View Current

Information and Communications Technology Security policy

This is the current version of this document. You can provide feedback on this policy to the document author - refer to the Status and Details on the document's navigation bar.

Section 1 - Preamble

(1) This Policy was approved by the Vice-Chancellor on 20 April 2005 and incorporates all amendments to 9 April 2015.

(2) This Policy is pursuant to the Regulation 6.1(4) - Information and Communications Technology. The Information and Communications Technology Security procedure documents how to comply with this Policy.

Governing Law

(3) The law governing information and communication technology security at Deakin University includes both the common law and legislation, in particular:

  1. Crimes Act 1958 (Vic)
  2. Information Privacy Act 2000 (Vic)
  3. Regulation 6.1(4) Information and Communications Technology
Top of Page

Section 2 - Purpose

(4) The Policy documents the university's ICT security measures.

Top of Page

Section 3 - Scope

(5) This Policy applies throughout the University.

Top of Page

Section 4 - Policy

(6) The Director, eArchitecture will ensure that information and communication technology (ICT) security standards are defined to ensure that all data and information held electronically is protected from corruption, loss, unauthorised access and disclosure.

(7) The University Solicitor will ensure that contracts with external parties include appropriate ICT security provisions.

(8) All ICT facilities, services and materials connected to or running on the Deakin University network will have a nominated owner accountable for ensuring appropriate security, in compliance with University policies, procedures and standards.

(9) ICT users will have access only to the ICT facilities, services and materials required to carry out activities that relate to the duties of their role.

(10) The Director, eArchitecture will ensure that automatically generated logs of system, application and ICT user activity, and audit trails of changes to data, are kept in order to ensure proper management and security of ICT facilities, services and materials.

(11) In the course of providing secure ICT facilities, services and materials, staff members authorised by the Chief Digital Officer or nominee may monitor and audit ICT user activity on the Deakin University network, in accordance with the provisions specified in the Information and Communications Technology Use procedure.

(12) The Chief Digital Officer will designate a representative to receive and act on notifications of alleged breaches of security of ICT facilities, services and materials.

Top of Page

Section 5 - Procedure

(13) Refer to the Information and Communications Technology Security procedure.

Top of Page

Section 6 - Definitions

(14) For the purpose of this Policy:

  1. Data: individual facts or items of content, including symbolic representations that may form the basis of information (e.g. a date, a name, a number).
  2. Deakin Directory Service: the repository of information about users (for example, LDAP), devices and services on the Deakin University network, including Deakin University usernames, locations, capabilities, access rights and security authorisations, managed by the Deakin Division of eSolutions.
  3. Information: a collection of data in any form, which may be transmitted, manipulated, and stored, and to which meaning has been attributed. Information may include, but is not limited to: a written document, an electronic document, a webpage, an email, a spreadsheet, a photograph, a database, a drawing, a plan, a video, an audio recording, a label or anything whatsoever on which is marked any words, figures, letters or symbols which are capable of carrying a definite meaning to anyone.
  4. Information and Communication Technology (ICT) Facilities: all physical spaces (e.g. server rooms, network or communication closets, computer laboratories), hardware and infrastructure (e.g. servers, workstations, voice and data network, audio visual equipment, and portable storage devices) associated with the delivery of ICT services and materials.
  5. Information and Communication Technology (ICT) Services and Materials: all software and applications, services (including but not limited to telephony and internet access) and data contained or stored in any ICT facility.
  6. Information and Communication Technology (ICT) User: any authorised person with access to the Deakin University's ICT facilities, services and materials, including but not limited to students, staff, honorary staff members, visiting academics, contractors and alumni.