IT Acceptable Use Policy
Summary
This policy defines the principles and actions considered acceptable and unacceptable when Authorised Users access the Bionics Institute IT Services.
The policy aims to protect both authorised users and the Bionics Institute from risks associated with unacceptable use including information security threats, compromise of network systems and services, legal issues, and data loss.
Purpose
This Policy provides guidance on what constitutes acceptable use as well as unacceptable use of
IT Services and outlines the responsibilities of Authorised Users to protect Bionics institute IT
Services.
Scope
This policy applies to all Authorised Users and to the access and use of IT Services whether this
is done from a Bionics Institute office or remotely.
Definitions
Acceptable Use |
Activities that directly or indirectly support the business of Bionics
Institute. A limited level of personal use is considered acceptable
provided it does not use significant amounts of time or IT
resource. |
Authorised User/s |
Means a person/s who has been provided with a Bionics Institute
Network Account to access IT Assets and Infrastructure. These
include all staff, students, consultants, and visitors |
IT Services |
Includes:
- Desktop computers, laptops, tablets, handheld devices, and
servers
- Network accessible storage and local computer storage
- Removable media, e.g. CDs, USB storage devices, data cards,
and portable storage devices
- Printers, copiers, imaging equipment, and multi-function
devices
- Telephones, mobile phones, Fax machines
- Radios or other high frequency communication devices
- Cameras, webcams
- Electronic networks, internet, intranet, and web services
- Instant messaging, chat facilities, and online discussion
groups
- Email accounts
- Software
- Data and/or information
|
Policy Statement
Authorised Users may use Bionics Institute IT assets and services for any Bionics Institute
work-related purposes and for limited personal use.
Acceptable use
Authorised Users may use Bionics Institute IT assets and services for any work-related purposes
and for limited personal use providing that the use complies with the Bionics Institute Code of
Conduct, values, and policies, is lawful, and does not adversely impact the Bionics Institute
operations, assets, or reputation.
Bionics Institute IT Services must not be used in any manner considered inappropriate, or in
any way that may be reasonably seen as potentially damaging the reputation of the Institute,
such as:
- participating in gambling activities
- knowingly downloading, storing, distributing, or viewing of offensive, obscene, indecent,
or menacing material
- stalking, blackmailing, or engaging in otherwise threatening behaviour
- any use which breaches a law, including copyright breaches, fraudulent activity,
computer crimes and other computer offences
- transmitting spam or other unsolicited communications
- the introduction or distribution of security threats, including a virus or other harmful
malware
- unauthorised monitoring of electronic communications
Monitoring use
Any use of Bionics Institute IT assets and services may be monitored by the Bionics Institute IT
Department including:
- data storage volumes
- internet sites visited
- download volumes
- suspected malicious viruses
- instant messaging/chat messages
- emails
- computer hard drives
Bionics Institute Network Account
Authorised Users are provided a Network Account to access Bionics Institute IT Services for
carrying out their Bionics Institute role. Authorised Users are responsible for all activity
initiated from their Network Account and must not allow anyone else access to or use of that
Network Account. The Authorised User must ensure their Network Account credentials,
including passwords, are securely stored, and not disclosed to another person.
An Authorised User must inform the IT Department immediately if they believe that the security
or integrity of their Bionics Institute Network Account (including email account) has been
compromised including suspected lost or stolen password, the presence of malware or
suspicious email activity.
Access to their Bionics Institute Network Account will be removed when the relationship
between Authorised User and the Bionics Institute ceases. If an Authorised User requires their
Network Account to remain active for a period after they leave Bionics Institute, this must be
authorised by the Bionics Institute Business and Commercial Support Manager. The extension
of the access must have an end date specified.
IT Equipment
All Bionics Institute supplied IT equipment such as computers, and peripheral devices such as
monitors and printers remains the property of Bionics Institute and care must be taken to
prevent the equipment from being damaged, lost or stolen. Authorised Users must:
- ensure that Bionics Institute IT equipment is stored securely when not in use
- inform the IT Department if any malfunction or damage occurs to their IT equipment
- inform the IT Department and their line manager immediately if their IT equipment is
stolen or lost
Bionics Institute may install programs or software to track the location and use of the IT
equipment and reserves the right to monitor use of IT equipment, including during any remote
working arrangement.
Software
The IT Department will provide advice for, and may, or may not, approve software to be used
on Bionics Institute IT equipment.
Software, including source files and executable files, must not be added to, removed from, or
modified on IT equipment unless authorised by the IT department.
Software applications and tools purchased by the Bionics Institute are licensed primarily to the
Bionics Institute, however Authorised Users may require access from other locations on nonBionics Institute owned computers during their work within the parameters of the software
license agreement.
Authorised Users must discontinue use and un-install the software from non-Bionics Institute
owned computer(s) upon cessation or termination of engagement with the Bionics Institute, or
upon notification by the Bionics Institute of its termination of the software license agreement.
Authorised Users must comply with contractual obligations and terms and conditions of use
stated in the software license agreements entered by the Bionics Institute.
Email and electronic communications
A Bionics Institute email account is provided to Authorised Users for work-related activities.
Authorised Users with a Bionics institute email account must ensure that all email
correspondence and attachments sent using this email account appropriately represents the
Bionics Institute.
Virus protection measures are in place on the Bionics Institute network; however, it is the
responsibility of Authorised Users to take reasonable care when opening emails, attachments,
and links to identify that emails, attachments, and link are genuine. If an Authorised User
receives an email or attachment that seems suspicious, they must contact the IT Department
immediately.
E-mail is not considered a secure form of communication and third parties can potentially
intercept and view email in transit. E-mails should therefore be considered insecure unless the
message has been encrypted and digitally signed.
When deciding what information is to be included in an email, consideration should be given to
the fact that it may be forwarded to another party without the Authorised Users knowledge.
Bionics Institute provides access to Microsoft Teams chat functionality. This is considered
secure within the Bionics Institute Office 365 Tenant (when communicating with others using
their Bionics Institute Office 365 account). Other forms of electronic communication such as
chat applications and messaging services should be considered unsecure.
Data/Information
Authorised Users must ensure that Bionics Institute data is stored, retained, made accessible,
and disposed of according to the Bionics Institute Employee Privacy Policy, the Bionics Institute
Privacy Statement, legal, statutory, ethical, and funding bodies’ requirements.
This policy and its associated procedures first and foremost support its commitment to comply
with the Australian Code for the Responsible Conduct of Research (2018), and Bionics
Institute’s Research Data and Information Management Guidelines. It is Bionics Institute’s
responsibility to provide appropriate safe, secure, sustainable, and appropriate facilities for the
storage of research data. Authorised Users are responsible for retaining clear, accurate, secure,
and complete records of research data.
Bionics Institute provides secure data storage facilities to all Authorised Users. Secure and
backed up network drives are provided.
All Authorised Users must:
- use IT Department approved storage for records and media
- exchange information only through data transfer methods approved by the Bionics
Institute IT Department
- ensure data is stored in the appropriate repository so that it can be backed up, and not
stored on local devices only (e.g. desktop, laptop, external hard drive)
- consider intellectual property rights and copyright when using information and images
not created or owned by Bionics Institute
External Personnel
The Bionics Institute Guest Wireless Network provides a facility for external personnel for
connectivity to the Internet. This Guest Wireless Network operates independently from the
Bionics Institute Network, with no connectivity provided between the two networks. The Guest
Wireless Network provides access to external internet sites only. No access to Bionics Institute
IT services is possible from the Guest Wireless Network.
Upholding this policy
Any identified activity that is not consistent with this IT Acceptable Use Policy should be
reported to your Supervisor, the Human Resources Team, and/or a member of the IT
Department. Support will be provided to employees who report genuine concerns of breaches.
The IT Department may immediately suspend an Authorised User’s account prior to, during or
after an investigation.
If an investigation confirms a breach of this IT Acceptable Use Policy, disciplinary action may be
taken up to and including dismissal or other appropriate action for non-employee/s against the
individual or individuals concerned.
Supporting Procedures
- IT_PRO_Access Control
- RGV_FRM_Data Management Guidelines
Related Policies
- IT_POL_IT Policy
- Cybersecurity Policy
- Password Policy
- HR_POL_Privacy Statement
- HR_POL_Employee Privacy
- HR_FRM_Code of Conduct
External References
N/A
Please acknowledge you have read and understood the details of the above policy
You have acknowledged this policy
Thank you for acknowledging this policy