This policy applies to all users of Griffith University Information Technology (IT) resources regardless of their relationship with the University and irrespective of whether those resources are accessed on or off-campus.
Determination of responsibilities
It is your responsibility to become familiar with the rules governing use of the University's Information Technology resources.
Users who are authorised to permit other persons to use the University's Information Technology resources must ensure that those persons are made aware of the rules governing use of the University's Information Technology resources and have them sign or otherwise acknowledge that they will carry out their responsibilities under these rules.
Users learning of any violation of any of this IT Code of Practice must bring this matter to the attention of an appropriate officer (e.g. head of element, supervisor, lecturer, and Office of Digital Solutions staff) within the University without delay.
- Use of equipment, software and access to the Internet via the University IT resources is provisioned conditionally to those with proper authorisation. University staff and authorised associated persons may be provided with Internet Access for University purposes upon authorisation from relevant faculty or Business Unit (e.g., Head of School/Office Director or nominee). Students receive authorisation upon enrolment at Griffith University.
- Responsibility and accountability for IT security is the shared responsibility of all users. You will be held responsible for all activities which originate from your account. It is your responsibility to ensure that your passwords, accounts, software and data are adequately secured.
- If you know or suspect that another person has gained unauthorised access to your account, you must immediately notify the Office of Digital Solutions on 3735 5555.
- You must not use any means, electronic, social engineering or otherwise, to discover others' passwords.
Griffith University technology resources and infrastructure including, but not limited to, desktop computers, laptops, tablets, smartphones, intranet, internet access, wireless network, telephone system, web services, instant messaging, social media and email services may only be used for University purposes and limited personal use, as outlined below.
Official Representation of the University
Where you are representing the views of the University, the communication must identify your position within the University. Where the view expressed is the official University view, the authorised source and author of that view should be identified.
You must not express views on behalf of the University without official authorisation to do so, or to allow another person to reasonably misconstrue that a personal view represents the official position of the University. In circumstances where readers might reasonably conclude a personal view is representative of the University, the user must clearly state that the opinion expressed is that of the writer, and not necessarily that of the University, or words to that effect.
The University logos and trademarks are the property of the University and may only be used for approved University documents.
The University IT resources, systems and facilities are the property of the University. Anything sent or received using the network, systems and facilities of the University will therefore be transmitted and stored on University property (or on third party property on behalf of the University). Accordingly it is likely to be reviewed by the University. This applies whether you use the University IT resources at a University site, at home, or any other location, including but not limited to externally hosted applications.
- The University's email system may involve the storage of emails outside of Australia. To the extent that any of your emails contain any confidential or Personal Information (as that term is defined in the Information Privacy Act 2009), you acknowledge that data may be stored overseas. While the University has entered into confidentiality arrangements to protect the privacy of such data (including adherence to the EU-US Privacy Shield), you acknowledge that any data stored outside Australia may be subject to compulsory access through process of law, under the relevant jurisdiction in which it is stored.
- The University therefore reserves the right to monitor both usage and content of email messages, instant messages, discussion forums and visits to Internet sites using University resources to:
- identify inappropriate use
- protect system security
- maintain system performance
- protect the rights and property of the University
- determine compliance with policy and state and Commonwealth laws.
- The University also monitors and records network traffic including:
- email and internet sites accessed
- usage data such as account names, source and destination accounts and sites
- user location data
- dates and times of transmission or access
- size of transmitted material
- other usage related data such as utilisation of wireless access points.
This information is used for accounting purposes, troubleshooting, systems management, analytics, user personalisation, and meeting legal and compliance obligations.
- The University reserves the right to inspect, copy, store and disclose the contents of the electronic communications of its employees and other authorised users (e.g. students), to:
- identify inappropriate use
- respond to a complaint
- respond to an investigation request
- verify an allegation of misuse.
This can be done upon authorisation from appropriate University managers, the Police or other Law enforcement agencies to assist in the investigation of any alleged offence. The contents of electronic communications, properly obtained for legitimate business purposes, may be disclosed without permission of the employee or authorised user.
- Monitoring and inspection can apply to personal and business use of intranet or internet services and personal and business related electronic communications.
- You should always assume that everything you send by e-mail, instant messaging, post to a newsgroup or LISTSERV or post via a web site is totally public and might be read by people other than expected recipients.
- To ensure that critical personal data such as passwords are protected from being intercepted, misaddressed or misrouted, they must never be sent by email. All login pages must use secure protocols such as HTTPS and SSL encrypted LDAP.
- Any email messages or instant messages whether personal or business, may be accessed as documents under the Right to Information Act and may also be tendered in court as evidence
- You should always assume that any web site you visit will at least know the Internet address you are coming from and that the same is true for email that you send.