Important Message from the Chief Information Security Officer

Social use of unsupported meeting and collaboration tools (Zoom and others) is permitted, but we do need to draw your attention to the risks.  Conversations and other content in social events with work colleagues may drift into core University work topics.  We therefore ask attendees to be alert to this risk in their participation, and if they observe others straying into work topics, they should politely remind them that this is a social event and work topics are not appropriate.  Most importantly, Data Protection Policy still applies.  The following guidance for using these platforms securely should be adhered to:

• Search the Internet for advice on how to secure meetings using your chosen tool
• Use a unique meeting ID for each event, not your personal meeting ID
• Password-protect events
• Limit who can share screens – require the meeting organiser to approve screen sharing
• Use the waiting room / lobby feature to screen attendees. If you can choose the supplier data centre that will facilitate the event, pick one in the UK or EU if available
• If you cannot work out how to secure and protect your meeting, use a different tool.

Before seeking approval to use Zoom, you must first email Information-Security@open.ac.uk to confirm why you cannot use OU-approved collaboration tools, such as Teams, Adobe Connect, or Skype.

If you cannot use OU-approved tools for a meeting/event, you must complete the Basic Impact Assessment Form. A member of the Information Security Team will review the form and confirm whether the request to use Zoom has been approved and whether any additional security controls are required to use Zoom.

Please do not use Zoom until you receive approval from a member of the Information Security Team via email.