(1) This policy provides a standardised, consistent and robust approach to campus Information and Communications Technology (ICT) infrastructure on campus. (2) It empowers the Information and Communications Technology Committee (ICTC) as the appropriate governing body with the means to: (3) This Policy document replaces the following policies: (4) ICT systems are a core part of UNE and are vital to its day-to-day operation. (5) Reliability, cost effectiveness, security, integrity and maintainability of ICT infrastructure are kept within standards required by the University in order to function appropriately and meet strategic goals. (6) UNE will have the minimum required number of centralised authentication systems. (7) Duplication or provision of alternate authentication systems may not occur without the written approval of the Director, Information Technology or his nominee. (8) Additional centralised authentication systems may only be provisioned with the written approval of Director, Information Technology or his nominee. (9) All alternate or duplicated authentication systems are to be removed and replaced with the approved central authentication systems. (10) Removal of duplicated authentication systems will not be immediate and will occur as the natural result of following this policy. (11) Procurement of departmental servers must be approved by ITD before authorisation of hardware purchase. (12) Procurement of servers will be performed in accordance with the relevant University procurement policies. (13) ITD will approve server requests without prejudice where the requisition is shown to not duplicate the function or data retention of existing or planned University information systems; including but not limited to: (14) ITD will conditionally approve server requests where the requisition is shown to justifiably duplicate an existing service and has been endorsed by the Information Technology Investments Governing Board, the ICTC and Service Quality Governing Board (or equivalent). (15) ITD will approve server requests which represent a direct replacement of existing equipment in order to provide business continuity. A service delivery review may be recommended in order to plan for changes or consolidation of services provided by the departmental server in question. (16) Server equipment should be located within an area which is physically secure at all times. (17) Access to server equipment should be limited to authorised personnel only. Risk of damage to server equipment from physical threats, e.g. fire, water, theft, interruption to communications or power; should be minimised through the appropriate selection of equipment location and the adoption of appropriate risk management controls. (18) Environmental conditions which could affect the operation of equipment, such as temperature and humidity, should be kept within the operating parameters of the relevant hardware. (19) Equipment should be protected from power supply disruption. (20) Communications cabling should be of the appropriate standard and connected in such a manner as to prevent disruption of service. (21) Supporting utilities should be inspected and maintained at regular intervals. (22) Server equipment should be under maintenance and support agreement. (23) Equipment should be maintained in accordance with manufacturers recommended service procedures. (24) Records should be kept of all actual and suspected equipment faults. (25) Server data should be configured on storage systems which provide adequate redundancy (as recommended by ITD), reducing the risk of data loss via hardware failure. (26) Backups of server configuration and essential data should be performed at regular intervals. (27) Backup retention should be sufficient to provide a restore window capable of a complete systems and data restore. (28) Backup media should be stored in a secure facility, physically separate from the server equipment. (29) Servers should be patched at appropriate regular intervals to reduce the risk of system compromise, with critical patches being applied as a priority. (30) Complex passwords should be used for administrative accounts (31) Administrative passwords should be documented and stored in a secure method in order to ensure business continuity in the event of injury, loss or change in personnel. (32) Departmental servers should not be providing a service which is required to be "highly available". High availability services should be provided by centralised IT systems and resourced appropriately. (33) The Data and Voice Network Infrastructure is defined as the following (34) ITD is responsible for the planning, design, security and maintenance of the UNE Data and Voice Network Infrastructure. (35) ITD is the authority responsible for monitoring and regulating the uses to which the Data and Voice Network Infrastructure is put where policy and agreed parameters have been defined. (36) Where new uses of the Data and Voice Network Infrastructure, or uses outside the agreed parameters are proposed the ITD is responsible for bringing these to the attention of Information and Communications Technology Services and Service Quality Governing Board who will make a determination taking into account resourcing and related issues. Any policy changes required as a result of this determination will be passed onto the ICTC for approval.Information and Communications Infrastructure Policy
Section 1 - Rationale and Scope
Top of PageSection 2 - Policy
Principles
Authentication Systems
Servers
Equipment Security
Data protection and system availability
Procedures
Data and Voice Network Infrastructure
Procedures
View Current
This is not a current document. To view the current version, click the link in the document's navigation bar.