Skip Navigation

Audit Vulnerability Scan Policy

This is the current version of this document. You can provide feedback on this policy to the document author - refer to the Status and Details on the pale grey navigation bar above.

Section 1 - Overview

(1) The purpose of this policy is to authorise the Information Technology Directorate (ITD) to undertake audit and scanning of UNE IT infrastructure in order to ensure compliance with the IT Security Policy and compliance with relevant statutes. It sets forth an agreement regarding network security scanning by ITD or by a University appointed external agency to audit UNE IT networks, servers and client PCs. ITD or an authorised agency will utilise network auditing/vulnerability software to perform regular electronic scans of the UNE network, PCs and/or firewalls or on any IT system at UNE.

(2) Audits may be conducted to:

  1. Ensure integrity, confidentiality and availability of information and resources
  2. Investigate possible security incidents and to ensure conformance to UNE security policies
  3. Ensure that the University is in compliance with copyright laws and acts.

Section 2 - Scope

(3) This policy covers all computer and communication devices owned or operated by UNE and strategic computer platforms that are managed and operated by IT.

(4) This policy also covers any computer and communications device that are present on UNE premises, but which may not be owned or operated by UNE (e.g. personal laptops connected to the UNE network).

(5) ITD has authority over the UNE main campus network, Wide Area Links, Access Centres, remote campuses and network links to the internet. ITD will be subject to relevant privacy legislation and nothing in this policy is to be interpreted as an intention to act outside this legislation.

Section 3 - Policy

(6) It is a condition of use of UNE's IT infrastructure that staff and students consent to allow IT or an authorised agency to perform an audit and any associated scans.

(7) IT Staff or an authorised agency that has been assigned to conduct scans will identify to the helpdesk the dates when the scan is to take place. If staff or students notice any problems during the scans, the Service Desk should be informed.

(8) These scans will require access that may include:

  1. User level and/or system level access to any computing or communications device.
  2. Access to information (electronic, hardcopy, etc.) that may be produced transmitted or stored on UNE equipment or premises.
  3. Access to work areas (labs, offices, cubicles, storage areas, etc.)
  4. Access to interactively monitor and log traffic on UNE networks.