Bulletin Board - Document Comments

Bulletin Board - Review and Comment

Step 1 of 3: Comment on Document

There are 3 steps in the submission process. You must complete all three steps in one session, otherwise your comments will be lost.

1. Use this Protected Document icon to open a comment box.

2. Type your feedback and then click the"Save Comment" button in the lower-right of the comment box.

3. Do not open more than one comment box at the same time.

4. When you have finished making comments, go to step 2 by clicking on the “Save and Continue” button at the very bottom of this page.

Important Information

During the comment process you are connected to a database. Like internet banking, the session that connects you to the database may time-out due to inactivity or if you close your browser or go to a different tab/window and try to come back.

To ensure that your comments are received:

  1. DO NOT jump between web pages/applications while logging comments.

  2. DO NOT log comments for more than one document at a time.

  3. DO NOT leave your submission unfinished. If you need to take a break, submit your current set of comments now and return later to make a further submission. You will receive a copy of your comments so that you can see what you have already said.

  4. DO NOT exit from the interface until you have completed all three steps of the submission process.  Simply saving a comment in the comment box does not mean it is submitted and if you exit the system, you will not be able to retrieve it later.

When you finalise your submission in step 3 your comments will be emailed to the Document Author with a copy to you, and to policy@mq.edu.au for record keeping purposes.

Acceptable Use of IT Resources Policy

Section 1 - Purpose

(1) This Policy outlines the standards of behaviour required for accessing the University’s IT Resources.

Scope

(2) This Policy applies to all Staff and Students of Macquarie University (the University) and Third Parties accessing the University’s IT Resources.

Background

(3) The University is committed to maintaining a secure technology environment and as such, has established behavioural requirements for accessing the University’s IT Resources. Establishing these requirements aims to decrease the likelihood that IT Resources are misused.

Top of Page

Section 2 - Policy

(4) All Staff, Students and Third-Parties should provide confirmation that they have read and understood this Policy prior to commencement of work/study at the University.

(5) Staff and Students provisioned with access to IT Resources should be aware of their responsibilities regarding appropriate care and protection.

(6) Unauthorised individuals must not be given physical or logical access to IT Resources or Information.

(7) The owner of a user account is solely responsible for all actions performed using their account.

(8) IT Resources may be used for acceptable limited and reasonable personal use. Such personal use must be lawful, not negatively impact the University or violate this Policy. See Acceptable Use of IT Resources - Misuse Schedule for examples of unacceptable use.

(9) Staff and Students should consider the implications of storing and transmitting personal information not required by the University within IT Resources (e.g., personal events, security clearances, passports, files containing personal information, etc). The University is not responsible for protecting such Information.

(10) Fixed IT Resources (e.g., monitors, routers) must not be taken off-site without prior written authorisation by the IT Service Desk or an authorised manager;

(11) Information created, sent, received, or processed for the University’s business purposes that is not subject to the intellectual property rights of University Staff, Students or Third Parties, is owned by the University.

Incident Notification

(12) Staff and Students have a responsibility to maintain vigilance and report any suspicious cyber security events occurring against the University, including:

  1. IT Resources behaving differently or unusually;
  2. University emails which are suspected to be malicious or suspicious;
  3. individuals asking for user credential (e.g., username and password);
  4. loss/theft, or suspicion of loss/theft of IT Resources; and
  5. breaches of this Policy or other cyber security Policies.

(13) University related cyber security events should be reported immediately to the IT Service Desk team or the IT Cyber Security team (cyber@mq.edu.au). Details of cyber security events should remain confidential and not be divulged or discussed with unauthorised individuals.

(14) The University is not responsible for managing cyber security breaches for the personal emails, accounts or devices of Staff and Students. However, you are encouraged to report these for broader awareness.

Protection of Physical IT Resources

(15) IT Resources must:

  1. not be left unlocked while unattended;
  2. not be connected to public Wi-Fi;
  3. not be left unattended in public areas or in motor vehicles;
  4. be up to date with the latest software patches installed (e.g., browsers and operating systems);
  5. have Wi-Fi and Bluetooth auto-connecting capabilities disabled if not in use; and
  6. have wireless file sharing capabilities disabled (e.g. ‘AirDrop’ on iOS or ‘Nearby Share’ on Android).

(16) Untrusted removable storage media (e.g., USB drives and external hard drives) should not be connected to IT Resources.

(17) IT Resources should only be charged using trusted charging devices (e.g., charger, cables, power adapter). Public charging stations or USB ports (e.g. airports, restaurants, conference rooms) should not be used.

(18) On the last day employment or termination of contract, University Staff, and Third-Parties must return all University IT Resources and any associated accessories (e.g., keyboards, chargers, travel cases).

(19) Students must return IT Resources when they are no longer required for study purposes.

Protection of Information

(20) Information should be generated, stored, processed and transmitted in accordance with the:

  1. Information Classification and Handling Procedure;
  2. Records and Information Management Policy; and
  3. Privacy Policy.

(21) Personal email or cloud storage accounts should not be used to store, process or transmit University owned Information.

(22) Information classified as Confidential or above (refer Information Classification and Handling Procedure) should be securely stored when not in use or when left unattended.

(23) Information that is no longer required should be disposed of securely (e.g., shredding).

(24) Whiteboards and other Information display sources should be cleaned of any Information classified Confidential or above, after use.

Remote Working and Travel

(25) Home Wi-Fi should be password protected with the latest supported Wi-Fi security protocols, if used to connect to University IT Resources.

(26) Staff must comply with travel requirements detailed in the Cyber Travel Policy.

Cyber Security Training

(27) Staff must complete cyber security awareness training as required by the University.

Monitoring and Privacy

(28) The University monitors all its IT Resources in accordance with the University’s Workplace Surveillance Policy. Breaches of this Policy constitute misuse of the University’s IT Resources.

(29) The University may access, review, monitor, or disclose the contents of all messages created, sent or received using IT Resources. This may be performed for monitoring compliance with this Policy, terms and conditions of employment/engagement, and statutory obligations.

(30) Staff, Students and Third-Parties should assume that personal information transmitted by or stored on University IT Resources will be accessed by the University to the extent permitted by law. Accordingly, there is no presumption of privacy.

(31) The University may refer serious matters or repeated breaches to the Chief Information and Digital Officer, Chief People Officer, the Head of the relevant organisational unit, or the appropriate external authorities, which may result in disciplinary, civil and/or criminal proceedings.

(32) The University has a statutory obligation to report illegal activities and corrupt conduct to appropriate authorities and will cooperate fully with the relevant authorities.

(33) To the extent allowed by law, the University is not liable for loss, damage or consequential loss or damage arising directly or indirectly from the use or misuse of any IT Resources.

Prohibited Conduct

(34) Staff and Students must not use IT Resources for, or in support of, illegal, obscene, or other inappropriate activities, in accordance with the Acceptable Use of IT Resources - Misuse Schedule.

Compliance and Exemptions

(35) Any exemption to this Policy must be sought from the Chief Information Security Officer(CISO).

(36) Breaches of this Policy by Staff and Students will be managed in accordance with the applicable provisions of the Student Code of ConductStudent Conduct Rules, Student Conduct Procedure, Staff Code of Conduct and other relevant policy instruments.

Top of Page

Section 3 - Procedures

Use of Personal Mobile Devices

(37) The University permits Staff to access University Information and applications via their personal mobile devices.

(38) To maintain the security of University Information, personal mobile devices used to access University Information and applications must:

  1. be configured to automatically lock and require authentication (e.g., facial recognition, fingerprint scan, or a pin code to unlock);
  2. be actively supported by the device vendor;
  3. be capable of running the University approved Multi-Factor Authentication (MFA) application;
  4. be kept up to date with the latest operating system / security updates;
  5. have missing or stolen devices that had access to work applications reported;
  6. not access sensitive corporate data in areas where there is oversight;
  7. not be jailbroken or non-baseline built in anyway; and
  8. not access corporate information when overseas without an active exemption in place (see Cyber Travel Policy)

(39) If the above cannot be met personal mobile devices must not be used and either use of corporate laptop or corporate device is required in place.

(40) The University is not responsible for any loss of personal data, delays, non-deliveries, service interruptions, technical difficulties, or malicious activity to a personal mobile device.

Internet, Email, Social Media and Artificial Intelligence (AI) Usage

(41) The University permits Staff to access internet, email, social media and Artificial Intelligence (AI) for the following reasons:

  1. to carry out their duties and contribute to the University’s goals and objectives;
  2. for initiating and furthering professional contacts;
  3. for personal development; and/or
  4. where authorised, for communicating to wider stakeholder and community groups.

(42) Staff should:

  1. take all reasonable care when downloading, accessing or executing files from the internet;
  2. carefully consider the type and nature of Information requested when browsing the internet;
  3. be aware of copyright restrictions; and
  4. ensure that non-work-related email addresses are not included in work related correspondence;

(43) University approved AI tools should be used in accordance with the Responsible and Ethical Use of Artificial Intelligence Policy.

(44) University data must not be uploaded to non-university managed AI tools.

(45) Social media should be used in accordance with the Social Media Policy.

Top of Page

Section 4 - Guidelines

(46) Nil.

Top of Page

Section 5 - Definitions

(47) The following definitions apply for the purpose of this Policy:  

  1. Information means any information in either physical or electronic format that is generated, created, stored, purchased or received during the conduct of University operations.
  2. IT Resource means any device or software that has value to the University and consequently needs to be suitably protected, including hardware (e.g., laptops, desktops, servers, network equipment, phones, printers, storage devices), and applications (e.g., cloud/desktop/server based).
  3. Staff means an individual directly employed by the University.
  4. Student means a person:
    1. seeking admission to the University;
    2. enrolled in a unit of study at the University;
    3. who is a graduand;
    4. suspended from the University;
    5. on a leave of absence;
    6. who has deferred enrolment; and
    7. who was a student at the time the alleged conduct occurred.
  5. Third-Party means an individual or organisation working under contract with the University.