Policy Digital Technologies Acceptable Use Procedures
Digital Technologies Acceptable Use Procedures
- Aboriginal and Torres Strait Islander in Marine Science
- Courses
- Future Students
- Current Students
- Research and Teaching
- Partners and Community
- About JCU
- Reputation and Experience
- Celebrating 50 Years
- Academy
- Anthropological Laboratory for Tropical Audiovisual Research (ALTAR)
- Anton Breinl Research Centre
- Agriculture Technology and Adoption Centre (AgTAC)
- Living on Campus
- How to apply
- Advanced Analytical Centre
- Alumni
- AMHHEC
- Aquaculture Solutions
- AusAsian Mental Health Research Group
- ARCSTA
- Area 61
- Association of Australian University Secretaries
- Australian Lions Stinger Research
- Australian Tropical Herbarium
- Australian Quantum & Classical Transport Physics Group
- Boating and Diving
- JCU-CSIRO Partnership
- Employability Edge
- Clinical Psychedelic Research Lab
- Centre for Tropical Biosecurity
- Career Ready Plan
- Careers at JCU
- Careers and Employability
- Chancellery
- Centre for Tropical Bioinformatics and Molecular Biology
- CITBA
- CMT
- CASE
- College of Business, Law and Governance
- College of Healthcare Sciences
- College of Medicine and Dentistry
- College of Science and Engineering
- CPHMVS
- Centre for Disaster Solutions
- CSTFA
- Cyber Security Hub
- Cyclone Testing Station
- The Centre for Disaster Studies
- Daintree Rainforest Observatory
- Defence
- Discover Nature at JCU
- Research Division
- Services and Resources Division
- Education Division
- Elite Athletes
- eResearch
- Environmental Research Complex [ERC]
- Estate
- Fletcherview
- Foundation for Australian Literary Studies
- Gender Equity Action and Research
- General Practice and Rural Medicine
- JCU Orientation
- Give to JCU
- Governance
- Art of Academic Writing
- Art of Academic Editing
- Graduate Research School
- Graduation
- Indigenous Education and Research Centre
- Indigenous Engagement
- Indigenous Legal Needs Project
- Inherent Requirements
- IsoTropics Geochemistry Lab
- IT Services
- International Students
- Research and Innovation Services
- JCU Eduquarium
- JCU Heroes Programs
- JCU Webinars
- JCU Events
- JCU Global Experience
- JCU Ideas Lab
- JCU Job Ready
- JCU Motorsports
- JCU Prizes
- JCU Sport
- JCU Turtle Health Research
- Language and Culture Research Centre
- CEE
- LearnJCU
- Library
- Mabo Decision: 30 years on
- MARF
- Marine Geophysics Laboratory
- New students
- Off-Campus Students
- Office of the Vice Chancellor and President
- Virtual Open Day
- Orpheus
- Open Day
- Outstanding Alumni
- Parents and Partners
- Pathways to university
- Pharmacy Full Scope
- Planning for your future
- Placements
-
Policy
- Academic Governance
- Academic Management
- Engagement
-
Corporate Governance
- Academic Freedom and Freedom of Speech Policy
- Affiliation of a Residential College Policy
- Bullying, Discrimination, Harassment, and Sexual Misconduct Policy
- Business Continuity Policy
- Child Safety Policy
- Code of Conduct – University Council
- Compliance Policy
- Conduct of Council Elections Policy
- Conflicts of Interests Policy – University Council and its Committees
- Controlled and Non-Controlled Entities Policy
- Critical Incident Policy
- Data Governance Policy
- Distinguished Professor Policy
- Domestic and Family Violence Policy
- Emeritus Professor Policy
- Foreign Interference Policy
- General Practice Training Governance Policy
- Incident Management Policy
- Information Privacy Policy
- Legal Services Claims and Litigation Assistance Policy
- Organisational Structure Policy
- Records Management Policy
- Right to Information Policy
- Risk Management Policy
- Social Media Policy
- Staff Code of Conduct
- University Archives - Access
- Visiting Speaker and Event Policy
- Policy Development and Review Policy
- Quality Enhancement Framework
- Reviews of Organisational Units and Thematic Areas - Policy and Procedures
-
Estate and Facility Management
- Advertising on Campus
- Alcohol Consumption on University Property
- Approval of Works to University Buildings and Site Infrastructure
- Authorised Use of University Facilities, Premises and/or Grounds for Non-core Purposes
- Environmental Policy
- High Voltage Access Policy
- Memorial Plaques
- Noise on University Sites
- Real Estate Dealings Policy
- Security Policy
- Space Allocation and Management Policy
- Student Timetable Policy
- Tree Protection
- Vehicle Fleet Policy
- Weapons Policy
- Adaptive Workplace Policy
-
Financial Management
- Appendices
-
Assets (FMPM 200 - FMPM 399)
- FMPM 200 Overview - Assets & Cash Management
- FMPM 210 Cash
- FMPM 220 Policy - Bank Accounts
- FMPM 230 - Petty Cash Advances
- FMPM 300 Investments
- FMPM 320 Plant and Equipment
- Financial FMPM 322 - Acquisitions of Plant and Equipment
- FMPM 260 Other Advances
- FMPM 330 Non-Capital Assets
- FMPM 280 Official Stores
- FMPM 290 Prepayments
- FMPM 323 - Disposal of Property, Plant and Equipment Procedure
- FMPM 324 Stocktake
- FMPM 350 Intangible Assets
- FMPM 270-2 Accounts Receivable - Student Debtors - Penalties
- FMPM 240 Travel Advances (Students)
- FMPM 330 Non-Capital Assets
- FMPM 270-1 Accounts Receivable
- FMPM 250 - Policy Salary Advances
- Equity (FMPM 500 - FMPM 599)
- Expenses (FMPM 700 - FMPM799)
- Financial Management and Control (FMPM 800 - FMPM 899)
- Further Applications (FMPM 900 - FMPM 999)
- Introduction (FMPM 100 - FMPM 199)
- Liabilities (FMPM 400 - FMPM 499)
- Revenue (FMPM 600 - FMPM 699)
-
Human Resources
- Awards for Excellence Policy
- Bullying, Discrimination, Harassment, and Sexual Misconduct Policy
- Community and Indigenous Language Allowance
- Competency Pay for Tradespersons Policy
- Conflict of Interest Policy
- Early Retirement Policy
- Equal Employment Opportunity
- Honorary Appointments Policy
- Human Resources Policy Glossary
- Market Loading Policy
- Overpayment of Wages Policy
- Performance, Development and Recognition Policy
- Recruitment, Selection and Appointment Policy
- Relocation Assistance Policy
- Remote Working Policy
- Salary Packaging Program Policy
- Special Studies Program Policy
- Supported Wage System (SWS) Policy
- Mandatory Training Policy
- Digital Infrastructure
-
International and Admissions
- Attendance Monitoring Policy - English Language and Foundation Programs
- Enrolment Requirements for International Student Visa-Holders Policy
- Management of Off-Campus Operations, Ventures and Partnerships
- Transfer of International Student Visa Holders to Other Educational Institutions
- US Federal Student Aid-SAP & Return to Title IV Policy
- Admissions Policy
-
Learning and Teaching
- Blended Learning Policy
- Charter of Responsibilities for Academic Quality and Governance
- Coursework Academic Integrity Policy
- English Language and Numeracy Policy
- Graduate Attributes
- Graduate Certificate of Education (Academic Practice) Internal Sponsorship Policy
- Learning Teaching and Assessment Policy
- Policy Glossary
- Review of a Student’s Suitability to Continue a Course Involving Placement
- Student Digital Experience Policy
- Student Evaluation of Subjects and Teaching Policy
- Student Retention Policy
- Research Education
- Research Management
-
Student Matters
- Academic Progression Policy
- Administration of Commonwealth Scholarships Policy
- Attendance Monitoring Policy - English Language and Foundation Programs
- Award Finalisation and Graduation Policy
- Bullying, Discrimination, Harassment, and Sexual Misconduct Policy
- Copyright Policy and Procedure
- Coursework Enrolment Policy
- Coursework Scholarships, Grants and Prizes Policy
- Library Use Policy
- Student Code of Conduct
- Student Complaints Policy
- Student Disability Policy
- Student Fee Payments and Refunds Policy
- Student Review and Appeals Policy (effective from 01/01/2023)
- Student Special Circumstances Policy
- Transfer of International Student Visa Holders to Other Educational Institutions
- Student Results Policy
- Support for Students Policy (Interim)
- Work Health and Safety
- Policy search
- PAHL
- Publications
- Professional Experience Placement
- Queensland Research Centre for Peripheral Vascular Disease
- Rapid Assessment Unit
- RDIM
- Researcher Development Portal
- Roderick Centre for Australian Literature and Creative Writing
- Safety and Wellbeing
- Scholarships
- Contextual Science for Tropical Coastal Ecosystems
- Staff
- State of the Tropics
- Strategic Procurement
- Student Equity and Wellbeing
- Student profiles
- SWIRLnet
- TARL
- TESS
- TREAD
- TropEco for Staff and Students
- TQ Maths Hub
- TUDLab
- Unicare Centre and Unicampus Kids
- UAV
- VAVS Home
- Work Health and Safety
- WHOCC for Vector-borne & NTDs
- Media
- Copyright and Terms of Use
- Australian Institute of Tropical Health & Medicine
- Pay review
Intent
This Procedure has been established to provide clear guidelines for the responsible and secure use of the University's Digital Technologies. It outlines the responsibilities of all stakeholders, the process for reporting potential Breaches, and the steps for mitigating such Breaches, and supports the University's mission to maintain a secure and productive Digital Environment.
Scope
This policy applies to all Authorised Users of JCU’s Digital Technologies including:
(a) JCU Australian Tropical Campuses;
(b) JCU controlled entities;
(c) JCU Singapore;
(d) JCU Brisbane;
regardless of location, whether during or after business hours or whether on JCU-owned or privately owned devices.
Definitions
The meanings of definitions used in this Procedure are as per Digital Technologies Acceptable Use Policy.
Introduction
This Procedure provides role-specific guidance for the use of Digital Technologies at the University and outlines responsibilities for specific roles as necessary.
Individuals may hold multiple roles, and the Procedure provides clear directives for each role to ensure accountability and transparency. Adherence to this procedure is not just about compliance, but also an ethical responsibility to maintain the integrity and security of the University's Digital Infrastructure.
By following this procedure, JCU can create and maintain a robust and secure Digital Environment.
Procedure
1. Authorised Users Responsibilities
1.1 Read, understand and adhere to the Digital Technologies Acceptable Use Policy and Procedure, in particular consequences of breaches.
1.2 Seek clarification from Technology Solutions Directorate if any part of the policy or procedure is unclear.
1.3 Stay updated by reading the communications and notifications (i.e. IT Bulletins, Info Bytes) for any changes or updates to Digital Technologies and/or the policy and procedure.
1.4 Review content on the Secure IT website and Cyber Security Hub periodically to ensure understanding and compliance.
1.5 Report any actual or perceived Security Incidents or Breaches by logging a job in ServiceNow.
1.6 Cooperate with the Technology Solutions Directorate and provide relevant information in the case of any Security Incident.
1.7 Ensure Digital Technology Assets comply with security updates, virus and malware scans, and encryption protocols as managed by the Technology Solutions Directorate.
1.8 Adhere to data management requirements and ensure all University-owned information is regularly backed up and disposed of in accordance with the University's Records Management Policy and associated procedures.
1.9 Adhere to all University and vendor licensing agreements when installing and using software.
1.10 Support sustainability by implementing power management programs, reducing energy consumption of devices when in use and connected to JCU’s power supply.
1.11 Support the University in establishing a secure and efficient digital ecosystem, ensuring that Limited Personal Use of Digital Resources is reasonable and not excessive, and refraining from engaging in any Unacceptable use activities.
1.12 Upon encountering inappropriate material not related to work duties, take the most appropriate and immediate action to delete material and/or cease such access. Notify Technology Solutions via Service Now if inappropriate material continues to be received.
2. Technology Solutions Directorate (TS) Responsibilities
2.1 Regularly monitor and review system logs to detect any Breaches or Unauthorised activities.
2.2 Monitor usage of Digital Resources to ensure compliance.
2.3 Respond promptly to reports of lost, stolen, or damaged University-owned equipment.
2.4 Respond to all reported Breaches or Security Incidents, taking immediate action to mitigate risks.
2.5 Conduct a preliminary investigation into reported Breaches, for serious Breaches consult with CISO, consulting with (or deferring to, as necessary) relevant internal stakeholders including the CISO, Chief Digital Officer, Deputy Vice Chancellor, Services & Resources, Chief of Staff, and the Director, Human Resources among others.
2.6 Notify relevant stakeholders of the outcome of a Breach investigation, including required solutions for managing risks and determining costs.
2.7 Respond to all requests to access records relating to Digital Resources from authorised University representatives.
2.8 Regularly review and update security measures to protect services and Data and Information Assets from Unauthorised access, Vulnerabilities, wilful damage, and virus infection.
2.9 Ensure University-owned information is regularly backed up and disposed of in accordance with the University’s Records Management Policy and associated procedures.
3. Chief Information Security Officer (CISO) Responsibilities
3.1 Collaborate with the Technology Solutions Directorate to assess and mitigate risks associated with the Digital Environment.
3.2 Identify potential threats to the University's Digital Technology assets and develop strategies to maintain a secure and reliable Digital Environment.
3.3 Implement Physical Security measures to prevent Unauthorised access to Digital Infrastructure. This includes using secure cables and locking rooms and cabinets when not in use.
3.4 Lead the investigation and handling of serious Security Incidents and or Breaches, and liaise with appropriate stakeholder/s to determine the most appropriate consequences and disciplinary actions in accordance with relevant policies and procedures.
3.5 Provide updates to the Chief Digital Officer and other relevant stakeholders regarding the outcomes of Breaches and the necessary solutions, potentially reporting to external authorities as necessary.
3.6 Ensure alignment of the Digital Technologies Acceptable Use Policy and Procedure with the University's broader strategic objectives and priorities, communicating regularly with senior leadership.
3.7 Advise on cybersecurity trends, potential threats and security measures to be considered by the University.
3.8 Report alleged breaches of the Digital Technologies Acceptable Use Policy to the Chief Digital Officer in a timely and accurate manner.
4. Chief Digital Officer (CDO) Responsibilities
4.1 Collaborate with the CISO to evaluate and mitigate risks associated with the Digital Technologies Acceptable Use Policy.
4.2 Regularly review and respond to requests to access records relating to Digital Resources from the University General Counsel and designated authorities.
4.3 Regularly communicate with senior leadership and other stakeholders to ensure the Digital Technologies Acceptable Use Policy aligns with broader strategic objectives.
4.4 Work with the CISO to identify potential threats to the University's Digital Technology assets and recommend strategies for maintaining a secure and reliable Digital Environment.
4.5 Approve suspensions or restrictions to access in case of a serious breach, particularly in cases of inadvertent Unacceptable use.
4.6 Provide appropriate stakeholders with updates regarding the outcomes of Breaches and necessary solutions related to i.e., risk management, training and awareness, and cost determination.
5. Manager Responsibilities
5.1 Ensure that their team members and Students understand their obligations under the Digital Technologies Acceptable Use Policy.
5.2 Regularly communicate to their team the importance of energy management and sustainability in the use of Digital Resources.
5.3 Monitor Digital Communication Systems (i.e., IT bulletins, InfoBytes) and share relevant updates with their team.
5.4 Support the investigation of incidents, Breaches or suspected policy breaches in their areas.
5.5 Review and update access of Digital Technology assets for Authorised Users during onboarding, transfers or departures.
5.6 Determine appropriate consequences of Breach(es) as per the Digital Technologies Acceptable Use Policy, except where alternative policies or the JCU Enterprise Agreement delegate this authority to an alternative decision maker, considering the nature of the Breach and ensuring inadvertent Unacceptable use is treated differently from intentional Breaches.
6. Business Owners
6.1 Train staff and users on the Digital Technologies Acceptable Use policy and enforce policy compliance.
6.2 Manage access controls and implement security measures for the Digital Technology Assets under purview.
6.3 Oversee the use of Digital Technology Assets to ensure compliance with the Digital Technologies Acceptable Use Policy and take proactive steps to prevent Unauthorised access or modification.
6.4 Regularly check that the data stored, transmitted, or processed on the Digital Technology Asset is regularly backed up, secure, and can be recovered quickly in case of a system failure.
6.5 Monitor Physical Security access to the Digital Technology Asset. Implement secure cables, lock rooms, and cabinets as needed.
6.6 Report potential/actual Security Incidents or Breaches.
6.7 Maintain the confidentiality of Personal Information and ensure Multi-Factor Authentication is supported by the Digital Technology Asset provider.
7. Third Party Service Providers Responsibilities
7.1 Ensure that the third-party service provided is in accordance with the Digital Technologies Acceptable Use Policy.
7.2 Cooperate with the University's Technology Solutions Division and other stakeholders in investigating any potential or security Breaches involving their services.
7.3 Maintain a high level of security and Data Protection in their services, complying with University standards and regulations.
7.4 Regularly update the University on any potential risks or improvements related to the services provided.
7.5 Report potential/actual Security Incidents or Breaches to the Business Owner.
7.6 Regularly check that the data stored, transmitted, or processed on the Digital Technology Asset is regularly backed up, secure, and can be recovered quickly in case of a system failure.
7.7 Report to the University about any potential risks or improvements related to sustainability or energy management.
Related policy instruments
Digital Technologies Acceptable Use Policy
Code of Conduct – University Council
Copyright Policy and Procedure
Coursework Academia Integrity Procedure
Fraud and Corruption Procedure
ICT Access and Account Management Procedures
Intellectual Property Policy and Procedure
James Cook University Enterprise Agreement 2022
LearnJCU Data Management Procedure
Personal Information Data Breach Procedure
Public Interest Disclosure Procedure
Space Allocation and Management Policy
Student Code of Conduct Policy
Student Digital Experience Policy
Student General Misconduct Procedure
Student Professional Misconduct Procedure
Schedules/Appendices
Nil
Administration
NOTE: Printed copies of this policy are uncontrolled, and currency can only be assured at the time of printing.
Approval Details
Policy Domain | Digital Infrastructure |
Policy Sponsor | Deputy Vice Chancellor, Services and Resources |
Approval Authority | Estate Committee |
Date for next review | 10/10/2028 |
Revision History
Version | Approval date | Implementation date | Details | Author |
23-1 | 10/10/2023 | 27/10/2023 | Major review – previously titled ICT Acceptable Use Procedure. | Chief Information Security Officer |
22-2 | NA - Administrative amendments only | 17/08/2022 | Administrative amendments only – replace reference to “GATCF Computer Labs” with “Computer Rooms” throughout, in line with Estate naming conventions | Manager, Information and Cyber Security |
22-1 | 13/07/2022 | 18/07/2022 | Procedure amended to clarify terms of use. | Manager, Information and Cyber Security |
2017-1 | 08/02/2017 | 09/02/2017 | Procedure established | Information and Communications Technology |
Keywords
Keywords | Acceptable use, disposal, security, virus, code of conduct, email |
Contact person | Chief Information Security Officer |