Document Comments

Bulletin Board - Review and Comment

Step 1 of 4: Provide comments and feedback

How to make a comment

1. Use the Protected Document to open a comment box for a specific section, part, heading or clause.

2. Enter your feedback into the comment box and click ‘save comment’.

3. There is an opportunity to leave general comments and feedback on the second page.

4. Complete all three pages – make sure you ‘save and continue’ and ‘finalise submission’ before leaving the bulletin board.

5. You will be emailed a pdf copy of your comments. If you don’t receive this, your comments may not have saved correctly.

 

 

Important Information

The following tips will help to avoid losing your comments or corrupting your entries:

  1. Sessions may time out, so submit multiple responses instead of trying to complete a long document in one session. 

  2. Avoid jumping between web pages/applications while logging comments.

  3. Log comments for one document at a time. Complete and submit all comments for one document before commenting on another.

  4. Use paste as plain text in the comment boxes if you need to copy and paste from another source (e.g. Word, email or other web content). 

  5. You can’t save your progress, so if you need to stop, submit your current set of comments. The system will email you a copy of your comments so you can identify where you were up to and add to them later.

  6. Complete all three stages and ‘finalise submission’ before leaving the bulletin board. 

 

Information Technology Procedure - Acceptable Use and Access

Section 1 - Purpose

(1) This procedure supports the Information Technology Policy and sets out detailed information and requirements to:

  1. facilitate the efficient, effective, responsible and lawful use of the University's information and communication (ICT) resources
  2. safeguard the interests of the University and all authorised users of its ICT resources
  3. provide guidelines and instructions to authorised users in the appropriate use of the University's ICT resources.

Scope

(2) This procedure applies to all authorised users and ICT resources, as defined in the Information Technology Policy.

Top of Page

Section 2 - Policy

(3) See the Information Technology Policy

Top of Page

Section 3 - Procedure

Part A - Providing access to ICT resources

(4) The University provides secure access to ICT services and resources for all students, staff and other authorised users, for the purpose of pursuing and advancing its object and functions.

(5) Secure access to electronic information and communication services is available to University staff during periods of authorised access from University managed locations and managed devices.

(6) Secure access to electronic information and systems implemented to provide and progress a student's study and interactions with the University is available continuously to students during periods of authorised access from University managed locations.

(7) Additional access via remote access platforms is provided for staff and students, and is delivered via highly available infrastructure that limits unplanned outages to those required for essential maintenance only.  

(8) University ICT resources:

  1. are reviewed and monitored to ensure proper functioning
  2. remain the property of the University at all times. 

(9) The University reserves the right to recover or otherwise protect University ICT resources, including University hardware, communications devices, storage media, data, information, and records.

(10) The University accepts no responsibility for any damage to or loss of data arising directly or indirectly from use of ICT resources or for any consequential loss or damage.

(11) Authorised users will be provided with a unique username and password to enable access to University ICT systems and facilities. These will be provided:

  1. for employees, once the acceptance of employment offer and/or other appointment documentation has been received by the University and entered into the Division of People and Culture's human resource management system
  2. for new students, at the point of accepting their offer
  3. for visitors (temporary staff, contractors, consultants, etc), when a temporary access account is created.

(12) Authorised users will be provided with other information and guidance to ensure they are aware of the conduct expected of them when using University ICT resources in alignment with relevant industry standards.

(13) An authorised user’s access will be removed after their enrolment, employment or engagement with the University has ended.

Part B - Acceptable use

Obligations

(14) Authorised users must:

  1. only use University ICT resources for activities related to the functions and objects of the University, or as otherwise allowed by this procedure
  2. take every reasonable precaution to secure their University login identification across all devices (including personal devices)
  3. comply with state and Commonwealth legislation, University policies and other directives that may be issued by the University regarding the use of ICT resources from time to time
  4. only use AI tools in ways that adhere to the S.E.C.U.R.E. GenAI Use Framework for Staff and Statements of Principles of the use of Artificial Intelligence.
  5. take reasonable care to prevent damage, loss,  theft, or unauthorised access and use of University ICT resources
  6. co-operate and participate in the appropriate use of University ICT resources
  7. complete the mandatory training within the first month of employment and annual recertification when required (supervisors and managers are responsible for providing all other IT induction and training required by employees in their organisational units)
  8. report ICT incidents to SX Service Centre (students) or the IT Service Desk (all other authorised users) including:
    1. damaged, lost or stolen University ICT resources
    2. suspected or known data security breaches
    3. any threats, intimidation or harassment received through University ICT resources
    4. any other known breaches of this procedure (see also the Compliance Management Procedure regarding identifying and reporting compliance breaches).

Prohibited use

(15) Subject to clause 16, authorised users must not:

  1. obtain or attempt to obtain a higher than authorised level of privilege on any University ICT resource
  2. abuse, remove or tamper with any University ICT resources
  3. introduce viruses or any other software or technology designed to disrupt, corrupt or destroy University programs and/or data
  4. introduce or use unapproved software
  5. attempt to breach University system security
  6. dispose of or remove from the University’s control any University ICT resources, including University data, information or records, without appropriate approval
  7. access, examine, copy, rename, change, disclose or delete programs, files, messages, data, information, records or hardware belonging to the University or any other authorised users
  8. access, alter, disclose or expose personal or health information held by the University without appropriate authorisation
  9. alter any restrictions associated with any University computer system, computer account, network system, personal computer software protection or any other University ICT resources
  10. remove, deface or corrupt notices placed by University staff regarding the use of University ICT resources
  11. disclose their University password or other authentication credentials to any other parties, or otherwise allow other parties access to any ICT resources via their authentication credentials 
  12. use or attempt to discover the password or other authentication credentials of another user
  13. use the University's ICT resources for any non-University business activities or personal gain, subject to the personal use provisions of this procedure
  14. use University ICT resources to engage in illegal activities, including but not limited to making, sending or storing fraudulent, unlawful, harassing or abusive calls or messages
  15. impede the efficient and effective operation of University ICT resources (e.g. unauthorised bulk, spam, phishing or all user e-mails)
  16. access, transfer, publish, display, circulate or store prohibited material, messages or data that contravenes University rules, policies, procedures and/or guidelines
  17. store University data in an unauthorised storage area, service or location, including cloud storage, USB, or other personal storage devices
  18. illegally store, transfer or reproduce copyrighted material or otherwise infringe another party’s intellectual property, copyright or moral rights
  19. configure email rules that automatically forward received emails to external recipients.

(16) Subject to appropriate delegated approval, the provisions of clause 15 may be waived where an authorised user is required to carry out any of these acts in the performance of duties directly related to their work or, in the case of students, to their academic program.

Personal use of ICT resources

(17) The University will allow employees reasonable personal use of ICT resources, with the exception of activities prohibited under clause 15, where such use has no negative impact on the employee in the performance of their duties or adverse impact on the University ICT resources.

(18) Current students may use University ICT resources for personal use, with the exception of activities prohibited under clause 15, in accordance with this procedure.

Breach of acceptable use

(19) The University will monitor and audit the use of ICT resources.

(20) As per the Surveillance Procedure, the University will not prevent or block emails or internet access of any authorised user except as permitted under the Workplace Surveillance Act s 17, this procedure, or other University policy. The University is not obliged to notify a worker that it has prevented delivery of an email if:

  1. the email was a commercial electronic message, within the meaning of the Spam Act 2003 (Cth) 
  2. the content or attachments of the email would or might result in unauthorised interference with, damage to or operations of a network or ICT resource (including any program run or data stored on any ICT resource) 
  3. the University regards the content of the email, including any attachment(s), as menacing, harassing or offensive 
  4. the sender of the email has been identified as having previously sent malicious content to the organisation 
  5. the University is not aware (and cannot reasonably be expected to be aware) of whether a worker has sent that email or of the identity of the employee who has sent that email. 

(21) All authorised users must report breaches of this procedure.

(22) The Chief Operating Officer may authorise an investigation where there are reasonable grounds to suspect that a breach of this procedure has occurred, on the recommendation of relevant University officers (including but not limited to the Chief Information and Digital Officer (or nominee), Director, Security and Resilience (CSO), General Counsel, the University’s public interest disclosure officer (under the Public Interest Disclosure (Whistleblowing) Policy) and/or the University’s privacy officer (under the Privacy Management Plan).

(23) Subject to the authorities to access information under Delegation Schedule A - Governance and Legal, an investigation may include (but not be limited to):

  1. email use
  2. internet use
  3. storage of data on ICT resources
  4. storage of data
  5. telephone and mobile device usage.

(24) Authorised user accounts and access to ICT resources (in full or in part) may be suspended while a potential, suspected or actual breach of the ICT Policy or related procedures is investigated (as per Delegation Schedule D - Facilities and Information Technology).

(25) Misuse of University ICT resources and/or failure to comply with the ICT policy or related procedures may result in:

  1. for students, the action being reported as general misconduct for action under the Student Misconduct Rule 2020
  2. for staff, the action being deemed a breach of the Code of Conduct and subject to any sanctions under that
  3. for other authorised users, suspension or termination of their access to University ICT resources and other actions in accordance with any contracts or agreed terms of use
  4. legal or criminal proceedings.

(26) Notwithstanding clause 25, the University will report illegal activity to police or any other appropriate authority external to the University.

Part C - ICT support and training

(27) The Division of Information Technology will provide the following core information technology services at the desktop of University employees:

  1. IT Service Desk for help and support
  2. training modules
  3. access to the internet
  4. online access to the University's academic and administrative information and services
  5. standard suite of category one software, including MS Office and web browser.

(28) Requests for non-core services must be submitted to the division by an organisational unit manager and approved by the Chief Information and Digital Officer.

Top of Page

Section 4 - Guidelines

(29) Nil.

Top of Page

Section 5 - Glossary

(30) For the purpose of this procedure:

  1. Authorised User - includes:
    1. staff
    2. students - persons enrolled in a course or subject
    3. persons who are affiliated or associated with the University who are granted a temporary access account and provided with authentication credentials. Examples include: 
      1. research associates
      2. community groups  
      3. vendors and contractors
      4. board members
      5. visiting fellows
    4. eduroam users from other educational institutions.
  2. Bring your own device (BYOD) - non-University equipment (such as laptops, smartphones, tablets and similar devices) that connect to the University's network.
  3. Confidential and sensitive material – as defined in the Information Classification and Handling Procedure.
  4. Phishing – attempting to acquire information such as usernames, passwords and credit card details by sending an email that appears to be from a legitimate business, organisation or individual.
  5. Prohibited material – as defined within relevant Commonwealth and State legislation including, but not limited to:
    1. descriptions or depictions, expressly or otherwise of matters of sex, drug misuse or addiction, crime, cruelty, gambling, violence or revolting or abhorrent phenomena in such a way that they offend against the standards of decency and propriety generally accepted by reasonable adults
    2. describes or depicts a minor who is, or who appears to be, under 16 years of age, whether the minor is engaged in sexual activity or not, in a way that is likely to cause offence to a reasonable adult, promotes, incites or instructs in matters of crime or violence
    3. discriminates against, harasses or vilifies any member of the public on the grounds of sex characteristics, gender identity, pregnancy, age, race, nationality, descent or ethnic background, religious background, marital status, disability, medical conditions, sexual orientation
    4. defames or could be reasonably anticipated to defame, any person, institution or company.
  6. Personal information - as defined in the Privacy Management Plan.