Protecting IT resources

The IT Code of Practice provides guidance to all users of Griffith University Information Technology (IT). Responsible use of these shared resources ensures integrity, security and availability for the University community.

Rationale

IT resources are essential for accomplishing Griffith University's mission of excellence in teaching and learning, research and community service.

The Code of Practice outlined on this page provides guidance for community members to responsibly use their access and ensure integrity, security and availability of these shared resources.

Statement

Within this IT Code of Practice, Information Technology resources include but are not limited to:

  • all standalone or networked computers
  • hand-held devices
  • all forms of communication equipment
  • software owned or leased by the University
  • externally hosted applications including email, blogs and social networking sites

This IT Code of Practice is intended to operate within, and be consistent with, existing state and Commonwealth law, and University policies in areas such as sexual harassment, discrimination, equal opportunity, freedom of information, copyright, defamation, discipline and misconduct. It is intended to encourage responsible action and good judgment and to protect privacy.

Sanctions will be enforced if students or staff act irresponsibly and disregard their obligations to other users, or to the University as the provider of Information Technology resources. Inappropriate use of University provided Information Technology resources may also result in suspension, expulsion, termination of employment, legal action, or other disciplinary action.

Procedures

Determination of responsibilities

It is your responsibility to become familiar with the rules governing use of the University's Information Technology resources.

Users who are authorised to permit other persons to use the University's Information Technology resources must ensure that those persons are made aware of this Code of Practice. Please have them sign or otherwise acknowledge that they will carry out their responsibilities under these rules.

Users learning of any violation of this IT Code of Practice must bring this matter to the attention of an appropriate officer—head of element, supervisor, lecturer, and Office of Digital Solutions staff— without delay.

Authorised access

  • Use of equipment, software and access to the Internet via the University IT resources is provisioned conditionally to those with proper authorisation. University staff and authorised associated persons may be provided with Internet Access for University purposes upon authorisation from relevant faculty or Business Unit (e.g., Head of School/Office Director or nominee). Students receive authorisation upon enrolment at Griffith University.
  • Responsibility and accountability for IT security is the shared responsibility of all users. You will be held responsible for all activities which originate from your account. It is your responsibility to ensure that your passwords, accounts, software and data are adequately secured.
  • If you know or suspect that another person has gained unauthorised access to your account, you must immediately notify the Office of Digital Solutions on 3735 5555.
  • You must not use any means, electronic, social engineering or otherwise, to discover others' passwords.

Appropriate Use

Griffith University technology resources and infrastructure below may only be used for University purposes and limited personal use, as outlined below.

  • desktop computers
  • laptops, tablets and smartphones
  • intranet and internet access
  • wireless network
  • telephone system
  • web services
  • instant messaging
  • social media
  • email services

Statutory requirements

You must not use the University IT resources to violate or breach any Local, State, Commonwealth or International Law. All information, metadata, data or files created, downloaded or stored by users while employed or enrolled at the University can be monitored and subject to investigation. All electronic messages are official documents, subject to the same laws as any other form of correspondence. They are subject to statutory record keeping requirements and can be subpoenaed during legal processes.

Limited personal use

Limited personal use is the use of University IT resources to support activities that do not directly relate to University employment or studies. Examples include researching holidays, checking personal emails, gaming or social media.

Limited personal use must not require substantial expenditure of time, adversely affect University IT resources or breach the University’s Code of Conduct.

Griffith IT resources must not be used for private business or commercial activities.

Prohibited Activities

The University allows its staff to use IT resources for limited extracurricular or non-work-related activities. These activities must not be illegal or potentially bring the University into disrepute, and they must not negatively impact the University's IT infrastructure.

Activities which are prohibited include, but are not limited to, the use of Griffith IT resources to do the following:

  • support or promote political campaigns, candidates, legislation or ballot issues
  • send mass messages of a commercial, political, lobbying or fundraising nature
  • send mass messages where the content is not relevant or appropriate for the majority of recipients or is of a personal or private nature
  • forward electronic "petitions", or to ask recipients to forward messages
  • send anonymous messages
  • solicit support (financial or otherwise) for charity, or special causes not connected with a Griffith University effort
  • send unverified public service announcements (such as virus alerts, unsafe products, lost and found)
  • use University IT resources to send, upload or access, receive, download or store any copyright infringing works
  • any action that may infringe our statutory and commercial licenses for works. This may include unauthorised data mining, some types of digitisation, and unauthorised bulk downloads of proprietary database content
  • any activities for private business, personal gain or profit

Offensive and Illegal Material

You should not use the University IT resources to create, download, distribute, store or display any offensive or illegal material.

Material that has the potential to cause offence or would normally be regarded as inappropriate should not be used unless a genuine reason exists (i.e. to support teaching, learning or research activities) and the reason for the use must be documented and approved by the relevant supervisor. Such access should not occur on publicly accessible terminals.

Inappropriate Internet sites include but are not limited to:

  • sites that are illegal or hold illegal content
  • sites that are pornographic or contain inappropriate sexual material
  • sites that advocate hate or violence.

The University regularly audits such sites and reserves the right to remove / remove access to, such material from its resources without notice.

Discrimination, Harassment, Bullying and Defamation

Successful use of University IT resources depends upon a spirit of mutual respect and co-operation to ensure that everyone has equitable privileges, privacy and protection from interference or harassment.

You must not use communication systems including, but not limited to e-mail, instant messaging, discussion forums (including wikis, blogs or social media such as Facebook or Twitter) or web pages under your control, to provide or communicate obscene materials, or that threatens, harasses, intimidates or singles out individuals or groups for degradation or harassment in violation of Commonwealth or State Laws, and other University policies and regulations.

You must not display images or wording, nor play audio which could create an atmosphere of harassment to others.

Malicious Activities

You must not use University resources to engage in attempts to subvert University or external security provisions. This includes but is not limited to:

  • intentionally seeking information on / obtaining copies of /viewing / corrupting or modifying files, data storage media, passwords or any type of data belonging to other users unless specifically authorised to do so
  • intentionally disrupting or damaging the academic, research, administrative, or related pursuits of others;
  • knowingly creating or propagating a virus, worm or any other form of malicious software
  • attempting to email "spoof" i.e., construct electronic communication so it appears to be from someone else
  • altering, or disrupting the operations of any other information system; attempting to capture to otherwise obtain user credentials, encryption keys, or any other token or access control mechanism that could permit unauthorised access
  • tampering with hardware components or hardware configurations without the express permission of the person/s responsible for that particular item of equipment. This includes:
    • workstation, monitor, keyboard and mouse
    • printers and other peripherals
    • network outlets, cabling and other components
    • phones
    • any part of a lab or other installation used by the general population of the University

Under no circumstance are you allowed to connect any network device to the Griffith wired network unless prior permission is obtained from the Chief Digital Officer or designate. Network devices include but are not limited to; hubs, switches, routers, wireless access points, network appliances of any function and any devices performing network monitoring.

Wireless network connections must not be made with the intention of malicious activity.

Official representation of the University

Where you are representing the views of the University, the communication must identify your position within the University. Where the view expressed is the official University view, the authorised source and author of that view should be identified.

You must not express views on behalf of the University without official authorisation to do so, or to allow another person to reasonably misconstrue that a personal view represents the official position of the University. In circumstances where readers might reasonably conclude a personal view is representative of the University, the user must clearly state that the opinion expressed is that of the writer, and not necessarily that of the University, or words to that effect.

The University logos and trademarks are the property of the University and may only be used for approved University documents.

Privacy

The University IT resources, systems and facilities are the property of the University. Anything sent or received using the network, systems and facilities of the University will therefore be transmitted and stored on University property (or on third party property on behalf of the University). Accordingly it is likely to be reviewed by the University. This applies whether you use the University IT resources at a University site, at home, or any other location, including but not limited to externally hosted applications.

  • The University's email system may involve the storage of emails outside of Australia. To the extent that any of your emails contain any confidential or Personal Information (as that term is defined in the Information Privacy Act 2009), you acknowledge that data may be stored overseas. While the University has entered into confidentiality arrangements to protect the privacy of such data (including adherence to the EU-US Privacy Shield), you acknowledge that any data stored outside Australia may be subject to compulsory access through process of law, under the relevant jurisdiction in which it is stored.
  • The University therefore reserves the right to monitor both usage and content of email messages, instant messages, discussion forums and visits to Internet sites using University resources to:
    • identify inappropriate use
    • protect system security
    • maintain system performance
    • protect the rights and property of the University
    • determine compliance with policy and state and Commonwealth laws
  • The University also monitors and records network traffic including:
    • email and internet sites accessed
    • usage data such as account names, source and destination accounts and sites
    • user location data
    • dates and times of transmission or access
    • size of transmitted material
    • other usage related data such as utilisation of wireless access points

This information is used for accounting purposes, troubleshooting, systems management, analytics, user personalisation, and meeting legal and compliance obligations.

  • The University reserves the right to inspect, copy, store and disclose the contents of the electronic communications of its employees and other authorised users (e.g. students), to:
    • identify inappropriate use
    • respond to a complaint
    • respond to an investigation request
    • verify an allegation of misuse

This can be done upon authorisation from appropriate University managers, the Police or other Law enforcement agencies to assist in the investigation of any alleged offence. The contents of electronic communications, properly obtained for legitimate business purposes, may be disclosed without permission of the employee or authorised user.

  • monitoring and inspection can apply to personal and business use of intranet or internet services and personal and business related electronic communications
  • always assume that everything you send by e-mail, instant messaging, post to a newsgroup or LISTSERV or post via a web site is totally public and might be read by people other than expected recipients
  • to ensure that critical personal data such as passwords are protected from being intercepted, misaddressed or misrouted, they must never be sent by email. All login pages must use secure protocols such as HTTPS and SSL encrypted LDAP.
  • any email messages or instant messages whether personal or business, may be accessed as documents under the Right to Information Act and may also be tendered in court as evidence
  • always assume that any website you visit will at least know the Internet address you are coming from and that the same is true for email that you send

Consequence of misuse or abuse

The University considers any breach of your responsibilities to be a serious offence and reserves the right to copy and examine files or information resident on or transmitted via University Information Technology resources.

The Office of Digital Solutions may temporarily remove material from web sites or close any account that is endangering the running of the system or that is being reviewed for inappropriate or illegal use.

Failure to comply with Griffith University IT policies may result in sanctions relating to the individual’s use of IT resources (such as suspension or termination of access, removal of online material or closure of website services); the individual’s employment (up to and including immediate termination of employment in accordance with applicable university policy); the individual's studies within the university (such as student discipline in accordance with applicable university policy); prosecution under state, Commonwealth and international laws.

Copyright compliance

The University is committed to compliance in its use of copyright material. All creative works, including software, media, databases and datasets are automatically protected by the Commonwealth Copyright Act 1968, which sets out the rights of copyright owners and users. In addition, use of copyrighted works are enabled by licences. Staff and students are required to comply with copyright law and licences. Full information is available in the Griffith Copyright Guide.

Copyright Guide

Approved by:
Griffith University Executive Group
14 May 2014