Policy ICT Acceptable Use Procedures
ICT Acceptable Use Procedures
- Aboriginals and Torres Strait Islanders in Marine Science
- Courses
- Future Students
- Current Students
- Research and Teaching
- Partners and Community
- About JCU
- Reputation and Experience
- Celebrating 50 Years
- Academy
- Anthropological Laboratory for Tropical Audiovisual Research (ALTAR)
- Anton Breinl Research Centre
- Agriculture Technology and Adoption Centre
- Living on Campus
- Advanced Analytical Centre
- Applying to JCU
- Alumni
- AMHHEC
- JCU Aquaculture Solutions
- AusAsian Mental Health Research Group
- ARCSTA
- Area 61
- Association of Australian University Secretaries
- Australian/NZ Students
- Australian Lions Stinger Research
- Australian Tropical Herbarium
- Australian Quantum & Classical Transport Physics Group
- Boating and Diving
- JCU-CSIRO Partnership
- Employability Edge
- Career Ready Plan
- CASE
- Careers at JCU
- Careers and Employability
- Chancellery
- Centre for Tropical Bioinformatics and Molecular Biology
- CITBA
- CMT
- College of Business, Law and Governance
- College of Healthcare Sciences
- WHOCC for N&M Education and Research
- College of Medicine and Dentistry
- College of Science and Engineering
- CPHMVS
- Centre for Disaster Solutions
- CSTFA
- Cyber Security Hub
- Cyclone Testing Station
- The Centre for Disaster Studies
- Daintree Rainforest Observatory
- Discover Nature at JCU
- Research Division
- Services and Resources Division
- Education Division
- Economic Geology Research Centre
- Elite Athletes
- eResearch
- Environmental Research Complex [ERC]
- Estate
- Fletcherview
- Foundation for Australian Literary Studies
- Gender Equity Action and Research
- General Practice and Rural Medicine
- GetReady4Uni
- Give to JCU
- Governance
- Information for JCU Cairns Graduates
- Art of Academic Writing
- Art of Academic Editing
- Graduate Research School
- Graduation
- Indigenous Education and Research Centre
- Indigenous Engagement
- Indigenous Legal Needs Project
- Inherent Requirements
- IsoTropics Geochemistry Lab
- IT Services
- International Schools
- International Students
- Research and Innovation Services
- JCU Eduquarium
- JCU Events
- JCU Global Experience
- JCU Ideas Lab
- JCU Job Ready
- JCU Motorsports
- JCU Prizes
- JCU Sport
- JCU Turtle Health Research
- Language and Culture Research Centre
- CEE
- LearnJCU
- Library
- Mabo Decision: 30 years on
- MARF
- Marine Geophysics Laboratory
- New students
- Off-Campus Students
- Office of the Vice Chancellor and President
- Virtual Open Day
- Orpheus
- Outstanding Alumni
- Parents and Partners
- Pathways to university
- Planning for your future
- Placements
-
Policy
- Academic Governance
- Academic Management
- Engagement
-
Corporate Governance
- Academic Freedom and Freedom of Speech Policy
- Affiliation of a Residential College Policy
- Bullying, Discrimination, Harassment, and Sexual Misconduct Policy
- Business Continuity Policy
- Child Safety Policy
- Code of Conduct – University Council
- Compliance Policy
- Conduct of Council Elections Policy
- Conflicts of Interests Policy – University Council and its Committees
- Controlled and Non-Controlled Entities Policy
- Critical Incident Policy
- Data Governance Policy
- Distinguished Professor Policy
- Domestic and Family Violence Policy
- Emeritus Professor Policy
- Foreign Interference Policy
- General Practice Training Governance Policy
- Incident Management Policy
- Information Privacy Policy
- Legal Services Claims and Litigation Assistance Policy
- Organisational Structure Policy
- Records Management Policy
- Right to Information Policy
- Risk Management Policy
- Social Media Policy
- Staff Code of Conduct
- University Archives - Access
- University Seal Policy
- Visiting Speaker and Event Policy
- Policy Development and Review Policy
- Quality Enhancement Framework
- Reviews of Organisational Units and Thematic Areas - Policy and Procedures
-
Estate and Facility Management
- Advertising on Campus
- Alcohol Consumption on University Property
- Approval of Works to University Buildings and Site Infrastructure
- Authorised Use of University Facilities, Premises and/or Grounds for Non-core Purposes
- Environmental Policy
- High Voltage Access Policy
- Memorial Plaques
- Noise on University Sites
- Pets on Campus
- Real Estate Dealings Policy
- Security Policy
- Space Allocation and Management Policy
- Timetable and Class Registration Policy
- Tree Protection
- Vehicle Fleet Policy
- Weapons Policy
- Adaptive Workplace Policy
-
Financial Management
- Appendices
-
Assets (FMPM 200 - FMPM 399)
- FMPM 200 Overview - Assets & Cash Management
- FMPM 210 Cash
- FMPM 220 Policy - Bank Accounts
- FMPM 230 - Petty Cash Advances
- FMPM 300 Investments
- FMPM 320 Plant and Equipment
- Financial FMPM 322 - Acquisitions of Plant and Equipment
- FMPM 260 Other Advances
- FMPM 330 Non-Capital Assets
- FMPM 280 Official Stores
- FMPM 290 Prepayments
- FMPM 323 - Disposal of Property, Plant and Equipment Procedure
- FMPM 324 Stocktake
- FMPM 350 Intangible Assets
- FMPM 270-2 Accounts Receivable - Student Debtors - Penalties
- FMPM 240 Travel Advances (Students)
- FMPM 330 Non-Capital Assets
- FMPM 270-1 Accounts Receivable
- FMPM 250 - Policy Salary Advances
- Equity (FMPM 500 - FMPM 599)
- Expenses (FMPM 700 - FMPM799)
- Financial Management and Control (FMPM 800 - FMPM 899)
- Further Applications (FMPM 900 - FMPM 999)
- Introduction (FMPM 100 - FMPM 199)
- Liabilities (FMPM 400 - FMPM 499)
- Revenue (FMPM 600 - FMPM 699)
-
Human Resources
- Awards for Excellence Policy
- Bullying, Discrimination, Harassment, and Sexual Misconduct Policy
- Community and Indigenous Language Allowance
- Competency Pay for Tradespersons Policy
- Conflict of Interest Policy
- Early Retirement Policy
- Equal Employment Opportunity
- Honorary Appointments Policy
- Human Resources Policy Glossary
- Market Loading Policy
- Overpayment of Wages Policy
- Performance, Development and Recognition Policy
- Recruitment, Selection and Appointment Policy
- Relocation Assistance Policy
- Remote Working Policy
- Salary Packaging Program Policy
- Special Studies Program Policy
- Supported Wage System (SWS) Policy
- Digital Infrastructure
-
International and Admissions
- Attendance Monitoring Policy - English Language and Foundation Programs
- Enrolment Requirements for International Student Visa-Holders Policy
- Management of Off-Campus Operations, Ventures and Partnerships
- Transfer of International Student Visa Holders to Other Educational Institutions
- US Federal Student Aid-SAP & Return to Title IV Policy
- Admissions Policy
-
Learning and Teaching
- Blended Learning Policy
- Charter of Responsibilities for Academic Quality and Governance
- Coursework Academic Integrity Policy
- English Language and Numeracy Policy
- Graduate Attributes
- Graduate Certificate of Education (Academic Practice) Internal Sponsorship Policy
- Learning Teaching and Assessment Policy
- Policy Glossary
- Review of a Student’s Suitability to Continue a Course Involving Placement
- Student Digital Experience Policy
- Student Evaluation of Subjects and Teaching Policy
- Student Retention Policy
- Research Education
- Research Management
-
Student Matters
- Academic Progression Policy
- Administration of Commonwealth Scholarships Policy
- Attendance Monitoring Policy - English Language and Foundation Programs
- Award Finalisation and Graduation Policy
- Bullying, Discrimination, Harassment, and Sexual Misconduct Policy
- Copyright Policy and Procedure
- Coursework Enrolment Policy
- Coursework Scholarships, Grants and Prizes Policy
- Library Use Policy
- Student Code of Conduct
- Student Complaints Policy
- Student Disability Policy
- Student Fee Payments and Refunds Policy
- Student Review and Appeals Policy (effective from 01/01/2023)
- Student Special Circumstances Policy
- Transfer of International Student Visa Holders to Other Educational Institutions
- Student Results Policy
- Work Health and Safety
- Policy search
- PAHL
- Publications
- Professional Experience Placement
- Queensland Research Centre for Peripheral Vascular Disease
- Rapid Assessment Unit
- RDIM
- Researcher Development Portal
- Safety and Wellbeing
- Scholarships
- Contextual Science for Tropical Coastal Ecosystems
- Staff
- State of the Tropics
- Strategic Procurement
- Student Equity and Wellbeing
- Student profiles
- SWIRLnet
- TARL
- TESS
- TREAD
- TropEco for Staff and Students
- TQ Maths Hub
- TUDLab
- Unicare Centre and Unicampus Kids
- UAV
- VAVS Home
- Work Health and Safety
- WHOCC for Vector-borne & NTDs
- Media
- Copyright and Terms of Use
- Australian Institute of Tropical Health & Medicine
- Clinical Psychedelic Research Lab
Print FriendlyIntent
These Procedures have been developed to support the Information Communication Technology (ICT) Acceptable Use Policy and uphold the intent of the Policy by:
- Expressing the commitment of the University to maintaining secure, effective and reliable University ICT Services;
- Providing a clear statement of responsibilities for all users of University ICT Services, including what constitutes acceptable and unacceptable use of these services;
- Establishing clear mechanisms for rapidly responding to threats to the University ICT Services (for instance, via hacking or virus threats); and
- Providing processes to appropriately handle other security incidents, from minor breaches of Policy through to serious misconduct.
Scope
These Procedures apply to all Authorised Users of University ICT Services managed by the University or third party providers on behalf of the University, both on and off campus.
Definitions
Defined terms in the ICT Acceptable Use Policy have the same meaning in these ICT Acceptable Use Procedures.
Account means a user name or other identifier which, with or without a password, allows a user to access the University ICT Services.
Asset Owner means an individual or collective group with accountability and authority for University ICT Services.
College/Directorate Representative means a person appointed by a College or Directorate whose role is to control use of University ICT Services allocated to their College or Directorate.
Corrupt Conduct has the same meaning as in the Crime and Corruption Act 2001 (Qld).
Computer Rooms means the computing labs and equipment provided by the University.
Inappropriate Material means content that, if accessed through University ICT Services, contravenes the Information Communication Technology Acceptable Use Policy;
ICT Bulletins means information supplied by Information and Communications Technology either by email, automatically output on a workstation or on the University websites.
Jailbreaking means the process of removing software controls on the operating systems to increase functionality or subvert security controls. Mostly commonly used when referring to Apple devices, however the concept can be applied to other makes or models.
Outside User means a person or organisation external to the University.
Private Cloud means a service operated solely for a single organisation, whether managed internally or by a third-party, and hosted either internally or externally.
Public Interest Disclosure means disclosure of information, as identified in the Public Interest Disclosure Act 2010 (Qld),by any person, including a Public Officer.
Public Officer has the same meaning as in the Public Interest Disclosure Act 2010 (Qld), and includes University employees.
Table of Contents
- General usage
- Personal computer security
- Software licensing
- Physical security
- Computer Rooms
- Sustainability - energy management
- Data management
- Security management
- System logging and monitoring
- Reporting and handling events, incidents or breaches
- Handling breaches of the ICT Acceptable Use Policy
- Responding to requests for information
- Inadvertent unacceptable use
- Contacts
Introduction
These procedures are designed to support the operational nature of the ICT Acceptable Use Policy by providing detailed acceptable use procedures.
University ICT Services are the property of the University.
Procedure
1. General usage
1.1 Categories of Authorised Users include:
a. Any University student who has been allocated an Account or who has been authorised by a member of University academic staff to use an Account;
b. Any member of University staff who has been allocated an Account or who has been authorised to use an Account allocated to another person or to a group of people or to a section of the University. They must use University ICT Services for officially approved purposes. Limited personal use is permitted consistent with University Policy and Procedures. Note that University ICT Services are monitored for security and compliance purposes;
c. Any representative of another educational institution authorised to use University ICT Services through an arrangement between the University and the other educational institution;
d. An Outside User who has been provided with an Authentication Credential; or
e. Any individual associated with an Outside User authorised to use an Account allocated to the Outside User.
1.2 Authorised Users, must:
a. Take responsibility for all activity initiated from any Account through which they have been granted access to University ICT Services;
b. Ensure that their Authentication Credential(s) are securely stored as they are responsible for all activity initiated from their Account or with their Authentication Credential(s);
c. Not allow another person to use their Account and/or Authentication Credential. Similarly, an Authorised User must not attempt to initiate or operate a computer session by using another person's Account and Authentication Credential, or by any other means. Should an Authorised User believe that the security of an Account has been compromised they must report this to the ICT Help Desk;
d. Not circumvent the University's authorised connections or subvert its security measures. This includes ‘jailbreaking’ of University owned devices;
e. Only access University ICT Services using the Accounts they have been authorised to use (kiosk services have an implicit authorisation to use);
f. Observe ICT Bulletins issued by the University; and
g. Comply with any system quotas. If an Authorised User exceeds any of their quotas, they may be personally charged for the cost of their use and/or temporarily prevented from using the affected University ICT Service.
2. Personal computer security
2.1 University staff and students, who use a personal computer (including smartphones) must:
a. Take responsibility for the security of personally owned computers and equipment used in conjunction with the University's ICT Services;
b. Familiarise themselves with ICT good practice guidelines (available on the Information and Communications Technology website) and take reasonable steps to ensure that personal computer(s) do not pose a threat to University ICT Services when connected to the University network. This may include:
- Regularly scanning their device for viruses; and
- Maintaining up-to-date software versions; and
c. Protect against loss or theft of University data by:
- Regularly backing up data;
- Using encryption tools to protect sensitive data;
- Logging off or locking devices when left unattended;
- Implementing a secure access mechanism, such as a password; and
- Avoiding leaving devices unattended in public places even if physically secured.
3. Software licensing
3.1 The University has entered into various software licensing agreements with software vendors. Under the terms of those agreements, University staff and students may be able to install any of the products covered under the agreement onto University owned machine or personal device(s).
3.2 Refer to the Software Supplier Agreements & Offers on the University Intranet for information on how to access software and the terms of use which must be complied with by staff and students.
4. Physical security
4.1 Authorised or Outside Users must:
- Take responsibility for the physical security of all University ICT Services owned or leased by their area. Where these University ICT Services are managed by Information and Communications Technology, the responsibility is shared between the College/Directorate (physical security) and Information and Communications Technology (data and systems security).
4.2 Information and Communication Technology must:
- Physically secure all University core infrastructure and Computer Rooms against theft. This can be achieved by:
- Implementing secure cables between the device and the building; or
- Storing equipment in lockable rooms; or
- Storing equipment in lockable cabinets.
5. Computer Rooms
5.1 Authorised Users who use the Computer Rooms must:
- Abide by the ICT Acceptable Use Policy, associated procedures and Computer Rooms Conditions of Use.
6. Sustainability - energy management
6.1 When on a University campus, University staff and students should:
- Save consumption of energy by powering down systems/devices when left unattended for long periods.
6.2 Information and Communication Technology must:
- Implement power management programs to reduce the energy consumption for non-critical University ICT Services.
7. Data management
7.1 All academic research supervisors and College Deans are responsible for ensuring that they:
- Define research data management requirements and communicate these requirements to the relevant stakeholders; as required by the Code for the Responsible Conduct of Research.
7.2 All University staff and students must:
7.2.1 Adhere to the data management requirements as specified by their College or Division;
7.2.2 Ensure all electronically held University owned information is stored in such a way that it is backed up regularly. This can be achieved by:
- storing data on University approved systems;
- storing data on a University network drive or system; or
- storing data on a University endorsed cloud based storage; and
7.2.3 Ensure all University owned information is disposed of in accordance with the University's Records Management Policy and sustainability procedures as provided by TropEco.
8. Security management
8.1 All Asset Owners must:
- Take responsibility for the physical security and access control of all the data stored on, transmitted through or processed by University ICT Services within their responsibility;
- Implement suitable security controls to prevent un-authorised access or modification to data; and
- Monitor the effectiveness of security controls to ensure their on-going effectiveness.
8.2 Information and Communications Technology must:
- Lead and advise on good practice security management across the University. This includes providing advice and support to Asset Owners on good practice with regard to information and data security;
- Manage common University ICT Services in such a way that the services and data are reasonably protected from:
- Unauthorised access and unacceptable use;
- Common and easily exploitable vulnerabilities;
- Wilful, malicious damage or any activity undertaken to intentionally bypass security controls on University ICT Services; and
- Virus infection and malicious software;
- Take reasonable steps to ensure that data on University ICT Services is:
- Accurate and complete;
- Available to be accessed by Authorised Users, and only those users, when required; and
- Recovered in an agreed timeframe in the event of serious systems failure or disaster;
- Ensure required University owned or leased computers, desktops or laptops are configured to have a password enabled screensaver that activates within a period of no greater than 30 minutes of inactivity;
- Promote a positive and safe computing environment for all Authorised Users;
- Implement appropriate quotas on the use of University ICT Services (this may include print, file storage, email and internet usage) in order to ensure the ongoing integrity and availability of University ICT Services;
- Ensure sensitive information is disposed of in a manner that renders any information illegible and irretrievable at the time of disposal by:
- Physically destroying the media;
- Bulk wiping (degaussing); or
- Implementing an industry approved 3-times secure wipe of the media; and
- Carry out security reviews of University ICT services to verify the on-going effectiveness of controls. This should include access reviews of administrative accounts.
9. System logging and monitoring
9.1 Information and Communications Technology will:
- Implement appropriate logging of use of University ICT Services and routinely monitor to assist in the detection of breaches of these Procedures and the ICT Acceptable Use Policy.
- Monitor the use of University ICT Services and investigate potential breaches of University Policy, or State or Commonwealth Law.
10. Reporting and handling events, incidents or breaches
10.1 All Authorised Users must:
- Report any actual or suspected security weakness, breach or threat involving University ICT Services to the ICT Help Desk or the Chief Digital Officer as soon as possible;
- Respond to potential incidents or events, including un-authorised system usage, as directed by an Information and Communications Technology staff member; and
- Report lost, stolen or damaged University owned computers or other equipment to the ICT Help Desk. These should also be reported in accordance with the University insurance finance policy and procedures FMPM 450: Policy – Insurance, FMPM 920: Policy – Losses and FMPM 323: Procedure - Disposal of Plant and Equipment located at www.jcu.edu.au.
10.2 Information and Communications Technology must:
- Respond to potential incidents, events, breaches or requests for information (as per Section 12). Responses may include, but are not limited to:
- Modifying University ICT Services;
- Taking reasonable steps to protect University ICT Services from unauthorised or unacceptable use. This may include suspending Accounts, confiscating University owned electronic devices and/or disconnecting or disabling relevant services or other equipment, with or without prior notice;
- Handle alleged breaches in accordance with Clause 11; or
- The retrieval or examination of documents or messages for purposes such as finding lost files or messages, complying with legal requests, or recovering from system failure.
11. Handling breaches of the ICT Acceptable Use Policy
11.1 If an alleged breach of the ICT Acceptable Use Policy is reported to the ICT Help Desk or the Chief Digital Officer will conduct a preliminary evaluation of the allegation. Any alleged breach that may also constitute Corrupt Conduct will be referred, in the first instance, to the University Secretary. Similarly, any disclosure by a person of an alleged breach that may constitute a Public Interest Disclosure must also first be referred to the University Secretary.
11.2 Following the preliminary evaluation, the Chief Digital Officer may:
a. Dismiss the matter if the allegation is deemed to be unfounded or trivial, and send written advice of the dismissal and reasons for the dismissal to the complainant or appropriate officer;
b. In the case of an alleged breach by a University student refer the matter to the Director, Student Services to be dealt with under the Student Conduct Policy or other appropriate University policies;
c. In the case of an alleged breach by a University staff member or adjunct refer the matter to the Director, Human Resources (or Vice Chancellor if Director, Human Resources is alleged to have committed the breach) to be dealt with in accordance with the terms of the applicable Enterprise Agreement and/or appointment document;
d. In the case of an alleged breach by a University Council member or co-opted Committee member refer the matter to the University Secretary to be dealt with in accordance with the James Cook University Act 1997 (Qld) and the Code of Conduct – University Council;
e. In the case of an alleged breach by an Outside User, refer the matter to the University Authorised User who is responsible for the Outside User to be dealt with by that University Authorised User; and/or
f. In the case of an alleged breach by a student or staff of another educational institution authorised to use University ICT Services through an arrangement between the University and the other educational institution, refer the matter to the relevant educational institution to be dealt with by that institution.
12. Responding to requests for information
12.1 Information and Communications Technology must respond to all requests to access records relating to University ICT Services received from the University General Counsel.
12.2 Subject to paragraph 1 above, Information and Communication Technology may only respond to requests to access records relating to University ICT Services, as follows:
a. In so far as the request relates to student records, from the Director, Student Services;
b. In so far as the request relates to staff or adjunct records, from the Director, Human Resources;
c. In so far as the request relates to a breach of copyright, from the Director, Library Services (Copyright Officer);
d. In so far as the request relates to a third party request for information made under the Information Privacy Act 2009 (Qld), from the University Privacy Decision Maker or University General Counsel;
e. In so far as the request relates to a third party request for information made under the Right to Information Act 2009 (Qld), from the University’s Right To Information Decision Maker;
f. In so far as the request relates to Singapore staff or students, from the Head of the Singapore Campus, Director of Compliance or Director of Human Resources; and
g. In so far as the request relates to University Council members or matters, from the University Secretary.
13. Inadvertent unacceptable use
13.1 Authorised Users, who inadvertently receive, transmit or access material (for example, via email or the Internet) that may be considered Inappropriate Material and is not related to their work duties, must take immediate action to either delete such material or cease such access.
13.2 Advice must be sought from the Authorised User’s supervisor or the ICT Help Desk if Inappropriate Material continues to be received.
14. Contacts
For further information, please contact:
- JCU ICT Help Desk (Townsville: 4781 5500; Cairns: 07 4781 5500; Singapore: 6576 6811 – 814).
- JCU Director Human Resources ([email protected])
- JCU Chief Digital Officer ([email protected])
- JCU Student Services (enquiries@jcu.edu.au)
- JCU Copyright Officer ([email protected])
- JCU Privacy ([email protected])
- JCU Cybersecurity ([email protected])
Related policy instruments
Information Communication Technology Acceptable Use Policy
Code for the Responsible Conduct of Research
Code of Conduct – University Council
Related legislation
Queensland Australia
James Cook University Act 1997 (Qld)
Information Privacy Act 2009 (Qld)
Telecommunications Interception Act 2009 (Qld)
Queensland Right to Information Act 2009 (Qld)
Public Interest Disclosure Act 2010 (Qld)
Crime and Corruption Act 2001 (Qld)
Commonwealth Australia
Telecommunications (Interception and Access) Act 1979 (Cth)
Singapore
The Computer Misuse and Cyber Security Act (Cap 50A) (Singapore)
Copyright Act (Cap 63) (Singapore)
Spam Control Act (Cap 311A) (Singapore)
Undesirable Publications Act (Cap 338) (Singapore)
Administration
NOTE: Printed copies of this policy are uncontrolled, and currency can only be assured at the time of printing.
Approval Details
Policy Domain | Digital Infrastructure |
Policy Sponsor | Deputy Vice Chancellor, Services and Resources |
Approval Authority | Deputy Vice Chancellor, Services and Resources |
Date for next review | 08/02/2022 |
Revision History
Version | Approval date | Implementation date | Details | Author |
| 22-2 | NA - Administrative amendments only | 17/08/2022 | Administrative amendments only – replace reference to “GATCF Computer Labs” with “Computer Rooms” throughout, in line with Estate naming conventions | Manager, Information and Cyber Security |
22-1 | 13/07/2022 | 18/07/2022 | Procedure amended to clarify terms of use. | Manager, Information and Cyber Security |
2017-1 | 08/02/2017 | 09/02/2017 | Procedure established | Information and Communications Technology |
Keywords
Keywords | Acceptable use, disposal, security, virus, code of conduct, email |
Contact person | Manager, Information and Cyber Security |