Policy

Information and Communication Technology - Policy

Printer-friendly version
Body

1.0   Purpose and Scope

The University of Queensland (UQ or the University) is committed to providing Information and Communication Technology (ICT) resources to support, enable and enhance its activities.

This policy:

  • outlines acceptable use (and misuse) of UQ ICT resources;
  • supports UQ through effective provisioning and management of ICT resources; and
  • seeks to protect UQ’s reputation and safeguard its resources.

This policy should be read in conjunction with other ICT policies and procedures.

1.1   Scope

This policy applies to consumers of UQ ICT resources or UQ information including, but not limited to:

  • Students;
  • Staff;
  • Contractors and consultants;
  • Visitors;
  • Affiliates and third parties.

Consumers that are connected to UQ networks or services must comply with this policy, irrespective of location or device ownership (e.g. personally-owned computers). The Chief Information Officer must approve exceptions to this policy.

2.0   Principles and Key Requirements

ICT is of critical importance to UQ activities. All consumers of UQ ICT resources are expected to use these facilities and services appropriately and reasonably.

2.1   Access to ICT Systems and Resources

Access to ICT systems and resources is provided to consumers for carrying out University work, study, or for other UQ purposes. UQ incurs costs in providing ICT systems and resources, and access is not provided to consumers unconditionally. The following conditions apply:

  1. Consumers must not share account login details such as usernames or passwords.
  2. Passwords should be secure. Password recommendations are included in the Appendix (see section 6.4).
  3. Staff access to UQ ICT systems and resources is terminated when employment with UQ ceases. Account access may be extended in some circumstances, as outlined in the Information and Communication Technology Procedure.
  4. UQ reserves the right to limit, suspend or remove access where necessary.
  5. UQ will take appropriate steps to ensure Internet access is granted to minors in compliance with legislative requirements.
  6. UQ will endeavour to make online services accessible in alignment with industry best practices and accessibility guidelines.
  7. Administrator access to UQ computers will only be granted where necessary and with appropriate approval.
  8. Passwords must be changed at least once every 24 months.

2.2   Software

Software licensed to UQ (UQ Licensed Software) must only be used for purposes legitimately associated with UQ’s operations and in accordance with the relevant software licence terms. This includes online services (i.e. software-as-a-service) licensed to UQ.

Consumers must not install software on UQ devices that is not appropriately licensed to UQ.

The following conditions of use are intended to inform consumers of their responsibilities when using UQ Licensed Software and to minimise UQ’s risks of copyright infringement, or other breaches of software licence terms:

  1. All UQ Licensed Software will only be used in compliance with the applicable licence terms and conditions.
  2. Consumers should be aware of and comply with the terms and conditions of any software that is being used.
  3. Delegates identified within the Contractual Delegations Policy are the only individuals at UQ that are authorised to approve software agreements on behalf of the University.
  4. Information and communication technology procedures outline roles and responsibilities of IT staff and consumers when purchasing and installing software.
  5. UQ Licensed Software must not be installed on personally-owned devices, unless explicitly permitted in the applicable licensing agreement and by management.
  6. Installation files for UQ Licensed Software must not be unlawfully copied, and unlawfully copied software must not be used or installed on UQ devices.
  7. UQ Licensed Software master media and licence keys (where applicable) should be securely stored in order to avoid theft or unauthorised use or copying.

2.3   Acceptable Use of ICT Resources

UQ requires all consumers of its ICT resources to do so in an authorised, responsible, ethical, equitable and legal manner and in accordance with the UQ Code of Conduct and Student Charter. Incidental personal use of University ICT resources is permitted. Such use must be kept to a minimum.

While UQ acknowledges that exceptions may exist under certain circumstances, unauthorised use of ICT resources may lead to increased cost, risk, and reputational damage to UQ. Consumers should be aware that UQ ICT resources must not be used:

  • for gambling purposes;
  • in a manner that constitutes an infringement of copyright; or
  • to access, store or transmit pornographic, racist, violent, or any other unacceptable or harmful material.

Consumers’ use of UQ’s ICT systems and resources may be monitored (see section 4.0 of this policy).

2.4   Misuse of UQ ICT Resources

The Chief Information Officer may authorise an investigation into alleged misuse. If allegations are deemed to be valid and of a serious nature, evidence of misuse will be reported to the appropriate body:

2.5   Email and Bulk Messaging

UQ recognises the importance of email for efficient communication. Unauthorised use of email can result in security risks and reputational damage. The measures below apply to consumers of UQ ICT resources.

  1. Information Technology Services will maintain the official email system for UQ, internally or through an agreement with an external service provider.
  2. If an Organisational Unit wishes to maintain its own email server, approval must be obtained from the Chief Information Officer.
  3. A UQ email address must be used for the delivery of all official UQ email.
  4. Staff must not use external email accounts (e.g. Gmail, BigPond or Hotmail) for UQ correspondence.
  5. Retiring academic staff are eligible to retain access to their email account when employment with UQ ceases. Accounts with no activity for a period of 12 months will be suspended.
  6. Students, Alumni, volunteers, Academic Title Holders and Honoraries may forward their UQ email to another account or provider. Staff email accounts must not be forwarded to an external provider without approval which must be signed by the head of the Organisational Unit or their delegate.
  7. UQ may communicate to its staff and students, through its authorised managers, information which:
    1. is relevant to UQ as a whole (e.g. to all UQ or large groups of staff or students) or to particular sections of the UQ such as Faculties, Schools or Divisions; and
    2. is required for the effective functioning of the University or the relevant organisational unit; or which covers issues, policies, corporate events or decisions with a direct connection to the work of the University and its key organisational units.
  8. Consumers must not send messages to a large number of recipients (e.g. all staff, all students, alumni, or a large volume of external users) without approval, as outlined in the Email and Bulk Messaging Procedure.
  9. Consumers may delegate mailbox access when required. If a consumer is unable to delegate mailbox access, authorisation must be provided by the Chief Information Officer.

2.6   Digital Presence

UQ’s digital presence includes websites, web applications, mobile applications and other means of providing information and services online. UQ’s digital presence must:

  • Comply with relevant legislation and UQ’s policies and procedures;
  • Meet the needs of consumers;
  • Be cohesive and consistent;
  • Be accurate and up-to-date.

UQ will create and maintain its digital presence in accordance with the UQ Digital Presence Procedure.

2.7   Information Management and Cyber Security

UQ seeks to respect the privacy and confidentiality of consumers and protect its information and assets. The following policies cover these matters:

  • Information Management Policy;
  • Cyber Security Policy;
  • Privacy Management Policy.

All UQ computers, laptops, and tablets (where possible) must have UQ’s anti-virus software installed. If a computer is unable to run UQ’s anti-virus software it presents a security risk and must not be used to access UQ’s ICT resources or information. Any exceptions must be made using the Cyber Security Standard Exception Procedure.

3.0   Roles, Responsibilities and Accountabilities

3.1   Consumers of UQ ICT Resources

Consumers are responsible for being aware of and complying with this policy. Consumers should also be aware that:

  • use of UQ ICT resources is subject to Australian laws and other relevant UQ policies. This includes but is not limited to copyright, breach of confidence, defamation, privacy, contempt of court, bullying and cyber-bullying, harassment, vilification, anti‑discrimination, wilful damage and computer hacking; and
  • access to some third party applications and content has separate contractual arrangements and terms and conditions, which may apply over and above this policy.

It is the responsibility of consumers to check and maintain their UQ email account regularly.

3.2   Information Technology Staff

Information Technology staff are responsible for:

  • provisioning ICT resources (e.g. consumer accounts, file storage, access to systems);
  • monitoring the use of resources to determine violations of authorised use;
  • technical enforcement of this policy including –
    • preventing and monitoring access to inappropriate content;
    • suspending consumer access when required and approved by Chief Information Officer; and
  • complying with local standard operating procedures where applicable.

3.3   Chief Information Officer

The Chief Information Officer is responsible for:

  • ensuring that IT staff members are resourced to investigate alleged misuse;
  • authorising the suspension of consumer accounts following investigations of misuse; and
  • ensuring this policy is enforced and maintained.

4.0   Monitoring, Review and Assurance

To improve services and protect consumers, UQ reserves the right to monitor access and usage of all UQ ICT systems and resources. Consumers should be aware that use of UQ ICT resources, including email, is not considered private, and that UQ may monitor, access, restrict, terminate or suspend accounts with approval from the Chief Information Officer or their delegate.

UQ will meet its data retention obligations under Schedule 1 of the Telecommunications (Interception and Access) Act 1979 (Cth), recognising that UQ will rely on the 'immediate circle' exclusion for any relevant services provided only to persons who are 'inherently connected to the functions of the University'.

5.0   Recording and Reporting

All usage (e.g. email, hard drives, or network use) may be recorded for the purposes of security and risk management (e.g. backups, performance monitoring, or compliance requirements).

Consumers who become aware of possible breaches of this policy must report it to either:

  • Information Technology Services; or
  • the head of their Organisational Unit.

Breaches of this policy may be reported to UQ’s Information Technology Governance Committee, the Chief Information Officer, the Chief Human Resources Officer or to the appropriate external authorities, which may result in civil or criminal proceedings.

6.0   Appendix

6.1   Related Policies

Information Management Policy

Cyber Security Policy

Privacy Management Policy

6.2   Related Legislation

Telecommunications (Interception and Access) Act 1979 (Cth)

Privacy Act 1988 (Cth)

6.3   Definitions

Consumer – all staff, students, visitors, contractors, third parties, clinical and adjunct title holders, affiliates, alumni and all other people who access UQ's systems, networks or other ICT resources.

UQ ICT Resources – any UQ IT system or asset, including but not limited to:

  • Networks (wireless and wired);
  • Property and facilities;
  • Equipment whether owned or leased by UQ including telephony, computers, servers, storage, including its associated hardware and software;
  • UQ websites and systems (applications);
  • Data, information and video;
  • Accounts.

ITS – Information Technology Services.

SITC – Strategic Information Technology Committee.

ITGC – Information Technology Governance Committee.

Unacceptable Material – includes materials not related to delivery of UQ’s core purpose or its effective operations, including but not limited to:

  • Pornography;
  • Violent content;
  • Racist content;
  • Gambling or content relating to gambling;
  • Viruses and malware;
  • Games.

Software – includes, but is not limited to, purchased or commercial software, sound, graphics, images, or datasets; shareware; freeware; and electronically stored documentation and the media that holds it. This includes online services (i.e. software-as-a-service) licensed to UQ. Not included in this definition are non-copyrighted computer data files that have no significance beyond the individual or organisational unit.

Software Licence Compliance – clear documentation that the number of legally obtained and genuine software licences matches the number of installed instances of a given software product on the University’s systems or devices.

6.4   Password Recommendations

When choosing a password:

  • Use at least 8 characters including at least 1 letter and 1 number or special character
    • Approved special characters include: #  $  %  '  (       )  *  +  ,  -  /  :  ;  <  =  >  [  ]  ^  _  `  {  |  }  ~
  • Do not use your name, phone number, date of birth or other identifiable information.
  • Do not use a password you have used previously.

6.4.1   Suggestions for a Strong Password

  • Use five unrelated words with some non-alphabetic characters. Try to create a phrase that is easy to remember, but difficult to guess. Alternately, you could use the first letter from each word of a phrase to form an easily remembered password.
  • Avoid using any date as your password.
  • Mix upper and lowercase. Avoid capitalising only the first or last letter (e.g. Mich37bo is not as secure as mICh37Bo).
  • Avoid using personal information. This includes your maiden name, car registration number, address or family member’s name. 
  • Avoid duplicating characters (aaabbbccc) or keyboard patterns (qwertyuiop). These can easily be seen by someone watching you type.
Custodians
Chief Information Officer Mr Rob Moffatt

Procedures

Email and Bulk Messaging - Procedure

Printer-friendly version
Body

1.0   Purpose and Scope

This procedure outlines requirements at The University of Queensland (UQ or the University) for using UQ email accounts and sending messages to large groups of UQ staff and students via email, SMS, or other Information and Communication Technology (ICT) systems (bulk messaging).

This procedure must be read in conjunction with UQ’s Information and Communications Technology Policy and applies to all consumers of UQ ICT resources as defined in the policy (UQ consumers).

2.0   Process and Key Controls

  1. UQ provides staff, students and alumni with an email account for the delivery of official UQ email.
  2. UQ staff and students must use the UQ email account in accordance with this procedure and relevant policies, including:
    1. For staff, the UQ Code of Conduct; and
    2. For students, the Student Charter.
  3. UQ reserves the right to communicate with all staff and students relating to University business.
  4. UQ may request staff and student mobile phone numbers to enable the receipt of official UQ communications via SMS
  5. UQ staff may send bulk messages, with appropriate authorisation, that are consistent with UQ policies and are for UQ purposes only.

3.0   Key Requirements

3.1   Staff Email

The following requirements and controls apply to UQ staff email:

  1. UQ maintains a directory of staff and their assigned UQ (@uq.edu.au) email addresses including subdomains (e.g. @its.uq.edu.au).
  2. Staff email accounts should not be forwarded to an external service provider (e.g. Gmail, BigPond or Yahoo) because there is no ability for UQ to provide content backup or information security or to protect potential intellectual property rights that may arise in or from email correspondence. Exceptions to this requirement may be granted by the Head of an Organisational Unit if the staff account relates to a joint appointment or while the staff member is seconded to another organisation.
  3. UQ recommends that the disclaimer below is used on confidential emails, and if personal views of staff are contained in any email correspondence, they must be identified as personal views and not those of the University.

 “This email (including any attached files) is intended only for the addressee and may contain confidential information of The University of Queensland. If you are not the addressee, you are notified that any transmission, distribution, printing or photocopying of this email is prohibited. If you have received this email in error, please delete and notify me. Unless explicitly stated the opinions expressed in this email do not necessarily represent the official position of The University of Queensland.”

  1. UQ will not provide email data to an email account owner after they have left the University.
  2. Information Technology Services is authorised to delete an email account after a staff member’s employment has been terminated. Accounts are archived 14 days after a staff member’s employment is terminated within UQ’s human resources system. Staff can request an account extension as per section 3.3 of the Information and Communication Technology procedure.
  3. When a staff member becomes aware that their employment with the University may be terminated, or their employment has been terminated, the staff member may copy personal email or data but not copy, delete, erase or alter in any way emails relating to UQ business.

3.2   Student and Alumni Email

The following requirements and controls apply to UQ student and alumni email:

  1. Students are provided with a UQ email account and must monitor the account whilst enrolled at UQ.
  2. It is the responsibility of students to:
    • check their University email account on a regular basis; and
    • maintain their mailbox within the mailbox quota to ensure University mail can be delivered to the mailbox.
  3. It is the responsibility of students and alumni to:
    • maintain appropriate security measures regarding email passwords;
    • use email in accordance with University policies;
    • prevent the use of University email accounts by persons not authorised by the University;
    • delete and prevent the distribution of unsolicited advertising material or spam; and
    • take reasonable steps to ensure that they do not knowingly open or send email messages containing viruses, spy ware, worms or other potentially hazardous codes. Attachments from suspicious or unknown senders should not be opened (consult Information Technology Services for questions or concerns about email security). 
  4. Students and alumni may forward their UQ email to an external provider (e.g. Gmail, BigPond or Yahoo) or to another UQ email address.
  5. An alumni email account will be terminated at the request of the account owner.

3.3   Bulk Messaging

Bulk messages is the sending of an email or SMS message to all UQ staff, students and alumni or a specific class of staff, students or alumni (for example, all students within a school or faculty). Bulk messages require the communication to be:

  1. relevant to the entire recipient audience;
  2. for a University purpose; and
  3. authorised by a relevant UQ officer outlined in section 7.1 of this procedure.

UQ provides a contact directory for all staff and students and a messaging system that allows authorised staff members to send bulk messages to recipients within certain groupings. The following principles apply to sending bulk messages at UQ:

  1. Senders are considered representatives of UQ and must ensure that messages are consistent with UQ policies (including the UQ Code of Conduct) and are for a University purpose.
  2. Messages should be sent from a UQ staff account or the account of a specific UQ role or function (e.g. Head of School, Chief Human Resources Officer, or Faculty Executive Manager).
  3. The names of recipients should remain anonymous to other message recipients. For example, student names, student usernames and student numbers should not be displayed publicly.
  4. Bulk messages should clearly outline which group or sub-group the email has been distributed to.
  5. SMS bulk messages should be focussed on high priority topics and sent to limited recipients.
  6. The Head of the Organisational Unit has the authority of approving organisational unit bulk messages at their discretion.

4.0   Roles, Responsibilities and Accountabilities

4.1   UQ consumers

UQ consumers are responsible for complying with this procedure when using a UQ account (such as email), including:

  • ensuring any bulk messages they send are in accordance with this procedure and UQ policies, including the Code of Conduct and Student Charter; and
  • obtaining appropriate authorisation (in accordance with section 7.1 of this procedure) to send bulk messages before the message is sent.

4.2   Authorised staff

Authorised staff listed under section 7.1 of this procedure are responsible for:

  • considering and reviewing the content of proposed bulk messages; and
  • ensuring that messages are appropriate for dissemination to a large audience and comply with the principles and requirements of this procedure.

5.0   Monitoring, Review and Assurance

The Chief Information Officer is responsible for the implementation and communication of this procedure, including ensuring that UQ consumers are informed of their obligations when using email and sending bulk messages.

Information Technology Services will review this procedure as required to ensure its currency and relevance to the management of email and bulk messaging at UQ.

6.0   Recording and Reporting

Information Technology Services will maintain records of bulk messages sent in accordance with this procedure.

7.0   Appendix

7.1   Authorisation to send bulk messages

Table 1 – Authorisation of broadcasts to all students and staff

Audience

Topic

Authorisation

All students

General

Vice-Chancellor, Provost, Chief Operating Officer, Deputy Vice Chancellor (Academic)

Student and academic administration (e.g. Health Services, Enrolments, Student Union)

Deputy Vice-Chancellor (Academic), Academic Registrar or nominee

Critical incident alerts 

Chief Operating Officer or nominee

UQ IT services information

Chief Information Officer or nominee

All staff

General notifications

Vice-Chancellor, Provost, Chief Operating Officer, Director Human Resources or nominee

Critical incident alerts

Chief Operating Officer or nominee

UQ IT services information

Chief Information Officer or nominee

All library users

Library notifications

University Librarian or nominee

All staff and all students

Property, facilities and security information

Director, Property and Facilities Division or nominee

Table 2 – Authorisation of broadcasts to sub-groups of students and staff 

Audience or topic

Authorisation

All students in a designated course

Course Coordinator for the designated course,

Program Director or nominee

All staff in an Organisational Unit

Head of Organisational Unit

Academic/faculty matters (e.g. messages to students enrolled in an academic program; staff in centres associated with the faculty; postgraduate research students)

Head of Organisational Unit  

 

Custodians
Chief Information Officer Mr Rob Moffatt

Procedures

Software Asset Management - Procedure

Printer-friendly version
Body

1.0   Purpose and Scope

This procedure outlines the requirements for software access and management at The University of Queensland (UQ or the University) and applies to all UQ consumers as defined in the UQ Information and Communications Technology Policy (ICT Policy).

This procedure supports UQ software strategy, funding and sourcing decisions, and enables UQ to monitor software compliance and proactively prepare for software audits. Where full compliance with this procedure is not be feasible or in UQ’s best interests, UQ consumers must request an exemption to the Chief Information Officer (CIO) as ICT Category Owner.

1.1   Context

This procedure should be read in conjunction with other ICT policies and procedures, including:

  • Information and Communication Technology Policy.
  • Information and Communication Technology Procedure.
  • Procurement Policy.

2.0   Process and Key Controls

The following requirements apply to the access and management of software at UQ:

  1. Before purchasing any new software, UQ consumers must refer to UQ’s Standard Software Catalogue, which provides software for academic, research and administrative use.
  2. UQ consumers should purchase software through the UQ Standard Software Catalogue if the software is available.
  3. UQ consumers that access software must comply with all usage restrictions, licence conditions, purchasing and installation requirements of the software.
  4. UQ consumers seeking to purchase new software that is not available through the Standard Software Catalogue must contact the ITS Enterprise Licensing team or their Organisational Unit’s Local IT Team to conduct a software procurement process.
  5. The Information Technology Services (ITS) Division has oversight of software procurement at UQ and is responsible for UQ’s software asset management including registration, installation, support and disposal. The ITS Division’s software asset management lifecycle is detailed in the Appendix (section 7.1).

3.0   Principles and Key Requirements

3.1   Assessing UQ software

UQ consumers must refer to UQ’s Standard Software Catalogue before purchasing new software at UQ. The Standard Software Catalogue lists all software available to UQ consumers for academic, research and administrative use that is available to download on UQ-owned computers, personal devices or both (restrictions on use are listed in the Standard Software Catalogue).

The Standard Software Catalogue provides all licensing, purchasing, usage and installation requirements for each software product. UQ consumers must comply with the requirements of the software, including any purchasing or requesting software processes.

3.2   Non-standard software procurement

For software purchases that are not available through the Standard Software Catalogue, UQ consumers must contact the Organisational Unit’s Local IT Team or the ITS Enterprise Licensing team to conduct a software procurement process. Procurement of new software at UQ must comply with UQ’s procurement policies and procedures, and UQ’s Financial and Contract Delegations Framework.

3.3   Software installation, support and disposal

UQ consumers must comply with the installation requirements of the software product as outlined in the Standard Software Catalogue. UQ consumers may self-install some software products accessed through the Standard Software Catalogue or contact their Local IT Team or the ITS Division for installation assistance.   

As outlined in section 4.0 of this procedure, teams within the ITS Division and Local IT Teams are responsible for:

  • installation of software that cannot be self‑installed;
  • disposal of software; and
  • providing software support to UQ consumers.

4.0   Roles, Responsibilities and Accountabilities

4.1   UQ consumers

UQ consumers must:

  • Refer to and use the UQ Standard Software Catalogue to access software at UQ.
  • Comply with all usage restrictions, licence conditions, purchasing and installation requirements of the software.
  • Contact their Local IT Team or the ITS Division before purchasing any software that is not available through the Standard Software Catalogue.

4.2   Enterprise Licensing Team

The Enterprise Licensing Team within the ITS Division is responsible for:

  • The UQ Standard Software Catalogue Management.
  • Standard software acquisition for centrally managed software licences and non-standard acquisition for ITS-supported business units.
  • Software registration for ITS-supported units and centrally managed software.

4.3   Local IT Teams

Local IT Teams within non-ITS-supported business units are responsible for providing the following services to the business unit:

  • Non-standard software acquisition for business units.
  • Responding to software services requests of the business unit, including providing advice.
  • Software selection and packaging –
    • Maintaining a software deployment schedule for new software products and new version releases.
    • Evaluating new software requests and confirming suitability with UQ systems.
    • Updating the software libraries and registers, including:
      • UQ Standard Software Catalogue.
      • Definitive Software Library.
      • Software package deployment locations.
  • Installation and deployment of new software, including software as part of new hardware deployments.
  • Check availability of the licence for the consumer and/or device, and the use of the UQ SAM Tool client is operating correctly on the device.
  • Software support and disposal for the business unit.
  • Software registration and processing software inventory.
  • Responding to software audits (see section 5.0).
  • Considering and advising the consumer on the risks relating to the software.
  • Overseeing software licence compliance and optimisation (see section 5.0).

4.4   ITS Customer Support Services

The ITS Customer Support Services Team is responsible for providing the following services to all UQ consumers:

  • Responding to software services requests.
  • Considering and advising the consumer on the risks relating to the software.
  • Installation/deployment of new software, including software as part of new hardware deployments and confirming: the ownership, availability and suitability of the software being deployed. 
  • Availability of the licence for the consumer and/or device.
  • The UQ SAM Tool client is operating correctly on the device.
  • Providing software support services in the UQ environment, including advising on the use of installed software and in relation to resolving software errors.

4.5   ITS Service Automation

ITS Service Automation is responsible for:

  • Configuring and managing the UQ Software Asset Management tool.
  • Creating and maintaining software packages and scripts.
  • Management of UQ’s teaching space computer laboratories.

4.6   Licensing Sub-Category Manager

The Licensing Sub-Category Manager is responsible for:

  • UQ Software Asset Management Tool supplier management, in consultation with ITS Service Automation.
  • UQ Software Asset Management process management.
  • Managing software audits.
  • Overseeing UQ’s software asset management compliance and benefit realisation.

4.7   Information Technology Asset Management Committee

The Information Technology Asset Management Committee (ITAM) is a sub-committee of UQ’s Information Technology Governance Committee and is responsible for ensuring the University effectively manages its hardware and software IT assets. 

ITAM oversees the continual improvement of the management practices surrounding Software Asset Management (SAM) and Hardware Asset Management (HAM) at UQ. ITAM is responsible for the following software matters:

  • Ensure that UQ’s software usage complies with vendor terms and conditions.
  • Ensure that UQ’s software assets are efficiently managed and utilised throughout their lifecycle.
  • Approve changes to UQ’s standard software catalogues.
  • Develop and maintain standardised and effective SAM procedures, processes and tools, and provide appropriate assurance of effective implementation.
  • Providing forums for stakeholder engagement on software asset management.

4.8   Chief Information Officer

With support from the Information Technology Governance Committee, the Chief Information Officer is responsible for:

  • ICT Category Ownership at UQ.
  • Oversight of UQ’s Information Technology Asset Management Committee.
  • Oversight of software asset management at UQ.

5.0   Monitoring, Review and Assurance

Enterprise Licensing, ITS Customer Support and Local IT Teams will monitor and report on UQ’s effective licence position, undertaking the following activities:

  • Monitor licence compliance, consumption and usage, and resolve licence compliance issues.
  • Review installation and usage data to identify opportunities for licence recovery, consolidation and rationalisation.
  • Review licence and installation evidence to ensure software usage is reported correctly and that new applications are recognised correctly.
  • Ensure audit readiness by reporting as required –
    • software entitlement status for specific software vendors and products,
    • software installations, and
    • overall compliance position to show under/over-licensing.

The ITAM Committee will meet every two months to monitor and review Software Asset Management activities in order to:

  • Assess UQ’s software compliance position.
  • Assess compliance with the procedure and to demonstrate/confirm its effectiveness.
  • Identify, assess and prioritise any deficiencies in the implementation of SAM at UQ.
  • Identify and consider beneficial SAM process improvement.
  • Identify and implement strategic initiatives relating to software compliance.
  • Ensure ongoing relevance of this procedure.
  • Approve proposed changes to the Standard Software Catalogue.

UQ’s Licensing Sub-category Manager will manage regular software audits to ensure that UQ software is installed and being used in compliance with its licence.

Enterprise Licensing, ITS Customer Support Services and Local IT Teams will assist with audit processes by undertaking the following activities:

  • Verify the formal vendor audit notification and inform Chair of ITAM, Software Licensing Sub‑Category Manager, key stakeholders and support staff.
  • Review purchase details to confirm licence details, usage rights and quantity.
  • Gather data from available SAM tools and through alternative methods as necessary when directed by the auditors.
  • For audited products, analyse UQ’s software entitlements and installations and report on overall compliance position.
  • Carry out agreed audit outcome actions.

6.0   Recording and Reporting

UQ’s software licence entitlements must be recorded in the UQ SAM tool and all UQ client computing devices must have the appropriate UQ SAM tool agent installed.

The Software Licence/Agreement/End-User Licence Agreement (EULA) must be stored in an approved UQ record keeping system.

Documentation related to all vendor software audit requests must be provided to the chair of the ITAM Committee and stored in an approved UQ record keeping system.

The ITAM Committee will report quarterly to UQ’s Information Technology Governance Committee (ITGC) on strategic software asset management initiatives and amendments to this procedure, for ITGC endorsement. The ITAM Committee will provide an annual report to ITGC on the overall effective governance of software asset management at UQ.

Details of meetings and actions to be recorded and stored following standard UQ requirements for record management.

6.1   Software registration

All new software purchases must be recorded in the UQ Software Asset Management Tool, which requires the following licence details of the software using the approved Licence Details form:

  • Publisher.
  • Product name, version, edition, product SKU (stock keeping unit).
  • Licence program (e.g. academic, commercial, research).
  • Licence Quantity.
  • Licence Metric (e.g. device, named user, concurrent user, processor, site).
  • Licence Type (perpetual or expiry date).
  • Maintenance (included or not, expiry date).
  • Software Support (included or not, expiry date).

7.0   Appendix

7.1  UQ Software Asset Management Cycle

UQ’s software asset management lifecycle aims to achieve software compliance and optimisation through a governance structure which controls SAM Processes, Roles and Tools (Figure 1). Software asset management at UQ is undertaken across multiple areas within the ITS Division as outlined in section 4.0 of this procedure.

The key software asset management processes to be followed (Request, Acquisition, Registration) are defined by the IT Asset Management Committee (ITAM) and approved by the Information Technology Governance Committee (ITGC).

Figure 1: UQ Software Asset Management Lifecycle

7.2   UQ Software Asset Management Tools

Software asset management at UQ is supported by the following tools:

UQ’s Standard Software Catalogue: List of managed software available to UQ consumers for installation on UQ devices or for access via a UQ account. The list contains information regarding product name and vendor, permitted users, permitted usage, compatible platforms, purchase method and installation method. The UQ Standard Software Catalogue is managed by the ITS Division.

UQ Software Asset Management (SAM) Tool: Central software management system for recording software purchases and entitlements and collecting information about software installations, to allow for analysis of software compliance and software consolidation opportunities. Software licence server information and licence keys are stored in the UQ SAM Tool. The current UQ SAM Tool is Flexera’s FlexNet Manager Platform.

Systems Management Software: Software tools used to deploy licensed software and licence keys to authorised devices, to apply patches and updates, and to remove software when it is no longer required. The current Systems Management Software in use at UQ includes Microsoft System Center Configuration Manager for clients running Microsoft Windows operating systems and Jamf Pro for clients running Apple OSX and iOS operating systems.

Definitive Software Library: Secure software repository in which the media / source files for authorised versions of software are stored and protected. This is a primary component of UQ’s software release and provisioning framework and service continuity plan. The current ITS Definitive Software Library is maintained by the Service Automation Team. Local IT Teams may have additional repositories specific to their supported business units.

Software Knowledgebase: Secure location in which known issues relating to the installation and support of software products is stored for use by IT support staff in providing software support. The current ITS Software Knowledgebase is maintained by Customer Support Services (CSS). Local IT Teams may have additional software knowledge bases specific to their supported business units.

7.3   Definitions

Definitions relating to UQ’s ICT resources and systems are outlined in the Information and Communication Technology Policy. In this Procedure, the following additional definitions apply:

IT Asset Management Committee (ITAM) – The purpose of the IT Asset Management Committee (ITAM) is to ensure the University effectively manages IT software and hardware assets.

Information Technology Governance Committee (ITGC) – The purpose of the Information Technology Governance Committee (ITGC) is to ensure IT objectives are in line with the University's strategic direction and that the stakeholders’ needs are met by governing benefit realisation, risk optimisation and resources optimisation.

IT Support Teams – These teams can be either ITS Customer Support Services or Local IT Teams as defined in Section 4.0.

Software Audit – The process of identifying what software is installed, where it is installed, its usage, and reconciling this against entitlements and software purchase records. Software Audits may be initiated internally to establish UQ’s effective licence position for a software product, or initiated externally by an audit request from a software vendor who has audit rights under the software licence terms for their software product.

Software Licence – A typical software license grants an end-user permission to use one or more copies of software for UQ related use.

 

 

Custodians
Chief Information Officer Mr Rob Moffatt

Procedures

Information and Communication Technolocy - Procedures

Printer-friendly version
Body

1.0   Purpose and Scope

This procedure outlines requirements that consumers of The University of Queensland (UQ or the University) Information and Communication Technology (ICT) resources must comply with regarding access to and use of UQ ICT systems, software and other UQ ICT resources.

This procedure should be read in conjunction with UQ’s Information and Communication Technology Policy and applies to all consumers of UQ ICT resources, as defined in the policy (UQ consumers), including:

  • Students
  • Staff
  • Contractors and consultants
  • Visitors
  • Affiliates and third parties.

Additional requirements regarding the use of UQ email and sending of bulk messages are provided in the Email and Bulk Messaging procedure. 

2.0   Process and Key Controls

  1. The Information Technology Services Division centrally manages the operation of and access to UQ’s ICT resources and systems, including the Learning Management System (LMS).
  2. Proposals to purchase software on behalf of UQ or enter UQ-wide licensing agreements must be:
    1. in accordance with the requirements of this procedure and the Software Asset Management Procedure;
    2. reviewed by Information Technology Services; and
    3. approved in accordance with the Financial and Contract Sub-delegations Procedure.
  3. UQ consumers’ use of UQ ICT resources, systems and software must comply with applicable licence terms and UQ policies and procedures.

3.0   Key Requirements

3.1   Learning Management System

The Learning Management System is UQ’s core eLearning system. While the LMS is centrally managed by Information Technology Services, Course Coordinators and Instructors are responsible for the oversight and management of content requirements in accordance with the Minimum Presence in Blackboard Procedure.

All authenticated UQ students and staff can access an LMS course site for any course they have been enrolled in, for the purposes of teaching or learning.

3.1.1   Course sites

To create a course site in the LMS, Course Coordinators must lodge the Electronic Course Profile (ECP) with Information Technology Services (help@its.uq.edu.au) two weeks before the start of each semester. When the course site is created, Information Technology Services will:

  • publish the ECP in the course site;
  • provide access to the course site for all students who have enrolment in the course; and
  • notify the Course Coordinator.

Course Instructors may apply to Information Technology Services to create a course site without an ECP.  

Course Coordinators must ensure that course materials are added to the course site and notify students enrolled in the course.

To gain access to the relevant LMS course site, Course Instructors may use the automatic or manual procedures, depending on their requirements.

3.1.2   Access to the LMS

All sites within the LMS must have specific guest access settings enabled for all University staff and students. The required settings are configured by default in all newly created course sites. The guest access requirement is limited to learning materials and resources only; collaborative content or assessment information must remain unavailable to guests.

Permission to change the default settings must be sought from the relevant Associate Dean (Academic) by logging a request with Information Technology Services.

Guest Access may be turned off at the course level with permission from the Deputy Vice-Chancellor (Academic). This may occur where it is deemed that there is a risk to copyright or information security.

Guest access to course site information within the LMS is managed at three levels:

  • System level – managed by Information Technology Services.
  • Site level – managed by UQ Course Instructors and Coordinators or support staff.
  • Content areas – UQ Course Instructors and Coordinators or support staff (guest access is on by default for Announcements, Course Profile and Learning Resources).

All authenticated UQ staff or students can locate any course site using the search tool when logged into the LMS. Courses can be searched by subject code or description.

3.1.3   External access

Requests to access LMS course sites for people external to UQ (e.g. guest lecturers, professional peers and those involved in research activities relevant to the teaching activities of the Course Instructor) must be made to Information Technology Services using the approved form. Unless specified by the Course Instructor, external access requests will be for a period of 12 months.

Information Technology Services may request that the Course Instructor provide justification for ongoing provision of access to a person external to UQ.

3.2   Software

3.2.1   Purchasing software for UQ

Prior to purchasing any software on behalf of UQ, consumers must:

  • check the Standard Software Catalogue for suitable software before purchasing new software;
  • comply with the Software Asset Management Procedure;
  • ensure an appropriate number of licences are purchased to cover installation and usage of the software within the Organisational Unit; and
  • ensure the provisions of licences purchased are appropriate for the type of use intended by the Organisational Unit (e.g. academic, research, commercial).

All UQ-wide software licensing agreements that UQ consumers are considering entering into must be:

  • first reviewed by Information Technology Services prior to acceptance; and
  • signed by an appropriate delegate in accordance with the Financial and Contract Sub‑delegations Procedure.

Where software must be registered with the publisher(s) or vendor(s) of the software, “The University of Queensland” must be used as the licensee.

3.2.2   Use of UQ Licensed Software

Software licensed to UQ (UQ Licensed Software) must only be used for purposes legitimately associated with UQ’s operations as a teaching and research institution and in accordance with the relevant software licence terms. This includes online services (i.e. software-as-a-service) licensed to UQ.

The following conditions apply when using UQ Licensed Software to minimise UQ’s risks of copyright infringement or other breach of software licence terms:

  • UQ consumers may use the Microsoft Software Centre (for Windows devices) or Self Service (for Apple devices) to install licensed software on UQ devices.
  • All software installations that are not supported by self-service tools (e.g. Microsoft Software Centre) must be approved by Information Technology Services prior to installation on a UQ device. If approved, and a consumer does not have administrator access, a staff member from the consumer’s IT support team must install the software.
  • UQ Licensed Software must only be used in compliance with the applicable licence terms and conditions.
  • All UQ consumers obtaining or using UQ Licensed Software must understand and obey the terms and conditions for the use of the software.

3.3   Staff Access Extensions and Termination

Access to UQ ICT systems and resources is provided to staff for carrying out University work and for other UQ official business and will be archived 14 days after a staff member’s employment is terminated in UQ’s human resources system.

Staff will receive an email notification prior to termination informing them that they will lose access to UQ’s ICT resources and systems. Staff can request an access extension by having the Head of the Organisational Unit contact Information Technology Services (help@its.uq.edu.au) with authorisation and a new expiration date.

4.0   Roles, Responsibilities and Accountabilities

4.1   UQ consumers

UQ consumers are responsible for complying with this procedure, including:

  • requirements for the purchase of software on behalf of UQ;
  • the use of UQ Licensed Software; and
  • access to and use of UQ ICT resources and systems.

4.2   Course Instructors and Coordinators

Course Instructors and Coordinators must comply with requirements of this procedure in relation to their oversight of the LMS, including but not limited to:

  • the maintenance of course sites and access settings;
  • privacy of student information (including personal information, grades, assessment attempts and communications) on course sites; and
  • availability of assessment material.

Course Instructors and Coordinators must comply with relevant copyright usage permissions when providing content on course sites.

4.3   Supervisors

In addition to their responsibilities as consumers of UQ ICT resources, supervisors are responsible for arranging termination of access to ICT systems and resources for staff members that leave UQ.

5.0   Monitoring, Review and Assurance

The Chief Information Officer is responsible for the implementation and communication of this procedure, including ensuring that UQ consumers are informed of their obligations when accessing and using UQ ICT resources and systems.

Information Technology Services will review this procedure as required to ensure its currency and relevance to the management of ICT systems and resources at UQ.

6.0   Recording and Reporting

Information Technology Services will retain records of account extension requests as described under section 3.3 of this procedure.

Information Technology Services will report breaches of this procedure to the Information Technology Governance Committee.

7.0   Appendix

7.1   Definitions

Definitions relating to UQ’s ICT resources are outlined in the Information and Communication Technology Policy. Additional definitions related to this procedure are included below.

Content level – The configuration settings for each particular content area within individual Learning Management System course sites. These settings are set by default but can be changed by Course Coordinators and Instructors.

Course Coordinator – The staff member responsible for the delivery of the course. The Course Coordinator nominated in the Electronic Course Profile is automatically assigned the 'Course Instructor' role in the Learning Management System.

Course Instructor – A role within the Learning Management System that is automatically assigned to the Course Coordinator based on the information provided in the Electronic Course Profile. Anyone with a role of Lecturer when the Electronic Course Profile is published, will also be created as a Course Instructor.

Course sites – An online learning environment within the Learning Management System, typically related to a SI-net course.

Electronic Course Profile (ECP) – The ECP contains information on courses including administrative details, aims, objectives, learning resources required, course learning and teaching activities, assessment tasks and policies.

Guest Access – Limited default access UQ staff and students have to all Learning Management System course sites.

Site level – The configuration settings for each specific site in the Learning Management System, which are set at the time of course creation, and are the same for all new courses.

System level – The configuration settings that apply to the entire Learning Management System.

Custodians
Chief Information Officer Mr Rob Moffatt

Guidelines

Acceptable Use of UQ ICT Resources - Guidelines

Printer-friendly version
Body

1.0   Purpose and Scope

The purpose of this guideline is to support the Information and Communication Technology Policy by providing further information regarding acceptable use of UQ ICT resources, including personal use. This is a UQ-wide guideline that applies to all consumers of UQ ICT resources, as defined in the policy.

2.0   Acceptable Use of UQ ICT Resources

Acceptable use can most easily be illustrated by examples of unacceptable use. The following are examples of what may be considered inappropriate use of ICT resources. In instances where such use is required for legitimate research or teaching purposes, an exception may be approved.

  1. Knowingly downloading, storing, distributing and viewing of offensive, obscene, indecent, pornographic, or menacing material. This could include, but not limited to pornography, hate sites, gratuitous violence and sites using frequent and highlighted bad language.
  2. Destruction of or damage to equipment, software, or data belonging to The University of Queensland.
  3. Playing of games is not permitted by staff within work hours. Students should also not use UQ resources for playing games unless it is a legitimate requirement of their studies. Games can require a large amount of internal storage and potentially long play periods breaching the UQ minimal use standard. The loading of such software also potentially has software licensing and security concerns.
  4. When sending any emails, the University policies with respect to gender, race, sexual harassment, bullying and language use (e.g. Code of Conduct and Student Charter) apply. Emails and stored information are subject to the Freedom of Information Act.
  5. UQ facilities should not be used for private business use unless written permission has been received from the Head of the Organisational Unit.
  6. Screen savers and wallpapers that could be considered of an offensive nature are inappropriate in a work environment.

3.0   Limited Personal Use

The reason for limiting personal use is that such use of resources incurs a cost to the University and any use which is not a University purpose represents a potential misuse of University resources.

Individual personal use may result in relatively small costs being incurred. Continued use or collective use across the University however, may incur many thousands of dollars of costs to the University per annum; money that would be better spent furthering University objectives.

It can be difficult to determine exactly how much personal use is acceptable, which is why such use should be kept to a minimum. UQ staff should discuss with their supervisor or manager if they require personal use of these resources. The following sections will provide examples to further clarify this use.

3.1   Personal Use of UQ Phones

UQ phones should be used for work or study-related purposes. It may be acceptable for a staff member to make an urgent phone call using a UQ telephone during work hours if approved by their supervisor.

However, if a staff member were to make repeated calls or calls to international recipients, using a UQ phone during work hours, this use would be considered unacceptable as it incurs significant cost to the University and consumes a high volume of work time.

3.2   Personal Use of UQ Email

Your UQ email should only be used for work or study-related purposes. Your UQ email account should not be used to:

  1. portray or promote political beliefs or ideologies (this includes using your UQ email to organise political events or meetings);
  2. sign up to online services that are not related to your work or study;
  3. appear to represent the University in your personal activities; or
  4. send messages to large volumes of recipients (approval for bulk messaging is outlined in the Email and Bulk Messaging Procedure).

3.3   Personal Use of UQ Networks

The UQ network should not be used in a manner that impacts network performance (e.g. downloading large volumes of files) unless it is for study or work purposes. Consumers should not use the UQ network to access websites that are inappropriate (see 2.0.a. for examples).

Staff should not be using the internet for purposes unrelated to work during work hours. In some cases

– as discussed and approved by your supervisor – it may be acceptable for a staff member to use the network for minor personal purposes. For example, a supervisor may approve a staff member to use the network to check an urgent personal email or pay a bill during a quiet period. On the contrary, it would be unacceptable for a staff member to browse social media websites for extended periods of time. This use would be considered unacceptable as it incurs significant cost to the University and consumes work time that would be better utilised furthering UQ objectives.

Custodians
Chief Information Officer Mr Rob Moffatt

Forms

Printer-friendly version

Internet Access Permission for Under 18's - Form

Internet Access Permission for Under 18's - Form

Printer-friendly version
Body
Description: 

Commonwealth legislation and internet service provider industry codes require UQ to ensure that internet access accounts are not provided to people under the age of eighteen years without the consent of a parent, teacher or other responsible adult.

Further details are available at http://www.commsalliance.com.au/Activities/ispi

To receive full access to the internet, if you are under the age of eighteen, please complete and submit this application according to directions on the form.

Custodians
Chief Information Officer Mr Rob Moffatt
Custodians
Chief Information Officer Mr Rob Moffatt
Custodians
Chief Information Officer Mr Rob Moffatt