Policy Digital Infrastructure Information Communication Technology Acceptable Use Policy

Information Communication Technology Acceptable Use Policy

Print Friendly and PDFPrint Friendly


James Cook University seeks to provide it’s Authorised Users with secure and timely access to Information Communication Technology (ICT) Services to facilitate learning and teaching, research and innovation, engagement and other functions of the University.

This Policy is intended to:

  • provide a clear statement of responsibilities for all Authorised Users of University ICT Services, including what constitutes acceptable and unacceptable use;
  • outline the provision, modification and removal of access to University ICT Services; and
  • express the commitment of the University to maintaining secure, effective and reliable University ICT Services.


  1. This Policy applies to all Authorised Users of the University ICT Services managed by the University or third party providers on behalf of the University, both on and off campus.
  2. University ICT Services are the property of the University. Anything sent or received using the network, systems and facilities of the University will therefore be transmitted and stored on University property (or on third party property on behalf of the University).


Authorised User - a person who has been provided with an Authentication Credential by the University to access University ICT Services. Various categories of users are documented in the ICT Acceptable Use Procedures.

Authentication Credential – user identification and password, username and passcode, PINs or other secret means used to gain access to University ICT Services.

Corrupt Conduct has the same meaning as in the Crime and Corruption Act 2001 (Qld).

Personal Information - information or an opinion, whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.

Public Interest Disclosure means disclosure of information, as identified in the Public Interest Disclosure Act 2010 (Qld),by any person, including a Public Officer.

Public Officer has the same meaning as in the Public Interest Disclosure Act 2010 (Qld), and includes University employees.

University ICT Services - facilities and services provided to an authorised user including software, communication devices and computing infrastructure under the control of the University (or a third-party provider on the University's behalf) that provides access to information in online or electronic format.


1. Acceptable Use of University ICT Services

1.1 This Policy reinforces the provision of a fair, safe and productive computing environment for the University community, by establishing clear responsibilities for Authorised Users that do not adversely impact the University's operations, assets or reputation.

1.2 All Authorised Users must act in accordance with this Policy and all other applicable University policies and procedures (including, without limitation, the ICT Acceptable Use Procedures).

1.3 University ICT Services span multiple legal jurisdictions. Authorised Users have a personal responsibility to be aware of the jurisdiction that applies to their location when using University ICT Services.

1.4 Subject to Clause 1.5, Authorised Users are permitted to use University ICT Services for properly authorised and  supervised business, education or research purposes, providing that the use:

i. is lawful;

ii. is in a responsible, ethical and equitable manner;

iii. is consistent with the values of the University as outlined in the University’s codes of conduct;

iv. does not create an intimidating or hostile work or study environment for others;

v. does not jeopardise the provision of a fair, safe and productive computing environment; and

vi. does not adversely impact the University's operations, assets or reputation.

Authorised Users who are unsure whether a proposed use is permitted or authorised should seek written approval from their supervising head of organisational unit (eg. Dean or Director).

1.5 University ICT Services must not be used in any manner, which the University considers to be inappropriate, this may include, but is not limited to:

i. accessing pornography;

ii. unauthorised monitoring of electronic communications;

iii. knowingly downloading, storing, distributing or viewing of offensive, obscene, indecent, or menacing material. This could include, but is not limited to, defamatory material, material that could constitute racial or religious vilification, discriminatory material, material that incorporates gratuitous violence or frequent and highlighted bad language;

iv. stalking, blackmailing or engaging in otherwise threatening behaviour;

v. any use which breaches a law, including copyright breaches, fraudulent activity, computer crimes and other computer offences;

vi. transmitting spam or other unsolicited communications; or

vii. the introduction or distribution of security threats, including a virus or other harmful malware.

1.6 Limited personal use of University ICT Services is acceptable, providing that that use is otherwise in accordance with this Policy. Limited personal use of University ICT Services is a privilege.

1.7 Authorised Users must not attempt to gain unauthorised access to University ICT Services (and the information stored thereon) to which they have not been given access or permit others to do so.

1.8 Authorised Users must not tamper with University ICT Services that may potentially cause performance degradation, service instability, or compromise operational efficiency, security or fair use.

2. Authorised Access and Restriction

2.1   All Authorised Users are permitted to access the University ICT Services, at a level commensurate with their position, role, delegated authority or student status.

2.2   In accordance with the ICT Access and Account Management Procedures, access to all University ICT Services will be removed when the relationship between Authorised Users and the University ceases.

2.3   Authorised Users must not use their access to University ICT Services to gain inappropriate personal, academic, financial or other advantage.

2.4 Authorised Users must maintain the confidentiality of any Personal Information accessed via University ICT Services.

2.5 Authorised Users of University ICT Services are not permitted to provide others with their Authentication Credential(s). It is the responsibility of Authorised Users to ensure that their Authentication Credentials are securely stored as they are responsible for all activity initiated from their account or with their Authentication Credential(s).

2.6 Authorised Users must use Multi-Factor Authentication (MFA) where supported to access their University account and ICT Services.

3. Software Licences

3.1   Software purchased by the University is licensed primarily to the University, however approval may be granted to Authorised Users for use at home or other locations on non-University owned computers during the course of work or study with the University in accordance with the ICT Acceptable Use Procedures.

3.2   Authorised Users must comply with contractual obligations and terms and conditions of use stated in the software license agreements entered into by the University.

3.3.  Authorised Users must discontinue use and un-install the software from non-University owned computer(s) upon cessation or termination of employment or completion of study, or upon notification by the University of its termination of the software license agreement.

4. Monitoring and Privacy

4.1   The University reserves the right to monitor, access, log and analyse the activities of Authorised Users, and of University ICT Services, and conduct reviews and audits as necessary.

4.2   The University reserves the right to block or filter any use that breaches this Policy or exceeds the University’s acceptable level of risk.

4.3   Subject to the provisions of the University’s Information Privacy Policy and relevant legislation, the University may disclose the contents of electronic communications without permission of the Authorised User.

4.4   The University may take any action deemed necessary to remedy immediate threats to University ICT Services or information and communications technology security including, without limitation, suspending an Authorised User’s access, confiscation of University owned electronic devices and/or disconnecting or disabling equipment with or without prior notice.

5. Consequences of breach

5.1   Breaches of this Policy may be grounds for misconduct/serious misconduct.

5.2   Without limiting section 5.1, a breach or alleged breach of this Policy may result in a referral of the matter to the police and/or other relevant external authority.

5.3   Without limiting section 5.1, the Director, Information and Communications Technology may immediately suspend an Authorised User’s account in the case of a breach or an alleged breach of this Policy.

5.4   Without limiting sections 5.2 and 5.3, if an alleged breach of this Policy is reported to Director, Information and Communications Technology, action will be taken in accordance with the ICT Acceptable Use Procedures including action taken to protect a person who has made a Public Interest Disclosure or action taken in respect of suspected Corrupt Conduct.

Related policy instruments

Code of Conduct

Code of Conduct – University Council

Information Privacy Policy

Risk Management Policy

Records Management Policy

Student Code of Conduct Policy

ICT Acceptable Use Procedures

ICT Access and Account Management Procedures

Staff External Professional Activities and Outside Employment Procedure

Related documents and legislation

Queensland Australia

Criminal Code Act 1899 (Qld)

James Cook University Act 1997 (Qld)

Information Privacy Act 2009 (Qld)

Public Records Act 2002 (Qld)

Telecommunications Interception Act 2009 (Qld)

Queensland Right to Information Act 2009 (Qld)

Public Interest Disclosure Act 2010 (Qld)

Crime and Corruption Act 2001 (Qld)

Commonwealth Australia

Crimes Act 1914 (Cth)

Cybercrime Act 2001 (Cth)

Copyright Act 1968 (Cth)

Spam Act 2003 (Cth)

Telecommunications (Interception and Access) Act 1979 (Cth)


The Computer Misuse and Cyber Security Act (Cap 50A) (Singapore)

Copyright Act (Cap 63) (Singapore)

Spam Control Act (Cap 311A) (Singapore)

Undesirable Publications Act (Cap 338) (Singapore)


NOTE:  Printed copies of this procedure are uncontrolled, and currency can only be assured at the time of printing.

Approval Details

Policy Domain

Digital Infrastructure

Policy Sponsor

Deputy Vice Chancellor, Services and Resources

Approval Authority

Estate Committee

Date for next review


Revision History

NOTE: A minor amendment will not result in a change of the next major review date.

Approval date - the date the Policy Sponsor approved the establishment, minor or major amendment or disestablishment

Implementation Date - the date the procedure was published in the Policy Library and is the date the procedure takes effect


Approval Date

Approved by

Implementation Date







Added para 2.6 directing authorised users to use multi-factor authentication where required.

Manager, Information and Cyber Security





Updated and aligned with ICT Acceptable Use Procedures and Access Account Management Procedures.






Policy established at Futures Committee 25/11/2014 – refer to (3/14) minutes for details



acceptable use, authorised users, University ICT services

Contact person

Manager, Information and Cyber Security