1
|
PREAMBLE
|
|
These Guidelines are provided to assist users to
comply with the Policy on Acceptable Use of ICT Resources. They provide
examples of the types of behaviours which are expected under the Policy, or
which would be in breach of the Policy. The behaviours specified are examples
only and are not intended to be comprehensive.
|
2
|
SCOPE
|
|
The Policy applies to "all users of University ICT
resources, whether affiliated with the University or not, and to all uses of
those resources, whether on campus or from remote locations". Thus the Policy
applies to:
|
|
(i) any person who is provided with or uses
University ICT resources, including:
|
|
• all students
|
|
• all staff
|
|
• visitors, contractors and their staff
|
|
• volunteers
|
|
• emeritus and honorary faculty members, and
associate or adjunct academic staff; and
|
|
(ii) any organisation which is provided with or uses
University ICT resources, which might include
|
|
• tenants of University-owned properties
|
|
• organisations affiliated with the University
|
|
• campuses of the University.
|
3
|
DEFINITIONS
|
|
ICT is defined in the Policy as "any form of
technology used to collect, process, store and disseminate information and
includes computer hardware and software, business applications software, data
and voice communication systems and networks".
|
|
Thus the following are also included within the
definition of University ICT resources:
|
|
• building access and Library cards
|
|
• printing facilities
|
|
• telephone handsets and fax machines
|
|
• student computer laboratories
|
4
|
THE PRINCIPLES FOR USE OF UNIVERSITY ICT RESOURCES
|
|
4.1 Use for University purposes
|
|
Users of University ICT resources must use them for
University purposes only, and not for personal or non-University-related
activities or purposes.
|
|
Limited personal use of University ICT resources is
permitted provided it:
|
|
• is infrequent and brief;
|
|
• uses a trivial amount of University resources and
does not inhibit their efficiency;
|
|
• does not interfere with the performance of the
user's job, studies or other University responsibilities;
|
|
• is not for personal commercial purposes or for
personal financial gain or in pursuit of personal beliefs, except where those
purposes are in connection with scholarly pursuits such as academic
publishing activities or student assignments; and
|
|
• is otherwise in compliance with the Policy on
Acceptable Use of ICT Resources.
|
|
Examples of
behaviours which would breach this principle include:
|
|
• Playing games, downloading music/video files,
radio streaming, clogging mailboxes or consuming disk space with
non-University related files.
|
|
• Using any of the telephone, fax, email or webpages
to support a political or ideological campaign.
|
|
• Using your desktop computer and associated printer
to produce commercial material for your own or another non-University
enterprise.
|
|
• Using your University email account as a regular
point of contact for a non-University enterprise, eg buying or selling on
eBay.
|
|
4.2 Use that is compliant
|
|
Users of University ICT resources must comply with
all Commonwealth and State government civil and criminal laws; all University
rules and policies; and all relevant contracts and licences.
|
|
Examples
of behaviours which are prohibited under Commonwealth and State legislation,
University rules and policies, or relevant contracts and licences, include
but are not limited to:
|
|
• Deliberately interfering with, corrupting or
destroying IT systems or data (including deliberate introduction or
propagation of computer viruses, Trojan horses, worms, password breakers and
packet observers).
|
|
• Deliberately accessing ICT facilities or data
without authorisation.
|
|
• Tampering with hardware components or hardware
configurations without authorisation.
|
|
• Using data or information obtained from
information systems without authorisation.
|
|
• Creating, transmitting or soliciting material
which is unlawful, obscene, indecent, defamatory, discriminatory,
insensitive, fraudulent, harassing, intimidating or likely to cause distress
or discomfort to some individuals or cultures: unless such material is a
legitimate part of education or research (in which case an appropriate
warning must be given).
|
|
• Transmitting or using material which infringes copyright
held by another person or the University.
|
|
(Note that copyright material for teaching purposes
may be used in accord with certain agreements with copyright-owning agencies.
See the Copyright website for further information at: http://www.flinders.edu.au/isd/policies-procedures-and-guidelines/copyright/)
|
|
• Breaching software licensing agreements.
|
|
• Transmitting unsolicited commercial or advertising
material.
|
|
• Deliberately impersonating another individual
across the network by the use of their login access or other means.
|
|
• Breaching the privacy of personal information
relating to individuals.
|
|
• Disclosing confidential information without
authorisation.
|
|
• Harassing, threatening or intimidating other
individuals.
|
|
• Operating an IT system or other equipment, which
presents a threat to the confidentiality, integrity or availability of
University IT services.
|
|
• Attempting to identify or exploit system
weaknesses.
|
|
• Attempting to make University IT systems or
services unavailable.
|
|
• Using University ICT resources to gain
unauthorised access to third party ICT resources or to make third party ICT
resources unavailable.
|
|
• Using University ICT resources in a way which
significantly degrades system performance for other users
|
|
• Using peer-to-peer or file-sharing software for
unauthorised purposes.
|
|
Specific relevant laws include the following:
|
|
• Copyright Act 1968 (Cth)
|
|
• Crimes Act 1914 (Cth)
|
|
• Criminal Code Act 1995 (Cth)
|
|
• Cybercrime Act 2001 (Cth)
|
|
• Spam Act 2003 (Cth)
|
|
• Criminal Law Consolidation Act 1935 (SA)
|
|
• Summary Offences Act 1953 (SA)
|
|
• Equal Opportunity Act 1984 (SA)
|
|
• Freedom of Information Act 1991 (SA)
|
|
• State Records Act 1997 (SA)
|
|
See http://www.legislation.sa.gov.au
for SA laws and http://www.comlaw.gov.au
for Commonwealth laws.
|
|
As part of the University's processes for securing
and monitoring the security of its ICT resources, some ICT professional staff
may be authorised to carry out activities which would otherwise be in breach
of this policy. Such authorisation must be in writing from the Director,
Information Services (or delegate).
|
|
4.3 Use that is authorised
|
|
Users of University ICT resources must:
|
|
• use only those ICT resources that they are
authorised to use;
|
|
• use them only in the manner and to the extent
authorised; and
|
|
• use ICT resources in accord with any specified
University standards, baselines, guidelines and protocols.
|
|
Examples of
behaviours which would breach this principle include:
|
|
• Sharing with someone else an account or password
without authorisation.
|
|
• Allowing someone else to access your email or the
University network via your account, without authorisation.
|
|
• Using someone else's Library Card to borrow
Library materials.
|
|
• Using someone else's password to access Flinders
Learning On-Line (FLO).
|
|
• Using someone else's account to access email or
the internet, for example if a student has failed to logoff properly from a
shared facility such as a Library computer.
|
|
• Failing to log off a shared facility and thus
permitting someone else access to your account.
|
|
Information on obtaining a new account or accessing
a network is available from: http://www.flinders.edu.au/isd/essentials
|
|
Information on access to and training in Management
Information Systems is available from: http://www.flinders.edu.au/isd/information-services-division/about-us/management-information-systems.cfm
|
|
Information on access to and use of Faculty or
School-specific databases and other systems is available from the relevant
Computing Representative, see http://www.flinders.edu.au/isd/help-and-support/local-faculty-support.cfm
|
|
4.4 Use that respects privacy and confidentiality
|
|
Users of University ICT resources must respect the
privacy of other users and their accounts, regardless of whether those
accounts are securely protected; and not divulge confidential data except
where required by the law or University policies.
|
|
Examples of
breaches of this principle include:
|
|
• Looking up personal details of a student or staff
member for a purpose unrelated to your work, eg out of idle curiosity.
|
|
• Revealing personal details of staff or students to
a third party without proper authorisation.
|
|
• Forwarding confidential reports or correspondence
to a person or institution not authorised to receive them.
|
|
• Searching through the files of another user on a
shared computer without authorisation.
|
|
Information on the University's
confidentiality/privacy policies is available from: http://www.flinders.edu.au/ppmanual/student/assessment6.html
|
|
4.5 Use that conserves resources
|
|
Users of University ICT resources must respect the
finite capacity and cost of ICT resources and avoid consuming an unreasonable
amount of those resources or interfering unreasonably with the activity of
other users.
|
|
Examples of
behaviours which waste resources and are therefore in breach of the Policy
include:
|
|
• Creating or participating in email chain letters.
|
|
• Sending unsolicited and unauthorised mass mailings
through the University network.
|
|
• Monopolising printing resources for non-University
purposes.
|
|
• Playing interactive games or joining chat rooms or
surfing the internet for personal purposes.
|
|
• Storing excessive quantities of files, especially
those no longer current or which are duplicated elsewhere.
|
|
• Making longer than necessary telephone calls
(note: both local and long-distance calls are timed).
|
|
Most of the behaviours listed as breaches of 4.6
below would also be in breach of this principle.
|
|
4.6 Use that protects the University's operation
and assets
|
|
Users of University ICT resources must assist the
University to protect its operations and assets by using ICT resources
responsibly and prudently.
|
|
Examples of behaviours which would be in breach of
this policy include:
|
|
• being careless with data (especially confidential
data), personal information, passwords and authorisation codes;
|
|
• connecting non-University hardware to the
University network without authorisation;
|
|
• installing or operating wireless access points
without authorisation;
|
|
• being careless about the physical security of IT
items, eg by leaving a lap-top unsecured in a public or semi-public place, or
leaving a University Office unattended and unlocked.
|
|
Examples of
behaviours which are expected under this policy include:
|
|
• choosing your passwords wisely;
|
|
• taking full advantage of in-built security
mechanisms such as virus-protection software and firewalls and keeping them up
to date;
|
|
• ensuring your work is properly backed up;
|
|
• abiding by policies and procedures controlling
access to and use of databases;
|
|
• abiding by directions or instructions given by a
responsible University officer;
|
|
• immediately bringing to the attention of an
appropriate officer (eg head of AOU, supervisor, Information Services staff)
any threats or potential threats to the security of University ICT resources.
|
|
Guidance in setting passwords can be found at: https://www.flinders.edu.au/fan/
|
|
Procedures for the wireless connection of
privately-owned computers to the University internet can be found at: http://www.flinders.edu.au/isd/essentials/network-access/wireless-network/
|
|
4.7 Use that protects the University's reputation
|
|
Users must protect and, where possible, enhance the
reputation of the University when using University ICT resources
|
|
Examples of
behaviours which would breach this principle include:
|
|
• Using your University email account (which is
readily identified as being from Flinders University) to transmit personal
opinions which could be mistaken for those of the University. See also the
University's Policy on Public Statement at: http://www.flinders.edu.au/ppmanual/policySecretariat/pubpol.html
|
|
• Ignoring approved standards of formatting and
design for University webpages.
|
|
• Printing your Flinders email address on a private
business card, or vice-versa.
|
|
• Using personal mottoes or quotations on emails
that show Flinders University as the source.
|
|
Examples of behaviours expected in accord with this
principle include:
|
|
• ensuring information published on University
webpages are timely, current, consistent with information published in other
formats, factual and accurate;
|
|
• presenting a professional and high quality image
of the University in all electronic correspondence and web publications.
|
