Security Policy

Policy Statement

The computing and network facilities in School are provided for the use of students and staff in support of the programs of the School. All users are responsible for ensuring that these facilities are used in an effective, efficient, ethical and lawful manner.

Policy Purpose

The primary purpose of this policy is to protect the information infrastructure of the School and University. It applies to all School and University information resources whether individually controlled or shared, stand-alone or networked, all computer and computer communication facilities controlled by the School and resident or transmitted data. It includes, but is not restricted to computers (personal to servers) and associated peripherals and software, network and communications infrastructure and telecommunication infrastructure. It also applies to use of resources not owned by the University where such use is affected from or via equipment located on University property or by equipment belonging to the University.

Protection is designed to ensure predictable behaviour from the information infrastructure in the Faculty. Most importantly the confidentiality, integrity and availability of data resident or transmitted on the network must be protected. The importance of each of these elements varies with the type of data or service being accessed.

  • Confidentiality - This involves protecting information against access by those not specifically authorised by the owner of the data.
  • Integrity - This involves protecting information from deletion or alteration without specific authorisation by the owner of the data.
  • Availability - This involves protecting information and services so that they are not degraded or made unavailable for access by authorised users.

Scope and Applicability

This policy applies to all School students, staff and others granted use of School information resources.

Defined and External Conditions of Use

All existing laws (federal and state) and University regulations and policies apply, including not only those laws and regulations that are specific to computers and networks but also those that may apply generally to personal conduct.

Users must observe all applicable policies and law of external data networks as well as internal policies on all other computing facilities wherever situated where access is by means of University provided services.

Associated Policies

  1. Acceptable Use
  2. Device Security and Network Access
  3. Privacy Policy
Last reviewed: 18 May, 2007