Protecting IT resources
The IT Code of Practice provides guidance to all users of Griffith University Information Technology (IT). Responsible use of these shared resources ensures integrity, security and availability for the University community.
IT resources are essential for accomplishing Griffith University's mission of excellence in teaching and learning, research and community service.
The Code of Practice outlined on this page provides guidance for community members to responsibly use their access and ensure integrity, security and availability of these shared resources.
Within this IT Code of Practice, Information Technology resources include but are not limited to:
- all standalone or networked computers
- hand-held devices
- all forms of communication equipment
- software owned or leased by the University
- externally hosted applications including email, blogs and social networking sites
This IT Code of Practice is intended to operate within, and be consistent with, existing state and Commonwealth law, and University policies in areas such as sexual harassment, discrimination, equal opportunity, freedom of information, copyright, defamation, discipline and misconduct. It is intended to encourage responsible action and good judgment and to protect privacy.
Sanctions will be enforced if students or staff act irresponsibly and disregard their obligations to other users, or to the University as the provider of Information Technology resources. Inappropriate use of University provided Information Technology resources may also result in suspension, expulsion, termination of employment, legal action, or other disciplinary action.
Determination of responsibilities
It is your responsibility to become familiar with the rules governing use of the University's Information Technology resources.
Users who are authorised to permit other persons to use the University's Information Technology resources must ensure that those persons are made aware of this Code of Practice. Please have them sign or otherwise acknowledge that they will carry out their responsibilities under these rules.
Users learning of any violation of this IT Code of Practice must bring this matter to the attention of an appropriate officer—head of element, supervisor, lecturer, and Office of Digital Solutions staff— without delay.
- Use of equipment, software and access to the Internet via the University IT resources is provisioned conditionally to those with proper authorisation. University staff and authorised associated persons may be provided with Internet Access for University purposes upon authorisation from relevant faculty or Business Unit (e.g., Head of School/Office Director or nominee). Students receive authorisation upon enrolment at Griffith University.
- Responsibility and accountability for IT security is the shared responsibility of all users. You will be held responsible for all activities which originate from your account. It is your responsibility to ensure that your passwords, accounts, software and data are adequately secured.
- If you know or suspect that another person has gained unauthorised access to your account, you must immediately notify the Office of Digital Solutions on 3735 5555.
- You must not use any means, electronic, social engineering or otherwise, to discover others' passwords.
Griffith University technology resources and infrastructure below may only be used for University purposes and limited personal use, as outlined below.
- desktop computers
- laptops, tablets and smartphones
- intranet and internet access
- wireless network
- telephone system
- web services
- instant messaging
- social media
- email services
You must not use the University IT resources to violate or breach any Local, State, Commonwealth or International Law. All information, metadata, data or files created, downloaded or stored by users while employed or enrolled at the University can be monitored and subject to investigation. All electronic messages are official documents, subject to the same laws as any other form of correspondence. They are subject to statutory record keeping requirements and can be subpoenaed during legal processes.
Limited personal use
Limited personal use is the use of University IT resources to support activities that do not directly relate to University employment or studies. Examples include researching holidays, checking personal emails, gaming or social media.
Limited personal use must not require substantial expenditure of time, adversely affect University IT resources or breach the University’s Code of Conduct.
Griffith IT resources must not be used for private business or commercial activities.
Official representation of the University
Where you are representing the views of the University, the communication must identify your position within the University. Where the view expressed is the official University view, the authorised source and author of that view should be identified.
You must not express views on behalf of the University without official authorisation to do so, or to allow another person to reasonably misconstrue that a personal view represents the official position of the University. In circumstances where readers might reasonably conclude a personal view is representative of the University, the user must clearly state that the opinion expressed is that of the writer, and not necessarily that of the University, or words to that effect.
The University logos and trademarks are the property of the University and may only be used for approved University documents.
The University IT resources, systems and facilities are the property of the University. Anything sent or received using the network, systems and facilities of the University will therefore be transmitted and stored on University property (or on third party property on behalf of the University). Accordingly it is likely to be reviewed by the University. This applies whether you use the University IT resources at a University site, at home, or any other location, including but not limited to externally hosted applications.
- The University's email system may involve the storage of emails outside of Australia. To the extent that any of your emails contain any confidential or Personal Information (as that term is defined in the Information Privacy Act 2009), you acknowledge that data may be stored overseas. While the University has entered into confidentiality arrangements to protect the privacy of such data (including adherence to the EU-US Privacy Shield), you acknowledge that any data stored outside Australia may be subject to compulsory access through process of law, under the relevant jurisdiction in which it is stored.
- The University therefore reserves the right to monitor both usage and content of email messages, instant messages, discussion forums and visits to Internet sites using University resources to:
- identify inappropriate use
- protect system security
- maintain system performance
- protect the rights and property of the University
- determine compliance with policy and state and Commonwealth laws
- The University also monitors and records network traffic including:
- email and internet sites accessed
- usage data such as account names, source and destination accounts and sites
- user location data
- dates and times of transmission or access
- size of transmitted material
- other usage related data such as utilisation of wireless access points
This information is used for accounting purposes, troubleshooting, systems management, analytics, user personalisation, and meeting legal and compliance obligations.
- The University reserves the right to inspect, copy, store and disclose the contents of the electronic communications of its employees and other authorised users (e.g. students), to:
- identify inappropriate use
- respond to a complaint
- respond to an investigation request
- verify an allegation of misuse
This can be done upon authorisation from appropriate University managers, the Police or other Law enforcement agencies to assist in the investigation of any alleged offence. The contents of electronic communications, properly obtained for legitimate business purposes, may be disclosed without permission of the employee or authorised user.
- monitoring and inspection can apply to personal and business use of intranet or internet services and personal and business related electronic communications
- always assume that everything you send by e-mail, instant messaging, post to a newsgroup or LISTSERV or post via a web site is totally public and might be read by people other than expected recipients
- to ensure that critical personal data such as passwords are protected from being intercepted, misaddressed or misrouted, they must never be sent by email. All login pages must use secure protocols such as HTTPS and SSL encrypted LDAP.
- any email messages or instant messages whether personal or business, may be accessed as documents under the Right to Information Act and may also be tendered in court as evidence
- always assume that any website you visit will at least know the Internet address you are coming from and that the same is true for email that you send
Consequence of misuse or abuse
The University considers any breach of your responsibilities to be a serious offence and reserves the right to copy and examine files or information resident on or transmitted via University Information Technology resources.
The Office of Digital Solutions may temporarily remove material from web sites or close any account that is endangering the running of the system or that is being reviewed for inappropriate or illegal use.
Failure to comply with Griffith University IT policies may result in sanctions relating to the individual’s use of IT resources (such as suspension or termination of access, removal of online material or closure of website services); the individual’s employment (up to and including immediate termination of employment in accordance with applicable university policy); the individual's studies within the university (such as student discipline in accordance with applicable university policy); prosecution under state, Commonwealth and international laws.
The University is committed to compliance in its use of copyright material. All creative works, including software, media, databases and datasets are automatically protected by the Commonwealth Copyright Act 1968, which sets out the rights of copyright owners and users. In addition, use of copyrighted works are enabled by licences. Staff and students are required to comply with copyright law and licences. Full information is available in the Griffith Copyright Guide.
Griffith University Executive Group
14 May 2014