(1) Charles Sturt University (the University) provides an extensive range of computing and communication facilities for use by staff, students and other authorised users. (2) The conditions and obligations associated with authorised use of the University's computing and communication facilities are set out in this Policy. (3) The objectives of this Policy are to: (4) This Policy applies to all authorised users of the University's computing and communications facilities, irrespective of the Division, Faculty or other unit providing the facilities, and whether the facilities are located on a campus or site of the University or elsewhere. (5) This Policy shall operate in conjunction with: (6) For the purpose of this Policy: (7) The maintenance and enhancement of the security and integrity of the University's computing and communication network is essential to fulfilment of the University's mission and corporate obligations and responsibilities. (8) The University reserves the right to implement all appropriate measures to manage its computing and communication facilities in an efficient and effective manner and to maintain and enhance the security of its computing and communications network. (9) In particular, the Executive Director, Division of Information Technology (or nominee) is authorised to develop and implement procedures and technologies to: (10) The University shall make available a range of computing and communication facilities to employees, students and other authorised users. The University accepts no responsibility for any damage to or loss of data arising directly or indirectly from use of these facilities or for any consequential loss or damage. The University makes no warranty, express or implied, regarding the computing and communication facilities offered, or their fitness for any particular purpose. (11) Whilst reasonable care is taken, the University cannot guarantee the confidentiality of any data stored on any University computer system or transmitted through any network. (12) The University's liability in the event of any loss or damage shall be limited to any fees and charges paid to the University for the use of the computing facilities that resulted in the loss or damage. (13) The use of any University computer or communications facility to make, send or store fraudulent, unlawful, harassing or abusive calls or messages is prohibited. (14) The use of any University computer or communications facility that impedes the efficient and effective operation of such facilities is prohibited (e.g. unauthorised bulk, spam or all user e-mails). (15) An authorised user shall not use any University computer or communications facility to access, transfer, publish, display, circulate or store prohibited material, messages or data as defined in clause 6e of this Policy. (16) The prohibitions contained within clause 15 shall not apply where an authorised user is engaged in a responsible and honest search for a valid academic or research purpose. (17) The University reserves the right to audit and remove without notice any fraudulent, unlawful or prohibited data or material from its computing or communications facilities. (18) An employee, student or other authorised user who receives any threatening, intimidating or harassing telephone call or electronic message should report the incident to the Executive Director, Division of Information Technology (or nominee) in the first instance. (19) An employee, student or other authorised user who becomes aware of a breach of this Policy should report the matter to the Executive Director, Division of Information Technology (or nominee) in the first instance. (20) An authorised user shall: (21) The provisions of clause 20(a-e) shall not apply: (22) Where an authorised user becomes aware that the security of their logon identification has been breached, the matter should be reported without delay in the first instance to the Executive Director, Division of Information Technology (or nominee). (23) An authorised user shall not infringe the University's security system or use University computing or communications facilities to breach the security of systems accessible via the networks provided by the University. (24) An authorised user shall not introduce virus software or any other software or technology designed to disrupt, corrupt or destroy programs and/or data, or sabotage the University's computing and communication facilities. (25) An authorised user shall not, without the written authorisation of the Executive Director, Division of Information Technology: (26) The provisions of clause 25(a-d) shall not apply where an authorised user is required to carry out any of these acts in the performance of duties directly related to their work or, in the case of students, to their academic program. (27) Distribution of bulk (spam) e-mail messages (all system users' e-mail) on the University's e-mail system by an authorised user requires the authorisation of the Vice-Chancellor or relevant Executive Director (or nominee), and shall only be permitted in situations where the existing University-wide information services are considered to be inappropriate or inadequate. (28) An authorised user shall be personally responsible for complying with relevant provisions of the Copyright Act 1968 (Cth), as amended, particularly as it relates to the copying and communication of computer software and other copyright material on the Internet. (29) An authorised user should consult the University's copyright web page for further information concerning copyright restrictions and obligations or contact their campus library. (30) Authorised users must be aware that the confidentiality of electronic communications cannot be assured and that all data or messages transmitted by electronic communication facilities are capable of being intercepted, traced or recorded by others. (31) The University reserves the right to monitor and audit the use by authorised users of the University computing and communication network and facilities and conduct an investigation where it has reasonable grounds that a breach of this Policy has occurred. (32) An investigation may include (but not be limited to) investigations into: (33) Investigations are conducted after receiving the permission of the Executive Director, Division of Information Technology (or nominee), and take into account privacy implications and with direction to the underlying reason for the investigative audit. (34) The University reserves the right to permit a staff member to access potentially personal and/or confidential information in the following circumstances: (35) In addition to the conditions and privileges of use set out in Parts A, B and C of this Policy, all employees shall ensure that: (36) A employee shall not: (37) The University aims to enhance the quality of the working life of its employees and to retain skilled and experienced employees by providing flexibility in employment practices and work arrangements. Consequently, the University will allow, as a privilege, reasonable use of University computing and communications facilities for personal purposes where such use has no negative impact on the performance of that employee in the performance of their duties or adverse impact on the University information technology facilities. (38) An employee shall not use University computing and communications facilities for any purpose that is questionable, controversial or offensive, specifically including, but not limited to: (39) The prohibitions contained in clause 38 c, d and e shall not apply where an employee is required to carry out such activities in the performance of his or her official duties. (40) Where a manager or supervisor has reasonable grounds to believe that an employee is in breach of these conditions they may request an investigation into such access and if proven valid may revoke these privileges. (41) In circumstances where upon investigation, it has been found that the use of Computing and Communications facilities for personal use has been excessive, the University may request compensation for such access. (42) The Dean or Executive Director may authorise the allocation to an employee of a University owned mobile telephone in the following circumstances: (43) The University Mobile Phone Use Policy sets out the delegations and procedures for the acquisition of a University owned mobile telephone by an employee. In addition to the provisions of the University's Mobile Phone Use Policy, an employee who has acquired a University owned mobile telephone shall: (44) Employees must be aware that the confidentiality of electronic communications cannot be assured and that: (45) An employee shall familiarise him or herself with: (46) An employee shall be required to comply with relevant statutory requirements, including the provisions of the Privacy and Personal Information Protection Act 1998 (NSW) and the University's Privacy Management Plan. (47) An employee shall not breach obligations that relate to the protection of confidential or sensitive information and information deemed to be "personal information" by the Privacy and Personal Information Protection Act 1998 (NSW). (48) All electronic business communications are official University records and subject to the same standards of record keeping that apply to "paper" records. (49) An employee shall familiarise him or herself with all individual and institutional responsibilities that relate to his or her job and to applicable record keeping standards. (50) An employee shall not breach obligations that relate to applicable standards of record keeping. (51) In addition to the conditions of use set out in Parts A, B and C of this Policy, all students shall be accountable for the particular obligations as set out in Part E of this Policy. (52) A student shall not: (53) In addition to the conditions of use set out in Parts A, B and C of this Policy, all 'other' authorised users other than employees and students shall be accountable for the particular obligations as set out in Part F of this Policy. (54) Subject to the provisions of clause 55, 'other' authorised users shall only use University computing and communication facilities: (55) An 'other' authorised user shall not: (56) An employee who is alleged to have breached the provisions of this Policy may be subject to disciplinary action under the applicable industrial award or agreement. (57) In accordance with the provisions of the applicable industrial award or agreement, an employee who is found to have breached the provisions of this Policy may be subject to one of the following actions: (58) Where the Executive Director, Division of Information Technology (or nominee) is of the opinion that a student has breached the provisions of this Policy or that the breach may amount to misconduct, the Executive Director, Division of Information Technology (or nominee) may suspend the student's access to University computing and communication facilities for a period of up to two weeks pending investigation under the provisions of the Student Misconduct Rule 2020. (59) The Executive Director, Division of Information Technology (or nominee) may exercise the authority granted under clause 58 more than once. (60) Any authorised user, other than an employee or student of the University, who is found by the Vice-Chancellor (or nominee) to have breached the provisions of this Policy may be subject to: (61) The University may report any breach of this Policy that may require investigation to the police or any other appropriate authority external to the University. (62) Nil. (63) Nil.Computing and Communications Facilities Use Policy
Section 1 - Purpose
Scope
References
Top of PageSection 2 - Glossary
Top of Page
Section 3 - Policy
Part A - Network Security
Part B - Disclaimer
Part C - Provisions For Use By All Authorised Users
Prohibited Use of Computer and Communication Devices
Login Identification
Security
Spam and Bulk E-mail Messages
Copyright
Confidentiality
Part D - Obligations of Employees
Obligations
Private Use of Charles Sturt University (the University) Computing and Communications Facilities
Mobile Phones Used for Official Purposes
Confidentiality and Privacy
Record Keeping
Part E - Obligations of Students
Part F - Obligations of Authorised Users Other Than Employees and Students
Part G - Breach of Policy
Employees
Students
All Authorised Users Other Than Employees or Students
Reporting of Breach
Section 4 - Procedures
Section 5 - Guidelines
View Current
This is the current version of this document. You can provide feedback on this policy to the document author - refer to the Status and Details on the document's navigation bar.