View Current

Information and Communications Technology Acceptable Use procedure

This is the current version of this document. To view historic versions, click the link in the document's navigation bar.

Section 1 - Preamble

(1) This Procedure is effective from 26 March 2020.

Top of Page

Section 2 - Purpose

(2) This Procedure documents the requirements and conditions for using the University's information and communications technology (ICT) facilities, services and materials.

Top of Page

Section 3 - Scope

(3) This Procedure applies to students, staff and associates and where not already covered, to ICT facilities, services and materials owned, managed or leased by the University or as applicable by commercial or legal arrangement, including Bring your own device (BYOD).

Top of Page

Section 4 - Policy

(4) This Procedure is pursuant to the Information and Communications Technology Acceptable Use policy.

Top of Page

Section 5 - Procedure

General use and ownership

(5) Users of University ICT facilities, services and materials, have a responsibility to promptly report the theft, loss or unauthorised disclosure of Deakin proprietary information to the eSolutions Service Desk.

(6) ICT Users may access, use or share Deakin proprietary information only to the extent it is authorised and required to carry out activities that relate to the duties of their role.

(7) Access to University ICT facilities, services and materials must be authenticated and comply with credentials guidelines set by eSolutions. Passwords must not be shared.

(8) ICT users must lock devices (computers, tablets, mobile phones) when not in use.

(9) University web publishing and various media channels including social media have additional requirements which are set out in the Web Publishing policy and the Media policy.

Email

(10) The privacy and integrity of information transmitted by email cannot and is not guaranteed by Deakin. These communications should not be regarded as being confidential.

(11) The Deakin Internal Communications team must review and approve the distribution of all broadcast email communications.

(12) Deakin staff must not use personal email services (e.g. Google Mail, Yahoo Mail) for the storage of Deakin data or to undertake any Deakin business transactions without prior approval from eSolutions.

(13) Deakin staff must not automatically forward the entire contents of their mailbox, voicemail or other communications accounts to another Deakin ICT user or personal email service. Automatic forwarding to a Deakin email address may be used for a generic user account (e.g. ocdo@deakin.edu.au) and for filtered email that contains no personal information.

(14) ICT Users must use extreme caution when opening e-mails received from unknown senders, which may contain malware, viruses or other malicious content. Users should report suspect emails to eSolutions.

(15) Staff must not use their Deakin email address for private use or provide this email as a contact for personal purposes.

Internet

(16) When using the University’s ICT facilities and services to access and use the Internet, ICT Users must understand they represent Deakin and act in accordance with the Academic Freedom policy and Freedom of Speech policy.

(17) Authorised eSolutions staff members may deny or restrict ICT Users' access to internet sites that are reasonably considered to contain inappropriate or malicious content.

File shares and data storage

(18) Deakin internal network file storage facilities and eSolutions approved externally hosted (Cloud) storage services are provided for the storage of University related material only.

(19) Use of file storage facilities (e.g. removable media) or unapproved services (Cloud Storage) to store Deakin data and/or information is not allowed unless authorised by eSolutions.

(20) External storage devices (e.g. USB, removable hard drives) used to store Deakin data must be encrypted. Removable storage should not be used as a primary storage facility. 

(21) Deakin staff, associates and research students must not transfer data to external parties unless approved by eSolutions or the data owner. Approval will only be granted where data is transferred using secure mechanisms.

Monitoring and access

(22) Authorised eSolutions staff will monitor ICT facilities, services and materials, including but not limited to:

  1. protecting the integrity and security of the University’s ICT facilities
  2. checking network traffic and detecting intrusions
  3. auditing the ICT assets of the University
  4. aggregating activity and usage patterns
  5. investigating and repairing system malfunctions
  6. policy and procedure compliance.

(23) Staff members may request (via the Chief Digital Officer) that another person's personal information and identifying data is monitored or accessed in the following circumstances:

  1. where access is necessary to prevent the business of the University being obstructed or delayed
  2. to investigate a breach or suspected breach of legislation or Deakin University policy.

Absence of staff members

(24) If a staff member has a planned absence from the University they must ensure that data and information required to conduct the business of the University is accessible and that notification facilities, such as telephone and email out-of-office messages are in place. When a staff member has an unplanned absence, if practical, the staff member should put notifications in place from home or by contacting the eSolutions Service Desk.

Unacceptable use

(25) Unacceptable use includes but is not limited to:

  1. Engaging in any activity that is in breach of the University’s policies or procedures, or illegal under local, state, federal or international law.
  2. Accessing data, network, a server or an account for any purpose other than conducting Deakin business is considered a security breach, even if access is part of the user’s normal job/duty.
  3. Circumventing user authentication or security of any host, network or account.
  4. Network scanning is not allowed unless prior approval from eSolutions is obtained.
  5. Executing any form of network spoofing and monitoring which will intercept data not intended for the user’s host, unless this activity is a part of the user’s normal job/duty.
  6. Intentionally introducing anu program or device that would degrade Deakin’s ICT Facilities, Service or Materials unless authorised by eSolutions.
  7. Interfering with or denying service to another user.
  8. Sending unsolicited email messages, including sending of "junk mail" or other advertising material to individuals who did not specifically request such material (email spam).
  9. Acquisition and/or use of cloud–based and third party ICT services without approval from eSolutions.
  10. Effecting security incident(s) in a manner that negatively impacts Deakin University or its staff, students or associates. Providing information about, or lists of, Deakin ICT users to parties outside Deakin.

Exemptions

(26) Any exemptions to the Information and Communications Technology Acceptable Use policy and this Procedure must be approved by the Chief Digital Officer or nominee. When determining an exemption, the Chief Digital Officer or nominee will consider whether the proposed use is necessary to undertake legitimate job responsibilities.

Breaches

(27) ICT users must immediately report any suspected breach of the Information and Communications Technology Acceptable Use policyInformation and Communications Technology Security policy and this Procedure to the eSolutions Service Desk.

(28) Where there is an allegation of non-compliance and the Chief Digital Officer considers it necessary to act immediately to prevent the business of the University from being disrupted, the Chief Digital Officer may:

  1. remove or disable access to an ICT Facility or Service or data stored on said facility
  2. restrict or remove an ICT User's access to the University's ICT facilities, services and materials pending further investigation, disciplinary and/or judicial action.

(29) The Chief Digital Officer will inform the ICT User of any action in writing within ten (10) working days of the action being taken.

Top of Page

Section 6 - Definitions

(30) For the purpose of this Procedure:

  1. Data: individual facts or items of content, including symbolic representations that may form the basis of information (e.g. a date, a name, a number).
  2. File Share: centrally provided disk space for organisational units, projects and other groups to facilitate storage, sharing and protection of electronic material associated with work activities.
  3. Information: as defined in the Information and Communications Technology Acceptable Use policy.
  4. Information and Communication Technology (ICT) Facilities, Services and Materials: as defined in the Information and Communications Technology Acceptable Use policy.
  5. Information and Communications Technology (ICT) User: as defined in the Information and Communications Technology Acceptable Use policy.
  6. Spam: Spam is unsolicited (unwanted) digital communication often in the form of emails that typically attempts to sell you something. The spammer has no intention of spreading malware or stealing sensitive information which is what happens in the case of phishing. Further information can be found in the Cybersecurity blog.