USQ Policy for the Acceptable Use of ICT Resources |
|
Trim Location: | |
Document Category*: | |
Purpose*: | |
Scope and Application: | |
Responsible Officer*: |
1 Policy Statement
The University has identified the pivotal role of Information and Communication Technology (ICT) to enhance the academic programme, research initiatives and support services available to staff, students, alumni and other authorised users (hereinafter referred to as stakeholders).University ICT resources include but are not limited to: the Internet; computing hardware and equipment, networks, laboratories and facilities; mobile devices; systems; software; telephony and broadcasting technologies.
This policy sets out the University’s stance on the acceptable use of ICT resources in respect to the provision of these resources, access to resources, responsible ethical and legal use of resources, security and privacy, compliance, penalties and discipline.
2 Principles
The University will ensure that appropriate management controls are implemented in relation to the acceptable use of ICT resources. These will include:
Provision of ICT Resources
The University recognises the importance of ICT Resources and provides access to stakeholders for the purpose of conducting University business and other authorised purposes according to need and availability of resources. Usage is subject to the terms and conditions set out in this policy and associated procedures.
The University does not permit its ICT resources to be used for unauthorised activities. Should any user become aware of any action by another individual which could be considered to breach this policy, they are requested to take appropriate action to ensure it is brought to the attention of ICT management.
Software
The University requires that stakeholders use and install software in compliance of the respective licence terms and conditions.
Making an infringing copy of software by an individual if the individual knows or ought reasonably to know that the copy is infringing copyright is a criminal offence.
Installation of privately purchased and owned software on University ICT Resources is not recommended. In all cases, ICT staff will request proof of purchase (consisting of the licence certificate and original media, or invoice) before any software will be installed on a University ICT Resource.
Acceptable Use
The University’s ICT environment is dynamic, characterised by openness, creativity and free sharing of information, to the greater benefit of universities generally. This policy will respect this environment and inhibit these characteristics only when necessary to protect the essential interests of the University.
Limited Personal Use - It is acknowledged that reasonable limited personal use will occur. ‘Limited personal use’ means private use that is infrequent, brief and kept to a minimum. University ICT resources should not be used for activities unrelated to appropriate University functions. The University accepts no liability for any loss or damages suffered by stakeholders as a result of personal use.
Illicit Material - Stakeholders must not send, view, download or store illicit, fraudulent, obscene or pornographic material that are a violation of applicable law or University policy.
Defamation, Harassment and Other Abusive Behaviour - No user will, under any circumstances take any action which would or might lead to the University’s ICT Resources being used for the purpose of defaming or slandering any individual or organisation or use an ICT system in any way such that a reasonable individual may consider this action to be viewed as harassing, abusive or obscene behaviour.
Copyright and Licences – Stakeholders must not violate copyright law and must respect licences to copyrighted materials.
Social Media – Stakeholders must respect the purpose of and abide by the terms and conditions of use of online forums, including social media networking websites, mailing lists, chat rooms, wikis and blogs.
Commercial Use – University ICT resources should not be used for commercial purposes, including advertisements, solicitations, promotions or other commercial messages, except as permitted under University policy.
Information Management – Stakeholders must take appropriate measures to ensure the availability, confidentiality, and integrity of all USQ related information stored or received, including measures to prevent loss of information. Stakeholdersshould refer to the USQ Policy for ICT Information Management and Security.
Records Management – University employees should also be aware that email communications are considered documents (records) of the University for the purposes of the Public Records Act 2002, the Right to Information Act 2009 and the Information Privacy Act 2009.
Indemnity
The University of Southern Queensland is not responsible for the content of any material prepared, received, or transmitted by stakeholders. As a condition of using the University's ICT resources, you agree that you will not violate any Commonwealth or State civil or criminal laws, and that you will comply with all Commonwealth, State and international copyright and other intellectual property laws and agreements and other Commonwealth and State laws.Furthermore, you agree to indemnify, exonerate and protect the University (and its representatives) from any claim, damage, or cost related to your use of the University's ICT resources.
2.1.1 Online Content Regulation Compliance
Pursuant to the requirements of the Broadcasting Services Act 1999, the University of Southern Queensland endorses and will support effective, practical and appropriate measures that assist the University and clients manage Internet use.
2.1.1.1 Content Takedown Notice
The University of Southern Queensland will have in place a procedure for receiving and responding to takedown notices (as defined in the Act) issued by the Government Authority or third party organization within the timeframe required under the Act.
Identity Management
The University Identity Management System (IDM) is responsible for the overall management and security of staff, student and pseudo accounts. Academic and administrative staff will be authorised to access resources required to perform their duties. Students will be authorised to access services for academic purposes relating to their program of study at the University. Alumni will be authorised to access electronic mail and any other resources allocated to them. Stakeholders who are not staff, students or alumni may have pseudo or affiliate account access provided.
Privacy
The University of Southern Queensland recognises the right to privacy of user files and communications. However, the University reserves the right to examine files and directories where it is necessary to determine the ownership or recipient of lost or misdirected files, and also where the University has information or evidence that:
System integrity is threatened;
Security is compromised;
An activity has a detrimental impact on the quality of service to other stakeholders;
The system is being used for purposes which are prohibited under this policy; or
The system is being used for unlawful purposes.
You should exercise caution when storing any confidential information in electronic format as the privacy of such information cannot be guaranteed.
2.2 Monitoring and Privacy
ICT Services routinely monitor traffic on networks. Logs obtained from monitoring operations are used for capacity planning, performance measurement, security, accountability, and evidentiary purposes.
Whilst the University of Southern Queensland respects the right to privacy of its employees and students, the University reserves the right to inspect all University owned ICT devices, together with all files, staff email accounts and messages, and logs contained on those devices. Awareness of these provisions shall be included as a mandatory component of all new staff inductions.
By connecting a privately owned ICT device (including wireless or remote connection) to the University of Southern Queensland network, any University employee, student or third party acknowledges that:
they will be bound by, and comply with, the terms and conditions of use of University of Southern Queensland ICT resources, as established in this policy and the USQ Policy for ICT Information Management and Security; and
the network traffic generated by a privately owned ICT device is generated in pursuit of University business only and that - while the traffic is traversing University networks - it is subject to the same right of inspection as traffic originating from University owned ICT devices.
Access
Stakeholders of University ICT resources must protect:
their online identity from use by another individual,
the integrity of computer-based ICT resources, and
the privacy of electronic information.
Stakeholders must refrain from seeking to gain unauthorised access to ICT resources or enabling unauthorised access. Any attempt to gain unauthorised access to a system or to another person’s information is a violation of University policy and may also violate applicable law which may result in either civil and/or criminal proceedings. However, authorised ICT Service system administrators may access ICT resources, but only for a legitimate operational purpose and only the minimum access required to accomplish this legitimate operational purpose.
Sharing an online identity (user ID and /or password is prohibited;
Stakeholders must not intentionally seek, access or provide information or passwords or other digital materials belonging to other stakeholders, without the specific permission of those other stakeholders;
Stakeholders of University ICT resources must not access computers, computer software, computer data or information, or computer networks without proper authorisation, or intentionally enable others to do so, regardless of whether the computer, software, data, information, or network in question is owned by the University;
2.2.1.1 Access by Minors
The University of Southern Queensland will take reasonable steps to ensure that restricted content is not accessible to minors (those under 18 years of age) without documented parental approval.
Computing Resources of Students
The University provides on-campus computer facilities in line with equity principles and legislative requirements.
Compliance, Breaches and Disciplinary Action
Stakeholders who become aware of a possible breach of this policy must report it to:
their supervisor or manager;
their organisational unit head;
the Executive Director (ICT Services) through the ICT Service Desk.
The Executive Director (ICT Services) is responsible in the first instance for handling and investigating potential breaches. Penalties and Discipline are outlined in the USQ Policy for ICT Information Management and Security.
Responsibility with regard to Australian Laws, USQ Policies and Contracts between the University and External Agencies
The University has obligations relating to copyright, intellectual property, privacy,right to information, sexual harassment, and racial discrimination as defined by law, and in its own policies. The University expects that stakeholders of its ICT Resources will also exercise their responsibilities in this area. Stakeholders should familiarise themselves with University policies and documentation on the following matters:
Code of Conduct (Human Resources Policy and Procedures Manual, Part C1),
The University has certain contractual obligations relating to the use of its ICT Resources which constrain the way facilities may be used. The University may take disciplinary action against anyone whose use of facilities violates the terms of such agreements. In addition to observing Australian laws, related USQ policies and procedures, and this policy, stakeholders should familiarise themselves with any published acceptable use policy associated with each service.
3 References
Universities and Colleges Information Systems Association (UCISA) Toolkit Information Security Edition
ICT Services
Manager Information Security
Ph: (07) 4631 2877
ICT Service Desk
USQ Support Centre, Toowoomba Campus
ICT Services
Ph (07) 4631 1900
4 Definitions
Word/Term | Definition (with examples if required) |
Availability | Ensuring that authorisedstakeholdershave access to information when required. |
Confidentiality | Ensuring that information is only accessible to those with authorised access. |
ICT Resources | Include but are not limited to: the Internet; computing hardware and equipment, networks, laboratories and facilities; mobile devices; systems; software; telephony and broadcasting technologies. |
Integrity | Safeguarding the accuracy and completeness of information and processing methods. |
Stakeholders | All staff, students, contractors, third parties, clinical and adjunct title holders, affiliates, alumni and all other individuals who access USQ’s systems and/or network. |
|
|
5 Other Policy Information
Peak Approval Authority: | ||
Committee Owner*: | ||
Division/Department/Office*: | ||
Development Pathway: | ||
Approval Pathway: |
| |
Approval Delegation: | ||
Procedural Delegation: | ||
Related Legislation / guidelines: | ||
Strategic Plan/Goal & Objectives: | ||
Supporting documents, forms: | ||
Associated USQ policies: | |
Policy Category**: | |
Effective Date*: | |
Approval Date: | |
Next Review Date*: | |
Expiry Date of Policy: | |
Audience: | |
Keywords: | |
Location: | |
Document Status**: | |
Sunset Requirement: | |
Service Delivery: | |
Policy Impact: | |
Consultation and Agreement: |