The purpose of these guidelines is to set appropriate acceptable use parameters for the Information Technology systems, to ensure the continued effective and secure operation of those systems and to protect the University from problems such as error, fraud, defamation, breach of copyright, unlawful discrimination, illegal activity, privacy violations and service interruptions.
These guidelines should be read in conjunction with the People, Culture and Integrity Policy.
These guidelines apply to:
- all users
- any use of the systems, whether or not during business hours, on University premises or through the use of privately owned devices or facilities.
The systems are primarily a university tool, to be used for University purposes by students, staff and affiliates.
- In the case of staff, this includes uses relevant to their employment with the University
- In the case of students, this includes uses relevant to their enrolment and course activities
- In the case of affiliates, this includes uses for the purpose for which they have been given access to the systems.
Any personal use of University equipment and systems should be incidental and not interfere with the users role within the University, the work or study of others or the operation of the systems.
However, unreasonable or excessive personal use is not permitted. For example, the systems must not be used to conduct a personal business or private commercial activity, gamble, objectionable material or carry out excessive and regular research into topics not related to work or study.
Ownership of data and intellectual property
Subject to the University’s statutes and regulations, the University is the owner of all data:
- created by employees as part of their employment; and
- created, sent or received by users using the systems,
and all such data may be accessed as records of evidence, including in an investigation or in response to other actions such as audit, litigation or criminal investigations.
The ownership of intellectual property created by staff, students, academic visitors and participants in research projects is governed by the Governance framework and the Intellectual Property Regulations.
Conditions of access
It is a condition of access to the systems that users must agree to comply with all University policies relating to the use of computing facilities, including the People, Culture and Integrity Policy and these guidelines.
- are presumed to be responsible for all activities undertaken using their accounts
- must take reasonable steps to keep their account secure
- must choose a password that cannot easily be guessed or predicted
- must not share their password with anyone else or record their password in obvious locations
- must change their password regularly (and immediately if it becomes known by another person)
- must not permit other persons to use their account (other than through an email proxy arrangement or unless approved in advance by the CIO.
- must log out or lock their computers whenever they are left unattended
- must protect the security of data held on mobile systems (eg phones, laptops, memory sticks and other storage mediums), including by maintaining reasonable virus control measures where possible
- must not copy or export any official electronic communication or Swinburne data for non-official purposes and the same must not be retained once the official purpose is fulfilled
- Swinburne data must not be copied to unauthorised devices
- must not connect unauthorised devices to the network, either via software or hardware that makes this possible (eg attaching a personal computer or external storage device)
- must make sure that important University data that is not included in automatic backups is manually backed up on a regular basis and can be recovered to the latest version in the event of data loss
- must not use abusive, profane, threatening, racist, sexist, or otherwise objectionable language in any message
- must not access, send, receive, store, or print pornographic, racist, sexist, or otherwise discriminatory, or objectionable material
- must report actual or suspected security breaches to the IT Service Desk as soon as possible
- must not defeat or attempt to defeat security restrictions on systems and applications
- must not remove or disable antivirus and other similar client security agents without approval from the CIO
- must not use or install unauthorized or unlicensed software
- knowingly propagate or disseminate malicious software of any type
Unauthorised and illegal uses
Users must not use the systems to engage in offensive, unlawful or illegal behaviour.
Email and other electronic communications
Email is an official method of communication for staff and students. Mass electronic communications are moderated by the Internal Communications team (email@example.com).
Users must deal with personal information in accordance with the Swinburne Privacy Guidelines.
Access, monitoring, filtering and blocking
- use the systems on the understanding and condition that their use is monitored
- acknowledge and consent to the University’s right to access, monitor, filter and block electronic communications created, sent or received by any user using the systems
- acknowledge that student access is provisioned when commencing at the University, and student access will be removed 12 months after graduation or withdrawal from a course
- acknowledge that staff and contractor access is provisioned when commencing at the University, and staff and contractor access will be removed on their last day of employment
- acknowledge that remote access to the University’s network may only be made by IT approved VPN clients/services.
Subject to the approval and at the discretion of the Vice-Chancellor or other authorised person and for compliance with applicable legislation, the University reserves the right to (without notice):
- intercept, access, monitor and use electronic communications created, sent or received by users of the systems in any manner determined by the University (including as records of evidence in an investigation or in response to other actions such as audit, litigation, criminal investigations or freedom of information requests)
- monitor the use of any device or terminal
- inspect any data residing on any University-owned resource (regardless of data ownership and including personal emails and other personal communications and data stored in personal file directories)
- capture and inspect any data in any computing infrastructure owned by the University
- delete or modify any data in its network
- re-image its desktops and laptops as and when required
- apply filtering systems to the network that limit use and activity by preventing communications based on size or content.
For example, communications may be blocked if they are suspected:
- to contain unlawful material
- to be unsolicited commercial electronic messages within the meaning of the Spam Act 2003 (Cth).
- establish processes to block access to websites deemed inappropriate.
For example, the University may block access to:
- websites deemed to be a security risk
- websites that may cause a negative impact on the systems
- websites that affect network bandwidth detrimentally
- websites deemed to contain offensive or unlawful material
- internet protocols and methods deemed insecure
- websites that contravene the University's policies in any way
- remove any material deemed to be offensive, indecent or inappropriate (including obscene material, defamatory, fraudulent or deceptive statements, threatening, intimidating or harassing statements, or material that violates the privacy rights or property of others)
- check, filter, block and moderate comments and conversations published through University controlled channels and media and remove content that is in breach of applicable laws, codes and policies.
The University also collects utilisation statistics based upon network address, network protocol application use or user-based.
Destruction of University data
Users who store University data on a privately owned device or facility are responsible for ensuring that the University data is rendered illegible and irretrievable at the time of disposal of that device or facility.
Breach of these guidelines
Access to the systems may be suspended or terminated at any time if these guidelines are breached. In addition:
- staff who breach these guidelines will be referred to the Director, People and Culture and/or the Head of Management Unit and dealt with in accordance with processes in relation to misconduct or unsatisfactory performance (whichever is applicable).
- affiliates who breach these guidelines will be referred to the Head of Management Unit and dealt with in accordance with the relevant processes
- students who breach these guidelines may be subject to sanctions under the Student General Misconduct Regulations 2012.
A breach of these guidelines may also be:
- a breach of third party rights (such as an infringement of intellectual property rights)
- a criminal offence (such as serious acts of harassment, bullying and occupational violence and vilification).
In addition to any disciplinary action by the University, this may lead to civil or criminal proceedings and penalties, which the University may report to relevant law enforcement bodies and for which the user will be held personally accountable.
In some exceptional circumstances (for example where access to objectionable material relates directly to a user's employment or study with the University), subject to the approval of and at the discretion of authorised persons, an exemption may be granted for activities that would otherwise breach these guidelines. Exemptions may be required to be approved in advance by the Head of Management Unit.
Users who receive an internal or external electronic communication that is offensive or inappropriate, should in the case of staff and affiliates, raise it with their Head of Management Unit (or if the manager is the cause of the complaint with People and Culture), or in the case of students, with the Registrar.