Scope

This policy applies to all users of Griffith University Information Technology resources regardless of your relationship with the University and irrespective of whether those resources are accessed on or off-campus.

Rationale

Information Technology resources are essential for accomplishing Griffith University's mission of pursuing excellence in teaching and learning, research and community service. Members of the University community are granted shared access to these resources, which must be used and managed responsibly to ensure their integrity, security and availability for appropriate educational and business activities. This IT Code of Practice provides guidance to authorised users for the appropriate use of the University's Information Technology resources.

Statement

Within this IT Code of Practice, Information Technology resources include but are not limited to all standalone or networked computers, hand held devices, all forms of communication equipment, and software owned or leased by the University, including, but not limited to externally hosted applications, for example, email, blogs and social networking sites.

This IT Code of Practice is intended to operate within, and be consistent with, existing State and Commonwealth Law, and University law and policies in areas such as sexual harassment, discrimination, equal opportunity, freedom of information, copyright, defamation, discipline and misconduct. It is intended to encourage responsible action and good judgement and to protect privacy.

Sanctions will be enforced if you act irresponsibly and disregard your obligations to other users, or to the University as the provider of Information Technology resources. Inappropriate use of University provided Information Technology resources may also result in suspension, expulsion, termination of employment, legal action, or other disciplinary action.

Procedures

Determination of responsibilities

It is your responsibility to become familiar with the rules governing use of the University's Information Technology resources.

Users who are authorised to permit other persons to use the University's Information Technology resources must ensure that those persons are made aware of the rules governing use of the University's Information Technology resources and have them sign or otherwise acknowledge that they will carry out their responsibilities under these rules.

Users learning of any violation of any of this IT Code of Practice must bring this matter to the attention of an appropriate officer (e.g. head of element, supervisor, lecturer, and Information Services staff) within the University without delay.

Authorised access

• Use of equipment, software and access to the Internet via the University IT resources is provisioned conditionally to those with proper authorisation. University staff and authorised associated persons may be provided with Internet Access for University purposes upon authorisation from relevant faculty or Business Unit (e.g., Head of School/Office Director or nominee). Students receive authorisation upon enrolment at Griffith University.
• Responsibility and accountability for IT security is the shared responsibility of all users. You will be held responsible for all activities which originate from your account. It is your responsibility to ensure that your passwords, accounts, software and data are adequately secured.
• If you know or suspect that another person has gained unauthorised access to your account, you must immediately notify the Division of Information Services on 3735 5555.
• You must not use any means, electronic, social engineering or otherwise, to discover others' passwords.

Appropriate Use

Griffith University technology resources and infrastructure including, but not limited to, desktop computers, laptops, tablets, smartphones, intranet, internet access, wireless network, telephone system, web services, instant messaging, social media and email services may only be used for University purposes and limited personal use, as outlined below.

Statutory Requirements

You must not use the University IT resources to violate or breach any Local, State, Commonwealth or International Law. All information, data or files created, downloaded or stored by users while employed or enrolled at the University can be monitored and subject to investigation. All electronic messages are official documents, subject to the same laws as any other form of correspondence. They are subject to statutory record keeping requirements and can be subpoenaed during legal processes.

Limited Personal Use

Limited personal use is the use of University IT resources to support activities that do not directly relate to University employment or studies. Examples of limited personal use include researching holidays, checking personal emails or social media.

Limited personal use must not require substantial expenditure of time, adversely affect University IT resources or breach the University’s Code of Conduct.

Where personal use adversely affects University business, the user may be asked to minimise their personal use.

Prohibited Activities

The University allows its staff to use IT resources for limited extracurricular or non-work-related activities. These activities must not be illegal or potentially bring the University into disrepute, and they must not negatively impact the University's IT infrastructure.

Activities which are prohibited include, but are not limited to, the use of Griffith IT resources to do the following:

• support or promote political campaigns, candidates, legislation or ballot issues;
• send mass messages of a commercial, political, lobbying or fundraising nature;
• forward electronic "petitions", or to ask recipients to forward messages;
• send anonymous messages;
• solicit support (financial or otherwise) for charity, or special causes not connected with a Griffith University effort;
• send unverified public service announcements (such as virus alerts, unsafe products, lost and found, etc.).
• access websites, peer-to-peer services, bit torrent services, drop-box services, FTP servers etc to send/upload or receive/download for printing and/or distribution any copyrighted materials including with limitation, music, movies, photographs, printed materials, or any other proprietary or protected information.
• any activities for private business, personal gain or profit.

Offensive and Illegal Material

You should not use the University IT resources to create, download, distribute, store or display any offensive or illegal material.

Material that has the potential to cause offence or would normally be regarded as inappropriate should not be used unless a genuine reason exists (i.e. to support teaching, learning or research activities) and the reason for the use must be documented and approved the relevant supervisor.

Inappropriate Internet sites include but are not limited to:

• sites that are illegal or hold illegal content;
• sites that are pornographic or contain inappropriate sexual material;
• sites that advocate hate or violence;

The University regularly audits such sites and reserves the right to remove / remove access to, such material from its resources without notice.

Discrimination, Harassment, Bullying and Defamation

Successful use of University IT resources depends upon a spirit of mutual respect and co-operation to ensure that everyone has equitable privileges, privacy and protection from interference or harassment.

You must not use communication systems including, but not limited to e-mail, instant messaging, discussion forums (including wikis, blogs or social media such as Facebook or Twitter) or web pages under your control, to provide or communicate obscene materials, or that threatens, harasses, intimidates or singles out individuals or groups for degradation or harassment in violation of Commonwealth or State Laws, and other University policies and regulations.

You must not display images or wording, nor play audio which could create an atmosphere of discomfort or harassment to others.

Malicious Activities

You must not use University resources to engage in attempts to subvert University or external security provisions. This includes but is not limited to:

• intentionally seeking information on / obtaining copies of /viewing / corrupting or modifying files, data storage media, passwords or any type of data belonging to other users unless specifically authorised to do so;
• intentionally disrupting or damaging the academic, research, administrative, or related pursuits of others;
• knowingly creating or propagating a virus, worm or any other form of malicious software;
• attempting to email "spoof" i.e., construct electronic communication so it appears to be from someone else;
• altering, or disrupting the operations of any other information system; attempting to capture to otherwise obtain user credentials, encryption keys, or any other token or access control mechanism that could permit unauthorised access;
• tampering with hardware components or hardware configurations without the express permission of the person/s responsible for that particular item of equipment. This includes:
  • workstation, monitor, keyboard and mouse;
  • printers and other peripherals;
  • network outlets, cabling and other components
  • phones
  • any part of a lab or other installation used by the general population of the University.

Under no circumstance are you allowed to connect any network device to the Griffith network unless prior permission is obtained from the Director, ICTS or designate. Network devices include but are not limited to; hubs, switches, routers, wireless access points, network appliances of any function and any devices performing network monitoring.

Official Representation of the University

Where you are representing the views of the University, the communication must identify your position within the University. Where the view expressed is the official University view, the authorised source and author of that view should be identified.

You must not express views on behalf of the University without official authorisation to do so, or to allow another person to reasonably misconstrue that a personal view represents the official position of the University. In circumstances where readers might reasonably conclude a personal view is representative of the University, the user must clearly state that the opinion expressed is that of the writer, and not necessarily that of the University, or words to that effect.

The University logos and trademarks are the property of the University and may only be used for approved University documents.

Privacy

The University IT resources, systems and facilities are the property of the University. Anything sent or received using the network, systems and facilities of the University will therefore be transmitted and stored on University property (or on third party property on behalf of the University). Accordingly it is likely to be reviewed by the University. This applies whether you use the University IT resources at a University site, at home, or any other location, including but not limited to externally hosted applications.

• The University's email system may involve the storage of emails outside of Australia. To the extent that any of your emails contain any confidential or Personal Information (as that term is defined in the Privacy Act 1988 (Cth)), you acknowledge that data may be stored overseas. While the University has entered into confidentiality arrangements to protect the privacy of such data (including adherence to the US-EU Safe Harbour Program), you acknowledge that any data stored outside Australia may be subject to compulsory access through process of law, under the relevant jurisdiction in which it is stored.
• The University therefore reserves the right to monitor both usage and content of email messages, instant messages, discussion forums and visits to Internet sites using University resources to:
  • identify inappropriate use;
  • protect system security;
  • maintain system performance;
  • protect the rights and property of the University;
  • determine compliance with policy and state and Commonwealth laws.
• The University also monitors and records network traffic including:
  • email and internet sites accessed;
  • usage data such as account names, source and destination accounts and sites;
  • dates and times of transmission or access;
  • size of transmitted material;
  • other usage related data.

This information is used for accounting purposes, troubleshooting, systems management and meeting compliance.

• The University reserves the right to inspect, copy, store and disclose the contents of the electronic communications of its employees and other authorised users (e.g. students), to:
  • identify inappropriate use;
  • respond to a complaint;
  • respond to an investigation request;
  • verify an allegation of misuse

This can be done upon authorisation from appropriate University managers, the Police or other Law enforcement agencies to assist in the investigation of an offence. The contents of electronic communications, properly obtained for legitimate business purposes, may be disclosed without permission of the employee or authorised user.

• Monitoring and inspection can apply to personal and business use of intranet or internet services and personal and business related electronic communications.
• You should always assume that everything you send by e-mail, instant messaging, post to a newsgroup or LISTSERV or post via a web site is totally public and might be read by people other than expected recipients.
• To ensure that critical personal data such as passwords are protected from being intercepted, misaddressed or misrouted, they must never be sent by email. All login pages must use secure protocols such as HTTPS and SSL encrypted LDAP.
• Any email messages or instant messages whether personal or business, may be accessed as documents under the Right to Information Act and may also be tendered in court as evidence
• You should always assume that any web site you visit will at least know the Internet address you are coming from and that the same is true for email that you send.

Copyright Compliance

The Copyright Act sets out the exclusive rights of copyright owners and the rights of users. In addition, certain uses may be covered by licence agreements to which the University is party. Full information is available in the Griffith Copyright Guide.

Software programs are protected by the Copyright Act. You do not have the right to make and distribute copies of programs without specific permission of the copyright holder, except for the purposes of back-up, making interoperable products, correcting errors or security testing.

Consequence of Misuse or Abuse

The University considers any breach of your responsibilities to be a serious offence and reserves the right to copy and examine files or information resident on or transmitted via University Information Technology resources.

The Division of Information Services may temporarily remove material from web sites or close any account that is endangering the running of the system or that is being reviewed for inappropriate or illegal use.

Failure to comply with Griffith University IT policies may result in sanctions relating to the individual’s use of IT resources (such as suspension or termination of access, removal of online material or closure of website services); the individual’s employment (up to and including immediate termination of employment in accordance with applicable university policy); the individual's studies within the university (such as student discipline in accordance with applicable university policy); prosecution under State, Commonwealth and International Laws; or any combination of these.