• Section 1 - Purpose and Context
• Section 2 - Definitions
• Section 3 - Policy Statement
• Section 4 - Procedures
• Part A - Code of Practice
• Part B - Privacy
• Part C - Breaches and Penalties
• Part D - Audits
• Part E - Responsibilities
• Part F - Categories of Users: Guidelines
• Section 5 - Guidelines
• Section 6 - References

Section 1 - Purpose and Context

(1) The University of Western Sydney provides computing, networking, information and communication resources to the University community to support teaching and research, student learning, and efficient administrative processes. Access to Information Technology (IT) resources is granted to members of the University community who are enrolled students, employees or formal affiliates or associates of the University. The University is responsible for protecting its significant investment in IT resources, and must also meet its legal obligations. It will not jeopardise these through the improper actions of any group or individual. Nothing in this policy requires the university to provide dial-in or computer laboratory facilities to the University Community.

Section 2 - Definitions

(2) The following definitions apply for the purpose of this policy:

1. Authorised User: General authorisation to use IT resources is granted upon enrolment, employment or through official affiliation with the University. This does not grant automatic access to all resources because in most cases users need to obtain an account or password. Once these two qualifiers are satisfied, an individual becomes an authorised user of the specified resource(s).
2. Dial-In Access: IT service that provides remote access to pre-determined IT resources. e.g. email, web.
3. IT - Information Technology.
4. IT - Information Technology - IT supports, provides and manages IT resources on behalf of the University
5. IT Resources - IT resources include systems, software, hardware and services. This covers, but is not limited to, computers, terminals, modems, printers, network devices, telecommunication devices (landline telephones, mobile phones, PABX, faxes) storage media and related equipment, data files owned or managed by the University, information systems; and services such as those on the UWS network, (for example, email, internet access).
6. Network - Network hardware and the services operating on the hardware or utilising the hardware to perform tasks.
7. Passwords/Account codes - The mode of secured personal access to pre-determined IT resources.
8. University - The University of Western Sydney including its six major campuses and various satellite sites.
9. User - Any person who makes use of any IT system, hardware or service from any location at UWS.

Section 3 - Policy Statement

(3) All users of University IT resources are responsible for ensuring that they use them in efficient, ethical, and lawful ways.

Section 4 - Procedures

Part A - Code of Practice

(4) Only authorised users are permitted access to University IT resources (see Section 2 for definition).

(5) Authorised users of University IT resources may use them only to discharge the responsibilities of their positions as employees, to further their studies/instruction as students, to conduct their official business with the University, or in other activities sanctioned by the University. All usage must be efficient, ethical and lawful. Questions concerning usage should be referred to Director IT.

(6) Passwords and personal account codes are provided for the sole use of the authorised user. They should be treated as private and confidential, and must not be divulged or distributed.

1. Users must use only their own account/password on University IT resources. Users are not permitted to access or attempt to access any program, file or other information stored under another person's account.
2. Users must not attempt to obtain passwords they are not entitled to know. This is applicable to accounts or facilities on University computers or other computers accessed using the University network.
3. Users must not provide their passwords to others.

(7) Only the authorised owner or the IT or authorised support staff may read, change (including remove) or copy any data, programs, files or directories on any University computer or other computers accessed using the University network.

(8) A user must not attempt to interfere with IT resources or attempt to subvert the security of any University IT resource. This includes the following:

1. Depriving or attempting to deprive other users of resources or access to University IT resources;
2. Negligently or intentionally degrading the performance of a University IT resource.

(9) University IT resources must not be used to copy software, upload or download material that is licensed or protected under copyright or trademark laws unless such activities fall within current licensing conditions and/or copyright legislation.

(10) University IT resources must not be used for preparing, storing, receiving, displaying, transmitting or communicating information, material or messages

1. that are inconsistent with the mission or values of the University
2. that may have the effect of harassment of any person or
3. that may be defamatory.
   1. This includes, but is not limited to pornography, racism, sexism, obscenities, insults, threats and intimidation.

(11) University IT resources must not be used for commercial or private gain or the gain of a third party, except where there is an established relationship to the University (e.g. a commercial entity of the University).

(12) All University IT resources must be treated with care, irrespective of location. No person shall deliberately damage, help to damage or tamper with facilities, resources or services. No University or leased IT resource is to be removed off-site without appropriate permission.

(13) University IT resources are not to be used to gain unauthorised access to other computers/networks/systems/files/data, regardless of the intention.

Part B - Privacy

(14) Users are responsible for the security, privacy and confidentiality of data of a private or personal nature, held or transmitted using IT resources. Users should become familiar with the UWS Privacy Policy Guideline and the Privacy and Personal Information Act 1998 so they are aware of their responsibilities for the collection, use and storage of personal information.

(15) Any attempt (successful or otherwise) to invade the privacy of others using IT resources will be regarded as a breach of this policy.

Part C - Breaches and Penalties

(16) The University works to ensure that it manages and uses its IT resources efficiently and effectively. To protect the interests of the University and to ensure compliance with this Policy, the IT retains the right to examine any data or files and to monitor computer usage, and to intervene when necessary.

(17) Breaches of this Policy will be reported immediately to the Director IT. Complaints in relation to breaches may also be forwarded to the Director IT and the Director Equity and Diversity, for action. In these circumstances confidentiality will be maintained.

(18) If the Director IT, believes that unethical or illegal activities, or activities inconsistent with the University's purpose or mission, have occurred, these processes will be followed:

1. The Director IT (or nominee) will temporarily suspend the user from access privileges to all IT resources until further investigation.
2. If a breach is found to have occurred, the Director IT, may decide to suspend access privileges for a defined period of time, depending on the seriousness of the offence.
3. Where a staff member has breached this Policy, if the offence is judged to be serious, the procedures outlined in the applicable employment agreement will be followed. Where a student has breached this policy, the procedures outlined in the current Misconduct Student Non-Academic Misconduct Policy will be followed.
4. Where a breach involves unethical or illegal activities, the University has an obligation to report these to the relevant external law enforcement agencies, and individuals may be subject to prosecution.

Part D - Audits

(19) All University IT resource usage may be audited. Usage and activity records belong to the University, not to the individual user. In most cases, these are admissible as evidence and are subject to relevant State and Federal Laws.

Part E - Responsibilities

(20) The University is responsible for ensuring the services and resources it provides to its community are used in efficient, lawful, proper and ethical ways.

(21) The Director IT (or nominee/s) has the responsibility to:

1. Ensure that IT services and resources are being used in an optimal way;
2. Fully investigate breaches of this Policy, take action when required and report to other agencies (for example, the police) when necessary;
3. Maintain accurate system records and monitoring records, archiving as appropriate;
4. Assist the University Auditor or any other agencies (with the approval of the Vice-Chancellor or nominee) in investigating suspected breaches or conducting random audits;
5. Disclose usage where appropriate; and
6. Provide access controls where possible to limit usage not consistent with this policy (for example, STD bars, firewalls).

(22) The Director /Manager/Team Leader/Head of School / Executive Dean has the responsibility to do the following:

1. Ensure all staff /honorary associates (e.g. contractors, visiting fellows) are made aware of this Policy in relation to their work at the University;
2. Ensure that all work practices comply with this Policy;
3. Lead by example with respect to this Policy;
4. Notify the IT when a staff member's access to a service or system should be withdrawn;
5. Review applications for use of IT resources, and take responsibility for any costs incurred in respect to this; and
6. Ensure that academics are aware of this Policy when teaching students who are required to use IT resources in their studies so that specific subject requirements comply with this Policy.

(23) Staff, students, and affiliates/associates are responsible for ensuring their usage complies with this Policy, for paying any relevant charges incurred, and for informing the Information Technology when they cease their association with the University.

Part F - Categories of Users: Guidelines

(24) These are provided to help those responsible for certifying and sponsoring/recommending applications for access to IT resources (internally or remotely). With respect to Internet access, the "AARNet Policy on Allowed Access to the Internet via AARNet Members" provides guidelines on allowable access and conditions of access.

(25) These should also be considered in respect to applications for Internet services by individuals or groups affiliated/associated with the University.

Staff members

(26) For the purposes of this Policy, a staff member is a person employed as a Higher Education Worker or Academic. Employment may be full-time, part-time or casual. Some types of access are provided routinely to staff to enable them to fulfil their duties. Access to other IT resources may be considered on the following grounds:

1. To provide remote access as part of work responsibilities (for example, remote management of facilities) or to support a work/study arrangement (e.g. telecommuting, working on multiple sites, frequent travelling off campus).

Students

(27) For the purposes of this Policy, a student is a person enrolled in a course of study or subject units offered by the University. Enrolled students are provided with access to the computing laboratories and network services.

Individuals or Groups affiliated/associated with the University

(28) Access to IT resources requires an application supported by the Director/Dean/Manager of the area or association, and agreement of the Director Information Technology or nominee. Access to systems and services will expire at the end of the specified period or contract/term of appointment. Affiliates must agree to abide by this and other related policies, including paying for any loss or damage the University may sustain, should they improperly use University IT resources. This category may comprise, but is not limited to the following:

1. Consultants and Contractors who require access to IT resources to fulfil the terms of their contract.
2. Board of Trustees Members, Visiting Fellows and Research Associates who need access to IT resources for their University-related activities.
3. External (not-for-profit) community groups who need temporary access to IT resources as part of their operation/function.
4. Official affiliation/associations of UWS (such as PAUWS, the Postgraduate Association of UWS) that need access to IT resources to maintain their affiliation.

(29) Within this category, where access levels/types permitted are unclear, clarification should be obtained from the Director IT.

Section 5 - Guidelines

(30) Nil.

Section 6 - References

(31) In managing its operations, including those in IT, the University is required to take all reasonable steps to ensure compliance with relevant legislation. The following legislation has helped form this Policy. Users of IT resources at UWS do so subject to all applicable laws and University policies. Relevant legislation (which helped form this policy) and Unversity policies can be located on the Associated Information page.