To view or download this policy as a PDF click Employee and Employment Related Policies Documents

Purpose

This Policy articulates the expectations for acceptable use relating to:

• The provision of Information and Communication Technology (ICT) resources
• Access to ICT resources
• Responsible, ethical and legal use of ICT resources
• Security, privacy and compliance relating to ICT resources

Scope

This Policy applies to all users of Council ICT resources including external stakeholders. This Policy also applies to all users who connect equipment to any of the Council’s ICT resources.

Definition and Terms

Content: Information, including records, stored on ICT resources.

Device: Laptops, desktops, iPads, mobile phones and landlines.

ICT Resources: Landline telephones, mobile devices, satellite devices, internet, intranet, computer programs, computers, printers, Wi-Fi-dongles, modems, switches, routers, projectors, multi-function devices, scanners, and:

• Hardware, software, equipped accessories and firmware installed or connected
• Other ICT resources that the Council owns, leases or uses under licence or by agreement
• Any connection to the Council's network or use of any part of the Council's network to access other networks.

Unauthorised: not having official permission or approval.

User: Any person who has been granted access to, and use of, the Council's ICT resources.

Legislation and Reference

This document should be read in conjunction with the following relevant legislation and other Council polices. Users of Council’s ICT resources should note that heavy penalties exist under legislation that relates to the misuse of and/or destruction of Council’s ICT resources and content held on ICT resources.

Policy Statement

Council provides access to its ICT resources to users for conducting Council business.

Ownership

All ICT resources including hardware and software purchased with Council funds and content held on ICT devices are the property of Council.

Electronic communications created, sent or received using Council email systems are the property of the Council and may be accessed by an authorised person or their delegate in the case of an investigation. This includes investigations following a complaint or investigations into misconduct.

Electronic communications may also be subject to discovery in litigation and criminal investigations. All information produced on users’ computers, including emails, may be accessible under the Information Act (2002).

User Responsibilities

As a user of Council’s systems, users are permitted to use Council’s technology and information assets required to perform work duties. This includes access to specific facilities, devices, servers, software and databases, telephony, email, voicemail systems and the internet. Users have a reasonable expectation of privacy and protection from abuse and intrusion from other while using Council’s resources.

A user is responsible for knowing and understanding the policies in place for Council, and their associated responsibilities. In instances, an action may be technically possible, but may be a breach of this, or other, policy. Council employees are trusted and empowered to recognise unacceptable use of ICT assets and are responsible for reporting policy violations.

All users are expected to take reasonable precautions to protect the Council’s and the community’s information, system, and facilities. Councils expectation for reasonable precautions include:

• Users are to only access devices, accounts and information required to perform their role
• All devices, including laptops, desktops, mobile phones, and tablets, are to be locked when unattended
• Physical copies of documents must be securely stored when not in use
• Inappropriate access to or use of Council resources, lost devices, and other suspicious behaviour must be reported
• Passwords and other authentication information must be protected, including from family members and other household members
• Not taking Council owned ICT resources overseas without authorisation from the CEO
• Not using USB or other removable devices to store Council information without authorisation.

Installation on Council’s ICT Resources

Installation of privately purchased and owned ICT resources, on Council ICT resources is not permitted. All software installed on the device at the time of delivery to the user is to be considered essential. Removal of any such software is prohibited.

Modification of ICT resources or configuration is prohibited.

Unacceptable Use of ICT Resources

Under no circumstance is a user authorised to use Council’s ICT resources to engage in any activity that is illegal under State, Federal or International law. Access to Council resources is a privilege, not a right, and accordingly may be revoked if a user performs an unacceptable use of ICT resources. Council’s ICT resources must not be used:

• To send, receive or upload Council’s information to unauthorised online services, channels or devices
• To enter into any subscription contract or agreement to be used with Council’s information or data without prior approval
• For personal online services using Council credentials (including email address and/or current password)
• For use in a way that is considered offensive, defamatory, obscene, or harassing
• For accessing social media sites, except for access pertaining to Council business
• For unauthorised monitoring of electronic communications
• For the violation of privacy of individuals or entities that are creators, authors, users or subjects of the information resources
• Sending unsolicited emails, including sending “junk mail”, spam, “chain emails”, ponzi or other pyramid schemes of any type
• To target or attack the confidentiality, integrity or availability of Council or other organisations resources.

Occasional personal use is permitted on an infrequent basis, must be brief and only carried out in the user’s own time during breaks. Personal use must not:

• Adversely affect job performance or take a substantial amount of time
• Support a personal business, personal gain, or aid a competitor in any way
• Result in additional charges to the Council
• Impede the efficiency of email, internet or email services
• Obstruct others ability to perform their role (e.g., printing personal documents and interfering with others ability to use a Council printer).

Monitoring

Usage charges for mobile ICT resources are subject to periodic monitoring. Excessive data usage over the assigned plan will result in additional costs being passed on to the user of the device.

To protect our network, servers, data and/or to comply with legal or regulatory requirements, Council reserves the right to log, intercept, interrogate and otherwise capture data created or received by Council resource users. Council reserves the right to perform forensic examination of Council devices and accounts if required.

Incident Reporting

Any identified potential security incidents, breaches and spoofing emails must be reported immediately to a users’ supervisor and the ICT department.

Information security incidents may include but are not limited to:

• Suspicion that a user account has been used by someone else
• Unauthorised access to a secure area by a third party
• Loss or theft or damage of hardware or portal media or physical documentation
• Computer virus or malware

Review History