ICT acceptable usage policy for external users

Last updated: 14 August 2023
Share

1. Purpose

Sustainability Victoria (SV) is highly reliant on the information that is gathered, processed and stored on its information and communications technology (ICT) systems.

The purpose of this policy is to give a clear statement to all external ICT users of their responsibilities in maintaining an effective, secure and available ICT environment. Use of SV ICT systems is deemed as acceptance of this policy.

2. Scope

This policy applies to all external SV stakeholders who have been granted access to SV ICT systems (Users).

The policy applies to all devices that can be connected to the SV network, including but not limited to:

  • All computers including laptops and desktops
  • Mobile phones including smartphones
  • Portable devices connected to SV ICT resources such as USB drives and external hard disk drives and any other devices that store data
  • Network resources including email and cloud storage systems.

This document will be reviewed every 12 months and any approved changes that are made will be reflected in the document change control section. Changes may also be made in the event that there are significant changes in SV ICT that require usage procedures and/or guidelines.

3. Legislation

SV is bound by the:

4. Policy statement

It is the responsibility of all Users to read, understand and comply with this policy. Users should notify SV if they are aware of any breaches of this policy being committed by other persons.

It is a condition of use of the SV ICT network that Users agree to familiarise themselves and comply with this policy. Any use of the ICT network is deemed acceptance of this Policy.

5. Policy

Acceptable use

SV's ICT systems are tools to be used for the purpose of SV work-related activities.

Users of SV ICT environment and systems must not create, send, store, access, use, solicit, publish or link to:

  1. Offensive, obscene, profane or indecent images or material including gambling or pornography (other than for properly authorised, supervised and lawful business or research purposes)
  2. Material likely to cause annoyance, inconvenience or distress to some individuals or cultures
  3. Discriminating or sexually harassing material or messages that create an intimidating or hostile work environment for others
  4. Defamatory material or material that makes misrepresentations or could be otherwise construed as misleading
  5. Material that infringes on the intellectual property (including copyright) of another person or organisation
  6. Malicious software such as viruses, worms, or data harvesting software.

SV's ICT systems must not be used for any illegal activity such as creating, accessing or sending chain letters, pyramid schemes, spam, or attacking other computer systems. Any file sharing software (i.e. BitTorrent) is not permitted.

SV ICT systems are not permitted for downloading or storage of music or video content except where it is deemed for the purpose of SV work-related activities.

All intellectual property in all material created by Users using SV's ICT systems is immediately assigned to SV on creation.

Users are not to use SV ICT to infringe any intellectual property.

Users must not deliberately corrupt or destroy SV ICT facilities.

Users must not install or connect unapproved hardware to SV's network.

Use of SV ICT facilities is subject to the full range of laws that apply to other communications. Users must not:

  1. Infringe copyright laws.
  2. Violate software licensing agreements
  3. Copy trademarks or logos belonging to SV or another person without express written permission
  4. Impersonate another individual or engage in misleading or deceptive conduct
  5. Publish statements that could harm another person's or entity's reputation. Photographs and cartoons can be considered defamatory if they hold someone up to ridicule or contempt
  6. Disclose private or confidential information.

Access and accounts

All individuals who require access to SV's ICT systems must be properly identified by means of a unique account and verified by an authentication process using their network login credentials.

SV User accounts will be locked out if 3 invalid login attempts have been made and will be unlocked on request by lodging a request by calling the SV Helpdesk.

Ongoing Users are required to change their passwords every 60 days. A pop-up notification will automatically be generated 5 days before the password expiry date. Users should follow the prompts to change their password before the expiry date to prevent the account being locked out.

Users are expected to keep their account details private and secure. Sharing of passwords or making passwords visible may be considered a breach of this Policy.

Users will maintain the confidentiality of information they have access to.

Users may have their access suspended immediately where there is a suspected breach of SV policy (this Policy, or any other).

Users acknowledge that all electronic data is subject to the same record management and freedom of information requirements as paper-based equivalents and must be treated as such.

Users are responsible for any applicable data charges based on the User's connection as determined by their respective Internet Service Provider (ISP).

When Users no longer have a relationship with SV, their account will be disabled at SV’s discretion.

Security

SV will take reasonable steps to protect its ICT environment and data from unauthorised and unacceptable use and ensure that accurate and complete information is accessible only to authorised Users.

Users are expected to take reasonable steps to help protect SV's ICT environment.

Users must not allow another person to utilise their Username and Password combination.

Similarly, a User must not attempt to initiate or operate a computer session by using another person's Username and Password.

Username and password combinations are considered as a User's identity, much the same as a PIN or internet banking password. As such these should be protected against identity theft.

6. Breach of policy

Depending on the nature of the inappropriate use of SV ICT systems, non-compliance with this Policy may result in termination of use of SV ICT systems or termination of contract (if applicable).