Policy: Acceptable use of information technology
- holds, transmits, manages, uses, analyses, or accesses data and information; and
- transmits electronic communication.
- This policy and related documents draw their authority from the Information Infrastructure and Services Rule.
- Acceptable use is defined as activities undertaken in the course of performing the functions of the University, as specified by the Australian National University Act 1991.
- Members of the University community are permitted use of the University’s IT and information infrastructure, unless explicitly denied use by the University, or under specific legislation. Authorised users are required to use IT and the end-to-end network responsibly, safely, ethically, and legally.
- University IT facilities and services, such as email, must not be used to conduct personal business or unauthorised commercial activity. Limited personal use of University IT is acceptable, however access can be revoked at any time and is subject to the same monitoring practices as employment related use.
- To support its core activities of teaching and research, the University is responsible for:
- ensuring the security, integrity, accessibility, authority, and fitness of the University’s IT and information infrastructure;
- providing users with relevant legal information regarding the use of IT and information infrastructure;
- ensuring software used by the University is licensed in accordance with the procurement and contracts licensing procedures, as found in the ANU Policy Library;
- backing up University data and information in University storage infrastructure subject to any requirements under the Records and Archives Management policy;
- providing infrastructure networks to meet the information access needs of the University, and to enable collaboration with external, local, national and international research and education institutions;
- governance, management and assurance of all systems, including enterprise systems and applications; and
- the design, operation, and management of the end-to-end data and voice networks.
- Authorised users of the University’s information infrastructure and end-to-end network use the University’s IT and information infrastructure in a manner that is consistent with the provisions of the Code of Conduct, Discipline Rule and Information Infrastructure and Services Rule. These provisions include but are not limited to the following statements.
- Authorised users of the University’s information infrastructure and end-to-end network:
- use IT and information infrastructure within the directions, limits, and obligations of University Statutes and Rules, and maintain an appropriate level of awareness and compliance with University policies and procedures; and
- use software and services within the conditions of use specified in the software licence or within any licence agreement between the University and a vendor.
- Authorised users of the University’s information infrastructure and end-to-end network do not:
- attempt to breach security to access information or parts of the information infrastructure that are outside their authority;
- allow access to the information infrastructure or end-to-end network to unauthorised users;
- use another user’s credentials, masquerade as, or represent, another user;
- intentionally connect compromised or unapproved devices, or communication equipment to the University’s information infrastructure or end to end network;
- use IT, information infrastructure, or the end-to-end network to harass, threaten, defame, libel, or illegally discriminate (as defined in relevant legislation);
- create, transmit, access, solicit, or knowingly display or store electronic material that is offensive, disrespectful, or discriminatory, as identified under the Code of Conduct and Discipline Rule;
- contravene any provision of the Copyright Act 1968, including, but not limited to, unauthorised use of copyright material, and downloading or sharing pirate content using the University’s information infrastructure or end-to-end network;
- modify or remove University information without authority to do so;
- breach the confidentiality of others, or the University, and the confidential information of others or the University. Information is considered confidential, whether protected by the computing operating system or not, unless the owner intentionally makes that information available; and
- damage or destroy IT equipment used to access the information infrastructure and end-to-end network.
- Identified breaches of this policy and related documents are investigated under the following:
- Information Infrastructure and Services Rule
- Information Infrastructure and Services Order
- ANU Code of Conduct
- Discipline Rule
Legislation, standards, and regulations
- To enable better practice within its policy and procedural frameworks, the University recognises, and is consistent with, the following standards and regulations:
- Australian National University Act 1991
- Australian Government Protective Security Policy Framework
- Public Governance, Performance and Accountability Act 2013
- Public Governance, Performance and Accountability Rule 2014
- Commonwealth Crimes Act 1914
- Privacy Act 1988
- Telecommunications Act 1997
- Telecommunications Regulations 2021
- Telecommunications (Interception and Access) Act 1979
|Printable version (PDF)|
|Title||Acceptable use of information technology|
|Purpose||To establish the standards of acceptable use of the University’s Information Technology (IT) and information infrastructure, and end-to-end network by authorised users. Acceptable use of information technology policy, policy Acceptable use of information technology|
|Audience||Staff, Students, Alumni, Affiliates|
|Topic/ SubTopic||Information Technology - Usage|
|Effective Date||2 Apr 2019|
|Next Review Date||5 Apr 2024|
|Responsible Officer:||Director, Information Technology Services|
|Contact Area||Information Technology Services|
AS ISO/IEC 27002:2015
Australian National University Act 1991
Australian Government Protective Security Policy Framework
Public Governance, Performance and Accountability Act 2013
Public Governance, Performance and Accountability Rule 2014
Australian Government Department of Finance and Deregulation Finance Circular No. 2009/08
Crimes Act 1914 (Cth)
Privacy Act 1988
Telecommunications Act 1997
Telecommunications Regulations 2021
Telecommunications (Interception and Access) Act 1979
Information Infrastructure and Services Order 2020
Discipline Rule 2021
Information generated and received by ANU staff in the course of conducting business on behalf of ANU is a record and should be captured by an authorised recordkeeping system. To learn more about University records and recordkeeping practice at ANU, see ANU recordkeeping and Policy: Records and archives management.