IT Acceptable Use Guidelines


Application


The Acceptable Use of (IT) Policy and these supporting guidelines apply to all members of the University community whether at the University or elsewhere, and refer to all IT resources.

Purpose


To provide further explanation, examples and recommended best practices for implementing the IT Acceptable Use Policy.

Introduction


The University provides Information Technology (IT) resources to a large and varied group of people. In accordance with the IT Acceptable Use Policy, all users have the responsibility to use these resources in an effective, efficient, ethical, and legal manner.

Ethical and legal standards that apply to IT resources are based on the standards of common sense and courtesy that apply to any shared resource. The community depends upon the University's spirit of mutual respect and cooperation to resolve differences and problems that may arise.

The University provides IT resources with the stipulation that IT users act as good citizens and that they contribute to creating and maintaining an open community of responsible users.

Appropriate and responsible use


IT resources should be used in a way that is consistent with the University's teaching,earning, public service, research, and administrative objectives. Use should also be consistent with the specific objectives of projects or tasks for which use was authorised.

Examples of unacceptable use of IT resources:

The IT Acceptable Use policy covers identity misrepresentation. In brief, you may not:

  • assume another person's identity or role through deception or without authorisation
  • login, communicate, or act under the guise, name, identification, email address, or signature of another person without authorisation
  • communicate under the guise of an organisation, entity, or unit that you do not have the authority to represent

Reporting suspected incidents


You should report a suspected security incident to the Staff Service Centre: staffservice@auckland.ac.nz  Tel : +64 9 923 6000.

If possible, please forward a copy of any information relevant to the incident you are reporting. If the incident involves e-mail, please forward the message with the full header.

To resolve security incidents, service providers may work with other University offices including;

  • Registrar
  • HR department
  • Office of the Vice Chancellor

Securing your data


IT services provide and preserve security of files, account numbers, authorisation codes, and passwords. However, security can be breached through actions or causes beyond the service provider's reasonable control. You should always safeguard your personal and confidential data, passwords, and authorisation codes by:

  • using the free excellent commercial anti-virus software provided to the University community
  • keeping your operating systems up-to-date
  • taking full advantage of file security mechanisms built into the computing systems
  • choosing passwords wisely and changing them periodically
  • following established security policies and procedures to control access and use of administrative data

Service provider responsibilities


Considering the needs of all IT users, University service providers have the responsibility to offer services in the most efficient, reliable, and secure manner. At certain times, carrying out these responsibilities may require special actions or intervention by the service provider's staff. In such circumstances, they are bound by the policies governing their actions. At all other times, service provider staff have no special rights above and beyond those of other IT users. They are required to follow the same policies and conditions of use that all IT users must follow. Every effort shall be made to ensure that persons in positions of trust do not misuse computing resources and data or take advantage of their positions to access information not required in the performance of their duties.

Service providers are not responsible for policing IT user activity. However, if they become aware of a security incident they should initiate an investigation. To forestall an immediate threat to the security of a system or its IT users, service providers may suspend access of those involved in a suspected breach while the incident is being investigated. They may also take other actions to preserve the state of data and other information relevant to the investigation.

Service providers must act in accordance with University policies governing user privacy. Prior to examining e-mail and other private file content, they must attempt to seek the IT user's permission. If this is not possible, service providers must obtain authorisation from a higher administrative authority working in conjunction with the University's Legal Counsel to examine any content that may jeopardise the:

  • security of IT resources
  • security of users
  • ability of the University or its constituent parts to conduct necessary business

Unit/service specific guidelines


Some units or services within the University, including Information and Technology Services (ITS), maintain additional IT standards and guidelines. IT users to whom those additional IT standards and guidelines apply must also comply with those requirements.

The University also maintains or provides connections to external service providers that have established acceptable use standards. You are solely responsible for understanding and adhering to those standards. Should you breach any policy of an external network, the University cannot and will not extend any protection to you.

User responsibilities - examples


By using IT resources, you accept the following responsibilities;

Respect the privacy of other users

For example, you may not:

  • intentionally seek information on, obtain copies of, or modify e-mail, files, tapes, or passwords belonging to other users or the University
  • represent others, unless authorised to do so explicitly by those IT users
  • divulge sensitive personal data to which you have access concerning staff, or students without explicit authorisation to do so

Respect the rights of other users

Example:

You must comply with all laws and University policies regarding harassment on the basis of race, sex, colour, religion, creed, national origin, ancestry, age, marital status, disability, gender identity, or gender expression. The University is committed to supporting fair and respectful treatment of all members of the University and the wider community.

Respect copyright and licensing agreements

For example, you may not:

  • use file-sharing programs to obtain copyrighted material such as music, DVDs, and other protected items without permission of the copyright holder
  • make copies of a licensed computer program to avoid paying additional license fees or to share with other users

Respect the intended use of IT resources

For example, you may:

  • use only those IT resources (username and password, funds, transactions, data, processes, etc.) assigned to you by service providers, unit heads, or project directors for the purposes specified
  • not access, use, or divulge such resources unless explicitly authorised to do so by the appropriate authority
  • not use University resources assigned to you or others for profit-making or fund-raising activities unless explicitly authorised to do so by the appropriate authority
  • not use University resources to campaign for or against a ballot initiative or a candidate running for office or to conduct a political campaign
  • not create an e-mail group with the intent of sending out what would generally be regarded as spam, unless the creator has received permission from the members of the new group
  • may not advertise or solicit for commercial events or endeavours

Respect the shared nature of resources

Example:

You must avoid activities that unreasonably tax system resources or that, through frivolous use, go beyond the intended use of the system

Respect the intended use of systems including e-mail, online chats, and blogs

For example, you may not send:

  • forged e-mail,
  • e-mail that threatens or harasses other users,
  • unsolicited mass e-mail not related to the purpose(s) of the addressed directory group(s) or
  • promotional e-mail for commercial or profit-making purposes.

Respect the integrity of the system or network

Example:

You may not intentionally develop or use programs, transactions, data, or processes that harass other users, infiltrate the system, or damage or alter the software or data components of a system. Alterations to any system, network software, or data component may be made only under specific instructions from authorised unit heads, project directors, or management staff.

Respect the payment structure of a computing or networking system

Example:

You may not intentionally develop or use any unauthorised mechanisms to alter or avoid paying charges applied by the University for computing, network, and data processing services.

Definitions


The following definitions apply to this document:

IT resources refers to any University owned or operated hardware or software and the data that is used or stored on it

IT user means any individual member of the University community using IT resources

Legal counsel refers to the legal advisors of the University and of Uniservices

Unit(s) refers to an organisational grouping across the University and includes a faculty, or research centre or service division  

UniServices manages the University's intellectual property and is responsible for all research-based consultancy partnerships and commercialisation

University means the University of Auckland and includes all subsidiaries

University community includes all staff members (whether permanent, temporary or part time), honorary staff, students (whether full time or part time), contractors, subcontractors, consultants, alumni, associates, business partners or official visitors or guests of members of the University or UniServices

Document management and control


Owned by: CIO

Prepared by: IT Risk Manager

Date approved: January 2017

Review date: January 2020

 

 

Top