University Computing and Communications Facilities Conditions of Use Policy
| Document Number | 000817 |
|---|---|
| Date Approved | 23 April 2007 |
1. Introduction
The University of Newcastle provides students, staff and the community with access to computing and communications services in support of its teaching, learning, research and administrative activities.
The University has a responsibility to ensure the appropriate use of its computing and communications facilities and to protect itself from any legal liabilities arising from their inappropriate use.
This document sets out the terms governing the use of these facilities. These terms are designed to preclude irresponsible, abusive or illegal activities. They apply to all users (students, staff and other authorised persons) and to the use of both central and departmental systems.
These conditions apply regardless of what information handling technology is used including but not limited to Standalone or Networked computers, hand held devices and all forms of telecommunication equipment. They also apply to the University’s external communications links to the Internet (via AARNet) and to the acceptable use of partner organisations systems and communications links.
These conditions support the University’s legal obligation to ensure that private information is managed in accordance with the principles outlined in the Privacy and Personal Information Protection Act 1998 No133, the Health Records and Information Privacy Act 2002, the Protected Disclosures Act 1994 and the State Records Act 1998.
Use of any of these facilities indicates the user’s understanding and acceptance of these terms. Any user, who is unsure of the meaning of any of these terms, should seek advice from the University Services Division (USD) Information Desk prior to use - phone ext 17000 or email 17000@newcastle.edu.au.
2. General Conditions
The University provides access to standalone or networked microcomputers, to multi-user computers and to other IT resources accessible via the University's on-campus and dial-in networks.
Students are given access for use in academic study and activities related to the University.
Staff are given access for use associated with their duties at the University.
Associates are given access for use associated with their collaboration with the University, such as on joint research projects.
(Access by the wider community is not covered by this document.)
Authorised Usage
University computing and communicationsfacilities must generally be used for business academic or student related activities only.
Users may only use authorised facilities for authorised purposes.
Incidental personal use is permissible within reasonable limits and as long as the cumulative impact on the University of Newcastle is inconsequential. This provision is at the sole discretion of the Chief Information Officer (CIO), and may be rescinded at any time.
University Property
Unless third parties have clearly noted copyrights or some other rights on the information and messages handled by University computing and communicationsfacilities, all information and messages generated on or handled by University computing and communicationsfacilities are considered to be the property of the University of Newcastle.
Excessive Usage
Authorised ‘incidental personal use’ of University computing and communications facilities does not extend to:
i. intentionally downloading, transmitting or storing:
unauthorised software,
large files containing picture images, live pictures or graphics.
computer games,
music files,
movie and television files or to
ii. accessing of radio or television stations broadcasting via the Internet.
Downloading, transmitting or storage of such files increases the load on the network and could degrade the service to other staff and students with genuine need to use the resources.
The Chief Information Officer reserves the right to prevent access to or delete any files contained on its systems that are deemed to be for personal use and excessive in nature.
Authorised Access
Access to University computing and communicationsfacilities must be based on the concept of least privilege (need to know basis).
All access to any University computing and communicationsfacilities must be authorised by the appropriate departmental manager or faculty member who is acting in the role of Information Owner.
No user of the University computing and communicationsfacilities may ever knowingly exceed their authorised access level. If additional access is required for a user to perform their duties then this access must be granted via authorised means. This additional access includes administration rights on a machine.
Password Security
Users must actively defend access to University computing and communicationsfacilities from unauthorised use by others. Where access is protected by a username and password, users must choose passwords that are difficult to guess.
Passwords must not be disclosed to any other user including IT support staff.
“Complex” passwords are encouraged, those being passwords with eight characters or more, with a mix of uppercase, lowercase and numerals and special characters.
Users must not use any account set up for another user, nor may they attempt to find out the user credentials of another user.
Proxy Use
Proxy use of another users account is permissible in some circumstances. Proxy use must only be undertaken if there are no other viable alternatives for gaining access and the owner of the account has provided written authorisation for the proxy use to occur.
Inappropriate, Offensive and Illegal Material
It is not acceptable to intentionally create, send or access information that could damage the University's reputation, be misleading or deceptive, result in victimisation or harassment, lead to criminal penalty or civil liability, or be reasonably found to be offensive, obscene, threatening, abusive or defamatory.
The Chief Information Officer reserves the right to audit and remove any such material from its computer resources without notice.
Where a genuine reason exists (i.e. to support teaching, learning or research activities) for accessing sites that would be normally regarded as inappropriate, the written authorisation of the Head of School or Section is required.
Users should be aware of the code of conduct in force across the University which is accessible via the University Policy Library.
See http://www.newcastle.edu.au/policylibrary/000059.html
http://www.newcastle.edu.au/policylibrary/000607.html
Diversity and Inclusiveness
It is inappropriate to transmit, communicate or access any material which constitutes any form of bullying, harassment (including sexual harassment), discrimination, victimisation and vilification by any member of the University community in their interactions with other members of the University community or whilst involved in University related activities. This includes any unlawful discrimination of an individual or a group of people on the bases of race, colour, nationality or ethnicity, religion, sex, pregnancy (actual, presumed and/or breastfeeding) or parental responsibilities, marital status, age, disability, homosexuality, transgender status or sexual preference, carer's responsibilities. trade union activity or association, political opinion or irrelevant criminal record or some other characteristic specified under anti-discrimination or human rights legislation.
See http://www.newcastle.edu.au/policy/000941.html
Copyright
Users must abide by the law of copyright as it affects electronic information in all its forms including but not limited to the digitisation and distribution of photographs from magazines, books or other copyrighted sources, copyrighted music, copyrighted movies, copyrighted television programs, and all other copyrighted Audio Visual formats including Computer games.
The installation or distribution of any copyrighted software for which the University of Newcastle or the end user does not have an active license is strictly prohibited.
The Chief Information Officer reserves the right to prevent access to or to delete any information contained on its systems that is suspected to have breached the law of copyright.
Copyright Guidelines for staff and students of the University of Newcastle can be found at http://www.newcastle.edu.au/policylibrary/000249.html
Information Privacy
As stated in the Introduction of this document, these conditions support the University’s legal obligation to ensure that private information is managed in accordance with the principles outlined in the Privacy and Personal Information Protection Act 1998 No133, the Health Records and Information Privacy Act 2002.
Users who have access to information that is deemed to be private must abide by the tenets laid out in the University of Newcastle’s Privacy Management Plan.
See http://www.newcastle.edu.au/policy/000258.html
Messages conveyed via information networks are capable of being intercepted, traced or recorded by others. Although such practices may be illegal, users should not have an expectation of privacy and must take care with confidential documents.
Information Security
Users must manage information in accordance with the principles outlined in the Information Security Classification Policy. In particular all information carrying a Security Classification of X – in confidence or above must only be distributed outside of the University with the express permission of the relevant information owner and may be subject to the third party signing a non disclosure agreement.
Configuration Security
On University of Newcastle supplied computer hardware, users must not change operating system configurations, upgrade existing operating systems, or install new operating systems. If such changes are required, they must be performed by IT Services or appropriate IT support staff.
Computer equipment supplied by the University of Newcastle must not be altered or added to in any way without the prior knowledge of and authorisation from IT Services.
Critical components of the University’s information security infrastructure must not be disabled, bypassed, turned off, or disconnected without prior approval from the Information Owner.
Hacking and Cracking Activities
Users must not use University computing and communicationsfacilities to engage in attempts to subvert security measures in any way. This includes but is not limited to:
· gaining unauthorised access;
· altering, or disrupting the operations of any other information system; and
· capturing or otherwise obtaining user credentials, encryption keys, or any other access control mechanism that could permit unauthorised access.
Unless it forms part of their day to day tasks, users must not test, or attempt to compromise any security controls.
Statutory Requirements
The University must conform with all relevant statutory and legal obligations. Please see section 4 Related Documents for a full list of the relevant State and Federal Acts
All information, data or files created by users while employed or enrolled at the University are subject to scrutiny. It is important to remember that electronic messages are official documents that are subject to the same laws as any other form of correspondence. They are subject to statutory record keeping requirements and can be subpoenaed or "discovered" during legal processes.
In some cases external conditions of use apply. For example, the University must ensure all use of its Internet link directly relates to its teaching, learning, research and administrative activities (as per AARNet usage policy).
Security Instruction
Users must abide by any relevant instructions given by the Chief Information Officer, or delegated officers. Such instructions may be issued by notice displayed in the vicinity of computing facilities, by letter, by electronic communication, in person or otherwise.
Security Breaches
Staff and students must report breaches or suspected breaches of these conditions of use to their supervisor, lecturer or an appropriate senior officer of the University. Staff have an obligation under the University's Code of Conduct to report misuse of University resources.
See http://www.newcastle.edu.au/policy/000059.html
Monitoring
Consistent with generally-accepted business practice, IT Services collects statistical data regarding the operations of its electronic communication systems. Using such information, technical support personnel monitor the use of electronic communications to ensure the ongoing availability, reliability, and security of these systems. This monitoring is used to detect unauthorised usage, toll fraud, denial of service attacks, and other problems.
Technical support personnel must not review the content of an individual worker's communications out of personal curiosity or at the request of individuals who have not gone through proper approval channels. Advance written approval by the Chief Information Officer that has been authorised by both the University Legal Counsel and appropriate Deputy Vice Chancellor (DVC) is required for any such monitoring.
Enforcement
Any identified use of equipment or services thought to be inconsistent with these conditions of use will be investigated. Inappropriate use will be subject to consideration under the student disciplinary process or misconduct / serious misconduct processes and to a range of penalties, including but not limited to termination of employment, suspension from a course of study or a fine and/or criminal prosecution.
Disclaimer
The University accepts no responsibility for any damage to or loss of data, hardware or software arising directly or indirectly from use of the University's computing and communications facilities or for any consequential loss or damage. The University makes no warranty, express or implied regarding the facilities offered, or their fitness for any particular purpose.
While the University seeks to ensure privacy it cannot guarantee the confidentiality of any information stored on any University computer or transmitted through its network. Further, for the purpose of managing the facilities and consistent with generally-accepted business practice, the University of Newcastle collects statistical data about its electronic communication systems. Using such information, technical support personnel monitor the use of electronic communications to ensure the ongoing availability, reliability, and security of these systems. The University employs computer systems that analyse these types of statistical information to detect unauthorised usage and other problems.
The University's liability in the event of any loss or damage shall be limited to the fees and charges paid to the University for the use of the computing and communications facilities which resulted in the loss or damage.
3. Essential Supporting Documents
Information Security Policy
Information Security Classification Policy
Information Security Roles and Responsibilities Policy
University of Newcastle Code of Conduct
Universityof Newcastle’s Privacy Management Plan
Password Management Guidelines
Diversity and Inclusiveness Policy
4. Related Documents
AS/NZS 7799.2:2003: Information Security Management - Specification for Information Security Management Systems
Information Security Guideline for NSW Government – Part 1 Information Security Risk Management
Privacy and Personal Information Protection Act 1998 No 133
Health Records and Information Privacy Act 2002
State Records Act 1998
Australian Copyright Act 1968
Copyright Amendment (Digital Agenda) Act 2000
Protected Disclosures Act 1994
NSW State Records Authority Standard on Counter Disaster Strategies for Records and Recordkeeping systems (No. 6)
NSW State Records Authority Standard on Managing a Records Management Program (No. 8)
NSW State Records Authority Standard on Physical Storage of State Records (No. 3)
Student Misconduct Rule 000935
| Approval Authority | Vice-Chancellor |
|---|---|
| Date Approved | 23 April 2007 |
| Date for Review | 23 April 2010 |
| Policy Sponsor | Deputy Vice-Chancellor (Services) |
| Policy Owner | Chief Information Officer |
| Policy Contact | Associate Director, Infrastructure |
| Amendment History | 23 August 2011 - Administrative amendments due to implementation of Student Misconduct Rule which replaced Student Discipline Rules effective 25 July 2011. Links amended March 2009 |