As a student of Singapore Polytechnic, you will make use of the Polytechnic’s ICT Assets such as information, computers, networks and software in your day-to-day activities. It is important that these important resources provide the service to you
and to others for which they were intended.
An important part of the proper operation of these ICT Assets is security. Scams, trojans, viruses, worms, spyware and ransomware can wreak havoc on these assets so the Polytechnic has taken great
care to protect them against such threat.
That said, you, the student, perform a very important role in maintaining the security and availability of the Polytechnics student computer resources. We have written this guide to help explain what you need to do, and what rules you need
to comply with to help ensure that the confidentiality, availability and integrity of the computing resources of the Polytechnic are protected.
This document contains a set of Acceptable Use Policy specifically for Students and is meant to
make sure that the Polytechnic’s computers and networks keep running smoothly and securely. All Students of SP are required to strictly comply with the Information Communications Technology (ICT) Security Policy and Standards issued by the Polytechnic.
2. Student Security Awareness
You are to complete security awareness training as part of your introduction to the Polytechnic. This training will ensure that you understand the risks and your responsibilities towards helping to reduce those risks. Sensitive data including personally-identifiable
information or PII (eg. NRIC, full name etc) must be secured and protected at all times (eg. encrypted in storage, transmitted over secured protocols eg. HTTPS and securely deleted when no longer needed). In addition, PII must not be collected as part of
student activities in the Polytechnic.
You understand that you are responsible to comply with all security related policies. These policies are important and protect not only you, but everybody else who needs to use these resources.
You will be given a password to access any computer accounts that you need. You must keep your password secret, and never ever tell anybody else what it is1 ;
We have some rules to help you select a good password:
- It needs to be at least 12 characters long;
- It needs to contain characters from at least 3 of the following categories:
- Upper case (A-Z)
- Lower case (a-z)
- Digits (0-9)
- Special characters (!, $, #, %, etc.)
- It can’t be reused for at least 3 generations;
- It can’t be your username or User ID;
- It can’t be your name or part of your name;
- It can’t contain your NRIC/Passport Number;
- It can’t contain or be anything that can be associated with you, e.g. your dog’s name or street name;
- It can’t be a dictionary word, commonly used words or compromised passwords.
So, you need to use great care when you pick a password. One easy way to pick one you can remember is to think of a phrase. For example, the phrase “I like Ice Cream” could be converted into a password like 1l1ke1cecream by just putting 1
instead of ‘I’; this is a very good password. (Don’t use this one though!)
Don’t write your password down on a piece of paper or put it in a file on a computer. Somebody else could find it.
If you think someone has guessed your password, or if you accidently revealed it to somebody else, you need to change it immediately.
Your password needs to be changed every 12 months, and you can’t use the same password again.
4. Your Accounts
Your account is just that – your account, just for you and you alone. You cannot share it with somebody else, for any
You are responsible for everything that comes from your account. So if somebody were to send an email, write a blog, or post something on FaceBook using your account defaming the school, a teacher, or a friend, you are still held accountable. So again,
keeping your password a secret helps to avoid problems like this.
You can’t use someone else’s account, just like someone else can’t use yours. You also can’t do things that attempt to mask your account to others to try and hide. You can't use the Polytechnic’s resources to spy on others,
and you can’t change, read, delete, copy or otherwise modify another persons files unless they give you permission to do so.
5. Appropriate Use SP's Computer Resources
The computer systems, including networks that have been set aside for your use are tools to facilitate your education. These systems should be usable by you just the way they are, and you should not need to change their configuration or add/modify/remove
any software. Use common sense in what you do on these systems - if it feels wrong, it probably is. You should only use Polytechnic computer systems and the Polytechnic’s networks for Polytechnic related activities such as coursework or research,
and for no other purpose. You should not use these systems for:
- Commercial or financial gain;
- Unauthorized storage;
- Attacking or hacking Polytechnic or external resources including bug-hunting, penetration testing, vulnerability and network scanning
- Installation of malicious software or code
- Disruptive activities to other students or the Polytechnic as a whole
When connecting to the Polytechnic's networks, the Polytechnic has the rights to monitor, control and disclose your Internet activities. This will include the rights to accept, terminate or reject your connections, as well as to monitor and record your
Only install authorized software on the Polytechnic’s systems. Authorized software is software that is licensed for use, legally acquired, and approved by the Polytechnic for use. By installing unauthorized software you could inadvertently introduce
malicious code and cause great harm to the Polytechnic. You could also break the licensing agreements that the Polytechnic has with various software vendors, and without even knowing it.
You must not engage in any use or activities that may be considered misuse or abuse. You must also not break any of the laws of the Republic of Singapore relating to computer use and the use of copyrighted material. In particular, care should be taken
to adhere to the following laws:
- The Copyright Act
- The Computer Misuse and Cybersecurity Act
- The Spam Control Act
- The Personal Data Protection Act (PDPA)
Only use resources that are for students. Staff computers are for staff and students should not use them. If you have a question regarding a computer system's intended use, please ask.
Do not try and circumvent these safeguards, as you will be endangering both the system and your fellow students.
Information that goes on the Internet from the Polytechnic is traceable to the Polytechnic. So don’t use the Polytechnic’s network to post or email on the public Blogs, social networking sites2 (such as Instagram, Facebook,
Twitter, YouTube, etc), websites, or any other publicly accessible communication channel, anything that is:
- False or misleading
- Prejudicial to the good name of Singapore Polytechnic;
- Illegal as defined under the laws of the Republic of Singapore;
Again, good sense prevails – defamation, pornography, pictures that are disturbing – if you think it’s bad, then it probably is.
You must not use the Polytechnic’s ICT Systems to illicitly exchange3 (without the permission of the copyright owner or exchange in violation of normal "fair use" principles; this generally applies to music, movies, software, and others
forms of intellectural property)or otherwise infringe on the copyrighted intellectual property of others by any means, including but not limited to the use of “peer-to-peer” or “client-to-client” technologies4 (such
as eDonkey, Gnutella and Bit Torrent) , email or FTP. If you have peer-to-peer or client-to-client software on your personal laptop, either turn it off or don’t connect your computer into the Polytechnic’s network.
When you use your own Non-SP furnished or personal devices5, you can only connect it to networks that are allocated specifically for student or guest use. You cannot attach it to any network reserved for the staff of the Polytechnic.
If you are accessing SPICE networks through Non-SP furnished devices, you are required to secure them and ensure no virus or malware is present on these devices. This includes usage of password/PIN for logging into the
device, installation/running of real-time anti-virus on the device and checking your OS/software/anti-virus signatures for updates at least once a week. Software should only be installed from authorized and trusted sources (eg. Apple App Store, Google Playstore for mobile devices).
You must not run any diagnostic or vulnerabiliy scanning tools on your Non-SP furnished devices while connected to the Polytechnic's networks.
You must not attach your Non-SP furnished devices to a second network6 and Singapore Polytechnic’s network at the same time; for example, if you have a USB dongle that facilitates connections to a mobile data network, then you
can’t use that dongle at the same time as your device is attached to the Polytechnic’s network.
The Polytechnic may have created a student email account for your exclusive use. You are fully accountable for all emails transmitted from your Polytechnic email account so you must ensure that nobody else can access this account.
you use your Polytechnic email account, you are in effect representing the Polytechnic. You must exercise care and discretion when you send mail, and you must not use your Polytechnic email account to:
- Send false/misleading, spam or commercial emails;
- Solicit for political candidates;
- Engage in illegal, unethical or improper activities;
- Disseminate internal email addresses to external mailing lists;
- Conduct personal business
You must always take precaution when reading your email and stay vigilant for phishing, spoofed, unsolicited and malicious email sent to entice you to click on malicious links/attachments or to solicit sensitive information (eg. passwords, one-time-PIN,
personal information etc).
7. Security Violations
If you see something that you think might indicate a security problem, malfunction of a security device or program, or a security violation, please promptly report the matter to the SPICE Service Desk – it is your responsibility to do so.
If violations, such as presence of malware, are detected on your Non-SP furnished devices, the Polytechnic will deny your connections to the Polytechnic's networks.
If there is an investigation being conducted by the Polytechnic relating to system misuse, abuse or a security incident/violation, then you understand that during the course of the investigation the Polytechnic’s management has the right to
examine your account, emails, user files and Non-SP furnished devices that have been connected to the Polytechnic's networks.
You also understand that violation of the Polytechnics computer security policies and acceptable use policies is a very serious matter. Violations may result in:
- Fines against the offending party;
- Confiscation of Non-SP furnished devices;
- Withdrawal of access to the Polytechnic’s computing resources and/or network
- Suspension or expulsion from the Polytechnic.
Finally, Singapore Polytechnic reserves the right to take disciplinary or legal action against an offending user in the event that he or she conducts himself or herself in any manner which is considered by the Polytechnic to be irresponsible; or in
the event that the individual is misusing the computing resources allocated to him or her.
This document is last reviewed on 20 Sep 2023
1 One really good example of when this rule is important is when you are the potential victim of a phishing attack, where you get an email asking
you to reveal your password. A legitimate site or organization will never ever ask you to reveal your password.
2 Social networking sites include sites such as Instagram, Facebook, Twitter, Youtube, TikTok and so on.
3 By “illicitly exchange”, we mean exchange without the permission of the copyright owner or exchange in violation of normal “fair use” principles; this generally applies to music, movies, software, and other forms of intellectual property.
4 Examples include eMule and Bit Torrent
5 Non-SP furnished devices include desktops, notebook(s), tablets (also known as slates), smart phones, and storage media such as thumb drives and optical devices (e.g. CD-ROM, DVD).
6 A “Second Network” is meant to be an un-trusted third-party network such as the Internet; the effect of connecting a computer to two networks at the same time is to circumvent protection mechanisms that may be in place on the trusted network. A good example of connecting to a second network is at the same time would be to connect to the SPICE network using a LAN port while at the same time being connected to Wireless@SG on the Wi-Fi port.
Wireless Network Usage Policy
Users of the Singapore Polytechnic wireless network are any person who uses the wireless network, for any reason, regardless of their role or position.
The Wireless Network Policy applies to all users of the wireless network, regardless of role or position and whether student, visitor, vendor or guest in Singapore Polytechnic.
Users are required to:
- Install and maintain up to date Anti-virus software
- Endeavor to ensure that the latest service pack and hot fixes for their system are installed, regardless of the operating system type
- Install and operate personal firewall software whereever possible
- Comply with all legal and statuary requirements
- Comply with all Singapore Polytechnic Policies
- Not install or operate unauthorized wireless networks, including ad-hoc networks
- Not connect to the wireless network and untrusted networks at the same time. (i.e. you must not dial up to an ISP while connected to the wireless network)
- Use only the secure network for access to confidential or sensitive information
- Protect any encryption key issued to them and ensure the confidentiality of that key
- Read the policies and instructions issued by Singapore Polytechnic
- Avoid using high-bandwidth applications on the wireless network
- Not rely solely on the wireless network for high-availability systems
This document is last reviewed on 10 February 2006.
Microsoft Volume Licensing - Enrolment for Education Solutions (EES): Student Advantage Program
“Office 365 ProPlus for Students” is offered to Singapore Polytechnic students at no additional charge via Singapore Polytechnic EES agreement.
Office 365 ProPlus for Students includes the following:
- Office 365 ProPlus for PC
- Office 365 ProPlus for Mac
- Office Mobile for iPhone
- Office Mobile for Android
Students are allow to run Office on up to five machines being Mac or PC. Students can also run Office Mobile for Android or Office Mobile for iPhone on up to 5 mobile devices. This Office 365 ProPlus for students subscription license will expire when
students leave Singapore Polytechnic.
Transferring of License to other users are not permitted. Students may assign the software license to another device, when you assign the software license to a new device, the software will no longer run on the prior device.
Students will use Singapore Polytechnic iChat email account to download Office 365 ProPlus installation, students are not permitted to acquire, create and/or replicate the Office 365 ProPlus installation physical media.
This document is last reviewed on 6th Aug 2019.