Information and Communications Technology Use Procedure

This is the current version of this document. You can provide feedback on this policy to the document author - refer to the Status and Details on the pale grey navigation bar above.

Section 1 - Preamble

(1) This Procedure was approved by the Vice-Chancellor on 20 April 2005 and incorporates all amendments to 30 April 2015.

(2) This Procedure is pursuant to the Information and Communications Technology Use Policy.

Section 2 - Purpose

(3) This procedure documents the requirements and conditions that the users of the university's ICT facilities need to comply with.

Section 3 - Scope

(4) The procedure applies throughout the university.

Section 4 - Policy

(5) Refer to the Information and Communications Technology Use Policy.

Section 5 - Procedure

Monitoring and access

(6) Authorised staff members will undertake routine monitoring of Information and Communications Technology (ICT) facilities, services and materials in the normal course of their duties to facilitate efficient operation and management, including to:

  1. protect the integrity and security of the system
  2. check network traffic and detect intrusions
  3. audit the ICT assets of the University
  4. aggregate activity and usage patterns
  5. investigate and repair system malfunctions

(7) Authorised Deakin Division of eSolutions staff members can action a request to repair or restore an individual ICT user's own data, as long as appropriate identification is provided by the ICT user.

(8) Authorised Deakin Division of eSolutions staff members can action a request by an information owner, or nominee, to repair or restore corporate data managed by their business area.

(9) Staff members may request monitoring or access that may involve inspection of another person's personal information and identifying data, in accordance with clause 10, only in the following circumstances:

  1. where access is necessary to prevent the business of the University being obstructed or delayed by the unavailability of an ICT user, subject to clause 15
  2. to investigate a breach or suspected breach of legislation or Deakin University policy

(10) All requests to monitor or access another ICT user's data must be made in writing to the Chief Digital Officer, the Director, eArchitecture or Head of Information Security and Risk, eSolutions setting out the reason(s) for making the request.

(11) Where the Chief Digital Officer, the Director, eArchitecture or Head of Information Security and Risk, eSolutions endorses the request, he or she will authorise a staff member to action the request with or without notice to the ICT user whose data is to be monitored or accessed.

(12) Where the Chief Digital Officer, the Director, eArchitecture or Head of Information Security and Risk, eSolutions does not endorse the request, he or she will notify the requestor in writing specifying the reason for rejection.

(13) Authorised staff members will only monitor or otherwise access an ICT user's data in the above circumstances.

(14) The Chief Digital Officer, the Director, eArchitecture or Head of Information Security and Risk, eSolutions will provide the results from the monitoring or access request only to the person who made the request and these results will be used by that person only in connection with the reason(s) for the request.

Absence of staff members

(15) During any foreseen absence from the University, all staff members must ensure that data and information required to conduct the business of the University are accessible and that notification facilities, such as telephone and email out-of-office messages, are in place. In the event of unplanned leave, if practical the staff member should put such notifications in place from home or by contacting the IT Service Desk.

(16) Failure to act in accordance with clause 15 may result in the staff member's manager making a request to put notification facilities in place or to access the staff member's data, to prevent the business of the University being obstructed or delayed, using the following process.

(17) The staff member's manager will attempt to contact the staff member and reach agreement about reasonable alternative arrangements.

(18) If the staff member is not able to be contacted and/or reasonable alternative arrangements cannot be agreed upon, the manager will advise the head of the relevant organisational area.

(19) The head of the organisational area must first be satisfied that reasonable efforts have been made to agree upon alternative arrangements and that the business of the University will be obstructed or delayed by the lack of access to the staff member's data. If satisfied, he or she will make a request for the accessing of the data, pursuant to clause 10.

(20) The manager must access the data on a need-to-know basis only, and will access only that data necessary to conduct the business of the University. The manager must keep a record of all data accessed and provide this to the staff member as soon as possible.

Managing communication

(21) Staff members are required to use only their Deakin email accounts and Deakin resources when undertaking business transactions on behalf of Deakin University and not other and personal email addresses.

(22) Staff members must not automatically forward the entire contents of their mailbox, voicemail or other communications accounts to another ICT user. However, automatic forwarding may be used for a generic user account (e.g. ocdo@deakin.edu.au) and for filtered email that contains no personal information.

(23) ICT users must be aware that electronic communications sent by them may be manually forwarded on and should compose communications accordingly. ICT users who do forward others' communications on should use their judgment as to what is appropriate in each circumstance.

Filtering

(24) The Chief Digital Officer, the Director, eArchitecture or Head of Information Security and Risk, eSolutions may deny or restrict ICT users' access to internet sites that he or she reasonably considers to contain inappropriate content.

Breaches

(25) ICT users must immediately report any suspected or perceived breach of the Information and Communications Technology Use Policy or legislation to the Chief Digital Officer, the Director, eArchitecture or Head of Information Security and Risk, eSolutions

(26) The Chief Digital Officer, the Director, eArchitecture or Head of Information Security and Risk, eSolutions may deny or restrict an ICT user's access to the University's ICT facilities, services and materials, and/or remove or disable access to potentially offensive material, as a result of violations of the Information and Communications Technology Use Policy, pending further investigation, disciplinary and/or judicial action.

(27) In relation to electronic and online communication material, including email, ICT users may be subject to the laws of the jurisdiction in which the communication material is received or from which it is sent.

(28) If the Chief Digital Officer, the Director, eArchitecture or Head of Information Security and Risk, eSolutions is satisfied, based on investigations made pursuant to clause 9 point b, that a violation of policy and/or law has occurred, the Chief Digital Officer, the Director, eArchitecture or Head of Information Security and Risk, eSolutions will:

  1. deal with violations by students in accordance with Regulation 4.1(1) - General Misconduct and in so doing will consult the student's Pro Vice-Chancellor and the head of any organisational area whose services are involved
  2. deal with violations by staff members by either referring the violation to the Executive Director, Human Resources Division, who may deal with the matter under the University's Staff Discipline Policy, and/or require the staff member to reimburse or pay any costs associated with the staff member's unauthorised use of any ICT facilities, services or materials
  3. deal with violations by other ICT users by referring the violation to the University Solicitor's Office

(29) The Chief Digital Officer, the Director, eArchitecture or Head of Information Security and Risk, eSolutions will inform the ICT user of the decision in writing within five (5) working days of the decision being made.

Limitation of liability

(30) The University takes no responsibility for personal use of the University's ICT facilities, services and materials.

(31) The University takes no responsibility for non-delivery or loss of any electronic or online communication or any attachment and will not be liable for any loss, including indirect or consequential loss, as a result of the use of the University's ICT facilities, services and materials.

(32) While the University will endeavour to ensure the secure transmission of electronic or online communications, it does not guarantee the ability to deliver electronic or online communications to their ultimate destination.

Section 6 - Definitions

(33) For the purpose of this Procedure:

  1. Data: individual facts or items of content, including symbolic representations that may form the basis of information (e.g. a date, a name, a number).
  2. Information: a collection of data in any form, which may be transmitted, manipulated, and stored, and to which a meaning has been attributed. Information may include, but is not limited to: a written document, an electronic document, a webpage, an email, a spreadsheet, a photograph, a database, a drawing, a plan, a video, an audio recording, a label or anything whatsoever on which is marked any words, figures, letters or symbols which are capable of carrying a definite meaning to anyone.
  3. Information and Communication Technology (ICT) Facilities: as defined in the Information and Communications Technology Use Policy.
  4. Information and Communication Technology (ICT) Services and Materials: as defined in the Information and Communications Technology Use Policy.
  5. Information and Communication Technology (ICT) User: as defined in the Information and Communications Technology Use Policy.