radio station, University
Media Centre, the Computing Centre and the Information Technology Unit of the College of Medicine.
To complement the University Vision and Mission, ITeMs has outlined a Vision and Mission thus:
Vision
To be the preferred source for all computing, information, technology and media solutions
Mission
To provide world-class information technology and media services for teaching, research and
administrative excellence
To develop processing and storage capabilities so as to preserve society’s value while support-
ing sustainable development.
To conduct research on regular basis into information technology and media issues
To ensure a veritable platform for operations and development of ITeMS some Core values and
Principles are germane; these are enunciated below:
Core Values
Sustainability
User-focused
Reliability
Excellence
Uniqueness
Integrity
1.2 Framework for Information Technology and Media Services
The Directorate of Information Technology and Media Services (ITeMS) is the leading management
organization for all Information, Communication and Media Systems/Technology activities. The
Directorate functions using the framework below:
1. Office of the Vice Chancellor
2. Board of Information Technology and Media Services
3. Director, Information Technology and Media Services
4. Assistant/Deputy Directors, Information Technology and Media Services
Management Information Systems (MIS)
University Media Centre (UMC)
Information Technology Network and Hardware (ITNH)
Training Research and Development (TRD)
College of Medicine (CoM)
Broadcast Media - Radio and Television
Programming
5. Senate Information Communication Technology (ICT) Committee
6. Faculty Senate Computer Committee Representative
7. Representatives of Information Technology and Media Services at the Faculty/Unit/Centre/Di-
rectorate levels
1.3 Related Units to Information Technology and Media Services
Major Information Technology and Media Services related Units in The University are:
ITeMS
Bursary
Library
Department of Computer Science
Department of Electrical and Electronics Engineering
Library, Archival and Information Studies (LARIS)
African Regional Centre for Information Science (ARCIS)
Registry
Transcript section
Administrative Data Processing Unit (ADPU)
Faculties
Distance Learning Centre
College of Medicine
Directorate of Public Communications
Centre for Media Resources
1.4 Goals and Objectives of the Policy
The purpose of this Policy is to ensure an Information Technology, Systems, Communication and
Media Infrastructure that promotes the missions of the University in teaching, learning, research,
patient care, and administration. In particular, this Policy aims to promote the following goals:
responsible use of all electronic, digital and media resources of the University
ensure the integrity, reliability, availability, and superior performance of Information,
Communication and Media Systems/Technology;
ensure that use of Information and Communication System/Technology and Media systems is
consistent with the principles and values that govern use of other University facilities and
services;
ensure that Information, Communication and Media Systems are used for their intended
purposes; and
establish processes for addressing policy violations and sanctions for violators.
Encourage adoption of electronic and software awareness
1.5 Scope of the Policy
This policy applies to all users of Information, Communication and Media Systems/Technology,
including but not limited to University students, staff, alumni, visitors, guests and retirees.
Information, Communication and Media Systems/Technology include university logo, microphones,
website, social media tools, computer/data/communication networks, databases, radio, television and
facilities administered by any ITeMS Unit, as well as those administered by individual faculties,
departments, University laboratories, University-related and other University-based entities.
Use of any of the University Information, Communication and Media Systems/Technology
Infrastructure, even when carried out on a privately owned computer that is not managed or maintained
by the University of Ibadan, is governed by this Policy.
1.6 Validity of the Policy
This Policy may be periodically reviewed and modified by the Vice Chancellor of the University, who
may consult with the Information Technology and Media Services Directorate and relevant University
committees, faculty, students, alumni and staff.
FINANCES
2.0 Service Costing Policy
The cost of providing a service such as Internet access shall not be arbitrary but in accordance with
acceptable practices
Policy
All services provided shall be offered to users at a price that covers the cost of provision
Objectives
1. Services should be maintained based on the cost paid by the subscribers without needing the
University to foot bills on those services
2. Services should be sustainable
Strategies
1. There are no free services
2. The cost of human effort, sunk costs, administrative charges and logistics will be included
3. The cost shall not include taxes such as VAT (Value Added Services Tax).
4. The cost of services can be changed when a constituent cost of the services change
2.1 Payment Policy
Users must pay for services offered. There are multiple payment channels open to users. The
Directorate will work on making payment for its services convenient.
Policy
Users of services provided by ITeMS shall pay for the services using acceptable payment methods
Strategies
1. The Directorate shall endeavor to provide multiple payment platforms for users
2. Payment for services shall be in the Local Currency except in circumstances related to interna-
tional trade
3. Payment for services shall be pre-paid
4. Agents may be used for collection of payments.
2.2 Investment and Funding Policy
Investment and funding are critical to the success of any IT development plan and program. Typically,
sources for such funding would include University, the private sector, as well as international
organizations. The University has the critical role of creating an enabling environment that will attract
investment and funding from various stakeholders.
Policy
The University Faculties, Centres, Departments and Units shall invest in the provision of IT facilities
and infrastructure.
Objectives
1. To create an enabling environment and facilitate foreign direct investment as well as private
sector investment in University ITeMS;
2. To encourage public-private partnerships for the development of IT and Media;
3. To provide funding of IT and Media projects through appropriate budgetary allocation;
Strategies
1. Provide incentives to investors;
2. Provide appropriate fiscal incentives to encourage local manufacture of IT and media equip-
ment and development of software;
3. Streamline procedures and requirements for the purchase and use of IT and media equip-
ment;
4. Adopt financing models that foster indigenous IT and digital media entrepreneurship.
2.3 Software Industry Economics Policy
Policy
Information Technology and Media Services shall promote and encourage the growth of the economy
through software development as a catalyst for revenue generation.
Objectives
1. Promote software development as one of the major source of revenue for the University.
2. Provide and support the economic conditions that will enable the creation of a vibrant soft-
ware ecosystem.
3. Provide guidelines for the articulation of sectoral (defense, national security, education, agri-
culture, industry, finance, culture, media, sports etc.) software development and relevant leg-
islation such as intellectual property regime which shall enable a software innovation-led
economy.
4. Adopt a “user-driven” strategy which is based on the availability of software and its adapta-
tion, dissemination and use tailored to the demands of the University and society at large.
5. Information Technology and Media Services shall promote the development of indigenous
software products and services for domestic, regional and international markets.
6. Information Technology and Media Services shall consider the development of an appropriate
policy framework for the procurement and deployment of Open Source Software (OSS) solu-
tions in the University.
7. Ensure the use of OSS products for interoperability that support open standards and specifica-
tions in all IT projects.
8. Providing a platform for advocacy for the development of the business of indigenous soft-
ware products and services, as well as abuse of use of internet resources.
Strategies
1. Promoting investment in software ecosystem through public-private partnership initiative.
2. Promoting the collaboration of software experts and students.
3. Developing a benchmark for quality assurance of software products and services.
4. Promoting the acquisition of software technology and stimulating research, innovation and de-
velopment.
5. Promoting the use of indigenous software products and services in the University.
6. Encouraging other Universities to subscribe to indigenous software products and services.
7. Providing a procedure for the classification, testing, measurement and certification of software
products and services to ensure total adherence to global standards and best practices.
8. Promoting collaborative initiatives amongst identified software investors, developers and solu-
tion providers to accelerate the growth of indigenous software products and services.
9. Ensuring that the University Software Team is put to work before seeking Software Develop-
ment firms
10. Establishing innovation centres that can ably attract available pool of expertise in software en-
gineering.
11. Encouraging the procurement of Software solutions in a manner that ensures the interoper-
ability of solutions.
12. Encouraging the development of a policy framework around the procurement and deployment
of Open Source software solutions.
PERSONNEL
3.0 ITMS Staff Training Policy
Training of ITeMS staff is beneficial to the long-term support and development of technology and me-
dia infrastructure and services in the University.
Policy
All ITeMS staff shall be trained regularly in related and relevant information technology and media so-
lutions such as software, equipment, technology, concepts and application.
Objectives
The objectives of the policy are:
1. To enable staff acquire the knowledge and skills that will enable them to perform effectively in
their current roles
2. To enable staff to enhance their performance in their current roles
3. To enable staff to respond effectively to the demands placed upon them by internal and exter-
nal change and development
4. To enable staff to develop their careers effectively within the University
Strategies
1. There shall be in-house training such as seminars, workshops, webinars for all ITeMS staff
2. Attendance at meetings of professional associations such as Nigeria Computer Society and
Computer Professional Registration Council of Nigeria shall be encouraged
3. Hosting of training workshops so that more ITeMS staff can attend
4. Paper presentation and Tutorial sessions at workshops and conferences
5. Online training classes
6. Individuals are responsible for reflecting at regular intervals upon their jobs and future career
aspirations and identifying their needs for training and development
7. Individuals are responsible for discussing (1) above with their Head of Department/Unit during
their Performance and Development Review Meetings with a view to establishing priorities in
relation to their unit and institutional objectives.
8. The Directorate/Unit shall nominate individuals to participate in training programs
9. The Directorate will rotate sponsorship of training every two years as follows:
a. Every senior staff shall be entitled to attend at least two local training events and one
international training event
b. Every junior staff shall be entitled to attend at least one local training event
c. Deputy/Assistant Directors shall be entitled to attend at least three local training
events and one international training event
d. The Director shall be entitled to attend at least six local training events and three inter-
national training events
10. The Directorate will allow staff attend unsponsored training events yearly as follows:
a. Every senior staff can attend maximum of two local training events and two interna-
tional training event
b. Every junior staff can attend maximum of two local training events and one interna-
tional training event
c. Deputy/Assistant Directors can attend maximum of three local training events and two
international training event
d. The Director can attend training events as the need arises
3.1 Digital Proficiency for All Staff
The University acknowledges that its staff are its most valuable resource, and it is committed to
investing in their training and development. All staff are expected to be literate users of information
technology and media services in the University.
Policy
All staff of the University shall be proficient in the use of Information Technology and Media Technology
applications
Objectives
1. To enable staff acquire the knowledge and skills that will enable them to perform effectively in
their current roles.
2. To enable staff to respond effectively to the demands placed upon them by internal and exter-
nal change and development.
3. To enable staff to develop their careers effectively within the University.
4. To ensure that the ITeMS training program shall lead to the use of IT for a significantly large
group of new users and also change the working ethics of the existing users.
5. Providing appropriate resources for training and development
6. Training will focus on building skills in users making them effective in exploiting provided IT re -
sources.
Strategies
1. Ensuring that all staff shall have access to appropriate opportunities for continuing profes-
sional development in their jobs, in accordance with the university’s equal opportunities pol-
icy.
2. Ensuring equal opportunities in access to training and development is in accordance with the
university’s Equal Opportunities Policy.
3. Identifying needs for training and development of staff arising from internal and external
change at Faculty and University levels
4. Liaising with the Staff Development Unit in the provision of appropriate opportunities
5. ITeMS Directorate will develop curricula for all trainings including development of source ma-
terial.
6. ITeMS Directorate will release the training calendar at the commencement of each academic
year.
7. All trainees shall be subjected to a certification assessment. The Training Research and Devel-
opment (TRD) unit of the IT Directorate shall issue certificates upon the successful completion
of training and examination.
8. The development of training materials and the administration of the training shall attract re-
muneration to staff and other personnel involved.
3.2 Code of Conduct and Ethics
ITeMS personnel must conduct themselves in a professional manner being guided by moral and ethical
values
Policy
All ITeMS staff shall conduct themselves in a manner and way prescribed by the code of ethics of their
profession.
Objectives
1.To ensure that the Directorate follow a policy of conducting its business ethically and in compli-
ance with the letter and spirit of the law.
Strategies
1. Make the code of ethics of relevant professions available e.g. Computer Professionals Registra-
tion Council of Nigeria (CPN), Nigerian Broadcasting Code.
2. Encourage staff to join professional organizations / associations
3. Run workshop on ethics, conduct and customer service
4. Emphasize the vision, mission and core values of the Directorate.
5. Promote the core values of the Directorate through placement on souvenirs, products, e.t.c.
6. Professionalism and ethics of IT Network Administrators
a. The network administrator can restrict a User account on the justification of breach in
usage procedure
b. Periodic maintenance of NOC and campus wide IT deployments shall be carried out by
the ITNH unit to identify, advice and replace items categorized at EOL (End-of-Life)
c. The IT administrator shall act with integrity, Respect, and readiness to support and ob-
serve great confidentiality
d. IT administrators shall resolve network complaints to the Network IT helpdesk within a
WLA (Work Level Agreement) of 4-working hours
e. Each Faculty of the University shall have a resident IT Network support staff that will
attend to all her network related issues
f. Network administrator shall discharge their responsibilities within the ethics of his/her
profession
3.3 ITeMS Personnel Policy
Information Technology and Media Services comprises of skilled and creative personnel. The
personnel when logically grouped into a single unit like Audit and Registry, have a clear career path
and make the chain of command apparent.
Policies
The personnel of ITeMS shall be composed of staff possessing qualifications related to information
technology, communication technology, network technology and media technology.
The Directorate will be involved in the hiring, training, promotion and deployment of personnel with
ITeMS-related designations.
Strategies
1. The following cadre of staff will form the technical personnel of the Directorate
Senior Staff
• Computer Operator Cadre
• Data Processing Officers Cadre
• Editorial Staff Cadre
• Graphic Artist Cadre
• Hardware Engineer Cadre
• News Reporters/Editors Cadre
• Programmer Analyst Cadre
• Producer Presenter/Announcer Cadre
• Photographer Cadre
• Systems Analyst Cadre
• Studio Officer Cadre
• Telecoms/Webmaster/Network Analyst Cadre
Junior Staff
• Audio-Visual/Technical Cadre
• Computer Hardware Cadre
• Photographer Cadre
2. All ITeMS personnel in the University will meet annually
3. The Directorate will ensure that personnel have defined career paths within the Scheme of Ser-
vice
4. Personnel records will be kept for all ITeMS personnel in the University
TECHNOLOGY
4.0 Bandwidth Usage Policy
Bandwidth refers to capacity of data that can be transmitted in a fixed amount of time. It is the
maximum data transfer rate a network or internet connection can handle.
Policy
ITeMS shall be responsible for regulating the usage of the university internet bandwidth to prevent
congestion and slow connections.
Objectives
1. Ensure all authorized users have fair access to the Internet.
2. Prevent flooding of the network with unofficial requests
Strategies
1. Users must have an account to use the internet.
2. Multiple users cannot use the same account at the same time
3. Data volume/size is allocated to each user periodically after payment.
4. Access to heavily used sites (e.g. Facebook) and downloading large file may be restricted
between certain periods of the day to prevent congestion.
5. Any account causing excessive traffic congestion after repeated warnings is automatically
blocked for certain periods.
4.1 Equipment Procurement Policy
There is a need for Information Technology and media equipment procurement process to follow
existing rules and regulations governing procurement of goods and services for the University of
Ibadan, while also satisfying the technical specifications of the department involved
Policy
Any IT equipment or services to be procured shall meet certain technical specifications as
recommended by ITeMS and the need of the department where such equipment is required.
Objectives
1. To ensure that various departments follow the correct procedure for procurement of IT and
media related goods and services.
2. To assist the departments with preparation of technical specifications whenever the need
arises.
3. To ensure that projects for various departments are pursued diligently and efficiently.
4. To ensure that the goods and services to be procured is/are satisfactory and timely
Strategies
1. All purchases shall have technical approval from the Directorate and financial authority ap-
proval from the budget holder to whom costs will be charged;
2. The Financial Instructions which govern the procurement of all goods and services within
the University must be met. For example,
a. All purchases shall be suitable for the purpose for which they are acquired;
b. All purchases shall be of an acceptable quality;
3. Purchasing shall be sufficiently flexible to allow rapid response to operational requirements
and to enable the user to take advantage of opportunities arising from new IT products or
services;
4. All products or services purchased shall be on the approved products list unless specific per-
mission is given to purchase non-approved products.
5. In acquiring Non-Branded Equipment, Software and Services, a brief initial business case
shall be submitted to the Director of ITeMS.
6. Equipment to be donated shall ordinarily meet all necessary technical specifications.
7. Refusal or rejection of any benefaction(s) on grounds of obsoleteness, inefficiency or in-
compatibility with existing hardware shall be done with diplomacy i.e. when equipment are
donated to the university.
8. An Inventory of all the IT and media goods and services procured by the various depart-
ments shall be forwarded to ITeMS for record keeping purposes.
4.2 Equipment Maintenance Policy
Maintenance involves fixing an electrical device that is non-functional. It also includes performing
routine actions, which keep the device in working order or prevent unnecessary damage. The actions
include the combination of all technical and corresponding administrative, managerial, and supervision
actions.
Equipment maintenance is key to providing quality services to IT users, this can be done by ensuring
that the equipment are serviced and repaired in good time. Software maintenance is a very broad
activity that includes error correction, enhancements of capabilities, deletion of obsolete capabilities,
and optimization.
Policy
1. All Information Technology and Media equipment shall be regularly maintained. The equipment
may be owned, managed, supported or operated by, or on behalf of, the University.
2. All equipment shall be identifiable individually
Objectives
1. To ensure that users’ PCs and related hardware are in serviceable order
2. To specify the best practices and approaches in IT equipment maintenance
3. To ensure the integrity and security of the network
4. To ensure the currency of the licenses
5. To allow departments/units to plan for replacement technology well in advance of the dates
outlined
Strategies
1. Maintaining a detailed log of maintenance activities
2. Assisting in IT procurement for hardware in order to guarantee support by IT.
3. Drawing schedule for maintenance and recognizing every piece of hardware.
4. Carrying out preventive maintenance according to the recommendations of the manufacturer of
the hardware, in terms of frequency and method of maintenance. However, where justified by
the case, service shall be provided on the basis of request.
5. Declaring IT hardware connected to the University network obsolete according to the recom-
mendations of the manufacturer.
6. Conducting periodical maintenance by the hardware maintenance team to identify, retire and re-
place the hardware categorized as at “end-of-life.”
7. Selling of old systems to students and staffs at subsidized prices. Facilitating the repairs and
maintenance of equipment under warranty by maintenance staff at the IT Unit
8. Keeping accurate records of warranty of individual items of equipment and use such informa-
tion when needed to operationalize the warranty and/or guarantee for the equipment by the
maintenance staff at the IT Unit
9. Developing Equipment Age Repair and Maintenance Policy
10. Making every reasonable attempt where possible to repair the technologies described in the
terms of this policy based on a specified period of years from date of manufacture
4.3 Local Content Development policy
Information Technology and Media could be used to leverage Local Content Development in
University from a two-pronged approach - through both Software and Hardware development.
Policy
IT local content (including software and hardware) is grossly underdeveloped in the University of
Ibadan and Nigeria as a whole. This has resulted in over-dependence on foreign importation of
software and hardware, and diminished opportunity for economic empowerment and capacity building.
Software Development
The software industry is a multi-billion dollar industry and University of Ibadan can benefit
tremendously from developing its own domestic software ecosystem to create applications for aspects
of human endeavour including Agriculture (e-Agriculture), Business (e-Business), Education
(eLearning), Governance (e-Government), Health (e-Health) and so on. This can cater for both
University and external organizations.
Objectives
1 To position University of Ibadan as a leader in software development
2 To provide incentives for the growth of the software ecosystem;
3 To promote software development education in the University;
4 To ensure rapid indigenization and domestication of high technology IT and media products
and services; and
5 To encourage the attainment of a significant increase in local content of IT software and ser -
vices
Strategies
1. Ensure that in-house software meets international standards;
2. Provide incentives and initiatives that will significantly increase the number of software devel-
opers within the next five years;
3. Build a strong interface between the software industry, academia and also the business world
to improve relevance of the end product;
4. Promote collaboration amongst software developers;
5. Ensure that security and privacy in software information system are maintained;
6. Ensure that intellectual property rights are protected;
7. Promote international certification of indigenous software;
8. Encourage the creation of major software projects as platform for indigenous software indus-
try;
9. Promote the patronage of indigenous software products and services;
10. Promote Free and Open Source Software (FOSS) development, education and use
11. Digitize local content in areas such as music, film, tourism, etc;
12. Digitize and make available online local content
4.4 IT and Media Equipment Disposal Policy
Technology and media equipment often contains parts which cannot simply be thrown away. Proper
disposal of equipment is both environmentally responsible and often required by law. In addition, hard
drives, USB drives, CD-ROMs and other storage media contain various kinds of University of Ibadan
data, some of which is considered sensitive. In order to protect the University of Ibadan constituent’s
data, all storage mediums must be properly erased before being disposed of.
Policy
1. ITeMS in conjunction with the Maintenance Unit of the University shall have sole responsibility
for disposing of any University of Ibadan computers, media drivers and computer related
equipment.
2. All University of Ibadan owned computers and computer related equipment shall be inspected
by ITeMS staff prior to being transferred to auction for disposal, transferred out of a depart-
ment, or otherwise removed from service.
3. ITeMS will securely erase all storage mediums in accordance with current industry best prac-
tices before disposal.
Objectives
1. To provide an appropriate method for the disposal of obsolete UI technology assets while mini-
mizing unnecessary campus technology inventory, but ensuring appropriate oversight and ac-
countability of disposed assets.
Strategies
1. Where the computer is in working order but inadequate for the designated purpose, it is ex-
pected to be for re-assignment to other departmental functions for which the capacity is ap-
propriate. Other department that may wish to make use of the equipment.
2. Equipment with residual value but which are inadequate for the business of the University may
be sold to outside bodies, subject to the University’s financial guidelines.
3. If the equipment cannot be used, it should be scrapped for parts or disposed of in accordance
with the University’s policy and procedures for disposal.
4. Departments/Units wishing to dispose of IT and media equipment must inform ITeMS so that
the equipment can be considered for redeployment within the University, upgraded or dis-
posed.
5. All data (including encrypted data) should by default be considered potentially sensitive. Any
removable storage media such as CDs and USB storage should not be passed on with the
equipment. It is the responsibility of ITeMS to ensure that the removal of software and data is
carried out prior to disposal of equipment. This process must not be delegated to any person
outside the University without strict contractual obligations being imposed. Trained, autho-
rized staff within ITeMS will undertake secure erasure and would be approved by ITeMS in their
use.
6. All data including, all files and licensed software shall be removed from equipment prior to the
equipment leaving the possession of the University.
7. All electronic drives must be degaussed or overwritten with commercially available disk clean-
ing program. Hard drives may be removed and rendered unreadable (drilling, crushing or other
demolition methods).
8. After necessary inspection ITeMS will contact the maintenance unit for the disposal of the
equipment in the following manner, in order of preference:
a. Trickle Down: Hardware that has been removed from an office during System Replace-
ment Lifecycle shall be installed elsewhere for low-end use where appropriate.
b. Selling: All hardware no longer of use to UI shall be sold wherever possible in conjunc-
tion with the maintenance Unit.
c. Cannibalizing: Hardware that cannot be sold and can no longer be used in whole, but
has useful components, will be cannibalized for those components.
d. Donating: Hardware that cannot be sold and has no useful components will be donated
where possible. UI inventory tags shall be removed from shell and attached to a “Hard-
ware disposal” document which will be kept on file in ITeMS.
e. Trashing: Hardware that cannot be sold, has no useful components, is not worth do-
nating, will be trashed. Scrapping is the responsibility of the department which owns
the equipment. The maintenance Unit may be called on for assistance.
f. Dumping of equipment or equipment parts is the responsibility of the Maintenance De-
partment. The owner department will make the disposal request to maintenance.
9. All staff, students and other users of information should report immediately to the ITeMS ser-
vice Desk any observed or suspected incidents where sensitive information has or may have
been insecurely disposed of.
4.5 Network Infrastructure Implementation Policy
A reliable network is subject to appropriate IT infrastructure deployment and robust network
architecture. To have an established network that can support the transmission of video, voice and data
traffic capacities for the University community, a coordinated strategy and approach for network
planning and design, implementation, operation and support is required.
The campus network is in three layers and levels to ensure appropriate network support and defined-
phases of network integrations. They are: -
1. Backbone network layer
2. Access network layer and
3. Network Operating Centre and Network support layer
The Backbone Network layer is the layer that connects the local nodes with the Central NOC, it is
designed to be an Optic-fiber network level with great capacities to transmit video, voice data traffic
simultaneously across its medium, with high integrity.
The Access Network layer that interconnects the local unit/node networks, both the wired and wireless
local integrations. It is the last-mile network that connects with the main optical backbone. The
integrity of the access network infrastructures strongly determines and affects the user experiences on
the network.
The Network Operating Centre and Network support layer is the network control center that monitors
and oversees the performance of the network on daily basis. It is the Network Monitoring Centre
(NMC) that provides support for all the network services and integrations rendered to the University
community.
Policy
The University of Ibadan shall maintain a three-tier network architecture for the provision of all
Information Technology and media services to the community.
Objectives
1. To Ensure that the University backbone network/master architecture is implemented
2. To build a reliable, resilient and robust campus network for the University
3. To regulate and advice on appropriate IT equipment deployed on the Campus network for the
optic fiber, LAN, last-mile and wireless network implementations.
4. To ensure standard Infrastructure and network architecture that can support the university
network traffic and IT services are implemented.
5. To enhance overall user experiences on the network.
Strategy
1. Development of Backbone Infrastructure network: -
a. The university backbone network shall be implemented exclusively on optic fibre cable
according to the network architecture
b. The backbone optic fiber hubs shall be passive hubs and central to cluster of intended
locations as designed, with the specific number of optic fiber
c. Backbone network implementation shall conform to defined specifications
2. Development of Campus Local Area Network and use of IT equipment in the Network
a. Node location network shall be terminated on Managed switches (POE) for local net-
work distributions
b. Node location network shall be terminated on a Gigabit capacity router-board and Opti-
cal converter and each node shall have spares for each network equipment locally ter-
minated
c. Node/Units LAN design and project supervision shall be done in conjunction with ITNH
unit of the Directorate.
d. New building infrastructures within the University shall be e-ready buildings (local net-
work design shall be implemented along in its construction phase)
e. The ITNH unit of the Directorate shall be consulted before use/integration or replace-
ment or purchase of any IT equipment into the local node network or network expan-
sion plans for the node
f. Damaged and faulty IT equipment shall be replaced and restored by the person or unit
involved as appropriate
g. Damages to University properties incurred during the implementation of IT projects
shall be replaced and restored to originality by the contractor implementing the project
3. Infrastructure deployment at the Central IT NOC/NMC:
a. Servers on which network services are implemented shall be on managed updated/ex-
tended servers with appropriate warranties.
b. Every Network services initiated at the central NOC shall be on resilience architecture
(redundancy; in-case of hardware/software failure)
c. Restriction access and access/ activity log record details shall be implemented in the
Server room for IT staff control.
4.6 Database / Enterprise Resource Planning Policy
Database is a collection of records that has been systematically organized for easy access. It is one of
the core IT services in universities because of the huge amount of information being generated.
Policies
1. The University of Ibadan shall have a centralized database system managed by ITeMS.
2. The database shall contain all relevant information about personnel, finances, projects e.t.c.
3. An ERP system shall be deployed to make access to the database useful for various tasks.
4. Access to data stored in the database shall be on request.
Objectives
1. To ensure accuracy in record keeping.
2. To make access to information easy and simple.
3. To allow automation and computerization of processes.
Strategies
1. To acquire and/or modify an ERP system for use in University of Ibadan.
2. To collect data once and digitally so as to ensure accuracy.
3. To train users on the ERP system.
4.7 E-learning Policy
E-learning is technology-based learning using computers whether from a distance or in face-to-face
classroom setting.
Policies
1. The use of technology for teaching shall be encouraged.
2. All staff and students shall be required to take prescribed introductory courses in computing as
a requirement for E-learning.
Objectives
1. To promote learning outside the walls of the classroom
2. To prevent learning gap even if the lecturers or students are not physically present
Strategies
1. Make e-learning systems available to students.
2. Make e-learning systems available to staff
3. Conduct trainings on using the e-learning tools for the staff
4.8 Local Area Network (LAN) Policy
Local Area Network (LAN) is the connection of one or more computers together for the purpose of
resource sharing such as files, programs or device (printer, scanner).
Policies
1. The LAN is a property of the university
2. ITeMS shall be consulted on the design and implementation of a LAN.
3. Users cannot extend, modify or remove LAN components without prior written permission
from ITeMS.
Objectives
1. To ensure that standards are adhered to
2. To allow maintenance of LAN irrespective of LAN builder
Strategies
1. Keep copies of LAN diagrams at ITeMS office.
2. Publish network standards
4.9 Paperless Policy
The world is moving towards the use of materials that are bio-degradable. Materials that are harmful to
the environment are not in use any longer. University of Ibadan understands this and seeks to reduce
the quantity of paper it uses per year by finding alternative means of communication and
documentation.
Policies
1. Use of electronic documentation systems shall be integrated into all activities of the Univer-
sity.
2. Electronic documents shall have the same significance as paper documents.
3. Electronic documents will be archived and preserved for referencing and use.
Objective
1. To promote environmentally sustainable operations.
2. To encourage e-governance initiatives.
Strategies
1. Build a central data center for records and files.
2. Implementation of a document management system.
3. Documents will be in format that is easily accessible by software applications.
4. Document authenticity will be guaranteed by appropriate mechanisms.
5. Access to documents shall be restricted and available when privileges are granted.
4.10 Mobile Devices Policy
A mobile device is a small computing device, typically small enough to be handheld (and hence also
commonly known as a handheld computer or simply handheld) having a display screen with touch
input and/or a miniature keyboard and weighing less than 2 pounds. Mobile devices are pervasive in
the society today and their use has increased without doubt in the university.
Policy
Mobile devices shall comply with all existing policies related to information technology, information
systems, communication technology and media technology.
Objective
To allow access to University resources using mobile devices
Strategies
1. ITeMS reserves the right to refuse, by physical and non-physical means, the ability to connect
mobile devices to the network
2. Staff and students using mobile devices and related software for network and data access will,
without exception, use secured data management procedures. All mobile devices must be pro-
tected by a strong password
3. ITeMS will manage security policies, network, application, and data access centrally using
whatever technology solutions it deems suitable. Any attempt to contravene or bypass said se-
curity implementation will be deemed an intrusion attempt and will be dealt with
4. ITeMS reserves the right, through policy enforcement and any other means it deems neces-
sary, to limit the ability of end users to transfer data to and from specific resources on the net-
work
4.11 Remote Access policy
This policy applies to all authorized users including University faculty, staff, Students, employees and
affiliates, who utilize University-owned or personally-owned information technology resources to
connect such devices to the University Information Technology Network from a remote location, for
example through a virtual private network. This policy applies to remote access connections used to do
work on behalf of the University, including but not limited to email correspondence and accessing
Intranet web resources.
Remote Access implementations that are covered by this policy include, but are not limited to: dial-up
Modems, Frame Relays, Integrated Services Digital Network (ISDN) connections, Digital Subscriber
Line (DSL) connections, Cable Modems, etc.
Policy
1. Authorized users with remote access privileges to the University Information Technology
Network shall ensure that their remote access connection complies with the University In-
formation Technology Policies and Procedures, and treat it with the same consideration as
their on-site connection to the University.
2. General access to the Internet through the University Information Technology Network, for
reasonable recreational use by immediate household members of University on personal
computers, is permitted. Each Authorized user shall be responsible for ensuring that the
family members comply with the University Information Technology Policies and Proce-
dures, does not perform illegal activities, and does not use the access for outside business
purposes. Each authorized user bears responsibility for any consequences of misuse.
3. Authorized users must review applicable policies to determine how to protect information
when accessing the University Information Technology Network via remote access meth-
ods, and for acceptable use of the University Information Technology Network.
Objective
To set guidelines for access to the University network when user is not physically present in the
campus
Strategies
1. Secure remote access shall be strictly controlled. Control shall be enforced via one-time
password authentication or public / private keys with strong Pass-phrases.
2. Authorized users who, as a University employee or affiliates, with remote access privileges,
shall ensure that University-owned or personal information technology resources are not
connected to any other Network at the same time they are connected to the University Infor-
mation Technology Network (with the exception of personal Networks that are under the
complete control of the authorized user).
3. Authorized users who, as a University employee or affiliates, with remote Authorized User
access privileges to the University Information Technology Network must not use non-Uni-
versity Email accounts such as Hotmail, Yahoo, AOL or other external resources to conduct
University business, thereby ensuring that official business is never confused with personal
business.
4. Routers for dedicated ISDN lines configured for access to the University Information Tech-
nology Network shall meet the minimum authentication requirements of the Challenge
Handshake Authentication Protocol (CHAP).
5. Reconfiguration of an authorized user’s home equipment for the purpose of Split-Tunneling
or Dual Homing is not permitted.
6. Frame Relay shall meet the minimum authentication requirements of Data-Link Connection
Identifier (DLCI) standards.
7. Non-standard hardware configurations must be approved by Information Technology Ser-
vices personnel, and Information Security personnel must approve security configurations
for access to Hardware.
8. All Hosts that are connected to the University Information Technology Network via Re-
mote Access technologies, including personal computers, must use the most recent corpo-
rate-standard anti-virus software.
9. Personal equipment that is used to connect to the University Information Technology Net-
work must meet the same requirements applied to university-owned equipment for remote
access.
10. Organizations or Authorized Users who wish to implement non-standard remote access so-
lutions to the University Information Technology Network must obtain prior written ap-
proval from the Information Technology and Media Services Directorate.
SERVICES
5.0 Email Policy
Electronic mail services are used frequently for correspondence internally and externally for teaching,
research, learning, or otherwise carry out the functions and purposes of the university.
Policy
1. ITeMS shall provide e-mail services for staff and students of the University of Ibadan.
2. Communications receive or sent via the university e-mail system shall be deemed as official
communications.
3. All electronic communications shall be acknowledged and responded to within 72 hours.
4. Users shall not create/transmit defamatory, threatening, abusive messages or any message
that may be construed as such on the email system
5. Users shall not send unsolicited mass emails within/external to the university except for
purposes specific to the functions and purposes of the university which must be approved by
ITeMS.
6. Users shall not forward messages containing general appeals/warnings like ‘virus warnings’,
‘Request for help’ by mass mail or otherwise.
Objectives
1. ITeMS shall define acceptable ways of using the university e-mail.
2. To provide an official communication platform for the university.
Strategies
1. Users shall not forge the identity of or impersonate another in an email.
2. Individuals will be held responsible for use of all official accounts.
3. Use of email for Political or commercial messages shall not be encouraged
4. E-mail messages may be monitored without prior notice
5.1 Online Resources
Materials such as webpages, portals and database that provide useful information to users are known as
online resources. The University provides online resources such as student portal, admission portal,
learning management system, e-learning content web mail, cloud computing, e-library and i-labs. The
online resources are intended primarily to serve teaching, research and administrative purposes of the
University.
Policy
1. ITeMS shall provide members of the University community access to these resources in
support of accomplishing the vision and mission of the University.
2. Online resources will be used for non-commercial, educational, research and administrative
purposes.
Objectives
1. To ensure the proper use of University of Ibadan online resources in an appropriate,
responsible, and ethical manner.
Strategies
1. The online resources shall be deployed in a manner such that all users in the University will
have access to the online resources
2. Authentication shall be used to control and monitor access to all online resources
3. The online resources may be centralized or distributed as the need and infrastructure allow
4. Familiarize users with regulations and license terms associated with specific online resources
(note: in many cases, license agreements impose greater restrictions on use than does copyright
law)
MEDIA
6.0 Filming and Photography Policy
Photography is the science, art and practice of creating durable images by recording light or other
electromagnetic radiation, either electronically by means of an image sensor, or chemically by means
of a light-sensitive material such as photographic film. Photography is employed in many fields of
science, manufacturing and business, as well as its more direct uses for art, recreational purposes, and
mass communication. Filming is the documentation or recording of activities for future reproduction
Policy
University of Ibadan through the Information Technology and Media Services Directorate owns
the rights to all official University functions such as Inaugural lectures, Convocation
ceremonies, University lecture, Matriculation.
The output of commercial photography and filming must be approved before release to the
public
Objectives
To ensure that the University of Ibadan is not misrepresented or portrayed in a bad light.
To ensure proper record of important events are archived
Strategies
1. Filming on campus will be permitted if it is of no cost to the University and not disruptive to
normal operations.
2. A university staff member must be present if filming is scheduled in a building even when the
building is closed.
3. Requests should be submitted on the Photography Request form, as far in advance as possible.
The approved request form must be available to be presented to staff anytime during filming.
4. People are welcome to take photographs or short videos for their personal use or for class
assignments using hand-held cameras, without formal authorization, provided that staff and
other users are not photographed or inconvenienced.
5. No person is permitted to post, distribute or otherwise make available any recordings
produced by ITeMS without the written permission of ITeMS.
6. For productions that do not involve University events and activities, every effort should be
made to maintain the anonymity of the University
6.1 Logo Policy
A logo is a graphic identity. It consists of symbols, shapes and text. The University of Ibadan has a
logo while some units also have logos
Policy
1. The logo is required for all visual representations of the University—for signs, video
productions, exhibit materials, vehicles, and the like, in addition to printed publications and
Web sites. The Logo must be reproduced in official colors and cannot be modified or altered in
any way
2. All official stationery or paperwork shall include the University logo
Objectives
1. To ensure that the University of Ibadan logo and other associated logos are not misused or
abused.
2. To safeguard the reputation of the University of Ibadan
Strategies
1. Do not print the logo over a patterned background or other image.
2. Do not print anything over the logo.
3. Do not screen the logo (making it semitransparent) or use it as a watermark.
4. Do not modify the logo, other than making it larger or smaller. Do not change the proportions
of the logo when doing this.
5. Do leave some clear space around the logo equal to one-half the height of the logo.
6. Do not use more than one University logo at a time. For example, you do not need to put a
research center's logo, the School's logo, and the University's logo on a brochure promoting
one of the School's research centers. The Center's logo will suffice as long as the logo reflects
University of Ibadan
7. Use a good quality image of the logo.
8. All academic, administrative, and support units of the University are required to use one of the
approved letterhead styles on all stationery. Envelopes, notepads, business cards, mailing
labels, and other stationery items must also conform to these logo guidelines.
9. Digital copies of the University logo and associated logos shall be made available ffor
download from the University website
6.2 Community Broadcasting
Community broadcasting has been acknowledged as critical as a tool for promoting universal access
and the Rights to Freedom of Expression. Community broadcasting typically augments the services of
the University of Ibadan by attending to needs that cannot be adequately addressed at Federal, State
and Local levels by public and commercial broadcast operators. Community-based broadcasting
stations will contribute towards bringing university’s activities into focus. It will also empower them
with access to, and the ability to send and share information. Diamond FM 101.1 is the radio
broadcasting station of the University. A television station is expected to start soon
Policy
Community broadcasting units such as Diamond FM 101.1 shall be utilized for training, research and
information dissemination purposes. All university infrastructure e.g. car radio, television shall connect
to the community broadcast unit by default.
Objectives
1. To support community broadcasting in University of Ibadan;
2. To facilitate widespread access to information in University of Ibadan; and
3. To ensure appropriate content that educates, enlightens and empowers UI staff and students.
Strategies
1. Create an enabling framework and environment that will further the advancement of com-
munity broadcasting in UI.
2. Execute IP-based retransmission of broadcast signals
3. Allow community participation in programme development
4. Utilize resources and capacity from relevant and interested units and individuals
SECURITY AND PRIVACY
7.0 Security Policy
Information Technology resources must be safeguarded against unlawful and unauthorized intrusion as
well as fire, flood and other physical threats. The University is committed to providing adequate
security for protection of data and equipment.
Policy
Adequate security measures shall be put in place to safeguard all resources under the control of ITeMS.
The responsibility for resources not under the control of ITeMS belongs to the head of that unit /
faculty / centre.
Objectives
1. To ensure the safety of sensitive data
2. To prevent the misuse of private data or information
3. To protect the University from legal actions with regards to data
4. To prevent the loss of resources to the University
5. To ensure only the authorized personnel have access to data
6. To ensure the integrity of Information and the processing method.
Strategies
1. Registering all devices connecting to the University Network with the University IT
department.
2. Ensuring administrator account and password used only for system administration
purposes.
3. Changing all service account passwords when a work group member who could have
known the service account password leaves the work group.
4. Ensuring that all internal Internet servers deployed at University of Ibadan are managed by
ITeMS staff
5. Approved Internet server configuration guides must be established and maintained by the
IT staff, based on business needs and approved by Director. The Director or any other
designated staff shall monitor configuration compliance and implement an exception
policy tailored to the production environment. Any/all operational group(s) must establish
a process for changing the configuration guides, which includes review and approval by
Director.
6. Ensuring all University systems, vulnerable to attack by malware must be protected by
Antivirus Software wherever possible.
7. Ensuring Backups and recovering of all UI records and software by using a combination of
image copies, incremental backups, differential backups, transaction logs, or other
techniques.
8. Ensuring a minimum, one fully recoverable version of all UI Records shall be stored in a
secure, off-site location.
9. Recovering and backup documentation shall be reviewed and updated regularly to account
for new technology, business changes, and migration of applications to alternative
platforms.
10.Frequency of backups shall be determined by the volatility of data; the retention period for
backup copies shall be determined by the criticality of the data. At a minimum, backup
copies shall be retained for 30 days.
11.Recovering procedures shall be tested on an annual basis.
12.Ensuring that all critical servers shall be housed in well secured data center with adequate
power back up
13.Security-related events must be reported to appropriate Information Security personnel,
who review logs and report incidents to management-level personnel in the Information
Technology and Media Services Directorate
14.Security Audit to be carried out regularly
15.Staff or Students are not allowed to install softwares on University IT sytems except by
approval from ITeMS.
7.1 Password Policy
A password is a word or string of characters used for user authentication to prove identity or access
approval to gain access to a resource (example: an access code is a type of password), which should be
kept secret from those not allowed access
Policy
A password shall be required to access information technology system and resources
Objectives
1. To authenticate user accounts on personal and official systems deployed on the University of
Ibadan Network.
2. To prevent unauthorized access of adversaries to the systems in the University of Ibadan
Strategies
1. Minimum Password/Passphrase Standards (for all University accounts): Passwords must pass
all of the following composition rules:
a. A combination of alphabetic, numeric and special characters that does not match
previous passwords.
b. A minimum of 8 characters, but recommend 15 or more characters’ passphrase, and
c. at least one limiting characteristic is used (for example, no character string matches from
previous passwords; no consecutive, repeated, or serial characters (e.g., aaaa1111,
abcd1234); or no single dictionary words)
2. Additional Password/Passphrase Requirements:
a. Elevated Privilege System Accounts: Elevated privilege system accounts are those
accounts that have the rights required to maintain a system or application – such as
operating system, application, or database administrator accounts, or to operate a
scientific instrument. Administrators should not use their account as an elevated
privilege system account. Each systems administrator should be assigned their own
elevated privilege system account that is not shared, and is used only when the elevated
privileges are required. Where possible these accounts should use a managed
authentication service such as Active Directory, LDAP or RADIUS. When elevated
privilege system accounts are accessed remotely, it is recommended that they are used as
part of a multi-factor authentication service. Elevated privilege system account
passwords/passphrases shall:
i. comply with the minimum password standards
ii. be changed at least semi-annually every 180 days
iii. be at least 15 characters in length when and where possible
b. Local workstation administrator accounts: The special requirements above also apply to
local system administrator accounts where the password is stored on the workstation and
account authentication does not rely on a central authentication service. Local
administrator passwords should be unique per computer for computers covered by this
policy. The local administrator account and password should only be used for system
administration purposes.
c. Service accounts: These are accounts where the password is managed within a work
group, and include device passwords. Service accounts are subject to the elevated
privilege account password complexity requirements but are exempt from the change
requirement. These accounts should be reviewed annually to ensure that they are still
required for proper operation. All service account passwords must be changed when a
work group member who could have known the service account password leaves the
work group.
3. Other Requirements:
a. Assisted Password Resets: User account passwords will not be reset if the password
administrator cannot identify the user requesting the password change/reset with one of
the following:
i. A secret key or satisfactory answers about personal information held in central
database records,
ii. A supervisor or technology support person’s personal vouch/identification,
iii. A photo ID or human factor such as a biometric scan, or
iv. Satisfactory challenge-responses in a self-service application
b. Policy Exception Process: University applications or services with an implementation
that does not meet the minimum standards may be granted a policy exception. The
approval process for exceptions requires the system owner to share a technical
description and statement of justification for the exception.
7.2 Anti-Virus Policy
Antivirus or anti-virus software (often abbreviated as AV), sometimes known as anti-malware software,
is computer software used to prevent, detect and remove malicious software.
Antivirus software was originally developed to detect and remove computer viruses, hence the name.
However, with the proliferation of other kinds of malware, antivirus software started to provide
protection from other computer threats. In particular, modern antivirus software can protect from:
malicious Browser Helper Objects (BHOs), browser hijackers, ransomware, keyloggers, backdoors,
rootkits, trojan horses, worms, malicious LSPs, dialers, fraud tools, adware and spyware.
Policy
All University systems, vulnerable to attack by malware must be protected by antivirus software
wherever possible unless a specific exclusion has been granted and alternative measures have been
taken to provide the same degree of protection. Any system that is infected shall be denied access.
Objective
To protect the University information systems against viruses, Trojans and other malware.
Strategies
1. Monitor the infrastructures and generate regular reports to ensure University clients are
protected and kept up-to-date.
2. Test and deploy new updates, patches and fixes as they are made available from the Anti-Virus
company.
3. Ensure OS security patches are deployed to minimize vulnerabilities.
4. Track and plan for specific threats, as and when they become known, to limit the impact on
university systems.
5. The University shall acquire educational licenses for commonly used software on the University
network.
6. Departments that manage their own computers are responsible for virus protection on these
computers. This includes installing antivirus products, keeping them up to date, giving advice
on their use, removing any viruses found and applying any updates necessary to defend against
possible threats.
7. All staff and students are responsible for taking suitable measures to protect against virus
infection and failure to do so shall constitute an infringement of the University’s regulations
governing the use of computing facilities.
8. The use of pirated or illegal software shall not be allowed on the University network.
MANAGEMENT
8.0 Authority Policy
ITeMS derives its authority from the Vice Chancellor of the University of Ibadan.
Policy
The Directorate shall be responsible for all activities related to information, information technology,
communication technology, information systems and media technology in University of Ibadan.
Objectives
1. To advice the management during the planning stage of all activities related to Information
Technology and Media Services
2. The Directorate is empowered to execute any activity related to Information, information
technology, communication technology, information systems and media technology
3. To develop capacity and competence to utilize any technology deployed
4. To keep the University abreast of the latest technology and integrate it into the university
system.
Strategies
1. The Directorate shall be a member of relevant committees
2. The Directorate is to approve and collaborate on the deployment of any technology at the
University of Ibadan
3. Complete documentation of all technology related projects should be submitted at the
Directorate
4. The Directorate is responsible for research into Information and Media Technology
advancements
5. The Directorate is responsible for training University staff on any technology deployed
6. The Directorate advises the council on the best technology to integrate into the University
System at any particular time.
8.1 Jurisdiction Policy
The University of Ibadan has its main campus situated along Old Oyo Road in Ibadan. It has several
other locations within and outside Ibadan such as DLC at Moniya, School of Business at Ajibode,
College of Medicine at Mokola, and Pediatric Hospital at Ijebu-Ode.
Policy
The Directorate shall be responsible for all activities related to information, information technology,
communication technology, information systems and media technology in all locations owned by the
University of Ibadan.
Objectives
1. To ensure uniformity of solutions across the University
2. To avoid duplication of effort for available resources
3. To utilize available resources maximally
4. To prevent the usage of substandard equipment in the University
Strategies
1. All ITeMS units should report to the Directorate
2. The Directorate is to move resources to areas / locations needed
3. The Directorate is to have centralized training programs
4. Monthly meeting of all heads of department / units related to ITeMS
5. All ITeMS units must participate in the Directorate annual retreat
6. No external contractor can supply or perform IT related activities unless approved by ITeMS
8.2 Username / Account Naming Policy
Username are used for identifying separate accounts on the same domain or platform. Numerous
formats exist for creating usernames or account names. Each institution has its own format. The best
formats are easily recognizable, easy to use and unlikely to cause duplicates.
Policy
The University shall adopt a uniform and standard nomenclature for creating or naming accounts used
to access services on the network.
Objectives
1. To remove favouritism in username creation
2. To make individual users identifiable
3. To ensure long term use of usernames
4. To support single-login technology
Strategies
1. [email protected] for staff members
2. First_initial+surname+last_four(4)[email protected] for
Postgraduate students
3. First_initial+surname+last_three(3)[email protected] for
Undergraduate students
4. Accounts created for established positions or programs are reusable e.g. VC, registrar e.t.c
CREATIVE COMMONS
Creative Commons (CC) develops, supports, and stewards legal and technical infrastructure that maximizes digital creativity, sharing, and innovation. The vision is nothing less than realizing the full potential of the Internet — universal access to research and education, full participation in culture — to drive a new era of development, growth, and productivity.
PolicyThe University of Ibadan shall recognize the rights and privileges granted by creative commons license.
ObjectiveTo encourage creativity, sharing, innovation and productivity through permission and access to intellectual materials
Strategies
1. Production of materials on creative commons licenses2. Workshops on Creative Commons Licenses3. Inclusion of creative commons for promotion purposes
CREATIVE COMMONS LICENCES
Creative Commons (CC) develops, supports, and stewards legal and technical infrastructure that maximizes digital creativity, sharing, and innovation. The vision is nothing less than realizing the full potential of the Internet — universal access to research and education, full participation in culture — to drive a new era of development, growth, and productivity.
The idea of universal access to research, education, and culture is made possible by the Internet, but our legal and social systems don’t always allow that idea to be realized. Copyright was created long before the emergence of the Internet, and can make it hard to legally perform actions we take for granted on the network: copy, paste, edit source, and post to the Web. The default setting of copyright law requires all of these actions to have explicit permission, granted in advance, whether you’re an artist, teacher, scientist, librarian, policymaker, or just a regular user. To achieve the vision of universal access, someone needed to provide a free, public, and standardized infrastructure that creates a balance between the reality of the Internet and the reality of copyright laws. That
someone is Creative Commons.
The infrastructure Creative Commons provide consists of a set of copyright licenses and tools that create a balance inside the traditional “all rights reserved” setting that copyright law creates.
CC tools give everyone from individual creators to large companies and institutions a simple, standardized way to keep their copyright while allowing certain uses of their work — a “some rights reserved” approach to copyright — which makes their creative, educational, and scientific content instantly more compatible with the full potential of the Internet. The combination of CC tools and our users is a vast and growing digital commons, a pool of content that can be copied, distributed, edited, remixed, and built upon, all within the boundaries of copyright law. CC worked with copyright experts around the world to make sure the licenses are legally solid, globally applicable, and responsive to users’ needs.
The Licenses
Attribution CC BY
This license lets others distribute, remix, tweak, and build upon your work, even commercially, as long as they credit you for the original creation. This
is the most accommodating of licenses offered. Recommended for maximum dissemination and use of licensed materials.
Attribution-ShareAlike CC BY-SA
This license lets others remix, tweak, and build upon your work even for commercial purposes, as long as they credit you and license their new
creations under the identical terms. This license is often compared to “copyleft” free and open source software licenses. All new works based on yours will carry the same license, so any derivatives will also allow commercial use. This is the license used by Wikipedia, and is recommended for materials that would benefit from incorporating content from Wikipedia and similarly licensed projects.
Attribution-NoDerivs CC BY-ND
This license allows for redistribution, commercial and non-commercial, as long as it is passed along unchanged and in whole, with credit to you.
Attribution-NonCommercial CC BY-NC
This license lets others remix, tweak, and build upon your work non-commercially, and although their new works must also acknowledge you
and be non-commercial, they don’t have to license their derivative works on the same terms.
Attribution-NonCommercial-ShareAlike CC BY-NC-SA
This license lets others remix, tweak, and build upon your work non-commercially, as long as they credit you and license their new creations
under the identical terms.
Attribution-NonCommercial-NoDerivs CC BY-NC-ND
This license is the most restrictive of our six main licenses, only allowing others to download your works and share them with others as long as they
credit you, but they can’t change them in any way or use them commercially.
Public Domain Tools
CC licenses help authors keep and manage their copyright on terms they choose. CC public domain tools, on the other hand, enable authors and copyright owners who want to dedicate their works to the worldwide public domain to do so, and facilitate the labeling and discovery of works that are already free of known copyright restrictions.
CC0Use this universal tool if you are a holder of copyright or database rights, and you wish to waive all your interests in your work worldwide.
CC0 enables scientists, educators, artists and other creators and owners of copyright- or database-protected content to waive those interests in their works and thereby place them as completely as possible in the public domain, so that others may freely build upon, enhance and reuse the works for any purposes without restriction under copyright or database law.
In contrast to CC’s licenses that allow copyright holders to choose from a range of permissions while retaining their copyright, CC0 empowers yet another choice altogether – the choice to opt out of copyright and database protection, and the exclusive rights automatically granted to creators – the “no rights reserved” alternative to CC licenses.
You should only apply CC0 to your own work, unless you have the necessary rights to apply CC0 to another person’s work.
Public Domain MarkUse this tool if you have identified a work that is free of known copyright restrictions. Creative Commons does not recommend this tool for works
that are restricted by copyright laws in one or more jurisdictions.
The Public Domain Mark enables works that are no longer restricted by copyright to be marked as such in a standard and simple way, making them easily discoverable and available to others. Many cultural heritage institutions including museums, libraries and other curators are knowledgeable about the copyright status of paintings, books and manuscripts, photographs and other works in their collections, many of which are old and no longer under copyright. The Public Domain Mark operates as a tag or a label, allowing institutions like these as well as others with such knowledge to communicate that a work is no longer restricted by copyright and can be freely used by others. The mark can also be an important source of information, allowing others to verify a work’s copyright status and learn more about the work.
Staff, students, alumni, retiree and guests of the University of Ibadan are encouraged to use creative commons licenses as applicable. This action will stimulate creativity, innovation and productivity.
The content for this section was taken from the Creative Commons website (www.creativecommons.org).
SOFTWARE
11.0 Software Development, Support and Use
Appropriate software for use on the University IT systems could be developed by faculty,
administration, staff, and students and/or supported by the University. Such a software could also be
published or marketed by the University or the author.
Policy
The development, use, support, publishing and marketing of any software developed by any member of the
University community shall be regulated by the University.
Objective
Ensuring clarity in the rights and responsibilities of all parties concerned with development of software
and its documentation.
Strategy
1. Ensuring production and sharing of software products within the University of Ibadan (UI)
community.
2. ITeMS will test and evaluate all software developed or acquired before deployment
3. ITeMS will provide an enabling environment for software development
4. Creation of an innovation hub or technology incubator will be supported
5. Creation of a programming unit under ITeMS
11.1 Software Infrastructure Policy
Software require infrastructure such as servers, electricity to function adequately. Efforts should be
made to provide all needed infrastructure
Policy
Information Technology and Media Services shall promote the conceptualization, design, procurement,
deployment, operation, monitoring, evaluation and maintenance/update of critical infrastructure to
drive the University of Ibadan software applications in line with global best practices and
competitiveness.
Objectives
1. Prescribe and protect critical infrastructure to enhance the emergence, growth and devel-
opment of a sustainable software ecosystem.
2. Develop a roadmap for the provision of critical infrastructure to make University of Ibadan
a software hub in West Africa, Africa and the global market.
3. Recognize and accord high priority to Critical Software Infrastructure (CSI) such as electric-
ity, communications and transportation to drive the software ecosystem in the University
of Ibadan.
Strategies
1. Providing adequate budgetary appropriation for the establishment and sustainability of
software engineering laboratories in University of Ibadan.
2. Ensuring the provision of functional software infrastructure such as energy (thermal, wind,
solar and biomass); telephone (terrestrial, mobile and broadband); fibre optics and Inter-
net connectivity to enhance the development of software ecosystem and promote collabo-
rative teaching and learning (e-learning, distance learning, open- university system, etc.).
3. Ensuring the provision of adequate facilities for harnessing the growth and development of
informal sector (mobile) in software development.
4. Establishing purpose-built software technology park especially for the development of em-
bedded systems, indigenous software platforms and interfaces.
5. Encouraging the co-existence and cooperation of the emerging software development
platforms (proprietary software system and open source software system).
6. Developing adequate procedure and technical guidelines for evaluating the performance
of Critical Software Infrastructure (CSI) in the University.
7. Promoting diverse models for Public-Private Partnership (PPP) initiatives to develop, nur-
ture and protect Critical Software Infrastructure.
8. Reviving and repositioning Terrestrial LAN or Fibre as backup communications infrastruc-
ture for uninterrupted delivery of software services.
9. Co-locating, monitoring and controlling communication infrastructure to minimize cost and
ensure quality of service for software development.
10.Enforcing compliance of Faculties, Departments, Units on existing directive with the pro-
curement of indigenous software products and services through regulation.
11.Ensuring that annual surveys of software human capital and infrastructure in all Faculties,
Units and Departments in the University are carried out for the provision of critical data
that would guide growth plans.
11.2 Software Usage Policy
University of Ibadan must not permit any employee to use software in any manner inconsistent with its
applicable license agreement, including giving or receiving software from clients, contractors,
customers and others.
Policy
All software acquired for or on behalf of the university or developed by the university employees or
contract personnel on behalf of the university is and shall be deemed purchased and licensed for official
purposes.
Objective
This policy regulates the direct and indirect use of licensed software, both on campus and off-campus
by establishing standards of conduct with respect to software copying, transfer, and use and appraising
each university user of the seriousness of software misuse.
Strategies
1. Each user is individually responsible for reading, understanding, and adhering to all licenses,
notices, and agreements in connection with software which he or she acquires, copies trans-
mits, or uses or seeks to acquire, copy, transmit, or use. Unless otherwise provided in the ap -
plicable license or contract document, any duplication of copyrighted software, except for
backup and archival purposes, may be violation of federal and state law.
2. Master copies may not be used for ordinary on-going activities, but must be reserved for re-
covery from computer virus infections, hard disk crashes, and other computer problems which
render the original or installed copy unattainable or unusable.
3. The production and use of back-up copies of software must comply with the applicable license
agreement.
4. No faculty, staff, or student may install software unless an appropriate license for that soft -
ware has been obtained.
5. No User may sell, rent, sublicense, lend, transit, give, or otherwise convey or make available
software or an interest therein to any unauthorized individual or entity.
6. No User shall decompile, disassemble, or reverse-engineer any software except in those rare
circumstances in which the university’s IT contracts administrator and all applicable software
licenses and agreements expressly permit it.
7. Notwithstanding any privacy which might otherwise exist or apply, (i) The University of Ibadan
and its agents shall have the right to audit all resources to ascertain compliance with the soft-
ware policy and (ii) The University of Ibadan may permit the software licensors and their
agents to audit some or all Resources to ascertain compliance with license, purchase, or other
applicable agreements.
8. Any user who suspects an incident of noncompliance with the software policy by another user
shall promptly notify ITeMS.
9. This policy applies to all software acquired by or on behalf of University of Ibadan (wherever
used) and all software (however acquired) used on University of Ibadan network.
11.3 Software license compliance policy
Non-compliance with software licensing provisions can bring about significant risk liability for the
University of Ibadan. It is very important that the University has robust processes to ensure that it has
the necessary and appropriate licenses for all the software it uses and that it is abiding by the condition
of use stipulated in the licenses. Failure to do so puts the University at significant risk of legal action
and substantial penalty.
Objective
1. To protect the University from legal action due to non-compliance.
Policy
The University of Ibadan shall comply with all license agreements of software in use
Strategies
1. ITeMS shall maintain a software license database to assist University Departments to fulfil
their responsibilities
2. Responsibility for ensuring software license compliance rests with the Head of individual unit
in the university.
3. The specific responsibilities are to:
(i) Maintain a register to provide proof of purchase of software.
(ii) Maintain a register a disposal of software through on-sale (for example software
sold with a computer)
(iii) Maintain an inventory detailing where licensed software is installed. This must
track redeployment of software within the department.
(iv) Ensure all staff are aware of their own responsibilities in regard to ensuring they
only use software in compliance with license conditions.
4. ITeMS may from time to time conduct a software compliance audit.
11.4 Computer software Purchase Policy
The University of Ibadan is dedicated to the legal and ethical use of software products. When a
Department/unit legitimate activities in the fulfillment of the university’s mission including course
teaching, laboratory exercises, research, or university-related work activities dictate a need for the
university’s acquisition of software not already licensed to the university or additional copies of
licensed software, the User shall request that his/her budget unit head and/or business manager make
appropriate arrangements with the university’s Purchasing Department, or applicable vendors for the
acquisition of appropriate new or additional licensed copies. b. Nothing contained in the software
policy shall create: (i) a User’s entitlement to software, (ii) an obligation for the university to acquire
software, (iii) a delegation of authority to any individual to acquire software on the behalf of the
university; or (iv) liability of the University for a User’s non-compliance with the software policy.
Unauthorized duplication of copyrighted computer software violates the law and is contrary to the
University of Ibadan standards of conduct. The University support standards concerning the ethical use
of intellectual material and to eliminate exposing the university to any legal liability with regards to
software purchase and installation.
Policies
1. ITeMS shall have sole responsibility for purchasing all standard desktop applications and enter-
prise software licenses.
2. All software acquired for or on behalf of the university or developed by university employees
or contract personnel on behalf of the university is and shall be deemed university property
and must be vetted by ITeMS before acquisition. All such software must be used in compliance
with applicable purchase and license agreements.
3. All non-ITeMS software license purchase requests must be forwarded to ITeMS for review and
approval.
4. No department/unit should purchase or sign or contract for software purchase or installation
without prior approval in writing from ITeMS.
Objectives
To provide an appropriate method for the purchase of appropriate software applications for use at the
University of Ibadan that leverages on economies of scale and ensures sufficient licenses to meet the
desired needs.
Strategies
1. ITeMS will purchase software licenses and/or provide annual maintenance as necessary for all
standard desktop software and enterprise software applications owned by the university.
2. ITeMS will neither engage in nor tolerate the making or using of unauthorized copies under
any circumstances.
3. ITeMS shall:
i. Serve as a focal point for University-wide software licensing.
ii. Maximize the purchasing power of the university through agreements with soft-
ware vendors.
iii. Assist with the full life cycle of software agreements by coordinating license acquisi-
tion, tracking, and record management.
iv. Coordinate license acquisition, tracking, and records management.
v. Evaluate software site-licensing and volume procurement options that meet speci-
fied criteria
vi. Provide a full service approach to software acquisitions, simplifying the process for
faculty
vii. Negotiate SLAs for software and hardware equipment.
4. ITeMS will provide legally acquired software to meet legitimate software needs in timely fash-
ion and in sufficient in quantities.
5. ITeMS will comply with all license or purchase terms regulating the use of any software the
university acquire or use.
6. Heads of units/faculties/departments are responsible for ensuring that all software use within
the units/faculties/departments stored on computers for which the institution is responsible
has been properly obtained and is being used within the terms of the software license. The fol-
lowing paragraphs recommend the steps which need to be taken to ensure that any reason-
able legal challenge can be met.
7. ITeMS will enforce strong internal controls to prevent the making or using of unauthorized
copies, including effective measures to verify compliance with these standards and appropri-
ate disciplinary measures for violation of these standards.
OPEN
12.0 Open Data Policy
Open Data deals strategically with how certain data within Directorate of Information Technology and
Media Services confines should be made freely available to the public, and allow republishing without
restrictions. Having an open data policy would help to improve governance and support
implementation of the new Nigeria Freedom of Information Act (2001).
Policy
The University through ITeMS will make certain data publicly available.
Objectives
1. To strengthen the role of citizens and civic societies by providing data in machine readable for-
mats while working with various sections of the University;
2. To encourage the development of innovative products using publicly available data; and
3. To ensure that a portal is always up and running, which provides necessary data from all stake-
holders in the University.
Strategies
The Directorate will:
1. Ensure that a knowledge exchange platform is developed which allows Units, Faculties and De-
partments to exchange experiences and ideas on open projects;
2. Ensure that regular workshops, conferences and seminars are done in conjunction in order to
educate on how to publish data online;
3. Encourage the development of innovative applications that can provide insights into publicly
available data; and
4. Coordinate the creation of a portal platform where all relevant data from the units are main-
tained and always available.
RESEARCH
13.0 Software Research, Innovation and Development Policy
Policy
University of Ibadan shall encourage the advancement of Research, Innovation and Development
(RID) in software which is an emerging critical infrastructure for knowledge economy through the
Information Technology and Media Services Directorate.
Objectives
1 Promote Research, Innovation and Development (RID) driven by national orientation and con-
tents in software engineering that are saleable in local and global software markets.
2 Promote innovations on acquired technologies for developing globally competitive software
products and services.
3 Promote collaboration of experts/professionals/students in software engineering and other
sections of the university.
4 Promote public and private partnership in software development.
5 Promote the development of knowledge based system for appraisal (testing, measurement
and certification), procurement, deployment, management and performance evaluation of
software human capital, infrastructure, products, services and markets.
6 Reverse engineering of available human resource with a focus on mass production of software
engineers, developers and solution providers for domestic and global competitiveness.
7 Develop the framework for measurement of the impact of software development on the Uni-
versity.
Strategies
1. Training, Research and Development unit of the Directorate of Information Technology and
Media Services shall be solely responsible for standards, testing, measurement and certifica-
tion of software human capital, infrastructure, products and services.
2. Empowering the Training, Research and Development unit to develop guidelines for the
growth of software ecosystem in the University of Ibadan.
3. Promoting and facilitating the collaboration of Training, Research and Development unit with
the critical and strategic sectors the University.
4. Providing global best practice benchmarks for the classification, testing, measurement and cer-
tification of software products and services in the University.
5. Monitoring and evaluation of the performance of Information Technology and Media Services
Policy.
13.1 (Turnitin) Plagiarism Policy
Plagiarism is a specific form of cheating which consists of the misuse of the published and/or
unpublished works of others by misrepresenting the material (i.e., their intellectual property) so used as
one's own work.
The following examples of Plagiarism are given for guidance only:
Failing to give credit via footnotes for ideas and concepts, date and information, statements and
phrases, and/or interpretations and conclusions derived by another.
Failing to use quotation marks when quoting directly from another, whether it be a paragraph, a
sentence, or any part thereof.
Minimally paraphrasing the expressions of thought by others without appropriate quotation
marks or attribution.
Assembling parts from various works and submitting the synthesis or single paper as your own
creation.
Including references in the Bibliography that were not examined by the student. Including bogus
references in the bibliography.
Falsely citing bibliographic references in footnotes.
Other similar activities.
Policies
1. The University of Ibadan shall carry out a plagiarism check on publications submitted by indi -
viduals.
2. The University shall subscribe to plagiarism checker software that will be available to all stake-
holders
3. The University shall adopt 30% as the maximum plagiarism mark for any publication submitted
Objectives
1. To promote ethical publications, scholarship and research
2. To reduce disciplinary cases related to plagiarism and cheating
3. To encourage acknowledgement of information sources
Strategies
1. Train stakeholders on use of plagiarism software
2. Maintain University access to the plagiarism software e.g. Turnitin
3. Allow multi-user access to the plagiarism software
4. Allow access to the plagiarism software based on authentication and authorization e.g. user-
name based on ITeMS record
PARTNERSHIPS
14.0 Public Private Partnership Policy
Partnerships between the Directorate and the private sector have tremendous potential for the
qualitative delivery of IT infrastructure projects, innovation, skills acquisition, and outreach of
University services to staff and students. Recognizing the Private sector as the main engine of
economic growth, the Directorate is keen to foster a conducive environment for the functioning of
viable, impactful and sustainable PPP initiatives.
Policy
The Directorate will take full advantage of the enormous potentials inherent in public-private-
partnership in IT and media development.
Objectives
1. To increase IT and media related PPP’s for the University and its development;
2. To ensure that PPP’s are impactful, sustainable and beneficial to both University and private
sector participants, and the end beneficiaries.
Strategies
The Directorate will:
1. Ensure effective cooperation amongst Faculties, Departments and units that are relevant for
the proper operation of PPP’s;
2. Ensure a clear framework of Intellectual Property Protection and other terms of engagement
with the private sector exists
3. Ensure that all proposed PPP projects are subjected to viability and sustainability assessments;
4. Promote awareness of PPP opportunities to the private sector; and
5. Ensure, where appropriate, incentive schemes to accelerate take off of IT and media PPP
projects
WEB
15.0 Web Content Authorship Policy
A website is a collection of hyperlinked web pages containing various information about a place, thing
or person.
Policies
1. The official website of the University is located at http://www.ui.edu.ng
2. Authorship of content on the website shall be from all stakeholders in the University.
3. The administration of all websites shall be by ITeMS.
4. All websites belonging to the university shall be hosted locally.
5. The university shall not be held responsible for contents generated by stakeholders made
available on its website.
Objectives
1. To promote University of Ibadan online.
2. To allow stakeholders generate content for online consumption.
Strategies
1. Create virtual servers to host websites from multiple units.
2. Allow stakeholders to edit, change and modify contents of their webpages.
3. Provide website management training for stakeholders.
4. Locate all webmasters in one unit under ITeMS.
15.1 Web Portal Policy
Policies
1. The University of Ibadan shall develop and own its portal.
2. The portal shall offer services and functions as derived fit by the university.
3. The data generated by the portal shall be under the custody of ITeMS.
Objectives
1. To ensure that services are offered to online users.
2. To ensure that user privacy is maintained.
Strategies
1. ITeMS shall host data locally.
2. Services will be grouped into categories e.g. student, staff, alumni, guests on the portal
3. Mobile device compatibility will be taken into consideration during design.
15.2 Social Media Policy
Social media are computer-mediated tools that allow people to create, share or exchange text,
information, ideas, and pictures and videos in virtual communities and networks. Social media is
defined as “a group of Internet-based applications that build on the ideological and technological
foundations of Web 2.0, and that allow the creation and exchange of user-generated content.” Examples
of social media tools and platform include Facebook, Twitter, Instagram, Google+ and Pinterest.
Policies
1. The university shall have a presence on relevant social media tools and platform which shall be
regulated and maintained by ITeMS.
2. The university’s social media presence shall not be used for personal gains or activities.
Objectives
1. To reinforce the university voice and brand.
2. To build University of Ibadan’s reputation as a world class Institution through an online pres -
ence.
3. The tools and platform should be used to connect with digitally active youths, alumni, students
without boycotting appropriate channels.
4. To ensure that all communication channels are used for information dissemination.
Strategies
1. Have a social media plan.
2. The Social Media Manager should be selective when accepting requests on behalf of the Uni -
versity or its units.
3. All sites must have at least 2 administrators, to ensure that here is a fail- safe in case the pri -
mary administrator becomes unavailable in an emergency situation.
DISASTER MANAGEMENT
16.0 Disaster Management for IT Systems and Media Services Policy
This policy defines acceptable methods for disaster recovery planning, preparedness, management and
mitigation of IT systems and Media services at University of Ibadan. This policy provides a framework
for the management, development, and implementation and maintenance of a disaster recovery
program for the systems and services managed by ITeMS.
Policies
1. ITeMS shall be responsible for the recovery of information technology systems and media sys-
tems, under its control, in the case of a disaster.
2. ITeMS shall have a disaster management plan for all kinds of envisaged disasters
3. The University shall fund the disaster management plan
Objective
To provide a systematic approach for recovering the vital technology and data managed by the
Information Technologies and Media Services Directorate
Strategies
1. Have a disaster management plan
2. Do maintenance of equipment and software as scheduled
3. Appoint a Disaster Recovery Manager
4. Continuously train staff on best practices
5. Perform an analysis of the cause of the disaster and how to prevent such in the future.
Principles
Disaster Recovery planning is a program that has a continuous lifecycle. Detailed requirements for
each of these steps are below. The high-level process for DR Lifecycle is as follows:
Governance
1. All ITS-managed systems must comply with WCMC disaster recovery policies and require-
ments.
2. The IT Disaster Recovery Manager is responsible for IT DR program coordination and project
management: including reporting status of IT DR planning, testing, and auditing activity to ITS
senior management on a regular basis; at least twice per year.
3. ITS senior management is responsible for ensuring sufficient financial, personnel and other re-
sources are available as needed.
4. The DR Manager will review and update the DR Policy as necessary at least every other year.
All modifications must be approved by ITS senior management.
Program Development
1. The ITS Disaster Recovery Program (DRP) addresses the protection and recovery of WCMC IT
services so that critical operations and services are recovered in a timeframe that ensures the
survivability of WCMC and is commensurate with customer obligations, business necessities,
industry practices, and regulatory requirements.
2. Plans must be developed, tested, and maintained to support the objectives of the Program, and
those plans should include relevant IT infrastructure, computer systems, network elements, and
applications. At minimum, annual updating is required.
3. The Disaster Recovery Manager is responsible for conducting Business Impact Analyses (BIA)
to identify the critical business processes, determine standard recovery timeframes, and estab-
lish the criticality ratings for each; at least every other year.
4. The Disaster Recovery Manager is responsible for conducting Capability Analyses (CA) to de-
termine ITS's capacity to recover critical IT services that support defined critical business pro-
cesses and recovery objectives; at least every other year.
5. The Disaster Recovery Manager is responsible for maintaining the Recovery Tier Chart, which
defines the Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) of all ITS-
managed systems. The Service managers are required to prioritize their IT processes and associ-
ated assets based upon the potential detrimental impacts to the defined critical business pro-
cesses.
6. ITS is required to create disaster recovery plans for the IT portion - including services, systems,
and assets - of critical business processes. These IT services, systems, and assets must be inven-
toried and correlated according to the technical service catalog, prioritized based upon results of
the Business Impact Analysis, and ranked according to their Recovery Time Objectives and Re-
covery Point Objectives.
7. A Risk Assessment must be conducted at least every other year to determine threats to disaster
recovery and their likelihood of impacting the IT infrastructure.
8. For each risk or vulnerability identified in the Capability Review and Risk Assessment, a miti-
gation or preventive solution must be identified.
9. The IT DR program must include a change management and quality assurance process.
10. The Program Development statements above will be progressively fulfilled via Disaster Recov-
ery Manager, Departmental and/or other resources.
Emergency Management
1. The IT Disaster Recovery Team/Manager is responsible for overseeing IT DR activities in the
event of an emergency -i.e., an unplanned outage where Recovery Time Objectives (RTO) is in
jeopardy.
2. The IT Disaster Recovery Manager should be part of the ITS representation within the institu-
tion's Emergency Management Team.
3. Each IT division must develop and maintain a documented emergency plan including notifica-
tion procedures.
4. Each IT division shall account for its associates when a building evacuation is ordered. Supervi-
sory personnel are responsible to account for the associates they supervise.
5. The IT Disaster Recovery Team/Manager is required to complete a post-mortem report docu-
menting outages and recovery responses within 45 days after the occurrence of a disaster recov-
ery event.
Budgeting
1. IT DR budgeting must be informed annually by requirements gathered in the BIA and CA as
well as the ITS budgeting process.
2. IT Managers are responsible for tracking and reporting on planned and unplanned outage
spending related to the recovery and restoration effort. During an outage, IT Managers may in-
cur special recovery and restoration costs that are unbudgeted. For a small outage, these costs
would be immaterial; but for a longer outage, these costs could be significant.
Plan Objective
1. IT DR plans must provide information on Business Impact Analysis, Data Backup, Recovery,
Business Resumption, Administration, Organization Responsibilities, Emergency Response &
Operations, Training and Awareness and Testing.
2. Plans must contain Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO).
3. Technological solutions for data availability, data protection, and application recovery must be
considered by data gathered by the BIA and CA.
Vital Records
1. ITS must maintain a single, comprehensive electronic inventory of all servers, network equip-
ment, relevant configuration, and model information, and the applications they support. This in-
ventory should be aligned with the service catalog and the technical service catalog.
2. All Backup data must be labeled and logged, and are available for use during an emergency
within stated recovery time objectives. A documented decision making process will be used to
determine what subset of backup data will be additionally encrypted, and stored off-site in a se-
cured location outside of the geographical area of the system they are backups of.
3. DR plans must be stored in a single, comprehensive database.
4. DR plans owners need to be able to access a copy of emergency and recovery plan(s) indepen-
dent of ITS services and/or network.
5. Upon completion or update, DR plans must be sent to the Disaster Recovery Manager and ITS
Change Manager for review.
6. Plan information must be reviewed and updated as warranted by business and/or information
systems environment changes, at least annually.
Plan Attributes
1. Plans must address an outage that could potentially last for a period of up to six weeks.
2. Plans must identify risk exposure and either accept the risk or propose mitigation solution(s).
3. Backup strategies must comply with predefined businesses continuity requirements, including
defined recovery time and point objectives. Backup strategies must be reviewed at least every
other year.
4. Recovery strategies must meet recovery objectives defined in the DR tier chart.
5. Approved recovery strategies must be tested to ensure they meet required recovery time and re-
covery point objectives.
6. Recovery strategies must be implemented within a previously agreed upon period of time, gen-
erally not more than 180 days after management approval.
7. The ITS Disaster Recovery Manager is required to provide DR training and awareness activities
at least twice per year.
Maintenance
1. Plans must contain current and accurate information.
2. Planning must be integrated into all phases of the IT system life cycle.
3. IT DR tests that demonstrate recoverability commensurate with documented IT DR plans must
be conducted regularly; as well as when warranted by changes in the business and/or informa-
tion systems environment.
4. Backup media supporting critical business processes must be tested semi-annually. Reviews are
required within 60 days after a test to correct exposed deficiencies.
5. Plan revisions must be completed within 90 days after a DR test is completed.
The following maintenance activities must be conducted annually:
1. Updating the documented DR plan
2. Reviewing the DR objectives and strategy
3. Updating the internal and external contacts lists
4. Conducting a simulation/desktop exercise
5. Conducting a telecommunication exercise
6. Conducting an application recovery test
7. Verifying the alternate site technology
8. Verifying the hardware platform requirements
9. Submitting the DR Status and Recoverability Report
10. IT managers are responsible for briefing staff on their roles and responsibilities related to DR
planning, including developing, updating, and testing plans.
ENFORCEMENT AND SANCTIONS
A. Complaints of Alleged Violations. An individual who believes that he or she has been harmed by
an alleged violation of this Policy may file a complaint in accordance with established University
Grievance Procedures for students, faculty, and staff. The individual is also encouraged to report the
alleged violation to the ITeMS Authority overseeing the facility most directly involved or to the
Directorate, which must investigate the allegation and (if appropriate) refer the matter to University
disciplinary authorities.
B. Reporting Observed Violations. If an individual has observed or otherwise is aware of a violation
of this Policy, but has not been harmed by the alleged violation, he or she may report any evidence to
the Systems Authority overseeing the facility most directly involved, or to the Directorate, which must
investigate the allegation and (if appropriate) refer the matter to University disciplinary authorities.
C. Disciplinary Procedures. Alleged violations of this Policy will be pursued in accordance with the
appropriate disciplinary procedures for faculty and non-teaching staff, and students, as outlined in the
Faculty Handbook, Staff Handbook, Student Handbook (containing Undergraduate/Postgraduate
students’ Regulations; relevant policy manuals for graduate and professional students), and other
applicable materials. Systems Administrators and University Information Technology and Media
Services (ITeMS) Board shall be actively represented in the disciplinary proceedings by the relevant
disciplinary authority. Besides, at the direction of the appropriate disciplinary authority, Systems
Administrators and University Information Technology and Media Services Board are authorized to
investigate alleged violations.
In addition to University discipline, Users may be subject to criminal prosecution, civil liability, or both
for unlawful use of any ITeMS systems users found in violation of this Policy may appeal or request
reconsideration of any imposed disciplinary action in accordance with the appeals provisions of the
relevant disciplinary procedures.
Individuals found to have violated this Policy may be subject to penalties provided for in other
University policies dealing with the underlying misconduct. Violators may also face ITeMS-specific
penalties, including temporary or permanent reduction or elimination of some or all ITeMS privileges.
The appropriate penalties shall be determined by the applicable disciplinary authority in consultation
with the Directorate.
RELATED POLICIES
The following policies of Nigeria and the University of Ibadan offer additional resources to issues not
covered by this policy
1. Ethics Policy, 2013. University of Ibadan Ethics Committee. ISBN:9789789119011. Printed by
ATR Bookworks
2. Policy on Authorship of Scholarly Publications, 2013. University of Ibadan. ISBN:
9789788456049. Printed by Ibadan University Printery.
3. Nigeria Broadcasting Code, 2012. National Broadcasting Commission. Printed by Planet Press
Ltd.
4. Servicom Service Charter, 2013. University of Ibadan Servicom.
5. Quality Assurance Policy and Strategy, 2013. University of Ibadan. Printed by Artsmostfare.
6. National Information and Communication Technology (ICT) Policy, 2012. Ministry of Communi-
cation Technology
7. National Software Policy, 2011. National Software Policy Committee, National Information
Technology Development Agency (NITDA)
8. FG draft policy guidelines and strategic plan on the management of e-waste, 2014 National En-
vironment Standard Regulation and Enforcement Agency (NESREA), regulations on the man-
agement of e-waste.
9. The Basel Convention on Movements of Hazardous Wastes and their Disposal.
10. University of Ibadan procedure on equipment disposal
11. University of Aberdeen guidelines on the Disposal of Computing and IT Equipment the Univer-
sity of the West Indies, Computer disposal policy and procedures SANS Institute for the Inter-
net community, Consensus Policy Resource Community, Technology Equipment Disposal Policy.
APPENDIX
Workshop 1
S/N NAME1 ADESINA TITILAYO2 AFOLABI M. ADEGBOYEGA3 ADEBIYI A .A 4 S.A.ODEWUMI5 AYANLERE D.J6 ADEFOLAKE.O.ADEMUSON7 SEYI OSUNADE8 OLADIPO OMOTOSHO9 SHITTU OLANREWJU.I
10 TADE OLUDAYO11 BOLADE JOSISH.S.12 MOROLARI EZEKIEL OLUSEGUN13 O.A ELIJAH14 ABIDOYE .O.O15 ADEJUMO M. ADEBOLA16 OMOISU JAMES17 ADEKOLA OLUWAWUMI18 OLASUNKANMI ISRAEL A.19 OLAOYE OLASUNBO .O.20 OSHUNDEYI OMODOLAPO .V.21 OLAKUNLE IDOWU22 NNAMDI OCHER23 ADEYEMI OLAJUMOKE24 OGUNLEYE IBUKOLA25 OGWUMIKE.A FAVOUR26 RAJI OLUBUKOLA .O27 ASO OGUNJUYIGBE28 AYODELE VICTORIS29 ADEGBENRO ADEDAPO .A30 AKINTAYO FOLAKE31 ALIMI FAUSAT (MRS)32 AJAYI BIODUN33 PROF ADEMOLA DASYLVA34 DR.M .E. EGWE35 MRS OLUWOLE36 MEGBOWON OLUSEYI37 Akano Maria .T
38 David O.V39 Adedoja Gloria40 Mobolaji Bankole41 Paul E. Oghinam42 Olojumoke Morenikeji43 Badmus S.O44 Tiamiyu M.A45 Alao A.A46 Dr. A.A Olapade47 T.S Ajisafe48 G.O Adedayo49 Dr. Timothy .O.Aladeluni50 Dr. Afusat. J Jubril51 Oluwasola Timothy A.O
Workshop 2
S/N NAME1 Bada lateef .O2 Wale Adebiyi3 Prof. Oyesoji Aremu4 Ayinla Olugbenga5 Banjo Damilola6 Dr. J.A Ayangunna7 Ekwosimba Ugochukwu8 Sunday Magaret9 Adewusi Blessing
10 Babalola A.E11 Ademola Ajao12 Olaleye Tobi13 Omobowale T.O14 Dr. Adedolapo Ayoade15 Member Ojebode16 Oha Pat.E17 Alabi E.E18 Akinbolusere O.I19 Kekere-Ekun EB20 Owolabani. S Isreal 21 Ogunjuyigbe A.S.O22 Megbowon Oluseyi23 S. Adewale Akinremi24 Olaore Olajide E.A
25 Dr. P.O Olapegba26 Femi Ayoola27 Atitebi Mariam . A28 Oyaniyi Oluwaseyi . J29 Dr. O. Osunade 30 Tiamiyu M.A31 Akanni F.O32 Saka Ogundele O.O33 Adeleke .O34 Aiyegbosi Afolabi
Workshop 3
S/N
NAME
1 Prof. O.E Ademola2 Prof. A.E Oluleye3 Dr. A.S.O Ogunjuyigbe4 Dr. Osunade5 Prof. M.A Tiamiyu6 Dr. A.A Adebiyi7 Dr.W.M Olatokun10 A.O Ojelabi11 R.O Adisa12 T.A Makanju13 O.O Aduroja14 T. Ajisafe15 O.T Megbowon16 Ropo Ewenla17 A.S Ajayi, Esq18 Obasola O.I19 C.O Ola20 Olutayo T. Omole21 Member Ojebode
Editorial Work
1. Dr O. Osunade2. Olamide Omolola
