Terms of use
Terms of use

POLICY

Information Technology systems are used extensively throughout Bendigo TAFE (herein also referred to as the Institute). This policy provides a framework within which authorised users must operate when using Institute facilities.

COVERAGE

This policy shall apply to all users of Institute computing and communications facilities and applies to all of these facilities, irrespective of the Campus, Centre or Unit providing the facilities, and whether the facilities are located on a campus or site of the Institute or elsewhere. This policy also explicitly covers devices not owned by the Institute but authorised for use on or near Institute campuses.

INTRODUCTION

The Institute provides an extensive range of computing and communication facilities for use by staff, students and other authorised users. Taxpayers are entitled to expect the Institute's communications and information technology systems to be used in an economical, effective and ethical manner. Federal and State government legislation and guidelines must be observed and prevailing community standards adopted. The conditions and obligations associated with authorised use of the Institute's computing and communication facilities are set out in this policy.

DEFINITIONS

Affiliate shall mean and refer to any person recommended to, and approved by, the I&IT Manager as a person with direct links to Institute centres, units or campuses requiring access to Institute systems to perform Institute-related tasks. Affiliates must be nominated in writing to the I&IT Manager by Centre, Campus or Unit Managers.

Authorised User shall mean and refer to:

  • an employee of the Institute;
  • a student of the Institute;
  • a person who holds an honorary or temporary appointment;
  • a person, approved by the I&IT Manager, who is accorded Affiliate status;
  • a person, approved by the I&IT Manager, requiring access to Institute computing systems to perform contracted services for the Institute.
  • an authorised participant in a conference, congress or workshop officially convened by the Institute. This may include Institute short or fee-for-service courses but does not include a participant in a conference, congress or workshop held on Institute premises by an external body; and
  • any other person approved by the I&IT Manager as an authorised user eg; a member of the Institute Board.

 

Computing facilities include, but are not restricted to, the following items:

  • Desktop and laptop computing hardware;
  • Active devices such as Personal Digital Assistants (PDAs) that have the ability to attach to or communicate with Institute computers or networks;
  • Passive devices such as printers, scanners, electronic cameras or mobile telephones that have the ability to attach to or communicate with Institute computers or networks;
  • Storage media such as CD ROM, DVD, USB devices, tapes and similar that can store digital data in a retrievable form;
  • Computer software, whether formally licensed or not;
  • Network connections, including wireless connections such as infra-red, radio, Bluetooth, laser;
  • Operating and user manuals; and
  • Video and telephone conferencing systems.

 

Contractor shall mean and refer to any person engaged by the Institute to perform any task under the direction of Institute staff, whether a formal contract is in place or not. This will include all persons subsequently engaged by Institute contractors (sub-contractors).

Digital Communication facilities include, but are not restricted to, the following items:

  • Electronic mail (email) where sent by or received on Institute equipment;
  • Electronic instant messaging or 'chat' connections;
  • Facsimiles (when generated by or received by digital equipment);
  • Internet access achieved via any device owned or managed by the Institute;
  • Satellite communications equipment;
  • Microwave or other devices using radio frequencies; and
  • Telephones: fixed, cordless and mobile.

 

Employee shall mean and refer to any staff member employed by the Institute, including a person employed by the Institute on a casual basis.

I&IT Manager refers to the Manager of the Infrastructure & Information Technology Unit or a properly authorised nominee. The Director Student Services & Systems, the Chief Executive Officer and the Chair of the Institute Board are ex-officio authorised nominees.

Prohibited data or material shall mean and refer to all data or material that falls within the categories described below, and as proscribed or defined within relevant Commonwealth and State legislation:

  • describes, depicts, expressly or otherwise, matters of sex, drug misuse or addiction, crime, cruelty, violence or revolting or abhorrent phenomena in such a way that they offend against the standards of decency and propriety generally accepted by reasonable adults;
  • describes or depicts in a way that is likely to cause offence to a reasonable adult, a minor who is, or who appears to be, under 16 years of age whether the minor is engaged in sexual activity or not;
  • promotes, incites or instructs in matters of crime or violence;
  • brings the Institute or its officers into disrepute;
  • discriminates against, harasses or vilifies any member of the public on the grounds of sex, pregnancy, age, race, nationality, descent or ethnic background, religious background, marital status, disability, HIV/AIDS status, sexual preference, homosexuality and transgender; or
  • defames, or could be reasonably anticipated to defame, any person, institution or company.

 

Spam shall mean and refer to all data or material that falls within the categories described below, and as proscribed or defined within Commonwealth Anti-Spam legislation:

  • unsolicited commercial email;
  • unsolicited instant messaging;
  • unsolicited text messaging to telephones; and
  • other broadcast mechanisms.

 

Student shall mean and refer to a person enrolled in:

  • a course leading to an award of the Institute; or
  • a course not leading to an award of the Institute but comprising of subjects drawn from a course or courses leading to an award or awards of the Institute.

 

PRINCIPLES

Information Technology and Communication systems provide vital services to the teaching and administrative operations of the Institute. Inefficient, ineffective, illegal or unethical use of Bendigo TAFE systems by staff, students or other users could lead to an unacceptable loss of services across the Institute. Bendigo TAFE could also be at risk of litigation or loss of reputation.

The Infrastructure & Information Technology Unit has a mandate to ensure that:

  • the use of Institute computing and communication facilities is directed toward achievement of the academic and administrative goals of the Institute;
  • Institute computing and communication facilities are used in a manner which is lawful, efficient, proper and ethical;
  • Institute computing and communication facilities are used to carry out job related tasks in an economical manner; and
  • the express provisions of usage as set out in this part of the policy are adhered to at all times.

 

RESPONSIBILITY (for Currency & Maintenance)

I&IT Manager

APPLICATION OF THE POLICY

Network Security

High levels of security and the integrity of the Bendigo TAFE computing and communication network are essential to fulfilment of the Institute's mission and statutory obligations and responsibilities.

Bendigo TAFE reserves the right to implement appropriate measures to manage its computing and communication facilities in an efficient and effective manner and to maintain and enhance the security of its computing and communications network.

In particular, the I&IT Manager is authorised to develop and implement procedures and technologies to:

  • audit and monitor the usage of any or all of the Institute's computing and communication network and facilities;
  • ensure that Institute facilities are used and managed in a secure, efficient and effective manner;
  • ensure legislative requirements regarding computer and communications are observed;
  • prevent, where possible, access to inappropriate material by under-aged authorised users;
  • deal with existing or potential threats to the security and integrity of the Institute's computing and communication network;
  • prevent unauthorised access to and usage of the Institute's computing and communication network and facilities;
  • restrict the use of any Institute computer or communication facility that may impede the secure or efficient operation of the Institute's network;
  • move or delete without notice any data, material or software that presents a risk to the security or integrity of the Institute's network or computing or communication facilities; and
  • delete and/or move non-registered devices from the Institute network.

 

Prohibited use of computer and communication devices

The use of any Institute computer or communications facility to make, send or store fraudulent, unlawful, harassing or abusive calls or messages is prohibited.

The use of any Institute computer or communications facility that impedes the efficient and effective operation of such facilities is prohibited (eg; unauthorised bulk or everyone email).

The use of any Institute computer or communications facility to transmit or broadcast unsolicited commercial email (Spam) is prohibited.

An authorised user shall not use any Institute computer or communications facility to access, transfer, publish, display, circulate or store prohibited material, messages or data as described in the Definitions of this policy.

Login Identification

When a person is authorised to use Bendigo TAFE facilities, they will be issued with a personal login identity and a password. In most cases, an email account with the same name will also be created. Activities attributable to a specific account will be deemed to be the responsibility of the authorised account holder.

An authorised user shall not:

  • disclose his or her login password(s) to any other party or parties;
  • allow another party to use his or her login identification;
  • use the login identification of another user;
  • attempt to discover any other user's login password; and
  • take every reasonable precaution to ensure that his or her login password is adequately secured.

In exceptional circumstances, a single account may be used by a number of authorised users. Approval to create and use multi-user or group accounts must be given by the I&IT Manager prior to use. Account responsibility then lies with the manager of the group using the account.

Security

An authorised user shall not infringe the Institute's security system or use Institute computing or communications facilities to breach, or attempt to breach, the security of systems accessible via the networks provided by the Institute.

An authorised user shall not introduce virus software or any other software designed to disrupt, corrupt or destroy programs and/or data, or sabotage the Institute's computing and communication facilities.

An authorised user shall not, without the authorisation of the I&IT Manager:

  • examine, copy, rename, change or delete private programs, files, data, messages or information belonging to the Institute or any other authorised user;
  • use Bendigo TAFE's computing or communication facilities for profit making or commercial activities;
  • open, inspect or otherwise interfere with network devices or distribution cabinets;
  • modify any equipment or software; or
  • alter or tamper with any restrictions associated with any Institute computer system, computer account, network system, personal computer software protection or other of the Institute's computing or communication facilities.

 

Copyright and Software Licensing

An authorised user shall be personally responsible for complying with relevant provisions of the Copyright Act 1968 (Commonwealth), as amended, particularly as it relates to the copying and communication of computer software and other copyright material on the Internet.

Software theft (Pirating) is a crime and is prohibited. Incidents of software theft should be reported to the I&IT Manager. The Institute is obliged to report offences to relevant State or Federal law enforcement agencies.

Software manuals that are provided under a licensing agreement are not covered by the Institute's right to copy agreements. Full or partial photocopying or scanning of software manuals is prohibited unless explicitly approved by the I&IT Manager or the copyright owner.

Bendigo TAFE computer users are bound to abide by software licensing agreements undertaken by the Institute. Bendigo TAFE adheres to the Business Software Association of Australia's software code of conduct.

Further information concerning copyright restrictions is available from the I&IT Manager.

Private Use of Institute computing and communications facilities

The Institute aims to enhance the quality of the working life of its employees and to retain skilled and experienced employees by providing flexibility in employment practices and work arrangements. As a consequence of this approach, the Institute will allow, as a privilege to employees, reasonable use of Institute computing and communications facilities for private purposes.

Institute line Managers are responsible for determining, managing and communicating to employees what constitutes acceptable amounts of time that employees may use Institute resources for private use. Where a line manager considers an individual's usage to be excessive or contrary to Institute policies, they should refer the matter, through their Centre or Unit Manager, to the I&IT Manager.

The Institute will allow, as a privilege to students, restricted use of the Institute's e-mail and internet system for private purposes. Access within timetabled teaching periods is not permitted without authorisation from the supervising teacher. Where I&IT or teaching staff consider excessive or inappropriate use of facilities is taking place, this privilege may be revoked.

Acceptable Use

Authorised users shall not use Institute computing and communications facilities for any purpose that is questionable, controversial or offensive specifically including the following activities:

  • gambling;
  • transferral, publication, display or circulation of chain letters or junk mail (Spam);
  • transferral, publication, display or circulation of political or seditious material relating to political parties or industrial matters;
  • accessing chat lines;
  • any commercial activity not authorised by the Institute;
  • downloading of unauthorised software;
  • downloading of lengthy files containing picture images, live pictures or graphics;
  • accessing computer games or radio or television stations broadcasting via the Internet; or
  • accessing or transmitting prohibited data or material.


An authorised user shall not:

  • access or transmit prohibited or unlawful data or material;
  • obtain or attempt to obtain a higher than authorised level of privilege on any Institute computing or communication facility;
  • remove or tamper with any of the computing or communication facility provided by the Institute;
  • store data in an area unauthorised for such storage;
  • work in a way that distracts or harasses any other authorised user or member of the public; or
  • remove, deface or corrupt notices placed by an employee of the Institute regarding the use of Institute computing or communication facilities.


A Student shall not:

  • provide another student with data which is subject to assessment as their own material;
  • collect or discard the output, including printed material, from the Institute's computing or communication facilities of any other authorised user;


Confidentiality and Privacy

Users must be aware that the confidentiality of electronic communications cannot be assured and that all data or messages transmitted by electronic communications facilities are capable of being intercepted, overheard, traced or recorded by others.

Employees should familiarise themselves with Bendigo TAFE Privacy policies, specifically:

  • the individual and institutional responsibilities that relate to their job and the protection of confidential or sensitive information; and
  • the statutory responsibilities that relate to their job and the protection of information deemed to be "personal information" by Commonwealth Privacy legislation.


An employee shall be required to comply with relevant statutory requirements, including the provisions of the Information Privacy Act (2000) and the Health Records Act (2001).

An employee shall not breach obligations that relate to the protection of confidential or sensitive information and information deemed to be "personal information" by Institute policies.

An employee shall not access or use Institute records, including electronic data, to gain or distribute information regarding the operation of the Institute, employees or clients unless authorised, and in connection with the paid duties of the position.

When an employee leaves their role, data associated with that role will be transferred to their replacement. No guarantee of confidentiality can be made about this data. It is the sole responsibility of the employee to remove any private material before leaving their role.

Right to monitor

The Institute reserves the right to audit and to monitor, without additional notice, the use of the Institute's computing and communication network and facilities. This includes the monitoring of any emails sent and received, any internet activity and any files on any computer, telephone or storage device owned by the Institute or located on Institute premises.

The Human Resources Manager may request the I&IT Manager to provide supervised access to data files and records of communication for any employee. This request must be approved in writing by the Chief Executive Officer or the Chair of the Institute Board.

Staff directly involved in teaching delivery may request supervised access to student files where unethical behaviour is suspected. This access will only be permitted when the Teaching Centre Director has authorised the access by informing the I&IT Manager in writing. Where personal material is not directly relevant to the investigation, I&IT staff will take reasonable measures to maintain its confidentiality.

Record Keeping

All electronic business communications are official Institute records and subject to the same standards of record keeping that govern all other forms of correspondence.

Employees should familiarise themselves with all individual and institutional responsibilities that relate to their job and to applicable record keeping standards.

The Institute reserves the right to archive material including files, emails and log data and make them available to authorised persons in the future.

An employee shall not breach obligations that relate to applicable standards of record keeping.

 

Breach of Policy

An employee, student or other person who becomes aware of a breach of this policy should report the matter to the I&IT Manager in the first instance.

An employee, student or other authorised user who receives any threatening, intimidating or harassing electronic message should report the incident to the I&IT Manager in the first instance.

An employee who is alleged to have breached the provisions of this policy may be subject to disciplinary action under the applicable Institute Policy or industrial agreement up to and including termination of employment.

Where the I&IT Manager is of the opinion that a student has breached the provisions of this policy and that the breach amounts to misconduct, or that there is an imminent threat of misconduct by the student, the I&IT Manager may, without notice, suspend the student's access to Institute computing and communication facilities for a period of up to ten days for a first offence.

Where the breach is sufficiently serious or if subsequent breaches are identified after a warning has been issued by the I&IT Manager, the student will be reported to their Teaching Centre for further action. The student account may be suspended pending the outcome of Teaching Centre action.

Where a Teaching Centre Director is of the opinion that a student has breached academic guidelines or policies, the Teaching Centre Director may request the I&IT Manager to suspend the student's access to Institute facilities for a period of up to ten days for a first offence.

A student who is found to have breached the provisions of this policy may be subject to disciplinary measures in accordance with provisions of the Student Discipline Policy or any other relevant student misconduct provisions.

Any authorised user, other than an employee or student, who is found by the I&IT Manager to have breached the provisions of this policy, may be subject to:

  • termination or suspension of their access to Institute computer or communication facilities;
  • reimbursement of expenses incurred; and/or
  • any other such action that the Chief Executive Officer may deem appropriate.


Disclaimer

The Institute accepts no responsibility for any damage to or loss of data arising directly or indirectly from use of its facilities or for any consequential loss or damage. The Institute makes no warranty, express or implied, regarding the computing and communication facilities offered, or their fitness for any particular purpose.

Whilst reasonable care is taken, the Institute does not guarantee the confidentiality of any data stored on any Institute computer system or transmitted through any network.

Whilst backup of some data is routinely performed by Bendigo TAFE systems administrators, the Institute cannot guarantee full retrieval of material accidentally deleted or damaged. Determination of appropriate backup strategies to safeguard user data is the sole responsibility of the user.

The Institute's liability in the event of any loss or damage shall be limited to any fees and charges paid to the Institute for the use of the computing facilities that resulted in the loss or damage.

Students should note that they may not legitimately claim academic disadvantage if they have had access to Institute facilities withdrawn due to misconduct.

The Institute reserves the right to audit and to remove without notice any fraudulent, unlawful or prohibited data or material from its computing or communications facilities.

The Institute reserves the right to report any breach of this policy that may require investigation to the police or any other appropriate authority external to the Institute.

Some provisions in this policy shall not apply where an authorised user is required to carry out any of these acts in the performance of duties directly related to their work or, in the case of students, to their academic program and within contained environments dedicated to the academic program such as Business IT & Design's network labs.

REFERENCES

 

Commonwealth Anti-Spam legislation Copyright Act 1968 (Commonwealth)

Health Records Act (2001)

 

Information Privacy Act (2000)