James Cook University seeks to provide it’s Authorised Users with secure and timely access to Information Communication Technology (ICT) Services to facilitate learning and teaching, research and innovation, engagement and other functions of the University.
This Policy is intended to:
Authorised User - a person who has been provided with an Authentication Credential by the University to access University ICT Services. Various categories of users are documented in the ICT Acceptable Use Procedures.
Authentication Credential – user identification and password, username and passcode, PINs or other secret means used to gain access to University ICT Services.
Corrupt Conduct has the same meaning as in the Crime and Corruption Act 2001 (Qld).
Personal Information - information or an opinion, whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
Public Interest Disclosure means disclosure of information, as identified in the Public Interest Disclosure Act 2010 (Qld),by any person, including a Public Officer.
Public Officer has the same meaning as in the Public Interest Disclosure Act 2010 (Qld), and includes University employees.
University ICT Services - facilities and services provided to an authorised user including software, communication devices and computing infrastructure under the control of the University (or a third-party provider on the University's behalf) that provides access to information in online or electronic format.
1. Acceptable Use of University ICT Services
1.1 This Policy reinforces the provision of a fair, safe and productive computing environment for the University community, by establishing clear responsibilities for Authorised Users that do not adversely impact the University's operations, assets or reputation.
1.2 All Authorised Users must act in accordance with this Policy and all other applicable University policies and procedures (including, without limitation, the ICT Acceptable Use Procedures).
1.3 University ICT Services span multiple legal jurisdictions. Authorised Users have a personal responsibility to be aware of the jurisdiction that applies to their location when using University ICT Services.
1.4 Subject to Clause 1.5, Authorised Users are permitted to use University ICT Services for properly authorised and supervised business, education or research purposes, providing that the use:
i. is lawful;
ii. is in a responsible, ethical and equitable manner;
iii. is consistent with the values of the University as outlined in the University’s codes of conduct;
iv. does not create an intimidating or hostile work or study environment for others;
v. does not jeopardise the provision of a fair, safe and productive computing environment; and
vi. does not adversely impact the University's operations, assets or reputation.
Authorised Users who are unsure whether a proposed use is permitted or authorised should seek written approval from their supervising head of organisational unit (eg. Dean or Director).
1.5 University ICT Services must not be used in any manner, which the University considers to be inappropriate, this may include, but is not limited to:
i. accessing pornography;
ii. unauthorised monitoring of electronic communications;
iii. knowingly downloading, storing, distributing or viewing of offensive, obscene, indecent, or menacing material. This could include, but is not limited to, defamatory material, material that could constitute racial or religious vilification, discriminatory material, material that incorporates gratuitous violence or frequent and highlighted bad language;
iv. stalking, blackmailing or engaging in otherwise threatening behaviour;
v. any use which breaches a law, including copyright breaches, fraudulent activity, computer crimes and other computer offences;
vi. transmitting spam or other unsolicited communications; or
vii. the introduction or distribution of security threats, including a virus or other harmful malware.
1.6 Limited personal use of University ICT Services is acceptable, providing that that use is otherwise in accordance with this Policy. Limited personal use of University ICT Services is a privilege.
1.7 Authorised Users must not attempt to gain unauthorised access to University ICT Services (and the information stored thereon) to which they have not been given access or permit others to do so.
1.8 Authorised Users must not tamper with University ICT Services that may potentially cause performance degradation, service instability, or compromise operational efficiency, security or fair use.
2. Authorised Access and Restriction
2.1 All Authorised Users are permitted to access the University ICT Services, at a level commensurate with their position, role, delegated authority or student status.
2.2 In accordance with the ICT Access and Account Management Procedures, access to all University ICT Services will be removed when the relationship between Authorised Users and the University ceases.
2.3 Authorised Users must not use their access to University ICT Services to gain inappropriate personal, academic, financial or other advantage.
2.4 Authorised Users must maintain the confidentiality of any Personal Information accessed via University ICT Services.
2.5 Authorised Users of University ICT Services are not permitted to provide others with their Authentication Credential(s). It is the responsibility of Authorised Users to ensure that their Authentication Credentials are securely stored as they are responsible for all activity initiated from their account or with their Authentication Credential(s).
3. Software Licences
3.1 Software purchased by the University is licensed primarily to the University, however approval may be granted to Authorised Users for use at home or other locations on non-University owned computers during the course of work or study with the University in accordance with the ICT Acceptable Use Procedures.
3.2 Authorised Users must comply with contractual obligations and terms and conditions of use stated in the software license agreements entered into by the University.
3.3. Authorised Users must discontinue use and un-install the software from non-University owned computer(s) upon cessation or termination of employment or completion of study, or upon notification by the University of its termination of the software license agreement.
4. Monitoring and Privacy
4.1 The University reserves the right to monitor, access, log and analyse the activities of Authorised Users, and of University ICT Services, and conduct reviews and audits as necessary.
4.2 The University reserves the right to block or filter any use that breaches this Policy or exceeds the University’s acceptable level of risk.
4.4 The University may take any action deemed necessary to remedy immediate threats to University ICT Services or information and communications technology security including, without limitation, suspending an Authorised User’s access, confiscation of University owned electronic devices and/or disconnecting or disabling equipment with or without prior notice.
5. Consequences of breach
5.1 Breaches of this Policy may be grounds for misconduct/serious misconduct.
5.2 Without limiting section 5.1, a breach or alleged breach of this Policy may result in a referral of the matter to the police and/or other relevant external authority.
5.3 Without limiting section 5.1, the Director, Information and Communications Technology may immediately suspend an Authorised User’s account in the case of a breach or an alleged breach of this Policy.
5.4 Without limiting sections 5.2 and 5.3, if an alleged breach of this Policy is reported to Director, Information and Communications Technology, action will be taken in accordance with the ICT Acceptable Use Procedures including action taken to protect a person who has made a Public Interest Disclosure or action taken in respect of suspected Corrupt Conduct.
NOTE: Printed copies of this procedure are uncontrolled, and currency can only be assured at the time of printing.
Deputy Vice Chancellor, Services and Resources
Date for next review
NOTE: A minor amendment will not result in a change of the next major review date.
Approval date - the date the Policy Sponsor approved the establishment, minor or major amendment or disestablishment
Implementation Date - the date the procedure was published in the Policy Library and is the date the procedure takes effect
Updated and aligned with ICT Acceptable Use Procedures and Access Account Management Procedures.
Policy established at Futures Committee 25/11/2014 – refer to (3/14) minutes for details
acceptable use, authorised users, University ICT services