View Current

Rules for the Use of Information and Communication Facilities and Services

This is not a current document. To view the current version, click the link in the document's navigation bar.

Section 1 - Rationale and Scope

(1) UNE provides Information and Communication Technology facilities and services (ICT systems) to support the teaching, learning, research and administration of UNE. This document provides guidelines of acceptable behaviour required of users of the ICT Systems. UNE requires that each user comply with these Rules as a condition of access to the systems. The rules apply to:

  1. All staff, students and non-UNE registrants who have access to the University's ICT systems and infrastructure.
  2. All University Associates who use the University's ICT infrastructure or services.
  3. All users of ICT equipment owned or leased by the University.
  4. All equipment connected to University data and voice networks.
Top of Page

Section 2 - Policy

Principles

(2) The University and users of the University's ICT systems are subject to State and Federal laws that apply to information and communication technologies as well as to other relevant legislation, policies and regulations.

(3) Users must use the ICT Systems in a manner that is in the best interests of UNE and conforms to UNE's policies, guidelines, rules, regulations and these Rules.

Security

(4) Adequate measures in accordance with UNE policy must be taken by users to ensure that the security of the ICT Systems is not compromised. This includes but is not limited to virus protection, password control, physical security and software security patches.

(5) You shall not use any account that has been created for another user without authorisation from the Director, Information Technology or nominee.

(6) Unless you have the explicit authorisation of the Director, Information Technology (or nominee), you shall not possess any tools, nor undertake any activities on UNE systems or services that could result or assist in the violation of any UNE policy, software licence or contract. Prohibited tools include but are not limited to: Trojans, worms, network packet observers or sniffers. Prohibited activities include but are not limited to: performing denial-of-service attacks, forging routing information for malicious purposes.

Appropriate Use

(7) The content of electronic material stored on University ICT equipment or transmitted on the University network must be of a professional standard and uphold the image and reputation of UNE.

(8) Users must not use the University network to access, store or transfer illegal material.

(9) Users of the University's ICT systems must not transfer material that is likely to cause offence to the recipient, and must not use the University ICT facilities or services to express views that discriminate, harass, vilify, or bully any other users or groups. Users must not slander or defame any individual or organisation.

(10) Content published on the University's ICT systems must comply with the University's Web Policy.

(11) Users with access to the ICT Systems containing information which is sensitive, confidential and/or subject to legal constraints must comply with relevant privacy legislation and the University's Privacy Statement.

(12) Users must not breach copyright legislation, software licence conditions and hardware licence conditions and must only use software for which they have a current licence.

(13) The ICT Systems cannot be used for private or commercial gain or for gain to a third party without the written permission of the Vice-Chancellor (or nominee) or the Director, Information Technology (or nominee) and must be within the limitations of licences and Agreements.

(14) You may use University facilities and services for incidental personal use (e.g. occasional emails and web browsing during work breaks) provided that such use does not interfere with University business operations, does not breach any Federal legislation, State legislation or University policy or an ICT vendor's conditions of use or licence agreement. Some examples of interference with University business operations include: disrupting ICT facilities or services, burdening the University with significant costs; or impeding one's work or other obligations to the University.

(15) Users must abide by any reasonable and relevant instructions given by the Director, Information Technology or nominee in relation to use of the University's ICT facilities. Such instructions may be issued by notice displayed near the computer facilities, by letter, by electronic communication, in person or otherwise.

Privacy and Surveillance

(16) The University complies with the Federal Privacy Law as it applies to Australian and ACT government agencies, and complies with the Workplace Surveillance Bill (2005).

(17) Users should be aware that UNE logs and stores information on the use of computers and IT systems in the following areas:

  1. Email server performance; logs, backups and archives of emails or information about those emails sent and received through UNE's mailservers.
  2. Logs, backups and archives of all internet access and network usage. While individual usage is not routinely monitored, unusual or high volume activity may be investigated further.
  3. Phone logs and information relating to incoming and outgoing calls.
  4. Overall network performance including workstations, printers and other devices connected to the network as well as servers and other elements of UNE's IT infrastructure.
  5. Compilation and retention of logs of network activity.

(18) The IT monitoring described above is currently in place, ongoing and continuous.

(19) UNE may inspect, monitor or disclose electronic mail or other electronic files without the consent of the user, to the extent permitted by law.

(20) Users of University ICT equipment and services should be aware that email records and documents stored on University computers or systems are legally considered to be documents of the University under the Freedom of Information Act 1989 (NSW).

Penalties for Non Compliance

Illegal Activity — UNE Staff and non-UNE registrants.

(21) Where a formal complaint of illegal activity or alleged illegal activity by a University staff member (or non-UNE registrant) on the University's ICT systems has been made to the Director IT:

  1. The Director IT (or nominee) will advise the staff member (or non-UNE registrant) of the complaint and will withdraw access to the University's ICT systems commensurate with managing the risk of the activity pending investigation. This may range from withdrawal of internet and email services, to complete removal of the person's access to University ICT equipment and systems.
    1. The Director IT (or nominee) will investigate the alleged activity, and will forward findings to the University Legal Counsel.
    2. The University Legal Counsel will inform the relevant law enforcement agency where appropriate.
    3. The University Legal counsel will notify the relevant Cost Centre Manager, (or in the case of a Cost Centre Manager that person's supervisor) of the allegation and will provide information as relevant to the case and to the extent permitted by law.
    4. The Cost Centre Manager (or Cost Centre Manager's supervisor) will, with advice from University Legal Counsel, manage the investigation with reference to the University's Code of Conduct and within the misconduct / serious misconduct processes under the current UNE Workplace Agreement.
    5. The University may elect to confiscate computing equipment accessed by the user alleged to have committed the offence.
    6. ITD will provide electronic records and information to the relevant law enforcement agencies via the Director, Human Resource Services within the limits of the law.

Illegal Activity -student

(22) Where a formal complaint of illegal activity or alleged illegal activity by a student of the University of New England on the University's ICT systems has been made to the Director, Information Technology :

  1. Director, Information Technology (or nominee) will advise the student of the complaint and will withdraw access to the University's ICT systems commensurate with managing the risk of the activity pending investigation. This will not normally include removing access to the University's Learning Management Systems.
  2. The Director, Information Technology (or nominee) will investigate the alleged activity, and will forward findings to the Chief Legal & Governance Officer .
  3. The Chief Legal & Governance Officer will inform the relevant law enforcement agency where appropriate.
  4. Where the student resides in a University college and the activity occurred from or within the College network the Chief Legal & Governance Officer will notify the relevant Head of College; where the student does not reside in a College, the Director, Student Administration and Services will be informed instead.
  5. The relevant Head of College or Director, Student Administration and Services will manage the investigation with reference to the Student Behavioural Misconduct Rules
  6. The University may elect to confiscate computing equipment accessed by the user alleged to have committed the offence.
  7. ITD will provide electronic records and information to the relevant law enforcement agencies via the Director, Human Resource Services within the limits of the law.

Security

If the security of the University's ICT systems is at risk or under attack:

  1. ITD will immediately act to disable or disconnect the offending device to isolate it from the University's network. Where the security breach is from outside the University's network ITD will act to protect the network in whatever way it sees fit depending upon the type of breach.
  2. Where the device is within the University network, the Director, Information Technology (or nominee) will contact the owner of the device to advise a security breach and a pending investigation in to contravention of the Rules.
  3. The Director, Information Technology (or nominee) will investigate the facts relating to the incident.
  4. Where appropriate, the Director, Information Technology (or nominee) will interview the person alleged to have committed the misuse. The person alleged to have committed the misuse may be accompanied by another person, as may the Director, Information Technology (or nominee).
  5. After the interview, the Director, Information Technology (or nominee) must inform the alleged person whether or not the allegation is found to be proven. If the allegation is found proven, the Director, Information Technology or nominee is empowered to:
    1. Recover any costs associated with the misuse;
    2. Request appropriate actions by the offender to minimise the impact of the offence;
    3. Recommend the user for disciplinary action through the appropriate misconduct processes. For staff — UNE's Workplace Agreement misconduct/ serious misconduct processes; for students — Student Behavioural Misconduct Rules.

Appropriate Use

For breaches of the Rules in relation to Appropriate Use:

  1. UNE staff and non-UNE registrants, Where a formal complaint of a breach of the Rules in relation to appropriate use by a University staff member (or non-UNE registrant) on the University's ICT systems has been made to the Director, Information Technology :
    1. The Director, Information Technology (or nominee) will advise the staff member or non-UNE registrant) of the complaint and will withdraw access to the University's ICT systems commensurate with managing the risk of the activity pending investigation. This may range from withdrawal of internet and email services, to complete removal of the person's access to University ICT equipment and systems.
    2. The Director, Information Technology (or nominee) will investigate the alleged activity, and will notify, by email or in writing, the relevant Cost Centre Manager, or in the case of a Cost Centre Manager that person's supervisor of the allegation and will provide information as relevant to the case and to the extent permitted by law.
    3. The Cost Centre Manager (or Cost Centre Manager's supervisor) will manage the investigation with reference to the University's Code of Conduct and within the misconduct / serious misconduct processes under the current UNE Workplace Agreement.
    4. The University may elect to confiscate computing equipment accessed by the user alleged to have committed the offence.
    5. ITD will provide electronic records and information to the Cost Centre Manger (or Cost Centre Manager's supervisor) within the limits of the law.
  2. UNE Students, Where a formal complaint of a breach of the Rules in relation to appropriate use by a UNE student on the University's ICT systems has been made to the Director IT:
    1. The Director, Information Technology (or nominee) will advise the student of the complaint and will withdraw access to the University's ICT systems commensurate with managing the risk of the activity pending investigation. This will not normally include removing access to the University's Learning Management Systems.
    2. The Director, Information Technology (or nominee) will investigate the alleged activity, and will forward findings by email or in writing to the Director, Student Administration and Services, or where the student resides in a University College and the activity has occurred within the College network, the relevant Head of College of the allegation and will provide information as relevant to the case and to the extent permitted by law.
    3. The Director, Student Administration and Services or the Head of College will manage the investigation within the processes defined by the Student Behavioural Misconduct Rules
    4. The University may elect to confiscate computing equipment accessed by the user alleged to have committed the offence.
    5. ITD will provide electronic records and information to the relevant law enforcement agencies via the Director, Human Resource Services within the limits of the law.

Appeals

(23) Appeals against the penalties must follow processes defined in the University's Workplace Agreement for University staff, or the Student Behavioural Misconduct Rules for students. Non-UNE Registrants may appeal penalties in writing within ten working days of the notification of the outcome of the investigation to the Director, Information Technology or in the absence of the Director, Information Technology to the Chief Services Officer .