Procedures

UQ Software - Procedures

Printer-friendly version
Body

1. Purpose and Objectives

This procedure informs all UQ staff of their rights and responsibilities when using software at the University and is designed to minimise the risks of a copyright infringement by the University and possible breaches of software licence terms.

This procedure must be read in conjunction with the Policy for Acceptable use of UQ ICT Resources and the associated procedures and guidelines related to specific ICT‑related hardware, software and applications.

2. Definitions, Terms, Acronyms

Information Communication Technology (ICT) products and services - all types of technology (data, voice, video etc) and associated resources which relate to the capture, storage, retrieval, transfer, communication or dissemination of information through the use of electronic media.

Enterprise Agreement - The University of Queensland Enterprise Agreement 2014 - 2017

SIMC - Strategic Information Management Committee

Software - includes, but is not limited to, purchased or commercial software, sound, graphics, images, or datasets; shareware; freeware; and electronically stored documentation and the media that holds it. Not included in this definition are non-copyrighted computer data files that have no significance beyond the individual or organisational unit.

Software Licence/Licence Agreement/End-User Licence Agreement (EULA) - A legal instrument (usually by way of contract law) governing the usage or redistribution of software. All software is copyright protected, except material in the public domain. A typical software license grants an end-user permission to use one or more copies of software in ways where such a use would otherwise potentially constitute copyright infringement of the software owner's exclusive rights under copyright law.

Software Piracy - unauthorised copying or distribution of copyrighted software. This can be done by copying, downloading, sharing, selling, or installing multiple copies onto personal or work computers.

Software Audit - A process that identifies what software is installed, where it is installed, its usage, and provides a reconciliation of this discovery against usage. From time to time internal (driven by UQ) or external (vendor driven) audits may take a forensic approach to establish what is installed on the computers in an organisation with the purpose of ensuring that it is all legal and authorised and to ensure that the process of processing transactions or events is correct.

Software Licence Compliance - Clear documentation that the number of legally obtained and genuine software licences matches the number of installed instances of a given software product on the University’s systems or devices.

Software Licensing Points of Contact (POC) - A staff member within each organisational unit who is responsible for:

  • Tracking all software orders and provide purchasing support for their organisational unit
  • Maintaining the unit’s software licence repository as required by the UQ Software Policy
  • Tracking all software installs and changes to installs.
  • Ensuring the unit is accountable and audit‑ready
  • Acting as a liaison between the organisational unit and ITS Procurement for all software licensing related issues.

UQ ITAM - Central IT hardware and software management system

3. Procedures Scope/Coverage

The diverse and geographically dispersed framework of the University increases the risk of exposure to non-compliance of the Copyright Act and software license agreements.

The following procedure will therefore apply to the use of software within The University of Queensland and its affiliates.

4. Procedures Statement

This procedure provides additional detail on software in respect of procurement, licence compliance, responsible use, audits and penalties for non-compliance. Details on each of these aspects are outlined in sections 5 – 9 below.

5. Software Procurement

5.1 All software in use within The University of Queensland must be for legitimate work purposes, approved by management prior to installation and appropriately purchased according to the licence terms and conditions and the University’s financial management policies and procedures.

5.2 Where the University's licensing agreements do not allow use of the software on personally owned equipment staff must purchase their own legally licensed copies of the software.

5.3 Software that is not otherwise available for free under the terms of its accompanying licence (for example: commercial software) must be purchased through ITS Procurement or nominated POC of the organisational unit.

5.4 Software purchased through ITS Procurement will be automatically recorded for compliance purposes in the ITAM system.

5.5 The same purchasing rules apply to online software purchases as purchases using traditional mechanisms.

5.6 Software purchases must take advantage of existing volume discounts, site licences, preferred supplier agreements or any other mechanism to reduce costs.

5.7 During the process of purchasing software, nominated POCs of organisational units are required to check within the ITAM tool for the existence of current agreements, and with ITS Procurement for planned agreements and intended software purchases.

5.8 Acquisition of new site and volume licence agreements must be coordinated by ITS Procurement to ensure that correct University procedures for negotiating and signing new legal agreements are followed.

5.9 All University-wide software licensing agreements that the University or its affiliates may enter into must be first reviewed by the UQ Legal Office prior to acceptance and must be signed by the Chief Operating Officer on behalf of The University of Queensland. The Director ITS can also sign selected agreements, for example: renewal of ongoing licence agreements.

5.10 Where software must be registered with the author(s) or vendor(s) of the software, “The University of Queensland” must be used as the licensee Name where possible.

5.11 Staff must follow any additional applicable procedures and guidelines that the University may from time to time issue through an authorised organisational unit.

6. Software Licence Compliance

6.1 All software in use within The University of Queensland must be used in compliance with the accompanying licence terms and conditions.

6.2 Staff obtaining and/or using software must make themselves aware of their obligations regarding the possession and use of the software.

6.3 Heads of organisational units are responsible for nominating a POC within their unit to maintain the Unit’s software register through the ITAM system and to liaise with ITS Procurement for software purchasing.

6.4 An appropriate number of licences must be purchased to reflect the level of usage of the software within the organisational unit.

6.5 The type of licences purchased must reflect the use to which the software will be put and the manner of deployment being employed by the organisational unit.

ITS Procurement can provide advice on these issues.

6.6 Staff will not unlawfully copy software installation media or use copies of illegal software.

6.7 ITS Procurement will update the ITAM system with licence records for any site licences or software that has been purchased through ITS Procurement. POCs will create licence records for any software purchased directly from suppliers.

6.8 POCs will periodically liaise with ITS Procurement for validating the register of software licences for their Organisational Unit.

6.9 If any system or device is found to be running software that is either unlicensed, or unregistered with ITS Procurement or the Software Licensing POC person within the organisational unit, the Director, ITS may immediately remove network access from such a device until satisfied that the software has either been licensed and registered or removed.

6.10 Use of software covered under University licence agreements on personally owned hardware is not allowed except where expressly covered under the terms and conditions of the licensing agreement for that software.

6.11 In cases where use of licensed software by staff on personally owned systems is allowed, the software must be used in accordance with the stated terms and conditions of the licence agreement and it is the staff member's responsibility to make themselves familiar and comply with those terms and conditions.

7. Responsible Use of Software

7.1 Software master media (where applicable) must be securely stored in order to avoid theft and/or unauthorised use or copying.

7.2 Any software no longer required (for example: surplus, obsolete) should be uninstalled, redeployed, disposed of or returned in accordance with the agreed licence terms and conditions.

8. Software Audits

8.1 Copyright owners can obtain the right, through an Anton Piller order, to enter business premises, unannounced, and search for evidence of illegal copying of software.

8.2 Additionally, many of the licence agreements agreed to by the University give the copyright owner the right to audit, with notice, the University’s systems for evidence of non-compliance with contract terms.

8.3 Heads of organisational units may request the Director, ITS to undertake a software audit as part of an agreed Services Portfolio for ITS support of their systems. This service may incur an additional charge and Heads should contact ITS to discuss this.

8.4 The Director, ITS is not obliged to report on software which has been purchased outside of ITS Procurement but may choose to do so.

8.5 Where Heads of organisational units have no agreed services portfolio with ITS, they remain responsible for using the ITAM system to produce a software audit report of their Unit’s systems and devices when required.

8.6 Any software discovered during these audits which is not recorded in the ITAM system should have an appropriate licence purchased as needed, should be removed immediately, or if purchase records can be found it should be added to the ITAM system.

8.7 Organisational unit POC’s will ensure that the ITAM system is maintained accurately and that the inventory agent is deployed so that the system can produce compliance information showing a comparison of actual use against licences held when requested by SIMC or the Director, ITS to fulfil an auditing request.

8.8 Staff are required to notify their supervisor or their organisational unit Head of any illegal copies of software or related documentation of which they become aware. As necessary/appropriate such issues may be reported under the Public Interest Disclosure Act as outlined in PPL 1.60.03 Public Interest Disclosure Policy.

8.9 If staff receive an audit letter, this should be passed onto the Legal Office and under no circumstances should discussions be entered into with the author/vendor by other than the Legal Office.

9. Penalties for Non-Compliance

9.1 University

Disciplinary action may be taken against staff engaged in the unlawful copying, use or distribution of software, as per the Misconduct/Serious Misconduct clauses in the Enterprise Agreement.

9.2 Criminal penalties as per the Copyright Act 1968 (Cth)

  • Fines up to $93,500 and /or up to five years imprisonment for individuals
  • Fines up to $467,500 and/or up to five years imprisonment for companies.

9.3 Civil penalties as per the Copyright Act 1968 (Cth)

Making or using illegal copies of software for your personal use or at work is a civil offence under the Copyright Act and offenders are liable for:

  • Damages of an unlimited amount (determined by the Court)
  • Court costs in many circumstances, which can also be substantial.
Custodians
Director, Information Technology Services
Mr Rob Moffatt

Guidelines

UQ Software - Guidelines

Printer-friendly version
Body

1. Purpose and Objectives

This guideline details the specific actions and process that must be followed to implement the UQ Software Procedures. The guideline outlines the responsibilities of all users of software at UQ.

2. Definitions, Terms, Acronyms

Software - includes, but is not limited to, purchased or commercial software, sound, graphics, images, or datasets; shareware; freeware; and electronically stored documentation and the media that holds it. Not included in this definition are non-copyrighted computer data files that have no significance beyond the individual or organisational unit.

Software Licence/Licence Agreement/End-User Licence Agreement (EULA) - A legal instrument (usually by way of contract law) governing the usage or redistribution of software. All software is copyright protected, except material in the public domain. A typical software license grants an end-user permission to use one or more copies of software in ways where such a use would otherwise potentially constitute copyright infringement of the software owner's exclusive rights under copyright law.

Software Piracy - unauthorised copying or distribution of copyrighted software. This can be done by copying, downloading, sharing, selling, or installing multiple copies onto personal or work computers.

Software Audit - A process that identifies what software is installed, where it is installed, its usage, and provides a reconciliation of this discovery against usage.  From time to time internal (driven by UQ) or external (vendor driven) audits may take a forensic approach to establish what is installed on the computers in an organisation with the purpose of ensuring that it is all legal and authorised and to ensure that the process of processing transactions or events is correct.

Software Licence Compliance - Clear documentation that the number of legally obtained and genuine software licences matches the number of installed instances of a given software product on the University’s systems or devices.

UQ ITAM - Central IT hardware and software management system.

3. Guidelines Scope/Coverage

The diverse and geographically dispersed framework of the University increases the risk of exposure to non-compliance of the Copyright Act and software license agreements.

The following guidelines will therefore apply to software used within The University of Queensland and its affiliates.

4. Guidelines Statement

This guideline provides additional detail on software in respect of the copyright act, software piracy, defining illegality, software license compliance and software audits. Details on each of these aspects are outlined in sections 5 – 9 below.

5. Copyright Act 1968 (Cth)

5.1 The Copyright Act 1968 (Cth) grants rights to software developers and licensed distributors of proprietary software. The Act provides for civil actions and remedies as well as criminal offences and penalties for infringements of copyright.

5.2 In addition, under legislation brought into law on 1 January 2005, illegal software does not have to be sold for direct financial gain to constitute a criminal offence. Section 132 (1) (a) of the Copyright Act has been amended to make it a criminal offence if a person makes an infringing copy of software with the intention of obtaining a commercial advantage or profit and if the person knows or ought reasonably to know that the copy is infringing copyright.

5.3 Use of illegal software in a business or organisation can constitute a criminal offence as commercial advantage is inherent in using any software in a business or professional context and because commercial advantage has been derived from making or using an illegal copy of the software instead of buying a licence for it. Furthermore, the Explanatory Memorandum which accompanies the new Act states: "The offences regime in Section 132 applies to all forms of activity referred to as business end-user piracy."

5.4 An important aspect of the new legislation is that the wording makes it a criminal offence if a person knows or ought reasonably to know that software is infringing copyright. University supervisory staff could be held liable even if they are unaware or not directly involved in piracy on the expectation of supervisory responsibility. Supervisors can, in some circumstances, also be personally prosecuted.

5.5 The University views its responsibilities to copyright owners seriously and recognises that the UQ Software Procedures and clear internal processes will contribute to minimising the risks of a copyright infringement by the University and possible breaches of software licence terms.

6. Software Piracy

Software piracy is the unauthorized copying or distribution of copyrighted software. This can be done by copying, downloading, sharing, selling, or installing multiple copies onto personal or work computers. The purchase of software is actually the purchase of a license to use the software, not the software itself. The license defines how many times the software can be installed, so it is important to read it. If you make more copies of the software than the license permits, you are pirating.

6.1 Examples of software piracy

Information provided from the BSA’s Australian Website, http://www.bsa.org/country.aspx?sc_lang=en-AU

6.1.1 End user piracy

This occurs when someone reproduces copies of software without authorisation.

End user piracy can take the following forms:

  • Using one licensed copy to install a program on multiple computers;
  • Copying software for installation and distribution;
  • Taking advantage of upgrade offers without having a legal copy of the version to be upgraded;
  • Acquiring academic or other restricted or non-retail software for commercial use;
  • Swapping disks in or outside the workplace.

6.1.2 Client-server overuse

This type of piracy occurs when too many employees on a network are using a central copy of a program at the same time. If you have a local-area network and install programs on the server for several people to use, you have to be sure your license entitles you to do so. If you have more users than allowed by the license, that is 'overuse'.

6.1.3 Internet piracy

This occurs when software is downloaded from the Internet other than in compliance with the licence terms and conditions. The same purchasing rules should apply to online software purchase as for those bought in traditional ways. Internet piracy can take the following forms:

  • Pirate websites that make software available for free download or in exchange for uploaded programs;
  • Internet auction sites that offer counterfeit, out-of-channel, infringing copyright software;
  • Peer-to-Peer networks that enable unauthorised transfer of copyrighted programs.

7. What is Illegal?

This is a non-exhaustive list of those activities deemed illegal under the current law provided from the BSA’s Australian website, http://www.bsa.org/country.aspx?sc_lang=en-AU

It is illegal:

  • To copy software or accompanying documentation (e.g. manuals), without the permission of the copyright owner
  • To make, use or distribute illegal software copies
  • To run a copyrighted software program on two or more computers simultaneously unless the licence agreement specifically allows this (i.e. a multi-user or site licence)
  • For companies to authorise, encourage, allow, compel or request employees to make, use or distribute illegal software copies
  • To make unauthorised copies of software because a superior, colleague or friend requests or compels it
  • To import software into Australia for commercial purposes without the permission of the copyright owner
  • To distribute software which has been imported into Australia without permission of the copyright owner
  • To withhold knowledge that the criminal law against unauthorised software copying is being breached
  • To loan software so that a copy can be made, or to copy software while it is on loan.

8. Software Licence Compliance

8.1 Software licence compliance requires that licensed software be used in accordance with the terms and conditions contained in the licence agreement.

8.2 Software licence compliance also requires clear documentation that the number of legally obtained (genuine software licences) matches the number of a given product configured on the organisation’s computing devices.

8.3 UQ’s Software Licence compliance tool (ITAM) provides a comprehensive system that tracks purchasing and software usage to allow UQ to manage software compliance. It is now compulsory for all UQ organisation units to use ITAM for software compliance, for further information on gaining access to the tool and training see the ITS website for more details.

9. Software Audits

9.1 Copyright owners can obtain the right, through an Anton Piller order, to enter business premises, unannounced, and search for evidence of illegal copying of software.

9.2 Additionally, many of the licence agreements agreed to by yhe University give the copyright owner the right to audit, with notice, the University’s systems for evidence of non-compliance with contract terms.

Custodians
Director, Information Technology Services
Mr Rob Moffatt
Custodians
Director, Information Technology Services
Mr Rob Moffatt