1. Purpose of policy
This policy sets out what is acceptable use of USC’s Information and Communication Technology (ICT) resources, and the University’s expectations of all users (‘clients’), in respect to:
- the provision of resources;
- access to resources;
- ethical, responsible and legal use of resources; and
- privacy and confidentiality when using resources.
It also addresses the implications for breaches of this policy.
2. Policy scope and application
This policy applies to all ‘clients’ of University ICT resources.
It is the individual responsibility of each client of the University’s ICT resources to comply with this policy and associated procedures, as a condition of such access.
Clients’ personal use of University-provided ICT services, facilities and devices including where Clients’ personal devices are used to access University email/Wi-Fi etc., is in scope.
Please refer to the University’s Glossary of Terms for policies and procedures. Terms and definitions identified below are specific to these procedures and are critical to its effectiveness:
Clients includes Staff, Student or Affiliates who, based on their relationship with the University, need access granted to University ICT resources.
Staff are defined as individuals who hold an active employment contract with the university and are present in the University’s Human Resources and Payroll System.
A Student is defined as an individual who is currently enrolled in a program at USC. However, where explicitly stated, student may include an applicant to USC, a student on a leave of absence, or a former student (alumni) who has completed their program and are present in the University’s Student Information System.
An Affiliate is defined as an individual who has a bona fide relationship with the University for which approval has been gained to offer access to various ICT resources. This may include adjunct or visiting appointees, volunteers, contractors and consultants.
ICT Resources includes a range of information and communication technology hardware, software and services that may be owned, contracted, licensed, managed or otherwise facilitated by USC for use by the University and its authorised clients.
4. Provision of resources
4.1 The University provides significant ICT resources to support the University's academic programs, research endeavours, community engagement and administrative services.
4.2 The integrity and the security of the University’s ICT resources are of critical importance to USC’s business continuity and reputation. As such, all resources are managed in accordance with appropriate ICT and organisational standards.
4.3 Unauthorised access to, or interference with, ICT resources may jeopardise the University and is strictly forbidden. This includes the installation of unauthorised software and/or hardware onto USC networks or systems, or use of unauthorised games, or other content unrelated to legitimate University purposes via the USC network.
4.4 Staff should use the designated University email system in the course of sending and receiving any communications related to University business and must not use private email accounts for any University related purposes.
4.5 Cost centres are responsible for staff use of telephone services. Service costs will be charged to cost centres to ensure financial responsibility.
5. Authorised access to resources
5.1 The relevant University organisational unit shall determine who has access to ICT resources.
5.2 Clients are responsible for their own accounts and are permitted to access only those resources for which they have been authorised. No client should ever allow any other person to use their password or login to access any system.
5.3 No client shall, under any circumstances, take any action that would or might lead to circumventing or compromising security of USC’s ICT resources.
5.4 The University takes a centralised approach to software asset management. The University will only use a genuine copy of legally acquired software that is configured and used in accordance with the licence terms and conditions as set out by the copyright holder. The making or use of unauthorised or illegal software copies is prohibited.
5.5 The University deploys a Managed Operating Environment (MOE) to all client computing systems in the designated environment to deliver a stable, supportable and secure platform for University related activity. The Director, Information Technology is responsible for the signing of software licence agreements, development and implementation of controls, procedures and standards to implement this centrally. Exceptions to the MOE and permission to self-install software are subject to approval by the Cost Centre Manager and the Director, Information Technology.
6. Ethical conduct and responsible use
6.1 Expectations of acceptable use of ICT resources are based on the ethical principles set out in the Staff Code of Conduct - Governing Policy and the Student Conduct - Governing Policy, and with reference to the USC Student Charter. Staff, students and affiliates are expected to exercise responsibility; use resources appropriately and efficiently; respect the rights and privacy of others; and operate within the laws of the State and Commonwealth, and the policies and procedures of the University.
6.2 Clients are expected to demonstrate respect towards all persons. Behaviours such as defamation, discrimination, vilification, bullying and harassment are not only inconsistent with University policies and procedures but may also result in legal action. Clients found to be intentionally accessing, downloading, storing or distributing pornography will be subject to disciplinary action for serious misconduct.
6.3 Clients must respect the laws in relation to copyright and moral rights of authors/creators of literary, dramatic, artistic and musical works and all audio-visual media. Clients should familiarise themselves with the principles of the Intellectual Property – Governing Policy and Copyright – Governing Policy, and avoid using ICT resources to use, obtain or distribute copyright content without permission.
6.4 Clients should limit personal use of ICT resources to incidental, infrequent and brief and should avoid conflicts of interest.
7. Information privacy and confidentiality
7.1 Staff of the University, which is constituted under an act of state parliament, are bound by the Public Sector Ethics Act 1994 (Qld). As such, staff should have no expectation that their USC email accounts or web-browsing activities, or similar, are personal or private. Staff should be aware that all use of ICT resources may be monitored and recorded and may take appropriate actions if misuse of these resources is identified.
7.2 Clients who have authorised access to systems and data containing personal information about staff, students, or other individuals (including, but not limited to, research subjects and patients), or confidential information of the University, must maintain the confidentiality of the information to which they have access in accordance with the Information Privacy Act 2009 (Qld), the Privacy Act 1988 (Cth), University policies and procedures, and where relevant contractual obligations.
8. Compliance and Monitoring
8.1 The University reserves the right to monitor aspects of its information systems and network usage.
8.2 Any breaches of this policy, by any individual, should be brought to the immediate attention of the Director, Information Technology Services. This includes data breaches, even if inadvertent or accidental, which involve unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information, as this may need to be notified to affected individuals and relevant authorities.
8.3 Breaches of this policy may be referred for investigation as possible misconduct or serious misconduct under relevant University policies and procedures, including the Staff Code of Conduct – Governing Policy, and the Student Conduct - Governing Policy.
8.4 The University reserves the right to restrict access by a client when faced with evidence of a breach of University policies and/or law.
8.5 Where required by law, the University will refer any potential breach to the relevant law enforcement authority and will report any potential breach which may amount to corrupt conduct to the Queensland Crime and Corruption Commission.