(1) These procedures provide information to assists students and staff to understand their rights and responsibilities while using Email and Internet services. These procedures should be read in conjunction with the Email and Internet Policy and Email and Internet Guide. (2) Refer to the Email and Internet Policy for a full list. Definitions that apply only for the purposes of these Procedures include: (3) Refer to the Email and Internet Policy. (4) When using University email and internet, Authorised Users must: (5) University email and internet resources must not be used: (6) Staff must use their University email address and provide their University identity when sending official University correspondence via email and must determine and abide by any additional record-keeping obligations that apply. [Ref. Spam Act 2003, section 6; State Records Act 1998, section 3] (7) Official correspondence to students must be sent to students' University email addresses, although copies may also be sent to students' personal addresses [Ref. Spam Act 2003, Schedule 1, section 4]. (8) Automatic Redirection (or Automatic Forwarding) of University staff or corporate emails to an external/personal email address or to another email client is not permitted. (9) The University Permits incidental personal use of University email and internet on the proviso that such use is legal, consistent with all relevant University policies and does not interfere with or conflict with University business. Authorised Users should note that: (10) While the University allows reasonable personal use of its email system, use of the email system for all personal (11) Emails dealing with University business are University records. As such, staff are obliged to ensure these emails are placed on formal University files (such as TRIM), preventing the need for access to the Authorised User's email account. Staff who will be absent from the University must ensure that information held in their email accounts that is relevant and necessary to conducting the University's business is accessible to those having a need for it. Refer to the Records and Archive Management Policy for further information. (12) Occasionally, the University's ITDS staff receives requests from staff seeking verification that an email has been sent or received by a nominated University student email address. Such requests should be requested through the IT Service Desk, and include the information necessary to enable the transaction to be traced. (13) In these cases the CIDO (or nominee) will normally advise whether the email described was sent or received by a nominated University student email address at the date and time indicated. (14) Current email transportation methods cannot be regarded as secure. Email forgery and phishing can and does occur, and Spam email will occasionally appear legitimate enough not to be identified by the University’s spam detection controls automatic filtering. To prevent the misuse of email, Authorised Users should: (15) Just as email is a potential vector for spreading malicious code or conducting crime, the internet can and does get used in this way, and should not ever be considered entirely safe or secure. The steps Authorised Users should take to make sure there is not any misuse of the University's Internet Resources include: (16) The University takes steps to safeguard its Authorised Users and its email and internet resources by logging email and internet activity, running virus scans, placing firewall blocks around its Information Systems, and retaining logs and backups of all of the above. Staff authorised by the CIDO may access these logs for the purposes of analysis and examination; as required by law; for ensuring the confidentiality, integrity, and availability of the University Information Systems; or as directed in the Workplace Surveillance Policy. (17) In order to efficiently manage the University Email and Internet Services, the University reviews performance and retains logs, backups and archives related to these services. Only staff approved by the CIDO may examine such records, and only for the purposes of this policy, as required by law or for ensuring the confidentiality, integrity and availability of the University Information Systems, or as directed in the Workplace Surveillance Policy or the Student Misconduct Rule. (18) As part of reviewing and maintaining the system the University may limit: (19) The University may block emails that are determined by the University and/or its security systems to: (20) Users should not use University email resources in a manner that could reasonably be expected to directly or indirectly cause excessive strain on any part of the University Information System, or unwarranted or unsolicited interference with other use of the University Information System. This would include use that consumes a large amount of bandwidth (e.g. through the use of large attachments) or the distribution of screen savers, games, spam or the like. [Ref. ISO 27002 section 7.2]. (21) The University provides directories of email addresses ("University Email List"). These are important to our ongoing work and their integrity and usefulness must be preserved. There are three types of mailing list: (22) All University emails sent via University Email Lists are subject to the following: (23) General email lists: (24) School, Division, or Department email lists: (25) Special interest email lists are subject to the following: (26) From time to time University staff may engage in the sending of commercial emails that offer goods or services from the University. The definition of what constitutes commercial email for the purposes of this document is contained in the definitions (Section 2), and is otherwise defined within section 6 of the Spam Act. All Commercial Emails are governed by the Spam Act. (27) A Commercial Email must contain: (28) Staff sending Commercial Emails must ensure that the unsubscribe facility specified in the email is functional and requests are acted upon. (29) Commercial Email must not be sent to a person who has submitted an unsubscribe request. (30) University staff must not use email address harvesting software or an email address list that has been produced using such software. For this reason, care must be taken when using email lists provided by sources outside the University. (31) Attachments must be in a format that can be read by a readily available program for which the University holds a license in order to ensure that they can be read in the future. This means that attachments that are documents (not including spreadsheets, databases and the like) should be in ASCII, TXT, RTF, DOC or PDF format. (32) Official Emails must only be encrypted and sent using software approved by the CIDO. (33) ITDS maintains a register of 'blacklisted', or blocked, websites that University systems will not allow Authorised Users to navigate to or load. Authorised Users of University Internet Resources should not attempt to circumvent the blacklist without consent from the CIDO and assistance from ITDS staff (see the Cyber Security Policy for more information). (34) By law, digital signatures can have the same legal status as written signatures. Staff must not use digital signatures on either email or as part of online forms in place of written signatures without authorisation from the CIDO. (35) Emails, including emails of a private or personal nature, are regularly backed up and/or archived by the University [Ref. ACSC Essential 8]. It is not feasible to separate private or personal email from this process. Nothing in this procedure document prevents such backups or archiving. Requests for copies of backed up or archived emails will be treated in the same way as requests for copies of the original email. (36) ITDS is not obliged to provide an Authorised User with copies of personal emails that it has backed up or archived. (37) The University makes use of systems to automatically detect spam email. In the event these systems are unable to determine if an email is spam or genuine, it adds a “[SPAM]” tag to the front of the subject line and delivers it to the intended recipient. This may result in Authorised Users receiving spam email from time to time. Report spam emails to the IT Service Desk (itservicedesk@westernsydney.edu.au). Refer to ServiceNow Knowledge Article 0011503 for more details. (38) The Policy on Allowed Access to AARNet provides guidelines on allowable access and conditions of access to Internet services. Any Authorised User of University Internet Resources is expected to follow it. (39) Eduroam users: Eduroam users access University Internet Resources through a separate wireless Network, set up to cater exclusively to the standards for connectivity outlined in Eduroam's Compliance Statement. Through the Eduroam wireless network, Eduroam users are granted access to University Internet Resources. However, a University email account is not generated for these users. Eduroam users are expected to comply with this procedure document as far as it applies to them, such as reasonable and courteous internet usage, as well as any applicable University Policies, such as the Acceptable Use of IT Resources and Email and Internet Policy. (40) See the Email and Internet Guide document. (41) This procedure makes reference to the International Standard for Information Security, AS/NZS ISO/IEC 27002, which can be accessed under "Standards On-line Premium (SAI Global)" via the alphabetical listing in the e-Resources section of the University Library. (42) The following University policies are referenced in this procedure: (43) The following legislation, framework, or standards are referenced in this procedure:Email and Internet Procedures
Section 1 - Purpose and Context
Section 2 - Definitions
Top of Page
Section 3 - Policy Reference
Section 4 - Procedures
Part A - Conditions of Use
Personal Use of University Email and Internet
procedures authorised by the Workplace Surveillance Policy. Even personal emails sent from University
addresses or with University resources remain subject to the provisions of the Email and Internet Policy and
as such are property of the University ; and
integrity and confidentiality, and may be restricted without warning if a University Digital Service is breached,
or if the CIDO (or nominee) believes there is the potential for a breach.
email is not authorised. Authorised Users are strongly advised to use other email providers if they have concerns
about personal information or private content being accessible in the University's systems. Organising email folders so
that personal email is not interspersed with University related email would also help to protect privacy.Official Email — Related to Work or Study
Verification of Student Emails
Part B - Security of Internet Access and the Email System
Reviewing Performance of University Email and Internet
Part C - Mailing Lists
Part D - Commercial Emails
Part E - Formats and Encryption
Part F - Webpage Blacklisting
Part G - Digital Signatures
Part H - Backup and Archiving
Part I - Tagging of Unconfirmed Spam Email
Part J - Other Applicable Guidelines for Authorised Users
Section 5 - Guidelines
Section 6 - Reference Documents
View Current
This is the current version of this document. To view historic versions, click the link in the document's navigation bar.