(1) This Procedure is effective from 28 November 2023. (2) This Procedure documents the requirements and conditions for using the University's information and communications technology (ICT) facilities, services and materials. (3) This Procedure applies to students, staff and associates and where not already covered, to ICT facilities, services and materials owned, managed or leased by the University or as applicable by commercial or legal arrangement, including Bring your own device (BYOD). (4) This Procedure is pursuant to the Information and Communications Technology Acceptable Use Policy. (5) Users of University ICT facilities, services and materials, have a responsibility to promptly report the theft, loss or unauthorised disclosure of Deakin proprietary information to the Digital Services Service Desk. (6) ICT Users may access, use or share Deakin proprietary information only to the extent it is authorised and required to carry out activities that relate to the duties of their role. (7) Access to University ICT facilities, services and materials must be authenticated and comply with credentials and Multi-Factor Authentication (MFA) guidelines set by Digital Services. Passwords, MFA passcodes and access to ICT facilities, services and material must be unique and not be shared. The Enterprise Password Manager is to be used for storing and sharing passwords and access to ICT facilities, services and materials. (8) ICT users must lock devices (computers, tablets, mobile phones) when not in use. (9) University web publishing and various media channels including social media have additional requirements which are set out in the Web Publishing Policy and the Media Policy. (10) The privacy and integrity of information transmitted by email cannot and is not guaranteed by Deakin. These communications should not be regarded as being confidential. (11) The Deakin Internal Communications team must review and approve the distribution of all broadcast email communications. (12) Deakin staff must not use personal email services (e.g. Google Mail, Yahoo Mail) for the storage of Deakin data or to undertake any Deakin business transactions without prior approval from Digital Services. (13) Deakin staff and associates must not automatically forward email, voicemail or other communications accounts to another Deakin ICT user or an email address or service external to Deakin University. (14) ICT Users must use extreme caution when opening e-mails received from unknown senders, which may contain malware, viruses or other malicious content. Users should report suspect emails to Digital Services. (15) Staff must not use their Deakin email address for private use or provide this email as a contact for personal purposes. (16) ICT Users who use the University’s ICT facilities and services to access the internet represent Deakin and must act in accordance with the Code for Upholding Freedom of Speech and Academic Freedom. (17) Authorised Digital Services staff members may deny or restrict ICT Users' access to internet sites that are reasonably considered to contain unlawful or malicious content in accordance with the Code for Upholding Freedom of Speech and Academic Freedom. (18) Deakin internal network file storage facilities and Digital Services approved externally hosted (Cloud) storage services are provided for the storage of University related material only. (19) Use of file storage facilities (e.g. removable media) or unapproved services (Cloud Storage) to store Deakin data and/or information is not allowed unless authorised by Digital Services. (20) External storage devices (e.g. USB, removable hard drives) used to store Deakin data must be encrypted. Removable storage should not be used as a primary storage facility. (21) Deakin staff, associates and research students must not transfer data to external parties unless approved by Digital Services or the data owner. Approval will only be granted where data is transferred using secure mechanisms. Research data must be transferred, stored and shared in accordance with the University’s Research Data Management Procedure. (22) Authorised Digital Services staff will monitor ICT facilities, services and materials, including but not limited to: (23) Staff members may request (via the Chief Information and Digital Officer) that another person's personal information and identifying data is monitored or accessed in the following circumstances: (24) Where the Office of General Counsel request that another person's personal information and identifying data is monitored or accessed in accordance with clause 23 the information may be released without the approval of the Chief Information and Digital Officer. (25) If a staff member has a planned absence from the University they must ensure that data and information required to conduct the business of the University is accessible and that notification facilities, such as telephone and email out-of-office messages are in place. When a staff member has an unplanned absence, if practical, the staff member should put notifications in place from home or by contacting the Digital Services Service Desk. (26) Unacceptable use includes but is not limited to: (27) Any exemptions to the Information and Communications Technology Acceptable Use Policy and this Procedure must be approved by the Chief Information and Digital Officer or nominee. When determining an exemption, the Chief Information and Digital Officer or nominee will consider whether the proposed use is necessary to undertake legitimate job responsibilities. (28) ICT users must immediately report any suspected breach of the Information and Communications Technology Acceptable Use Policy, Information and Communications Technology Security policy and this Procedure to the Digital Services Service Desk. (29) Where there is an allegation of non-compliance and the Chief Information and Digital Officer considers it necessary to act immediately to prevent the business of the University from being disrupted, the Chief Information and Digital Officer may: (30) The Chief Information and Digital Officer will inform the ICT User of any action in writing within ten (10) working days of the action being taken. (31) For the purpose of this Procedure:Information and Communications Technology Acceptable Use procedure
Section 1 - Preamble
Section 2 - Purpose
Section 3 - Scope
Section 4 - Policy
Section 5 - Procedure
General use and ownership
Email
Internet
File shares and data storage
Monitoring and access
Absence of staff members
Unacceptable use
Exemptions
Breaches
Section 6 - Definitions
View Current
This is the current version of this document. To view historic versions, click the link in the document's navigation bar.