IT Acceptable Use Policy

Application

This policy applies to all members of the University community whether at the University or elsewhere, and refers to all IT resources.

Purpose

To define the responsibilities of all IT users to use and to protect IT resources appropriately.

Introduction

The University provides Information Technology (IT) resources to a large and varied group of people.

Members of the University community must at all times comply with relevant laws, University statutes, policies and standards. IT users who deal with sensitive data must take particular care to ensure that they comply with all laws and University policies and practices relating to the privacy and security of data.

Some units within the University, including Digital Services, maintain additional IT standards. IT users to whom those additional IT standards apply must also comply with those requirements.

The University seeks to establish and maintain access for its community to local, national and international sources of information, and to enhance academic freedom, access to knowledge and open sharing of information.

Nothing in this policy derogates from the University’s commitment to academic freedom as laid down in the Education and Training Act 2020: Section 267.

The University also works to create an environment in which staff and students feel free to create and to collaborate with colleagues both at the University and at other institutions, without fear that their work will be misrepresented, tampered with, destroyed or stolen.

Policy

1.  IT users must use IT resources responsibly, efficiently and in an ethical manner, and with due regard to the rights of others.

2.  All IT users must guard against any misuse which aims to disrupt IT resources at the University or beyond.

3.  For the avoidance of doubt, unacceptable conduct includes, but is not limited to:

  • using IT resources in a way that interferes with the reasonable use of IT resources by other IT users
  • using IT resources in a way that hinders the University in meeting its legal obligations
  • assuming another person’s identity or role
  • communicating on behalf of an organisation or unit that the IT user does not have the authority to represent
  • accessing, using, destroying, altering, dismantling or disfiguring IT resources without appropriate authority or other lawful excuse
  • breaching any University or third party copyright or patent protection and authorisations, including licence agreements and other contracts
  • breaching the privacy of individuals without appropriate authority or other lawful excuse
  • using IT resources to bully, harass or victimise any other person
  • using IT resources for personal gain without appropriate authority

4.  Suspected or confirmed IT incidents or breaches of policy must be reported to the Staff Service Centre.

 

Definitions

The following definitions apply to this document:

Academic freedom as defined in Education and Training Act 2020: Section 267.

IT resources refers to any University owned or operated hardware or software and the data that is used or stored on it.

IT user means any individual member of the University community using IT resources.

Unit(s) refers to an organisational grouping across the University and includes a faculty, or research centre or service division or UniServices.

University means Waipapa Taumata Rau | University of Auckland and includes all subsidiaries.

University community includes all staff members (whether permanent, temporary or part time), honorary staff, students (whether full time or part time), contractors, subcontractors, consultants, alumni, associates, business partners or official visitors or guests of members of the University or UniServices.

Key relevant documents

Document management and control

Owned by: Chief Digital Officer (CDO)
Prepared by: Chief Information Security Officer
Approved by: The Vice-Chancellor
Date approved: 24 May 2023
Review date: 24 May 2028