Policy on Acceptable Use of Information and Communication Technology (ICT) Resources

Back to main index

Approving Authority:	Council
Establishment Date:	11 October 2007
Date Last Amendment:	January 2011
Nature of Amendment:	Consequential amendments arising from a restructure of Central Administration/VC's office and the creation of new senior executive positions replacing the EDA and Registrar
Responsible Officer:	Director, Information Services

Related documents:

ICT Strategic Plan, October 2006
Guidelines to Compliance with Policy on Acceptable Use of ICT Resources
Other policies as cross-referenced in this document

1 PREAMBLE

Flinders University provides ICT resources:

to develop and maintain research activities and further commercialisation of research;
to enhance the quality of the teaching and learning environment;
to foster community engagement; and
to promote efficient administrative and technical support services.

The use of University ICT resources is a privilege that carries with it responsibilities and limitations. As with users of any other University-provided resource or those engaged in any University-related activity, users of University ICT resources are expected to observe the normal standards of common sense and common decency.

2 SCOPE

This policy/code applies to all users of University ICT resources, whether affiliated with the University or not, and to all uses of those resources, whether on campus or from remote locations.

3 DEFINITIONS

ICT means any form of technology used to collect, process, store and disseminate information and includes computer hardware and software, business applications software, data and voice communication systems and networks.

Organisational Unit means a body established within the University by the Council, or jointly by the Council and another body outside the University, which has responsibility for teaching, research or administration associated with the functions of the University.

Responsible Officer means the Head of an Organisational Unit or their delegate.

4 THE PRINCIPLES FOR USE OF UNIVERSITY ICT RESOURCES

4.1 Use for University purposes

University ICT resources are provided for, and fundamentally intended to be used for, University purposes, not for personal or non-University-related activities or purposes. Users are expected to use them accordingly.

University purposes are those in furtherance of the University's teaching and learning, research, community engagement and commercial activities, and the technical and administrative activities which support them.

The University will accept limited personal use of University ICT resources. Limits on personal use may be specified in more detail by Responsible Officers in accord with normal supervisory and management authorities and procedures.

See Guidelines to Compliance with Policy on Acceptable Use of ICT Resources para 4.1 for additional information.

4.2 Use that is compliant

Users of University ICT resources must comply with all Commonwealth and State government civil and criminal laws; all University rules and policies; and all relevant contracts and licences.

Examples of such laws, rules, policies, contracts, and licences include, but are not limited to:

Commonwealth and State laws covering defamation, privacy, freedom of information, censorship, copyright, trademark, offensive material, pornography and spam;
Commonwealth and State ICT-specific criminal laws, which prohibit hacking, spreading viruses, unauthorised use and a range of other ICT-related activities;
specific rules and procedures applying to a localised aspect of ICT, such as a School computer laboratory, a Library terminal or a Faculty server;
the University's statement of Education principles: rights, responsibilities and conduct in the educational environment
the Employer/Employee Obligations under the Collective Workplace Agreement 2006-2008
the University's academic integrity, sexual harassment, racism, bullyingand equal opportunity policies and/or statements
the University's Access to Student Information policy
the University's Policy on Public Statements; and
all applicable software licences.

See Guidelines to Compliance with Policy on Acceptable Use of ICT Resources para 4.2 for additional information.

4.3 Use that is authorised

Users of University ICT resources must:

use only those ICT resources that they are authorised to use;
use them only in the manner and to the extent authorised; and
use ICT resources in accord with any specified University standards, baselines, guidelines and protocols.

Ability to access ICT resources does not, by itself, imply authorisation to do so. Users are responsible for ascertaining what authorisations are necessary and for obtaining them before proceeding.

Users will be held responsible for all activities which originate from accounts in their name.

See Guidelines to Compliance with Policy on Acceptable Use of ICT Resources para 4.3 for additional information.

4.4 Use that respects confidentiality and privacy

Users of University ICT resources must respect the privacy of other users and their accounts, regardless of whether those accounts are securely protected; and not divulge confidential data except where required by the law or University policies.

Ability to access other persons' accounts does not, by itself, imply authorisation to do so. Users are responsible for ascertaining what authorisations are necessary and for obtaining them before proceeding.

See also the University's Access to Student Information policy.

See Guidelines to Compliance with Policy on Acceptable Use of ICT Resources para 4.4 for additional information.

4.5 Use that conserves resources

Users of University ICT resources must respect the finite capacity and cost of ICT resources and avoid consuming an unreasonable amount of those resources or interfering unreasonably with the activity of other users.

The University may set limits or quotas on the use of specific ICT resources. However, the fact that there may be no articulated limits on such services as bandwidth, disk space, CPU time, internet uploads and downloads, email storage, printing, or telephone and fax calls, does not imply that there are no limits at all. The reasonableness of any particular use will be judged in the context of all of the relevant circumstances.

Limits or quotas may be imposed by Responsible Officers in accordance with normal supervisory and management authorities and procedures. Where limits are set, users are required to observe them.

See Guidelines to Compliance with Policy on Acceptable Use of ICT Resources para 4.5 for additional information.

4.6 Use that protects the University's operation and assets

Users of University ICT resources must assist the University to protect its operations and assets by using ICT resources responsibly and prudently.

Improper use of the University's ICT resources can lead to significant damage to the University and the University community. Users who learn of any breach of this Acceptable Use Policy are expected to bring it to the attention of an appropriate University officer (eg Responsible Officer, supervisor, Information Services staff) without delay.

See Guidelines to Compliance with Policy on Acceptable Use of ICT Resources para 4.6 for additional information.

4.7 Use that protects the University's reputation

Users must protect and, where possible, enhance the reputation of the University when using University ICT resources

Communications made by means of University ICT resources may be deemed official documents that are subject to the same laws as any other form of correspondence. They are also generally subject to the State Records Act 1997 (SA) and the Freedom of Information Act 1991 (SA), and can be used in legal proceedings

See Archives and Central Records for more information on University records. And see also the University's Policy on Public Statements.

Email sent from Flinders University ICT resources is, like the more traditional letterhead, readily identifiable as being from Flinders University. Care needs to be taken to ensure that personal views and opinions are not mistaken for University views and opinions; that the University name and crest is not abused; and that private activities are not confused with University activities.

See Guide to Net Etiquette for tips that will enhance your own and the University's reputation in respect of email use.

Webpages also are an important tool supporting the University's core activities of education and research. Consistency of design and organisation is important in enhancing the University's reputation, so users involved in producing University webpages are expected to follow approved standards of formatting and design.

See Web Authoring Manual for further information.

See Guidelines to Compliance with Policy on Acceptable Use of ICT Resources para 4.7 for additional information.

5 CONSEQUENCES OF POLICY BREACHES

5.1 Breaches

Users breaching this policy may be warned or have their access to University ICT resources denied or restricted by a Responsible Officer. Before taking such action, Responsible Officers must make such inquiries as they see fit to be satisfied that a breach has occurred, and must give the user the opportunity to be heard.

Breaches which are persistent (as defined by a third or subsequent breach) or deemed by the Responsible Officer to be serious (eg to have the potential to impact on the rights or safety of other users, or on the integrity, security or functionality of the University's ICT resources) will normally be handled through the relevant disciplinary procedures. These are:

For students: Statute 6.4: Student Conduct.
For staff: the discipline procedures of the relevant industrial instrument.

5.2 Liability for damages

In addition to imposing any penalty or disciplinary action under 5.1 above, the University may take action to recover from an individual the costs associated with any damage to or loss of ICT resources and/or data caused by that individual through the deliberate breach of this policy.

5.3 Overriding authority

The University may remove material from websites or computers, or suspend or block access to an account, or take other forms of action, at any time when it reasonably appears necessary to do so in order to protect the rights and safety of others, or to protect the integrity, security, or functionality of University or other ICT resources, or to protect the University from liability.

Authority to exercise this power resides with the Vice-Chancellor and their delegate/s. The exercise of this power does not waive the rights of the University to take additional actions under this policy.

The University may, and in some circumstances is obliged to, refer suspected breaches of State or Commonwealth law to appropriate law enforcement agencies.

6 PRIVACY AND MONITORING

Users should be aware that their uses of University ICT resources are not completely private.

6.1 General monitoring

While individual usage of University ICT resources is not routinely monitored, the normal operation and maintenance of ICT resources may require:

system backups, which may access all files in an individual's account
software upgrades which may require editing startup files in an account
diagnostic and troubleshooting activities
the backup and caching of data and communications
the logging of activity
the monitoring of general usage patterns
the scanning of systems and network ports for anomalies and vulnerabilities, and
other such activities that are necessary to provide ICT services.

6.2 Individual monitoring

The activity and accounts of individual users of University ICT resources may be specifically monitored, including individual login sessions and communications, without notice, when:

the user has given permission or has voluntarily made them accessible to the public, for example by posting to a publicly-accessible web page or providing publicly-accessible network services
it reasonably appears necessary to do so to protect the rights and safety of others, or the integrity, security, or functionality of University or other ICT resources, or to protect the University from liability
there is reasonable cause to believe that the user has breached, or is breaching, this policy
an account appears to be engaged in unusual or unusually excessive activity, as indicated by the monitoring of general activity and usage patterns, or
it is otherwise required or permitted by law.

Any such individual monitoring must be authorised in advance by the Executive Director, ICT Strategy or their delegate, except where such monitoring is required by law, necessary to respond to perceived emergency situations, or is of activity covered under i. above.

6.3 Monitoring within Organisational Unit

In addition, the usage of University-owned ICT infrastructure, including disk drives, software and networks, within an Organisational Unit may be examined at any time by the Responsible Officer to ensure that relevant laws, rules, policies, licences and contracts are being complied with. The Executive Director, ICT Strategy or their delegate/s have authority to examine the usage of any University-owned ICT infrastructure in the University to ensure compliance.

6.4 Notice and disclosure

Users will not necessarily be notified if their ICT usage is being examined or monitored.

The results of any general or individual examination or monitoring, including the contents and records of individual communications, may be disclosed to appropriate University staff or to law enforcement agencies and may be used in appropriate University disciplinary proceedings.

7 AUTHORITIES

7.1 Of Vice-Chancellor (or delegate/s):

In accord with the principles of this policy:

to set standards, baselines, guidelines and protocols for all University ICT infrastructure
to approve standards, guidelines, procedures, limits or quotas for the use of University ICT resources
to remove material from websites or computers, or suspend or block access to an account, or disconnect all or part of a network, or take other forms of action, at any time when it reasonably appears necessary to do so in order to protect the rights and safety of others, or to protect the integrity, security, or functionality of University or other ICT resources, or to protect the University from liability
to arrange monitoring of ICT usage under clause 6 above
to monitor and examine the usage of any University-owned ICT resources in the University to ensure that relevant laws, rules, policies, licences and contracts are being complied with.

7.2 Of Responsible Officers (or delegate/s)

In accord with the principles of this policy:

to examine and monitor the usage of University-owned ICT infrastructure, including disk drives, software and networks, within an Organisational Unit to ensure that relevant laws, rules, policies, licences and contracts are being complied with
to disconnect or close down a network within an Organisational Unit, or any hardware attached to that network, if it appears reasonably necessary to do so to protect the rights and safety of others, or to protect the integrity, security, or functionality of University or other ICT resources, or to protect the University from liability
to approve standards, guidelines, procedures, limits or quotas for the use of specific ICT resources within the Organisational Unit.

See University Delegations for further information.

8 DISCLAIMER

Flinders University accepts no responsibility for any damage to or loss of data, hardware or software arising directly or indirectly from use of the University's ICT resources or for any consequential loss or damage. The University makes no warranty, express or implied, regarding the resources offered, of their fitness for any particular purpose.

Acknowledgement: This policy has been developed from a variety of sources, including University staff, existing University policies and equivalent documents from other universities. In particular, the use of Ohio State University's Responsible Use of University Computing and Network Resources Policy is acknowledged.