Security Policy

Independent Voice
Information Security Policy

Policy Version : 03_2019

Table of Contents

Purpose……………………………………………………………………………………………………………………………………….. 1

Scope………………………………………………………………………………………………………………………………………….. 1

Definitions……………………………………………………………………………………………………………………………………. 1

Policy Statement……………………………………………………………………………………………………………………………. 2

Staff and Student Security…………………………………………………………………………………………………………. 3

Acceptable Usage……………………………………………………………………………………………………………………. 4

Logical Security………………………………………………………………………………………………………………………. 5

Data Security………………………………………………………………………………………………………………………….. 7

Physical Security……………………………………………………………………………………………………………………… 7

Mobile / Portable and Hand Held Devices…………………………………………………………………………………….. 9

Security Incident Management………………………………………………………………………………………………….. 9

Business Continuity……………………………………………………………………………………………………………….. 10

Breaches / Infringements………………………………………………………………………………………………………… 11

Responsibility………………………………………………………………………………………………………………………………. 11

Legislative Context………………………………………………………………………………………………………………………… 11

Associated Documents…………………………………………………………………………………………………………………… 11

Implementation……………………………………………………………………………………………………………………………. 12

Purpose

The purpose of this document is to ensure that appropriate measures are put in place to protect corporate information and the Information Technology systems, services and equipment of Independent Voice and associated infrastructure.

The objectives of the  Information Security Policy are:

  • To secure Independent Voice’s assets against theft, fraud, malicious or accidental damage, breach of privacy or confidentiality; and
  • To protect Independent Voice from damage or liability arising from the use of its IT facilities for purposes contrary to Independent Voice Policies.

Scope

This policy applies to all Independent voice staff, all locations across Australia, Associate or contractor staff, or any other persons otherwise affiliated but not employed by the Independent Voice, who may utilise Independent Voice  IT infrastructure and/or access Independent Voice applications with respect to the security and privacy of information.

Definitions

Application: A software package to perform a specific task (eg MS Word).
Backup: A means of making a duplicate copy of a system and / or data for the purpose of being able to restore a system should a failure or corruption occur.
Bluetooth: A short range (10 meters) personal wireless connection of compliant devices.
Computer Work Area: Is an area or office in which access to computer resources is made available.
DRP: Disaster Recovery Plan.
Incident: An occurrence of suspect or illegal activity.
Infrastructure: All components that make up the computing facilities of the Independent Voice.
IT: Information Technology
LAN: Local Area Network.
Patch: Software updates intended to remove or reduce risks from known vulnerabilities.
PC: Personal Computer.
Portable Device: Any handheld, or smaller, device used to access Independent Voice systems or resources such as, but not limited to, iPhone, Smart phones, PDAs, iPad, mobile phones, laptop or notebook computers and the like.
SOE: Standard Operating Environment
IV: Independent Voice.
Users: Those who utilise the computing facilities of the Independent Voice.
User ID: Login details assigned to a user to enable them to use the ICT facilities.
Virus: A program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes.
VOIP: Voice Over IP is a means of using the IT network for transmission of voice phone calls.
VPN: Virtual Private Network.
WAN: Wide Area Network.
Wireless: Computer devices that connect using radio signals rather than cables.

Policy Statement

The Information Security Policy determines how the IT services and infrastructure should be used in accordance with IT industry standards and to comply with strict audit requirements.

Independent Voice adheres to the requirements of Australian Standard Information Technology: AÃ Code of Practice for Information Security Management. AS/NZS ISO/IEC 27001:2006. Following are broad requirements of the overall Information Security Policy.

This Policy includes:

  • Staff and Contractors
  • Acceptable Usage
  • Logical Security
  • Data Security
  • Physical Security
  • Mobile / Portable and Hand Held Devices
  • Security Incident Management
  • Business Continuity
  • Breaches / Infringements

Staff and Student Security

Specify what is expected from staff, both permanent and contracted, and students alike as information security is the responsibility of all who utilise the information technology services.

Staff and Contractors

Independent Voice allows staff and contractors with access to computing and communications services in support of its teaching, learning, research and administrative activities. These facilities include access to email, Internet, file and print services, an integrated data network across all Australia.

Users are responsible for maintaining the use and security of their assigned User IDs and all activity associated with that ID. Knowingly disclosing passwords to others will be deemed a breach of policy and could be referred to disciplinary procedures.

Independent Voice expects its staff and contractors to take all reasonable steps to ensure the integrity and security of Independent Voice systems and data.

Human Resources Responsibilities

It is the responsibility of Independent Voice Human Resources to ensure correct termination dates are entered into the HR system for staff terminations. After a fixed number of days from the date of termination, the staff account will be disabled. Following a further pre-determined number of days, the account will be deleted.

There are however, situations where an account may need to be disabled immediately and this can only be performed with the authorisation from the Director of the company.

Contract / Temporary Access

Where temporary access is required for a specific purpose such as, but not restricted to, contract workers and ‘test’ accounts, a user expiry date based on the completion date of the required tasks must be used to ensure the temporary account is not accessible after that date.

In the case of ongoing maintenance and support from 3rd party companies, access must only be granted to the relevant facilities within the system and be restricted to only the systems for which they provide support.

Reliance on People

All specialised computing staff are required to ensure that all systems and procedures are well documented and that there are others who can act in a backup capacity as required.

Managers Supervisors and Heads Responsibilities

It is the responsibility of managers, supervisors, to be familiar with Information Security Policies and their requirements that are suitable for the role they are completing for Independent Voice.

Acceptable Usage

Identification of what is deemed acceptable (or unacceptable) usage of network, communication and Internet services.

Network Usage

Independent Voice provides staff and contractors with access to computing and communications services in support of its activities according to job descriptions and various roles in the organisation.

By signing the appropriate forms for obtaining access to Independent Voice computing facilities, or accepting the online compliance button, users agree to abide by all policies that relate specifically to the use. Any breach of these policies will be deemed an infringement and dealt with accordingly which could result in suspension of access privileges or in severe cases, legal authorities will be involved.

Interfering, in any way, with Independent Voice network or associated equipment, be it intentional or accidental, is not permitted.  Any such interference will be acted upon and may result in removal from Independent Voice network until an investigation can be completed and the source of the interference is removed.

Electronic Communications

Independent Voice encourages staff and contractors to appropriately use electronic communication in order to achieve the required outcome for our clients. Independent Voice encourages the use of electronic communication to share information, to improve communication and to exchange ideas to better serve our clients needs. The electronic communications services must not be used for the distribution of material that may be deemed offensive, discriminatory or defamatory or the publishing or advertising of personal events or activities.

All usage must comply with the Use of Independent Voice Computing and Communication.

Internet Usage

Independent Voice encourages staff and contractors to use the internet in order to further the strategic and operational objectives of the role they are completing and further assist our clients.

Inappropriate usage of Internet facilities includes, but is not restricted to, accessing or posting of discriminatory, defamatory, offensive material or material that may create or promulgate a negative impression of Independent Voice.

Any staff or contractor required, as part of their job function, to access information on the Internet that may be deemed inappropriate, must obtain written authorisation from the Director with a copy submitted to the Information Security Officer legal@indpendentvoice.com.au .

All usage must comply with Use of Independent Voice Computing and Communication Policy

Mobile Devices

Mobiles devices including, but not limited to, laptop and netbook computers, mobile phones, smart phones and tablet devices, are all subject to the same policies and procedures as for other computing and communication devices.

Refer to the Use of Independent Voice Computing and Communication Policy

In addition, Independent Voice supplied mobile devices must be configured with a password or pin code in order to access the device.  Preferably, a password or phrase should be used, but at a minimum, a four (4) digit PIN code is acceptable.  This becomes essential if corporate data and/or email is held or accessed from the device.

Logical Security

Implementing a suitable environment that protects the integrity, availability and confidentiality of Independent Voice  data by using logical or ‘computerised’ controls and processes.

Software Security

Software security specifically relates to access rights and protection of software packages supplied by, and for the use by, Independent Voice computer services infrastructure. All users of the network are supplied with a User Account for authentication and allocation of appropriate access rights to network facilities including software. Access to such network facilities and software is also controlled by the use of secure passwords which must be changed on a regular basis.

Independent Voice staff/contractors laptops must be set with an inactivity screensaver which requires a unique password to reactivate the underlying session and has an idle time of no more than 5 minutes before activation.

As a means of allocating appropriate software packages to specific users, the use of an application deployment tool should be used. This can grant individuals or groups access to various programs and services in accordance to their duties and requirements through their user account.

Software Development

Where software development is outside of a course of study or Independent Voice sanctioned activities or research, the development must only be performed in a controlled, test environment until such time that all flaws, bugs and potential vulnerabilities are removed. Only then can the developed software be applied to a production environment.

Software development, where not part of a course of study, should only be done where required, and for the purpose of enhancing an existing application or meeting a need where no commercial software exists for the purposes required. There may also be instances where it is cheaper, faster or more appropriate to perform the inhouse development.

Any software development that may cause harm or impact the IT resources of Independent Voice  in an adverse manner including, but not restricted to, scanning, gaining un-authorised access, exploiting vulnerabilities to take advantage of exploits, will be looked upon as inappropriate and treated as a direct attempt to compromise the Independent Voice computing facilities and / or infrastructure and will be dealt with accordingly.

End-Point Security and Antivirus Software

All SOE Independent Voice laptops have end-point security software installed which has an automatic pattern update feature enabled. This is to ensure that the software is kept updated for the latest threats. There are also antivirus systems in place checking all incoming email into the organisation and also on internally circulating emails.

It is expected that any non SOE or Independent Voice laptops also have current updated antivirus software installed, and it’s the owners / users responsibility to ensure this. Not having current updated antivirus software installed exposes the Independent Voice systems and infrastructure to potentially significant disruption and damage due to virus infected computers.

Passwords

It is essential that those requiring access to Independent Voice computing facilities be issued with a unique login and password. This password is not to be shared with, or used by, any other individual and failing to comply will be treated as a serious breach of system security which may result in disciplinary action.

Staff and Contractor Passwords are to meet complexity rules as set by the Identity and Access Management System. These complexity rules will include a minimum password length, character requirements and suitable password expiry period.

In the event that access is required to Independent Voice data that is held under a specific staff members user id and password and that staff member is unavailable to access the data due to unforeseen circumstances, a request to have the password reset may be made with the authorisation of the Director.  This will only be considered when all other avenues to access the data have been exhausted.  At the completion of the task accessing the required data, the password MUST be reset again, and the staff member notified as soon as is practical.

Patch Management

To ensure that all Independent Voice supplied laptop operating systems and applications are kept current and up-to-date, a central Patch Management Server will be used. This server will send out any operating system and / or software updates, to Independent Voice supplied laptops, that are required to address any known software vulnerabilities. These updates will be distributed at the discretion of IT Services.

It will be the responsibility of system administrators to ensure that the servers under their control are kept updated with required operating system and software updates and patches. Periodic checks will be performed on servers to assess their vulnerability status by the Information Security Officer in consultation with system administrators.

Data Security

Ensuring that the confidentiality of data contained on the information technology systems is maintained and access is made available to those who are authorised to see that data. This item should also be used in conjunction with confidentiality polices.

Confidential Data Security

To ensure the confidentiality and security of staff and student personal information contained on Independent Voice IT, it is essential that only those authorised to access such data are permitted to do so. Those who are permitted to access such information are granted appropriate access, as required by their job functions and Processes or Human Resources.

Anyone, staff or contractor, who gains access to such personal information through methods other than those granted by Student Systems and Processes or Human Resources, shall be deemed as unauthorised and subject to disciplinary action.

Staff and contractors should be aware of their legal and corporate responsibilities in relation to appropriate use, sharing or releasing of information to another party. Any other party receiving restricted information must be authorised to do so and that the receivers of the data also adopt information security measures to ensure the safety and integrity of the data.

Communications Security

Communications can take various forms which include, but are not restricted to, voice via land line, voice via mobile phone, voice via computer network (VOIP), email, electronic file transfer, wireless access, Virtual Private Network (VPN) connections, dial up modem, Infra-Red, Bluetooth and IT network infrastructure.

Each of these communications methods poses its own unique security problems and needs to be addressed individually. In each case, where network communications is required, irrespective of type, only those methods as permitted by IT Services will be allowed and must be in accordance with the specific communications security procedures which are developed to support this policy.

Physical Security

Ensure that the physical IT devices are kept safe from inappropriate access. This includes the physical access to the server room, switch and patch panel cabinets, and any other IT devices in both restricted and public access areas.

IT Asset Control

All IT devices over a specified value must be registered with Independent Voice asset register. This also applies to the disposal of assets.

IT Asset Disposal

When disposing of IT assets such as computers, laptops, printers etc, the disposal must be co-ordinated with IT Client Services to ensure that all data is removed using approved data removal tools and procedures.  It is also a requirement that all software be removed prior to disposal to prevent potential breaches of software licence agreements.

Physical Access Security

All offices, computer rooms and work areas containing confidential information, or access to confidential information must be physically protected. This means that during working hours, the area must be supervised, so that the information is not left unattended, and after hours, the area must be locked, or the information locked away.

It is a requirement that any Laptop / Portable computer be logged out and turned off at the end of the working day unless a specific request is made to leave equipment turned on for the purpose of distribution of overnight processing is required.

Building Access

The following controls must be applied to restrict building access:

  1. Access to computer work areas must be restricted by keys, cipher locks or proximity access cards during office hours and can only be accessible by authorised individuals after hours.
  2. Combinations or access details must be changed / deleted when a staff member leaves or loses their card or key.
  3. If door and keys have been used for other purposes, key cylinders must be replaced with a brand-new lock and keys restricted to an absolute minimal number of persons.
  4. Access to restricted computer work areas can only be given when an authorised staff member is inside and can and will supervise the visitor’s movements completely or hand over to successive staff.
  5. When unattended and after hours, doors must be secured.
  6. Individual computer labs must be protected by timed door locks and video surveillance.

Other workers must not attempt to enter restricted areas in Independent Voice buildings for which they have not received access authorisation

Removal of Equipment

No computer equipment can be removed from the Independent Voice premises unless specific authorisation has been received by the school or section head or IT Services. This does not apply to laptop or notebook computers where one of their primary purposes is to allow the custodian to work while away from their normal working location.

Any equipment taken from Independent Voice without appropriate authorisation will be in direct violation of this policy and appropriate misconduct and / or legal action will be taken.

Physical Issue of Portable IT Equipment

Any physical issue of Independent Voice portable equipment must have authorisation from the custodian with IT Services informed. Persons who are issued such equipment must agree to personal responsibility of the equipment. When not in use, all portable IT equipment must be secured.

Mobile / Portable and Hand Held Devices

Specific issues relating to resources such as, but not limited to, iPhone, Smart Phones, PDAs, iPad, mobile phones, laptop or notebook computers and the like and their use within the general system infrastructure.

Allowing Access

Any non-Independent Voice issued laptop or portable device connected to the Independent Voice network is the responsibility of the owner. Independent Voice will take no responsibility for virus or other damage that may be caused by being connected to the network.

Since portable and hand-held devices are more and more common, it is necessary that we allow for their use on the network. All new staff laptops will be passed via the Information Technology Services section, or designated technical staff, for initial setup and testing to ensure that all the correct anti-virus and patch updates are installed and can be used safely on the network.

IT Services will not be obliged to enter into any other support arrangements for non-Independent Voice owned devices.

Staff and Contractors laptops and other portable devices can be connected to the network only if they have current and updated end-point security software. These devices should only be connected to the network in authorised areas. The reason being, that these Public Access Areas can be monitored and protected by IT who can remove any devices that may be suspected of inappropriate activity.

Use of mobile devices on the Independent Voice network are also subject to the Use of Independent Voice Computing and Communication Policy.

Wireless Network Access

In keeping up with current networking trends and requirements, Independent Voice have adopted the use of wireless networking technology. In order to access the wireless networking facilities, portable equipment must first meet a strict security criteria as enforced by the use of an SSL/VPN device.

The use of wireless networking not supplied by Independent Voice will be deemed inappropriate and will be removed from the network unless provided by schools as part of a course of study. In such cases, the wireless network must be confined to a limited area such as a class room or lab and pre-approved by IT Services.

Accepted Usage

It is expected that the custodians of laptops or other portable device will still abide by this policy and all supporting documents. Any breaches of this policy may lead to disciplinary action being taken.

Security Incident Management

Specify how any breaches of security relating to the information systems will be identified and handled.

Reporting Security Problems

Any suspected inappropriate or illegal usage of Independent Voice Information services network and equipment should be reported to the Director or legal@independentvoice.com.au  immediately. This information will then be reported to the Information Security Officer for investigation.

Emergency Plans

Disaster Recovery Plans, Business Continuity Plans, backup strategies and fail over plans for the core Independent Voice IT services and infrastructure are the responsibility of the IT Services to ensure that any outages or disasters can be recovered from in the shortest possible time with a minimal amount of data or resource loss.

These documents must include step-by-step instructions for the restoration of each service to ensure that, if required, other personnel from the IT Services are able to perform the recovery.

Escalation

The escalation process for the rating of each reported event will be determined by the relevant IT Services officer considering the event itself and other priorities at that time.

Monitoring and Reporting

Staff nominated by the Director will be authorised to monitor all aspects of Independent Voice network and associated infrastructure. They are also able to report any suspected inappropriate and / or illegal activity to the Information Security Officer in the first instance for further investigation in accordance with Independent Voice Incident Investigation procedures.

It is also the role of the Information Security Officer to actively monitor and analyse all network related activity included, but not restricted to, Internet Usage, email and dissemination and use of programs and data across Independent Voice network infrastructure.

This monitoring will be done for the sole purpose of identifying and responding to any suspected inappropriate activity.

“The content of e-mail and other electronic communications will only be accessed by the Information Security Officer-

  1. after approval has been obtained from the Director ; and
  2. if the access is permitted by law.”

All information reported to the Information Security Officer shall be treated in the strictest confidence. Any reported information will be logged, and relevant action taken as required.

Business Continuity

How to ensure that there will be minimal disruption to IT services in the event of a disaster or the implementation of changes to systems and/or associated infrastructure.

Backup Requirements

All major systems within Independent Voice computing infrastructure are backed up on a regular basis. Information Technology Services have a Backup Strategy which details the frequency of backups. It is also strongly advised that all users save their work to their network drive as this drive is backed up and any loss or damage to files can often be rectified by the restoration of the files from an existing backup.

Change Control

To ensure that the IT facilities and services running within Independent Voice infrastructure are maintained and kept running at maximum performance and functionality, it is often a requirement to perform maintenance and upgrades to equipment. To ensure that there is minimal disruption to essential services, appropriate Change Control procedures are to be followed. This is to ensure that the disruption is kept to a minimum and appropriate roll back procedures exist should there be issues during the system changes.

Disaster Recovery Plans

In the event of a disaster that impacts the IT infrastructure and / or services, the implementation of a Disaster Recovery Plan is essential. The DRP provides step by step procedures and processes required to ensure that services are returned to normal operation in the shortest possible time. The production and maintenance of such plans are the responsibility of the various IT staff assigned to any aspect of the network and IT services.

Breaches / Infringements

Failure to abide by these terms will be treated as misconduct.

Minor Infringements

For a first-time offence of a minor infringement, a warning will be issued. A second time offence will result in automatic denial of access to one or all facilities for a period of three (3) working days and up to two (2) weeks.

Serious Infringements

A serious infringement includes, but is not limited to, a third and subsequent offence of a minor infringement and will result in automatic denial of access to one or all facilities and will be referred to the Director. This may result in:

  • A prolonged denial of access to one or all facilities;
  • Referral to the appropriate disciplinary procedures; and/or
  • Referral to law enforcement agencies (where the infringement constitutes a legal offence).

Responsibility

The Director is responsible for the review and implementation of this policy and the maintenance of all associated documents.

Implementation

The “Information Security” Policy is to be implemented throughout Independent Voice in the form of notices via:

  1. an IT Announcement to all Independent Voice Staff;

Use of Independent Voice Computer and Communications Policy

Purpose

To inform the staff and contractors of Independent Voice about acceptable use of Independent Voice’s computing and communications.

Scope

This Policy applies to all computing and communications used by staff and contractors using Independent Voice’s computer hardware, portals, email and any services provided to complete your role responsibilities.

Definitions

Policy: Means this Policy and includes the Schedules and Procedures incorporated by reference.
Schedule: means a Schedule to this Policy. Further definitions appear in the relevant Schedules.

Policy Statement

Independent Voice provides staff and contractors with access to computing and communications services in support of its teaching, learning, research and administrative activities. These facilities include: –

  • Access to a data communications network, which links the majority of Independent Voice Independent Voice Network is connected to an external network linking the Independent Voice with external people, organisations and data that is commonly referred to as the Internet.
  • Access to a range of Internet based services such as email, the World Wide Web and other on line resources.
  • Access to external High Performance Computing facilities.
  • Access to various printing facilities.
  • An after hours access card system, allowing students access to some laboratories after business hours, upon purchase of an access card.
  • An integrated data network across all campuses, with individual log ins for staff and students providing access to personal and shared storage space on the network and individual email accounts.
  • Staff and contractor’s computer laboratories located across all campuses offering PC Windows based workstations and Apple Macintosh laboratories in selected locations.

Set out below are the terms governing the use of these facilities. Independent Voice may revise these terms from time to time.

These terms apply to all users and apply to use of all information technology services. Users will be required to sign or indicate their acceptance of the terms prior to obtaining access to information technology services systems. Regardless, use of any such facilities indicates acceptance of these terms.

General

Independent Voice provides access to standalone or networked personal computers, to multi-user computers and to other IT resources accessible via the on-campus networks.

It is expected that all users will make use of Independent Voice computing and communications facilities in a manner, which is ethical, lawful, effective, efficient, in accordance with other Independent Voice policies and not to the detriment of others. Usage must also be in line with a current course of study or job function.

Entitlements

All staff and contractors are entitled to an email, computing and web account. Accounts are automatically created upon successful enrolment and are accessed via a user id and password. Access to any other computing and communications facilities requires authorisation.

Staff of Independent Voice are entitled to an email, computing and web account. Access to this account is created when the appropriate application has been authorised and lodged. Access to any other facilities is provided on a needs basis and must be authorised

Responsibilities – Personal

Independent Voice expects all users to exercise responsible and ethical behaviour when using the computing and communications facilities. Please assist the Independent Voice to keep the network available and accessible by observing the following guidelines:

  • Take responsibility for using Independent Voice computing and communications system in accordance with their appropriate authorised purposes. Unauthorised software must not be installed on the computers. For the purposes of this Policy, “unauthorised software” includes, but is not limited to, games, instant messaging and chat programs, file transfer and peer-to-peer file sharing programs.
  • Intentionally downloading unauthorised software or material breaching copyright is prohibited.
  • Independent Voice network should not be used for private gain. Nor should it be used to store or collect personal information about others where not commissioned to do so.
  • Connection of Independent Voice hardware to, or interference with, Independent Voice network is not permitted without express authorisation by the Director. This includes, but not limited to, wireless networking devices, printers, file servers (including web) and network equipment.
  • Abide by any relevant instructions given by the Director or delegated officer. Such instructions may be issued by notice displayed in the vicinity of computing facilities, by letter, by electronic communication, in person or otherwise.
  • Downloading and also making available for download, material covered by copyright is not permitted and will be dealt with in accordance with this policy and relevant copyright policy and legislation.

Conditions of Use

Security

  • The use of computing facilities is controlled through a “user id” assigned access rights and protected by a personal password.
  • Passwords must remain confidential. Users will be held responsible for unauthorised use of their privileges. To help keep access secure: –
  • Keep passwords confidential and change them frequently;
  • The Independent Voice enforces minimum password length and complexity rules; and
  • Log out of the network whenever not using it or leaving the workstation.
  • Respect security measures and the integrity of Independent Voice systems and files. Do not attempt to adversely interfere with the operation of the Independent Voice’s computing, communications or any other facilities using the Independent Voice’s network.
  • Care should be exercised when providing access to personal files. Protection has been put in place to prevent access to personal files to ensure privacy. Incorrectly set protection will put files at risk of deletion, manipulation, plagiarism or inappropriate use. Staff should be especially careful if the data they have responsibility for is of a corporate nature.
  • Provide identification (for example by student card) when using Independent Voice computing facilities, on request of a Independent Voice staff member.
  • No form of computer hacking (such as illegally accessing other computers or accounts, knowingly attempting to bypass internal controls or security) is allowed, including scanning, penetration or monitoring tools without express permission from the Director.

Electronic Communications

Electronic communications encompasses all methods of communication utilising the Independent Voice network and server infrastructure. This includes, but is not limited to, voice, video, email, on line text message, conference calls (voice and video), file transfer and application sharing.

Independent Voice encourages staff and contractors to appropriately use communication services in order to achieve the mission and goals of the Independent Voice. The Independent Voice also encourages the use of electronic communication to share information, to improve communication and to exchange ideas with other staff members.

There are some rules around the use of electronic communication service that Independent Voice require adherence to, but are not limited to:

  • Individuals must not use Email for commercial activities except in cases of Independent Voice sanctioned activities;
  • No one shall be added to a Communications Group Lists for other than official Independent Voice business without his or her consent.  Communication Group Lists must be used only for their intended purposes;
  • Electronic Communications services must not be used to solicit goods and services or to offer them to other members of Independent Voice.  For example, advertising rental of properties, sale of personal goods;
  • Advertising or sponsorship is not permitted except where such advertising or sponsorship is clearly related to or supports the mission of Independent Voice or other service being provided;
  • It is prohibited to use Electronic Communication Services to libel, to send or subscribe to pornographic material, to harass, threaten other individuals, unlawfully vilify or to transmit offensive language or images;
  • Email systems should not be used for permanent storage of files.  File attachments should be saved to an appropriate location and emails that are no longer required should be deleted.  Regular use of email archiving tools should also be used to keep mail box sizes to a manageable level;
  • Independent Voice supplied email addresses should not be used as a personal email address.  These are provided for Independent Voice business only;
  • Independent Voice supplied email addresses should not be used to register on inappropriate or suspicious web sites or mailing lists as this can often contribute to the receiving of SPAM emails.  In these cases, the emails can be classified as legitimate as you have subscribed to receive them;
  • When using the Electronic Communication recording facilities, ALL parties must give verbal consent both prior to recording starting and again once the recording has commenced. If any party does not wish to have the session recorded, it must not be activated.
  • For calls to both the Contact Centre and Service Desk, callers will hear a message advising calls may be recorded for quality and training purposes and be given the option to opt out of having the call recorded.

Independent Voice cannot protect individuals against the existence or receipt of material that may offend them.  Those who make use of electronic communications are warned that they may willingly or unwillingly come across, or be recipients of, material that they may find offensive.  Members of the Independent Voice community are expected to demonstrate good taste and sensitivity to others in their communications.

Independent Voice has established a group wide Email addresses in order to allow more effective use of inter campus Email.  Group-mailing addresses have been created for Independent Voice as a whole. The following conditions of use will be applied in order to maintain both the efficiency and usefulness of the group Email service.

  • Group Email addressed may be used for Independent Voice business only and must not be used for personal or commercial activities;
  • All communications sent to any of these group addresses should be Independent Voice related.  Personal announcements (eg Lost Pets, For Sale, Lights left on, Lost property etc) must not be sent to these “everyone” addresses;
  • For wider distribution across Independent Voice, or equivalent, is encouraged;
  • Communications should be sent to the smallest group that covers the requirements;

When submitting to Email groups, the email must first be authorised by the Director before the email is to sent to the indented group(s).

Internet

Independent Voice staff and contractors to use the Internet in order to further the strategic and operational objectives of Independent Voice.  Independent Voice encourages the use of the Internet to share information, to improve communication and to exchange ideas between staff members.

  • Internet access is provided to all staff and students for use as a tool in completing job functions or in line with a course of study and should be used accordingly.
  • Independent Voice staff and contractors must exercise caution when entering into on-line Independent Voice related purchasing arrangements. As with telephone orders, proper authorisation for purchases must be first obtained. On-line purchases normally involve the use of credit or charge cards, and due regard must be had to conditions regulating their use.
  • Where a genuine reason exists (i.e. to clients and Independent Voice project activities) that requires access to sites that would be normally regarded as inappropriate, the authorisation of the Director is required.
  • There are no individual student quotas for Internet access, but usage limits and restrictions will apply and be enforced.
  • Internet usage levels will be periodically checked, and any users found to have excessively high usage will be investigated and action taken where appropriate. This action may include removal of Internet access privileges for a period of time.

Inappropriate Use

When utilising the Internet or other forms of electronic communication, it is expected that those using the services will do so in an ethical, lawful, respectful, and appropriate manner. However, inappropriate use of these services may result in disciplinary action including loss of privilege to use said services.

Inappropriate use includes, but is not limited to:

  • Use of Independent Voice equipment or services for intentionally transmitting, communicating or accessing pornographic or sexually explicit material, images, text or other offensive material.
  • It is not acceptable to intentionally create, send or access information (including pornography) that could damage the Independent Voice’s reputation, be misleading or deceptive, result in victimisation or harassment, lead to criminal penalty or civil liability, or be reasonably found to be offensive, obscene, threatening, abusive or defamatory.
  • It is inappropriate and potentially unlawful to transmit, communicate or access any material which may discriminate against, harass, bully or vilify colleagues or fellow students or any member of the public on the grounds of: –
  • Age;
  • Breast feeding;
  • Disability;
  • Gender identity;
  • HIV/AIDS;
  • Industrial activity;
  • Status as a parent or carer;
  • Parenthood;
  • Physical features;
  • Pregnancy;
  • Race (including colour, nationality descent or ethnic background);
  • Religious beliefs or activities;
  • Political beliefs;
  • Sex;
  • Lawful sexual activity;
  • Sexual orientation.
  • Staff or Contractors may not intentionally create, transmit, distribute, or store any offensive information, data or material that violates Australian or State regulations or laws. Independent Voice reserves the right to audit and remove any illegal material from its computer resources without notice.
  • Respect others’ sensibilities and handle potentially offensive material with discretion.
  • Any form of Bulling or Harassment using Electronic Communications services will not be tolerated and any instances will be dealt with appropriately.

Social Media

Federation Independent Voice Australia acknowledges the rapidly growing use of social media by staff and students and encourages its use, in accordance with the social media guidelines, for the purposes of learning, engaging, connecting and collaborating. Social media has become a key tool for staff and students to connect and engage with Independent Voice stakeholders Australia wide level.

Inappropriate use of social media that results in negative perception of Independent Voice, it’s staff or students, or not in line with the Social Media Guidelines may be subject to disciplinary action in accordance with this policy.

Copyright

  • Materials and works accessible on the Internet are covered by copyright, unless there is an express statement to the contrary. Every employee and student has a responsibility to respect the rights of copyright owners and authors in works they access on the Internet, to the extent and for purposes expressed in the Copyright Act 1968.
  • Acknowledge copyright obligations on electronic information, including computer software. Documents and other information accessed or used, should be cited with a proper bibliographic reference. Software and related materials protected by copyright law, licenses or other contracts may not be pirated, resold or otherwise infringed.

Reporting

  • Staff and students are encouraged to report breaches of these guidelines to their supervisor, lecturer, teacher or an appropriate senior officer. Inform the Independent Voice of any suspected breach of these terms (for example, if aware that someone has used another’s personal account).
  • Any instances of Harassment or Bullying, including Cyber Bullying.

Privacy

  • Independent Voice keeps and may monitor logs of all activity on Independent Voice infrastructure including any computers, laptops, phones and data cards. This monitoring may reveal information such as which Internet servers have been accessed by employees, and the email addresses of those with whom they have communicated. Subject to this section, the Independent Voice will not, however, engage in real time surveillance of Internet usage, will not monitor the content of email messages sent or received by its employees, and will not disclose any of the logged, or otherwise collected, information to a third party except under compulsion of law.
  • On authority of the Director and if Independent Voice reasonably believes that inappropriate use of computing or communication facilities has occurred, the Independent Voice may review all data sent or received via its electronic communications infrastructure or placed into its storage.
  • It is important to remember that electronic communications may be deemed official documents that are subject to the same laws as any other form of correspondence. They are subject to statutory record keeping requirements and can be subpoenaed or “discovered” during legal processes.
  • Messages conveyed by Electronic Communication systems through the Internet are capable of being intercepted, traced or recorded by others. Although such practices may be illegal, there should not be an expectation of privacy and care must be taken with confidential documents.

Facilities

  • For safety reasons, do not attempt to repair any computer equipment. Please report all faults to the Service Desk, especially if the fault appears hazardous. Equipment must remain in laboratories and cabling and equipment left alone.
  • In order to maintain the facilities at the best possible level eating or drinking in any of the computer laboratories is not permitted.

Health and Safety / Disability Access

  • The Independent Voice will supply chairs, tables and/or computers in each laboratory specifically for the use of people with disabilities. Please make these accessible to these people at all times.
  • There is software made available in all laboratories for use by people with disabilities. If there are any problems with these facilities please contact the Service Desk.
  • Observe basic safety rules, such as wearing sensible footwear in the computer laboratories at all times, so that the possibility of accidents is minimised.

Accessing Independent Voice Data During Staff & Contractor Absence

During any planned absence from Independent Voice, all staff and contractors must ensure that data and information required to conduct the business of Independent Voice are accessible and that notification facilities, such as telephone and email out-of-office messages, are in place.  In the event of unplanned leave, if practical the staff member should put such notifications in place from home or by contacting the ICT lead.

A staff member’s manager has the right to request notifications be put in place due to staff absences and to request  access to data and information stored on Independent Voice’s computers or databases. Such requests will be undertaken to ensure operational requirements of Independent Voice can continue unobstructed, using the following process.

Data, in this context, refers to information relevant to conducting the business of Independent Voice which includes email, data stored on a local personal computer or laptop including external storage devices, and data stored on supplied network storage.

The use of this process to access data for purposes other than those stipulated above, will not be permitted (other processes may be used by Independent Voice to access data in exceptional circumstances). Appropriate consideration must be given to the privacy of the staff member and the senders of any emails or messages to that staff member.

  1. The staff member’s manager will attempt to contact the staff member and reach agreement about reasonable alternative arrangements.
  2. If the staff member is not able to be contacted and / or reasonable alternative arrangements cannot be agreed upon, the manager will advise the Director.
  3. The Director must first be satisfied that reasonable efforts have been made to agree upon alternative arrangements and that the business of the Independent Voice will be obstructed or delayed by the lack of access to the staff member’s data.  If satisfied, he or she will make a request for the accessing of the data with a copy of the request also going to Independent Voice General Counsel.
  4. All requests to monitor or access another user’s data must be made in writing to the Executive Director, Information Technology and Business Solutions setting out the reason(s) for making the request.
  5. Where the Director, endorse the request, he/she will approve, upon which the Director, will authorise a staff member to action the request with or without notice to the user whose data is to be monitored or accessed.
  6. Where the Director, does not endorse the request, he or she will notify to requester in writing specifying the reason for rejection.

Where permission is given, the manager must access the data on a need-to-know basis only and must keep a record of all data accessed and provide this to the staff member as soon as possible.  In the event of Independent Voice sanctioned investigation, all details will be recorded by the investigating individual.

The use of email as the means of communicating these requests is sufficient.

Enforcement

Failure to abide by these terms will be treated as misconduct.

Minor infringements

For a first time offence of a minor infringement, a warning will be issued. A second time offence will result in automatic denial of access to one or all facilities for a period of three working days and up to two weeks.

Serious Infringements

A serious infringement includes, but is not limited to, a third and subsequent offence of a minor infringement and will result in automatic denial of access to one or all facilities and will be referred to Director. This may result in:

  • a prolonged denial of access to one or all facilities;
  • referral to the appropriate disciplinary procedures; and/or
  • referral to law enforcement agencies (where the misconduct constitutes a legal offence)

Disclaimer

Independent Voice accepts no responsibility for any damage to or loss of data, hardware or software arising directly or indirectly from use of Independent Voice’s computing and communications policy or for any consequential loss or damage. Independent Voice makes no warranty, express or implied regarding the facilities offered, or their fitness for any particular purpose.

Responsibility

Review of Policy

The nominee of the Director will review this Policy by January 2020 and every two years thereafter with the outcome of the review to be reported to the Director.