(1) The University of Queensland (UQ or the University) is committed to providing Information and Communication Technology (ICT) resources to support, enable and enhance its activities. (2) This Policy: (3) This Policy should be read in conjunction with other ICT policies and procedures (see associated information). (4) This Policy applies to consumers of UQ ICT resources or UQ information including, but not limited to: (5) Consumers that are connected to UQ networks or services must comply with this Policy, irrespective of location or device ownership (e.g. personally-owned computers). The Chief Information Officer must approve exceptions to this Policy. (6) ICT is of critical importance to UQ activities. All consumers of UQ ICT resources are expected to use these facilities and services appropriately and reasonably. (7) Access to ICT systems and resources is provided to consumers for carrying out University work, study, or for other UQ purposes. UQ incurs costs in providing ICT systems and resources, and access is not provided to consumers unconditionally. The following conditions apply: (8) Software licensed to UQ (UQ Licensed Software) must only be used for purposes legitimately associated with UQ’s operations and in accordance with the relevant software licence terms. This includes online services (i.e. software-as-a-service) licensed to UQ. (9) Consumers must not install software on UQ devices that is not appropriately licensed to UQ. (10) The following conditions of use are intended to inform consumers of their responsibilities when using UQ Licensed Software and to minimise UQ’s risks of copyright infringement, or other breaches of software licence terms: (11) UQ requires all consumers of its ICT resources to do so in an authorised, responsible, ethical, equitable and legal manner and in accordance with the UQ Staff Code of Conduct Policy and Student Code of Conduct Policy. Incidental personal use of University ICT resources is permitted. Such use must be kept to a minimum. (12) While UQ acknowledges that exceptions may exist under certain circumstances, unauthorised use of ICT resources may lead to increased cost, risk, and reputational damage to UQ. Consumers should be aware that UQ ICT resources must not be used: (13) Consumers’ use of UQ’s ICT systems and resources may be monitored (see section 4 of this Policy). (14) The Chief Information Officer may authorise an investigation into alleged misuse. If allegations are deemed to be valid and of a serious nature, evidence of misuse will be reported to the appropriate body: (15) UQ recognises the importance of email for efficient communication. Unauthorised use of email can result in security risks and reputational damage. The measures below apply to consumers of UQ ICT resources. (16) UQ’s digital presence includes websites, web applications, mobile applications and other means of providing information and services online. UQ’s digital presence must: (17) UQ will create and maintain its digital presence in accordance with the UQ Digital Presence Procedure. (18) UQ seeks to respect the privacy and confidentiality of consumers and protect its information and assets. The following policies cover these matters: (19) All UQ computers, laptops, and tablets (where possible) must have UQ’s anti-virus software installed. If a computer is unable to run UQ’s anti-virus software it presents a security risk and must not be used to access UQ’s ICT resources or information. Any exceptions must be made using the Cyber Security Exceptions Procedure. (20) Consumers are responsible for being aware of and complying with this Policy. Consumers should also be aware that: (21) It is the responsibility of consumers to check and maintain their UQ email account regularly. (22) Information Technology staff are responsible for: (23) The Chief Information Officer is responsible for: (24) To improve services and protect consumers, UQ reserves the right to monitor access and usage of all UQ ICT systems and resources. Consumers should be aware that use of UQ ICT resources, including email, is not considered private, and that UQ may monitor, access, restrict, terminate or suspend accounts with approval from the Chief Information Officer or their delegate. (25) UQ will meet its data retention obligations under the Telecommunications (Interception and Access) Act 1979 (Cth). (26) All usage (e.g. email, hard drives, or network use) may be recorded for the purposes of security and risk management (e.g. backups, performance monitoring, or compliance requirements). (27) Consumers who become aware of possible breaches of this Policy must report it to either: (28) Breaches of this Policy may be reported to UQ’s Information Technology Governance Committee, the Chief Information Officer, the Chief Human Resources Officer or to the appropriate external authorities, which may result in civil or criminal proceedings. (29) Information Management Policy (31) Privacy Management Policy (32) Telecommunications (Interception and Access) Act 1979 (Cth) (33) Privacy Act 1988 (Cth) (34) When choosing a password:Information and Communication Technology Policy
Section 1 - Purpose and Scope
Scope
Section 2 - Principles and Key Requirements
Access to ICT Systems and Resources
Software
Acceptable Use of ICT Resources
Misuse of UQ ICT Resources
Email and Bulk Messaging
Digital Presence
Information Management and Cyber Security
Section 3 - Roles, Responsibilities and Accountabilities
Consumers of UQ ICT Resources
Information Technology Staff
Chief Information Officer
Top of PageSection 4 - Monitoring, Review and Assurance
Section 5 - Recording and Reporting
Section 6 - Appendix
Related Policies
Related Legislation
Definitions
Term
Definition
Consumer
All staff, students, visitors, contractors, third parties, clinical and adjunct title holders, affiliates, alumni and all other people who access UQ's systems, networks or other ICT resources.
UQ ICT resources
any UQ IT system or asset, including but not limited to:
• Networks (wireless and wired)
• Property and facilities
• Equipment whether owned or leased by UQ including telephony, computers, servers, storage, including its associated hardware and software
• UQ websites and systems (applications)
• Data, information and video
• Accounts.
ITS
Information Technology Services.
SITC
Strategic Information Technology Council.
ITGC
Information Technology Governance Committee.
Unacceptable material
Includes materials not related to delivery of UQ’s core purpose or its effective operations, including but not limited to:
• Violent content
• Racist content
• Gambling or content relating to gambling
• Viruses and malware
• Games.
Unacceptable material excludes material that is permitted under UQ's principles for freedom of speech or academic freedom, as set out in the Governance and Management Framework Policy.
Software
Includes, but is not limited to, purchased or commercial software, sound, graphics, images, or datasets; shareware; freeware; and electronically stored documentation and the media that holds it. This includes online services (i.e. software-as-a-service) licensed to UQ. Not included in this definition are non-copyrighted computer data files that have no significance beyond the individual or organisational unit.
Software Licence compliance
Clear documentation that the number of legally obtained and genuine software licences matches the number of installed instances of a given software product on the University’s systems or devices.
Password Recommendations
Suggestions for a Strong Password
View current
This is the current version of the approved document. You can provide feedback on this document to the Enquiries Contact - refer to the Status and Details tab from the menu bar above. To view historical versions, click the link in the document's navigation bar.
• Pornography