View Current

IT Acceptable Use of Resources Policy

This is not a current document. To view the current version, click the link in the document's navigation bar.

Section 1 - Purpose and Context

(1) Western Sydney University provides computing, networking, information and communication resources to the University community to support teaching and research, student learning, and efficient administrative processes. Access to Information Technology resources is granted to members of the University community who are enrolled students, employees, members of participating eduroam organisations, or formal affiliates or associates of the University. The University is responsible for protecting its significant investment in IT resources, and must also meet its legal obligations. It will not jeopardise these through the improper actions of any group or individual. Nothing in this policy requires the University to provide remote access or computer laboratory facilities to the University Community.

Top of Page

Section 2 - Definitions

(2) The following definitions apply for the purpose of this policy:

  1. Authorised User: General authorisation to use IT resources is granted upon enrolment, employment, official affiliation with the University, or as a member of a participating eduroam organisation. Access to specific resources may be further restricted depending on the University's requirements. Authorised users will need to obtain accounts and passwords to enable access to University IT resources.
  2. eduroam: eduroam is a TERENA (Trans-European Research and Education Networking Association) registered trademark, and is an abbreviation of educational roaming. In context of this policy, eduroam is a location independent wireless network, which allows users from participating organisations to use their normal username and password to access network services via other participating organisations.
  3. eduroam user: any person granted eduroam access by their home organisation. eduroam users are authorised users for the purposes of this policy.
  4. IT - Information Technology.
  5. IT Resources - IT resources include systems, software, hardware and services. This covers, but is not limited to, computers, terminals, modems, printers, networks (wired and wireless), telecommunication devices (landline and mobile phones, PABX, faxes) storage media and related equipment, data files owned or managed by the University, information systems; and services such as those on the University network, (for example, email, internet access).
  6. Network - Network hardware and the services operating on the hardware or utilising the hardware to perform tasks. The University utilises both wired and wireless networks.
  7. Passwords/Account codes - The mode of secured personal access to pre-determined IT resources.
  8. User - Any person who makes use of any IT system, hardware or service owned or leased by the University.
Top of Page

Section 3 - Policy Statement

(3) All users of University IT resources are responsible for ensuring that they use them in efficient, ethical, and lawful ways.

Top of Page

Section 4 - Procedures

Part A - Code of Practice

(4) Only authorised users are permitted access to University IT resources (see Section 2 for definition).

(5) The University plans to participate in eduroam;

  1. All users of eduroam facilities at participating organisations will be subject to the provisions of the policies of their home organisation, policies of the visited organisation, and the Australian eduroam Policy.
  2. Participating organisations set their own access policies, which may be more restrictive than the University policies.

(6) Authorised users of University IT resources may use them only to discharge the responsibilities of their positions as employees, to further their studies/instruction as students, to conduct their official business with the University, or in other activities sanctioned by the University. All usage must be efficient, ethical and lawful. Questions concerning usage should be referred to CIDO.

(7) Passwords and login details are provided for the sole use of the authorised user. They should be treated as private and confidential, and must not be divulged or distributed.

  1. Users must use only their own account/password on University IT resources. Users are not permitted to access or attempt to access any program, file or other information stored under another person's account.
  2. Users must not attempt to obtain passwords they are not entitled to know. This is applicable to accounts or facilities on University computers or other computers accessed using the University network.
  3. Users must not provide their passwords to others.

(8) Only the authorised owner or the Chief Information and Digital Officer or authorised support staff may read, change (including remove) or copy any data, programs, files or directories on any University computer or other computers accessed using the University network.

(9) A user must not attempt to interfere with IT resources or attempt to subvert the security of any University IT resource. This includes:

  1. depriving or attempting to deprive other users of resources or access to University IT resources;
  2. negligently or intentionally degrading the performance of a University IT resource.

(10) University IT resources must not be used to copy software, upload or download material that is licensed or protected under copyright or trademark laws unless such activities fall within current licensing conditions and/or copyright legislation.

(11) University IT resources must not be used for preparing, storing, receiving, displaying, transmitting or communicating information, material or messages:

  1. that are inconsistent with the mission or values of the University
  2. that may have the effect of harassment of any person or
  3. that may be defamatory.
  4. This includes, but is not limited to pornography, racism, sexism, obscenities, insults, threats and intimidation.

(12) University IT resources must not be used for commercial or private gain or the gain of a third party, except where there is an established relationship to the University (e.g. a commercial entity of the University).

(13) All University IT resources must be treated with care, irrespective of location. No person shall deliberately damage, help to damage or tamper with facilities, resources or services. No University owned or leased IT resource is to be moved off-site without appropriate permission.

(14) University IT resources are not to be used to gain unauthorised access to other computers/networks/systems/files/data, regardless of the intention.

Part B - Privacy

(15) Users are responsible for the security, privacy and confidentiality of data of a private or personal nature, held or transmitted using IT resources. Users should become familiar with the Privacy Policy and the Privacy and Personal Information Act 1998 so they are aware of their responsibilities for the collection, use and storage of personal information.

(16) Any attempt (successful or otherwise) to invade the privacy of others using IT resources will be regarded as a breach of this policy.

Part C - Breaches and Penalties

(17) The University works to ensure that it manages and uses its IT resources efficiently and effectively. To protect the interests of the University and to ensure compliance with this Policy, the Chief Information and Digital Officer (or nominee) retains the right to examine any data or files and to monitor computer usage, and to intervene when necessary.

(18) Breaches of this Policy will be reported immediately to the Chief Information and Digital Officer. Complaints in relation to breaches may also be forwarded to the Chief Information and Digital Officer and the Director, Equity and Diversity, for action. In these circumstances confidentiality will be maintained.

(19) If the Chief Information and Digital Officer believes that unethical or illegal activities, or activities inconsistent with the University's purpose or mission, have occurred, these processes will be followed:

  1. The Chief Information and Digital Officer (or nominee) will temporarily suspend the user from access privileges to all IT resources until further investigation.
  2. If a breach is found to have occurred, the Chief Information and Digital Officer, may decide to suspend access privileges for a defined period of time, depending on the seriousness of the offence.
  3. Where a staff member has breached this Policy, if the offence is judged to be serious, the procedures outlined in the applicable employment agreement will be followed. Where a student has breached this policy, the procedures outlined in the current Student Misconduct Rule will be followed.
  4. Where a breach involves unethical or illegal activities, the University has an obligation to report these to the relevant external law enforcement agencies, and individuals may be subject to prosecution.

Part D - Audits

(20) All University IT resource usage is logged and may be audited. Use of eduroam resources may be logged and audited by participating organisations. The University logs and audits the activities of visiting eduroam users. Usage and activity records belong to the University, not to the individual user. In most cases, these are admissible as evidence and are subject to relevant State and Federal Laws.

Part E - Responsibilities

(21) The University is responsible for ensuring the services and resources it provides to its community are used in efficient, lawful, proper and ethical ways.

(22) The Chief Information and Digital Officer (or nominee/s) has the responsibility to:

  1. Ensure that IT services and resources are being used in an optimal way;
  2. Fully investigate breaches of this Policy, take action when required and report to other agencies (for example, the police) when necessary;
  3. Maintain accurate system records and monitoring records, archiving as appropriate;
  4. Assist the University Auditor or any other agencies (with the approval of the Vice-Chancellor and President or nominee) in investigating suspected breaches or conducting random audits;
  5. Disclose usage where appropriate; and
  6. Provide access controls where possible to limit usage not consistent with this policy (for example, STD bars, firewalls).

(23) Executives/Directors/Managers/Team Leaders/Deans have the responsibility to do the following:

  1. Ensure all staff /honorary associates (e.g. contractors, visiting fellows) are made aware of this Policy in relation to their work at the University;
  2. Ensure that all work practices comply with this Policy;
  3. Lead by example with respect to this Policy;
  4. Notify Information Technology and Digital Services' when a staff member's access to a service or system should be withdrawn;
  5. Review applications for use of IT resources, and take responsibility for any costs incurred in respect to this; and
  6. Ensure that academics are aware of this Policy when teaching students who are required to use IT resources in their studies so that specific subject requirements comply with this Policy.

(24) Staff, students, and affiliates/associates are responsible for ensuring their usage complies with this Policy, for paying any relevant charges incurred, and for informing Information Technology and Digital Services when they cease their association with the University.

Part F - Categories of Users: Guidelines

(25) These are provided to help those responsible for certifying and sponsoring/recommending applications for access to IT resources (internally or remotely). With respect to Internet access, the "AARNet Policy on Allowed Access to AARNet" provides guidelines on allowable access and conditions of access.

(26) These should also be considered in respect to applications for Internet services by individuals or groups affiliated/associated with the University.

Staff members

(27) For the purposes of this Policy, a staff member is a person employed as a Higher Education Worker or Academic. Employment may be full-time, part-time or casual. Some types of access are provided routinely to staff to enable them to fulfil their duties. Access to other IT resources may be considered on the following grounds:

  1. To provide remote access as part of work responsibilities (for example, remote management of facilities) or to support a work/study arrangement (e.g. telecommuting, working on multiple sites, frequent travelling off campus).


(28) For the purposes of this Policy, a student is a person enrolled in a course of study or subject units offered by the University. Enrolled students are provided with access to the computing laboratories and network services.

Individuals or Groups affiliated/associated with the University

(29) Access to IT resources requires an application supported by the Director /Dean /Manager of the area or association, and agreement of the Chief Information and Digital Officer or nominee. Access to systems and services will expire at the end of the specified period or contract/term of appointment. Affiliates must agree to abide by this and other related policies, including paying for any loss or damage the University may sustain, should they improperly use University IT resources. This category may comprise, but is not limited to the following:

  1. Consultants and Contractors who require access to IT resources to fulfil the terms of their contract.
  2. Board of Trustees Members, Visiting Fellows and Research Associates who need access to IT resources for their University-related activities.
  3. External (not-for-profit) community groups who need temporary access to IT resources as part of their operation/function.
  4. Official affiliation/associations of the University (such as PAUWS, the Postgraduate Association of the University) that need access to IT resources to maintain their affiliation.

(30) Within this category, where access levels/types permitted are unclear, clarification should be obtained from the Chief Information and Digital Officer.

Top of Page

Section 5 - Guidelines


(31) In managing its operations, including those in IT, the University is required to take all reasonable steps to ensure compliance with relevant legislation. The legislation listed on the Associated Information page has helped form this Policy. Users of IT resources at the University do so subject to all applicable laws and University policies.