Precis | Print Friendly
Adding Bookmark..........
Responsible Officer: Chief Digital Officer
Implementation Officer: Executive Director, Information Technology

First approved by:
Vice-President (Administration) on 20 April 2005

Amendments approved by:
Vice-Chancellor on 10 October 2006
(amendments relating to introduction of
Copyright Infringement Take-down procedure);

Vice-Chancellor on 1 February 2007
(amended to clarify paragraphs 5.5 to 7.2;
and to introduce Filtering section);

Vice-Chancellor on 21 July 2007
(new section on password security);

Vice-Chancellor on 17 October 2008
(revised as part of Policy Review Project);

Vice-Chancellor on 5 May 2011
(revised sections on monitoring and
auditing and managing communication);

Vice-Chancellor on 15 November 2011
(amendments to Chief Operating Officer
responsibilities);

Vice-Chancellor on 4 June 2013
(replaces the existing clause 10);

Policy Manager on 14 March 2014
(admin. changes only
- Deakin eSolutions
- Executive Director, Information Technology
- Chief Digital Officer
- IT Security Manager)



Information and Communications Technology Use Procedure


This procedure was approved by the Vice-Chancellor on 20 April 2005 and incorporates all amendments to 14 March 2014.
This document is pursuant to the Information and Communications Technology Use Policy.
DEFINITIONS

Data: individual facts or items of content, including symbolic representations that may form the basis of information (e.g. a date, a name, a number).

Information: a collection of data in any form, which may be transmitted, manipulated, and stored, and to which a meaning has been attributed. Information may include, but is not limited to: a written document, an electronic document, a webpage, an email, a spreadsheet, a photograph, a database, a drawing, a plan, a video, an audio recording, a label or anything whatsoever on which is marked any words, figures, letters or symbols which are capable of carrying a definite meaning to anyone.

Information and Communication Technology (ICT) Facilities: as defined in the Information and Communications Technology Use Policy.

Information and Communication Technology (ICT) Services and Materials: as defined in the Information and Communications Technology Use Policy.

Information and Communication Technology (ICT) User: as defined in the Information and Communications Technology Use Policy.

PROCEDURE

Monitoring and Access

1Authorised staff members will undertake routine monitoring of Information and Communications Technology (ICT) facilities, services and materials in the normal course of their duties to facilitate efficient operation and management, including to:
  • protect the integrity and security of the system
  • check network traffic and detect intrusions
  • audit the ICT assets of the University
  • aggregate activity and usage patterns
  • investigate and repair system malfunctions
2Authorised Deakin eSolutions staff members can action a request to repair or restore an individual ICT user’s own data, as long as appropriate identification is provided by the ICT user.
3Authorised Deakin eSolutions staff members can action a request by an information owner, or nominee, to repair or restore corporate data managed by their business area.
4Staff members may request monitoring or access that may involve inspection of another person’s personal information and identifying data, in accordance with clause 5, only in the following circumstances:
  • where access is necessary to prevent the business of the University being obstructed or delayed by the unavailability of an ICT user, subject to clause 8
  • to investigate a breach or suspected breach of legislation or Deakin University policy
5All requests to monitor or access another ICT user’s data must be made in writing to the Executive Director, Information Technology setting out the reason(s) for making the request.
5.1Where the Executive Director, Information Technology endorses the request, he or she will authorise a staff member to action the request with or without notice to the ICT user whose data is to be monitored or accessed.
5.2Where the Executive Director, Information Technology does not endorse the request, he or she will notify the requestor in writing specifying the reason for rejection.
6Authorised staff members will only monitor or otherwise access an ICT user’s data in the above circumstances.
7The Executive Director, Information Technology will provide the results from the monitoring or access request only to the person who made the request and these results will be used by that person only in connection with the reason(s) for the request.
Absence of Staff Members
8During any foreseen absence from the University, all staff members must ensure that data and information required to conduct the business of the University are accessible and that notification facilities, such as telephone and email out-of-office messages, are in place. In the event of unplanned leave, if practical the staff member should put such notifications in place from home or by contacting the IT Service Desk.
9Failure to act in accordance with clause 8 may result in the staff member’s manager making a request to put notification facilities in place or to access the staff member’s data, to prevent the business of the University being obstructed or delayed, using the following process.
9.1The staff member’s manager will attempt to contact the staff member and reach agreement about reasonable alternative arrangements.
9.2If the staff member is not able to be contacted and/or reasonable alternative arrangements cannot be agreed upon, the manager will advise the head of the relevant organisational area.
9.3The head of the organisational area must first be satisfied that reasonable efforts have been made to agree upon alternative arrangements and that the business of the University will be obstructed or delayed by the lack of access to the staff member’s data. If satisfied, he or she will make a request for the accessing of the data, pursuant to clause 5.
9.4The manager must access the data on a need-to-know basis only, and will access only that data necessary to conduct the business of the University. The manager must keep a record of all data accessed and provide this to the staff member as soon as possible.
Managing Communication
10All staff members will include an appropriate Deakin University email signature on electronic and online communications sent from a Deakin University email account. A Deakin University email signature consists of identification of the sender and a confidentiality notice and must include the sender's name, position, organisational unit (e.g. School and Faculty, or Administrative Unit), campus, contact details (telephone, email), Deakin University website homepage address and Deakin University CRICOS code. The sender may include their mobile phone number and workdays. A Deakin University email signature may include promotion of Deakin University-sponsored activities but must not include unauthorised information about external affiliations or activities, special interest groups, trades union information, or personal views. Any addition or variation to the content of the staff signature must be authorised by the Executive Director, Information Technology.
11Staff members must not automatically forward the entire contents of their mailbox, voicemail or other communications accounts to another ICT user. However, automatic forwarding may be used for a generic user account (e.g, itsd-director@deakin.edu.au) and for filtered email that contains no personal information.
12ICT users must be aware that electronic communications sent by them may be manually forwarded on and should compose communications accordingly. ICT users who do forward others’ communications on should use their judgment as to what is appropriate in each circumstance.
Filtering
13The Executive Director, Information Technology may deny or restrict ICT users’ access to internet sites that he or she reasonably considers to contain inappropriate content.
Breaches
14ICT users must immediately report any suspected or perceived breach of the Information and Communications Technology Use Policy or legislation to the Executive Director, Information Technology.
15The Executive Director, Information Technology may deny or restrict an ICT user’s access to the University’s ICT facilities, services and materials, and/or remove or disable access to potentially offensive material, as a result of violations of the Information and Communications Technology Use Policy, pending further investigation, disciplinary and/or judicial action.
15.1In relation to electronic and online communication material, including email, ICT users may be subject to the laws of the jurisdiction in which the communication material is received or from which it is sent.
16If the Executive Director, Information Technology is satisfied, based on investigations made pursuant to clause 4 point 2, that a violation of policy and/or law has occurred, the Executive Director, Information Technology will:
  • deal with violations by students in accordance with Regulation 4.1(1) General Misconduct and in so doing will consult the student’s Pro Vice-Chancellor and the head of any organisational area whose services are involved
  • deal with violations by staff members by either referring the violation to the Executive Director, Human Resources Division, who may deal with the matter under the University's Staff Discipline Policy, and/or require the staff member to reimburse or pay any costs associated with the staff member’s unauthorised use of any ICT facilities, services or materials
  • deal with violations by other ICT users by referring the violation to the University Solicitor’s Office
17The Executive Director, Information Technology will inform the ICT user of the decision in writing within 5 working days of the decision being made.
Limitation of Liability
18The University takes no responsibility for personal use of the University’s ICT facilities, services and materials.
19The University takes no responsibility for non-delivery or loss of any electronic or online communication or any attachment and will not be liable for any loss, including indirect or consequential loss, as a result of the use of the University’s ICT facilities, services and materials.
20While the University will endeavour to ensure the secure transmission of electronic or online communications, it does not guarantee the ability to deliver electronic or online communications to their ultimate destination.
ASSOCIATED INFORMATION

Code of Conduct
Copyright Procedure
Discrimination or Sexual Harassment Complaints by Staff Members and Associates Procedure
Equity and Diversity Policy
Information and Records Management Policy
Information Technology Service Provision Policy
Information and Communications Technology Security Policy
Privacy Policy
Staff Discipline Policy
Workplace Bullying Policy

RESPONSIBLE OFFICER

The Chief Digital Officer is responsible for the development, compliance monitoring and review of this procedure.

IMPLEMENTATION OFFICER

The Executive Director, Information Technology is responsible for the promulgation and implementation of this procedure throughout the University.



Printed copies of this document may not be current. Please refer to The Guide for the most recent version.
Deakin University 2015