Policy

Information and Communication Technology - Policy

Printer-friendly version
Body

1.0   Purpose and Scope

The University of Queensland (UQ or the University) is committed to providing Information and Communication Technology (ICT) resources to support, enable and enhance its activities.

This policy:

  • outlines acceptable use (and misuse) of UQ ICT resources;
  • supports UQ through effective provisioning and management of ICT resources; and
  • seeks to protect UQ’s reputation and safeguard its resources.

This policy should be read in conjunction with other ICT policies and procedures.

1.1   Scope

This policy applies to consumers of UQ ICT resources or UQ information including, but not limited to:

  • Students;
  • Staff;
  • Contractors and consultants;
  • Visitors;
  • Affiliates and third parties.

Consumers that are connected to UQ networks or services must comply with this policy, irrespective of location or device ownership (e.g. personally-owned computers). The Chief Information Officer must approve exceptions to this policy.

2.0   Principles and Key Requirements

ICT is of critical importance to UQ activities. All consumers of UQ ICT resources are expected to use these facilities and services appropriately and reasonably.

2.1   Access to ICT Systems and Resources

Access to ICT systems and resources is provided to consumers for carrying out University work, study, or for other UQ purposes. UQ incurs costs in providing ICT systems and resources, and access is not provided to consumers unconditionally. The following conditions apply:

  1. Consumers must not share account login details such as usernames or passwords.
  2. Passwords should be secure. Password recommendations are included in the Appendix (see section 6.4).
  3. Staff access to UQ ICT systems and resources is terminated when employment with UQ ceases. Account access may be extended in some circumstances, as outlined in the Information and Communication Technology Procedure.
  4. UQ reserves the right to limit, suspend or remove access where necessary.
  5. UQ will take appropriate steps to ensure Internet access is granted to minors in compliance with legislative requirements.
  6. UQ will endeavour to make online services accessible in alignment with industry best practices and accessibility guidelines.
  7. Administrator access to UQ computers will only be granted where necessary and with appropriate approval.
  8. Passwords must be changed at least once every 24 months.

2.2   Software

Software licensed to UQ (UQ Licensed Software) must only be used for purposes legitimately associated with UQ’s operations and in accordance with the relevant software licence terms. This includes online services (i.e. software-as-a-service) licensed to UQ.

Consumers must not install software on UQ devices that is not appropriately licensed to UQ.

The following conditions of use are intended to inform consumers of their responsibilities when using UQ Licensed Software and to minimise UQ’s risks of copyright infringement, or other breaches of software licence terms:

  1. All UQ Licensed Software will only be used in compliance with the applicable licence terms and conditions.
  2. Consumers should be aware of and comply with the terms and conditions of any software that is being used.
  3. Delegates identified within the Contractual Delegations Policy are the only individuals at UQ that are authorised to approve software agreements on behalf of the University.
  4. Information and communication technology procedures outline roles and responsibilities of IT staff and consumers when purchasing and installing software.
  5. UQ Licensed Software must not be installed on personally-owned devices, unless explicitly permitted in the applicable licensing agreement and by management.
  6. Installation files for UQ Licensed Software must not be unlawfully copied, and unlawfully copied software must not be used or installed on UQ devices.
  7. UQ Licensed Software master media and licence keys (where applicable) should be securely stored in order to avoid theft or unauthorised use or copying.

2.3   Acceptable Use of ICT Resources

UQ requires all consumers of its ICT resources to do so in an authorised, responsible, ethical, equitable and legal manner and in accordance with the UQ Code of Conduct and Student Charter. Incidental personal use of University ICT resources is permitted. Such use must be kept to a minimum.

While UQ acknowledges that exceptions may exist under certain circumstances, unauthorised use of ICT resources may lead to increased cost, risk, and reputational damage to UQ. Consumers should be aware that UQ ICT resources must not be used:

  • for gambling purposes;
  • in a manner that constitutes an infringement of copyright; or
  • to access, store or transmit pornographic, racist, violent, or any other unacceptable or harmful material.

Consumers’ use of UQ’s ICT systems and resources may be monitored (see section 4.0 of this policy).

2.4   Misuse of UQ ICT Resources

The Chief Information Officer may authorise an investigation into alleged misuse. If allegations are deemed to be valid and of a serious nature, evidence of misuse will be reported to the appropriate body:

2.5   Email and Bulk Messaging

UQ recognises the importance of email for efficient communication. Unauthorised use of email can result in security risks and reputational damage. The measures below apply to consumers of UQ ICT resources.

  1. Information Technology Services will maintain the official email system for UQ, internally or through an agreement with an external service provider.
  2. If an Organisational Unit wishes to maintain its own email server, approval must be obtained from the Chief Information Officer.
  3. A UQ email address must be used for the delivery of all official UQ email.
  4. Staff must not use external email accounts (e.g. Gmail, BigPond or Hotmail) for UQ correspondence.
  5. Retiring academic staff are eligible to retain access to their email account when employment with UQ ceases. Accounts with no activity for a period of 12 months will be suspended.
  6. Students, Alumni, volunteers, Academic Title Holders and Honoraries may forward their UQ email to another account or provider. Staff email accounts must not be forwarded to an external provider without approval which must be signed by the head of the Organisational Unit or their delegate.
  7. UQ may communicate to its staff and students, through its authorised managers, information which:
    1. is relevant to UQ as a whole (e.g. to all UQ or large groups of staff or students) or to particular sections of the UQ such as Faculties, Schools or Divisions; and
    2. is required for the effective functioning of the University or the relevant organisational unit; or which covers issues, policies, corporate events or decisions with a direct connection to the work of the University and its key organisational units.
  8. Consumers must not send messages to a large number of recipients (e.g. all staff, all students, alumni, or a large volume of external users) without approval, as outlined in the Email and Bulk Messaging Procedure.
  9. Consumers may delegate mailbox access when required. If a consumer is unable to delegate mailbox access, authorisation must be provided by the Chief Information Officer.

2.6   Digital Presence

UQ’s digital presence includes websites, web applications, mobile applications and other means of providing information and services online. UQ’s digital presence must:

  • Comply with relevant legislation and UQ’s policies and procedures;
  • Meet the needs of consumers;
  • Be cohesive and consistent;
  • Be accurate and up-to-date.

UQ will create and maintain its digital presence in accordance with the UQ Digital Presence Procedure.

2.7   Information Management and Cyber Security

UQ seeks to respect the privacy and confidentiality of consumers and protect its information and assets. The following policies cover these matters:

  • Information Management Policy;
  • Cyber Security Policy;
  • Privacy Management Policy.

All UQ computers, laptops, and tablets (where possible) must have UQ’s anti-virus software installed. If a computer is unable to run UQ’s anti-virus software it presents a security risk and must not be used to access UQ’s ICT resources or information. Any exceptions must be made using the Cyber Security Exceptions Procedure.

3.0   Roles, Responsibilities and Accountabilities

3.1   Consumers of UQ ICT Resources

Consumers are responsible for being aware of and complying with this policy. Consumers should also be aware that:

  • use of UQ ICT resources is subject to Australian laws and other relevant UQ policies. This includes but is not limited to copyright, breach of confidence, defamation, privacy, contempt of court, bullying and cyber-bullying, harassment, vilification, anti‑discrimination, wilful damage and computer hacking; and
  • access to some third party applications and content has separate contractual arrangements and terms and conditions, which may apply over and above this policy.

It is the responsibility of consumers to check and maintain their UQ email account regularly.

3.2   Information Technology Staff

Information Technology staff are responsible for:

  • provisioning ICT resources (e.g. consumer accounts, file storage, access to systems);
  • monitoring the use of resources to determine violations of authorised use;
  • technical enforcement of this policy including –
    • preventing and monitoring access to inappropriate content;
    • suspending consumer access when required and approved by Chief Information Officer; and
  • complying with local standard operating procedures where applicable.

3.3   Chief Information Officer

The Chief Information Officer is responsible for:

  • ensuring that IT staff members are resourced to investigate alleged misuse;
  • authorising the suspension of consumer accounts following investigations of misuse; and
  • ensuring this policy is enforced and maintained.

4.0   Monitoring, Review and Assurance

To improve services and protect consumers, UQ reserves the right to monitor access and usage of all UQ ICT systems and resources. Consumers should be aware that use of UQ ICT resources, including email, is not considered private, and that UQ may monitor, access, restrict, terminate or suspend accounts with approval from the Chief Information Officer or their delegate.

UQ will meet its data retention obligations under Schedule 1 of the Telecommunications (Interception and Access) Act 1979 (Cth), recognising that UQ will rely on the 'immediate circle' exclusion for any relevant services provided only to persons who are 'inherently connected to the functions of the University'.

5.0   Recording and Reporting

All usage (e.g. email, hard drives, or network use) may be recorded for the purposes of security and risk management (e.g. backups, performance monitoring, or compliance requirements).

Consumers who become aware of possible breaches of this policy must report it to either:

  • Information Technology Services; or
  • the head of their Organisational Unit.

Breaches of this policy may be reported to UQ’s Information Technology Governance Committee, the Chief Information Officer, the Chief Human Resources Officer or to the appropriate external authorities, which may result in civil or criminal proceedings.

6.0   Appendix

6.1   Related Policies

Information Management Policy

Cyber Security Policy;

Privacy Management Policy

6.2   Related Legislation

Telecommunications (Interception and Access) Act 1979 (Cth)

Privacy Act 1988 (Cth)

6.3   Definitions

Consumer – all staff, students, visitors, contractors, third parties, clinical and adjunct title holders, affiliates, alumni and all other people who access UQ's systems, networks or other ICT resources.

UQ ICT Resources – any UQ IT system or asset, including but not limited to:

  • Networks (wireless and wired);
  • Property and facilities;
  • Equipment whether owned or leased by UQ including telephony, computers, servers, storage, including its associated hardware and software;
  • UQ websites and systems (applications);
  • Data, information and video;
  • Accounts.

ITS – Information Technology Services.

SITC – Strategic Information Technology Committee.

ITGC – Information Technology Governance Committee.

Unacceptable Material – includes materials not related to delivery of UQ’s core purpose or its effective operations, including but not limited to:

  • Pornography;
  • Violent content;
  • Racist content;
  • Gambling or content relating to gambling;
  • Viruses and malware;
  • Games.

Software – includes, but is not limited to, purchased or commercial software, sound, graphics, images, or datasets; shareware; freeware; and electronically stored documentation and the media that holds it. This includes online services (i.e. software-as-a-service) licensed to UQ. Not included in this definition are non-copyrighted computer data files that have no significance beyond the individual or organisational unit.

Software Licence Compliance – clear documentation that the number of legally obtained and genuine software licences matches the number of installed instances of a given software product on the University’s systems or devices.

6.4   Password Recommendations

When choosing a password:

  • Use at least 8 characters including at least 1 letter and 1 number or special character
    • Approved special characters include: #  $  %  '  (       )  *  +  ,  -  /  :  ;  <  =  >  [  ]  ^  _  `  {  |  }  ~
  • Do not use your name, phone number, date of birth or other identifiable information.
  • Do not use a password you have used previously.

6.4.1   Suggestions for a Strong Password

  • Use five unrelated words with some non-alphabetic characters. Try to create a phrase that is easy to remember, but difficult to guess. Alternately, you could use the first letter from each word of a phrase to form an easily remembered password.
  • Avoid using any date as your password.
  • Mix upper and lowercase. Avoid capitalising only the first or last letter (e.g. Mich37bo is not as secure as mICh37Bo).
  • Avoid using personal information. This includes your maiden name, car registration number, address or family member’s name. 
  • Avoid duplicating characters (aaabbbccc) or keyboard patterns (qwertyuiop). These can easily be seen by someone watching you type.
Custodians
Chief Information Officer Mr Rob Moffatt

Forms

Printer-friendly version

Staff Internet Access: Permission for Under 18s

Staff Internet Access: Permission for Under 18s

Printer-friendly version
Body
Description: 

Commonwealth legislation and internet service provider industry codes require UQ to ensure that internet access accounts are not provided to people under the age of eighteen years without the consent of a parent, teacher or other responsible adult.

Further details are available at http://www.commsalliance.com.au/Activities/ispi

To receive full access to the internet, if you are under the age of eighteen, please complete and submit this application according to directions on the form.

If you are a student, visit the student internet access page for more information.

Custodians
Chief Information Officer Mr Rob Moffatt
Custodians
Chief Information Officer Mr Rob Moffatt
Custodians
Chief Information Officer Mr Rob Moffatt