Information Technology Services Rules 2005 (Cth)
THE AUSTRALIAN NATIONAL UNIVERSITY
INFORMATION TECHNOLOGY SERVICES RULES 2005
The Council of the Australian National University makes these Rules under section 3 of the Information Technology Services Statute 1999.
Dated: 10 December 2004.
Peter Baume AO
Chancellor
________________________________________________________
Citation and commencement
1. (1) These Rules may be cited as the Information Technology Services Rules 2005
These Rules commence on 31 December 2004, immediately after the commencement of the Rules (Repeal) Rules 2004.
PART 1--PRELIMINARY
Interpretation
2. In these Rules, unless the contrary intention appears:
"account" means an account assigned to a user under subrule 3 (4);
"Director" means the Director, Information Technology Services;
"hardware" means the computer equipment, components, parts of components and operating manuals forming the hardware part of the Information Technology Services and includes any substituted components or manuals;
"information" means the data and other material on any part of the Information Technology Services;
"order" means an order made under section 4 of the Statute;
"password" means the mode of secured personal access to those parts of the Information Technology Services authorised under rule 3 for use by the user;
"software" means the licensed products, computer programs and data and includes any updates and new releases of products;
"Statute" means the Information Technology Services Statute;
"user" means a person who accesses the Information Technology Services whether that access is from within the University or from outside of the University.
PART 2--ACCESS TO, AND USE OF, INFORMATION TECHNOLOGY SERVICES
Authorised Access
3. (1) A person must not use the Information Technology Services unless:
(a)he or she is authorised to do so by the Director or the Director's delegate; or
(b)the service used by the person is for public use.
(2) It is a condition of the authorisation referred to in subrule (1) that the user must comply with the Orders and conditions, and have regard to the guidelines, on the use of University Information Technology Services issued by the University from time to time.
(3) A person commits an offence if the person:
(a)uses the Information Technology Services, or any part of the Information Technology Services, without being authorised to do so; or
(b)obtains access to information without being authorised to do so;
(c)uses another user's account; or
(d)uses, for unauthorised purposes, facilities which he or she is authorised to use.
(4) An officer nominated by the Director may assign an account to a user to enable the user to access that part of the Information Technology Services for which the account is required.
Passwords
4. (1) Some parts of the Information Technology Services may require a password for a user to access that part of the Information Technology Services.
(2) Each password must be personal to a particular user except when the user and another person have shared duties with joint access to the part of the Information Technology Services to which the password relates.
(3) It is an offence for a user to make his or her password available to another person, other than another person who shares duties with the user and who has joint access to the part of the Information Technology Services to which the password relates.
Use for gain
5. (1) A person may not use any part of the Information Technology Services for private gain, or for a financial gain to a third party, without the prior approval of the officer who has a financial delegation for that part of the Information Technology Services.
(2) A person who knowingly or recklessly contravenes subrule (1) commits an offence.
Copying
6. A user of the Information Technology Services who copies:
(a)the information of another user contained on the Information Technology Services (without the consent of the other user); or
(b)any software contained on the Information Technology Services (without the consent of the licensor of the software); or
(c)information belonging to the University which the user is not authorised to access;
commits an offence.
Interfering or subverting
7. (1) A user must not interfere with the operation of the Information Technology Services or any part of the Information Technology Services.
(2) If a user wilfully causes interference with the operation of all or part of the Information Technology Services, he or she commits an offence.
(3) If a person attempts to subvert the security of any of the Information Technology Services, he or she commits an offence.
(4) Any person who without authority or excuse:
(a)destroys, erases or alters information stored in, or inserts information into, the Information Technology Services or any part of those Services; or
(b)interferes with, or interrupts or obstructs the lawful use of a part of the Information Technology Services; or
(c)destroys, erases, alters or adds information stored on behalf of the University in a computer that is not a University computer; or
(d)impedes or prevents access to, or impairs the usefulness or effectiveness of, data stored in the Information Technology Services or information stored on behalf of the University in a computer which is not a University computer;
commits an offence.
(5) A user who, in particular circumstances, commits an offence to which subrules (2) and (4) would, but for this subrule, both apply, is only to be regarded as committing an offence under one of those subrules in respect of those particular circumstances.
Obscene, offensive, etc. messages or material
8. (1) The Information Technology Services must not be used:
(a)in a manner that brings the University into disrepute; or
(b)to send obscene, offensive, harassing or defamatory messages or material to another person whether at the University or at another place.
(2) If a user sends a message or material referred to in subrule (1), whether within the University or to a person outside the University, on a network connected to the Information Technology Services, whether it identifies the user as affiliated with the University or not, the user commits an offence.
(3) If a user sends, through equipment which is not a University computer or facility, a message or material to which subrule (1) applies and which associates the name of the University with the message or material, the user commits an offence.
Misrepresentation
9. A person who represents himself or herself as another person, whether fictional or not:
(a)to obtain access to the Information Technology Services or any part of them; or
(b)to purport to be the author of any work or information on the Information Technology Services, or
(c)to send any message or information on the Information Technology Services;
commits an offence.
Damage to items
10. A person who wilfully or recklessly:
(a)damages any item, article or part of any Information Technology Services; or
(b)erases, deletes or damages any information on the Information Technology Services;
commits an offence.
PART 3--PENALTIES
Offences
11. A person who:
(a)commits an offence; or
(b)repeats an offence; or
(c)otherwise contravenes a provision of these Rules;
is liable to a penalty set out in rule 12.
Penalties
12. (1) Subject to rule 13, if the Director finds that a person has committed an offence, the Director may, in relation to the offence:
(a)decide to take no action;
(b)reprimand the person committing the offence;
(c)suspend the person from the use of all or part of the Information Technology Services, including (but not limited to) all or part of an Information Technology Services facility of the University;
(d)close the relevant account;
(e)recommend to the Vice-Chancellor (or the delegate of the Vice-Chancellor) that the person be dealt with for misconduct:
(i)if the person is a candidate within the meaning of the Discipline Rules--under the Discipline Rules; or
(ii)if the person is a member of the staff of the University--under the relevant industrial award;
(f)impose a monetary penalty of not more than $500 on the person;
(g)determine the conditions under which the person may have access to any facility of the Information Technology Services;
(h)determine compensation payable by the person to the University for damage to the Information Technology Services; or
(i)take any action, being a combination of the actions specified in paragraphs (b) to (h) (inclusive).
(2) If the Director determines under paragraph (1) (h) that compensation is payable by a person, the person must pay to the University, in addition to any monetary penalty imposed under paragraph (1) (f):
(a)the lesser of:
(i)an amount equivalent to the cost of the repair of the damage; and
(ii)$5,000; or
(b)if the damage is irreparable--the lesser of:
(i)an amount equivalent to the cost (including any reasonable administrative cost) of replacing the item or article or part of the Information Technology Services, as the case may be; and
(ii)$5,000.
(3) Nothing in subrule (2) prevents the University from recovering, in a court of competent jurisdiction, that part of:
(a)the amount of the cost of the repair of the damage caused by a person; or
(b)the amount equivalent to the cost (including any reasonable administrative cost) of replacing the item or article or part of the Information Technology Services damaged by the person;
(as the case requires) that exceeds $5,000.
(4) The Director may, in relation to an offence for which the sole penalty is a monetary penalty:
(a)waive the monetary penalty payable for the offence; or
(b)extend the time for the payment of the monetary penalty.
(5) If a person becomes liable to pay to the University a monetary penalty or other amount under this rule, the person must pay to the University the amount specified in the notice given under subrule 13 (3) in relation to the matter not later than 1 month after:
(a)if an appeal is not lodged under rule 15 in relation to the finding giving rise to the liability--the date of the notice; or
(b)if an appeal is lodged under rule 15 in relation to the finding giving rise to the liability--the day on which the decision is given in respect of the appeal.
(6) A person who is liable to pay to the University a monetary penalty or other amount under this rule, is not entitled to use the Information Technology Services, unless otherwise authorised in writing by the Director, if the amount remains unpaid after the time referred to in subrule (5) has expired.
(7) A determination made for the purposes of this rule must be in writing and must be given to the person in relation to whom it is made.
Imposition of penalties
13. (1) If it appears to the Director or his or her nominee that, in relation to Information Technology Services, a person is in breach of these Rules or of an order, the Director, acting with the agreement of the Deputy Vice-Chancellor, may immediately suspend a person from use of the Information Technology Services for an initial period not exceeding 28 days.
(2) A suspension under subrule (1) takes effect as soon as written notice of its effect is given to the person suspended.
(3) A penalty (other than a suspension referred to in subrule (1)) must not be imposed on a person unless:
(a)the person is given written notice of:
(i)the breach that is alleged to have been committed by the person; and
(ii)the penalty that is proposed to be imposed for the alleged breach in addition to any suspension under subrule (1); and
(b)the notice is accompanied by a copy of this rule and of rule 15; and
(c)a period of not less than 14 days, or any shorter period that is agreed to by the person, has elapsed since the giving of the notice; and
(d)any written representations made, during the period referred to in paragraph (c), by the person to the Director about the alleged offence or the proposed penalty, or both of them, have been taken into account; and
(e)in the case of a person who appeals against a finding or penalty under rule 15--the decision of the Appeals Committee is given to the appellant and the Director under subrule 15 (10).
PART 4--APPEALS
Information Technology Services Appeals Committee
14. (1) There is to be a Information Technology Services Appeals Committee.
(2) Subject to subrule (3), the Committee consists of the Chair and 4 persons selected by the Deputy Vice-Chancellor, for the purposes of an appeal, from the following persons:
(a)the Dean of Students;
(b)a nominee of the Chairperson of the Board of the Institute of Advanced Studies;
(c)a nominee of the Chairperson of Board of The Faculties;
(d)a nominee of the Chairperson of the Board of the Institute of the Arts;
(e)a person appointed after consultation with the Australian National University Students' Association;
(f)a person appointed after consultation with the Executive Committee of the Australian National University Postgraduate and Research Students' Association Inc.;
(g)2 other members appointed by the Information Technology Strategy Committee, at least one of whom is a full-time member of the academic staff of the University;
(h)1 member of the general staff of the University selected by the Deputy Vice-Chancellor.
(3) A person is not eligible to be selected as a member of the Committee, for the purposes of an appeal, if that person is:
(a)a member of the staff (including the part-time and casual staff) of the same Research School or Faculty or other body as the appellant; or
(b)a student member of the Information Technology Strategy Committee.
(4) The Chair of the Information Technology Strategy Committee, or his or her nominee, is the Chair of the Committee.
(5) An appointment of the kind referred to in paragraphs (2) (b), (c), (d), (e) and (f) must be in writing signed by the person making the appointment and delivered to the Chair of the Committee.
(6) Subject to subrule (7), each member of the Committee referred to in paragraph (2) (g) holds office at the pleasure of the Information Technology Strategy Committee.
(7) A member of the Committee referred to in paragraph (2) (g) may resign his or her membership of the Committee by written notice signed by the member and delivered to the Chair of the Information Technology Strategy Committee.
(8) A quorum at a meeting of the Committee is the Chair and 3 other members.
Appeals to Appeals Committee
15. (1) If the Director finds that a person has committed an offence against these Rules or an order, the person may appeal to the Committee against the finding and, if a penalty was imposed in respect of that breach, against the penalty.
(2) An appeal must be lodged within 14 days of the date of the finding by delivering a notice of appeal to the Deputy Vice-Chancellor who must forward the notice to the Chair of the Appeals Committee.
(3) The procedure at a hearing by the Committee may be determined by the members of the Committee present at the hearing.
(4) The Committee is not bound to act in a formal manner but, subject to this rule, may inform itself on any matter in any manner as it thinks just.
(5) The Committee must disregard any statement that appears to it to have been obtained unfairly or to which, in the opinion of the Committee, it would be unjust to have regard.
(6) At a hearing by the Committee, the appellant is entitled to be accompanied by a person nominated by the appellant, being:
(a)a student; or
(b)a member of the staff of the University; or
(c)a member of a registered trade union
except a person acting as a practising lawyer.
(7) A person referred to in subrule (6) may:
(a)advise the appellant in relation to the appeal; and
(b)address the Committee and examine and cross-examine witnesses on behalf of the appellant.
(8) After receiving the evidence and representations advanced by the appellant and any other evidence, about either or both of:
(a)the finding of the Director; and
(b)the penalty (if any) imposed by the Director;
the Committee may:
(c)confirm the decision;
(d)vary the decision;
(e)set aside the decision and make a decision in substitution for the decision set aside; or
(f)set aside the decision.
(9) If the Committee is divided in opinion as to the decision to be made on any question, the question must be decided:
(a)if the members of the Committee present and participating in the making of the decision are not equally divided in opinion--according to the opinion of the majority; and
(b)if those members are equally divided in opinion--in favour of the appellant.
(10) The decision of the Committee and the reasons for the decision must be given in writing to the appellant and the Director within 7 days of the making of the decision.
(11) An appeal hearing under these Rules is not ineffective by reason only of a formal defect or irregularity in the convening or conduct of the Committee.
(12) The decision of the Committee is final.
PART 5--MISCELLANEOUS
Tabling and disallowance of orders
16. (1) The Director must, not later than 5 days after the making of an order, transmit a written copy of the order to the Vice-Chancellor.
(2) The Vice-Chancellor must cause the copy of the order to be laid before the next meeting of the Council after the day on which it is received.
(3) The Council may, not later than the end of its next meeting after the order is laid before the Council, by resolution, disallow all or part of the order.
(4) In this rule, "Council" includes the Executive Committee of Council.
Publication of Statute, Rules and orders
17. The Director must:
(a)cause copies of the Statute, of these Rules and of any orders, as amended and in force for the time being, to be readily available in the University to users of the Information Technology Services; and
(b)take all reasonable steps to ensure that the contents of the Statute, Rules and orders are brought to the attention of all users of the Information Technology Services.
Penalties for Breaches of orders
18. (1) The penalty for a breach of an order is as set out in the order.
(2) Nothing in subrule (1) excludes the operation of the Discipline Rules in relation to a breach of an order.
Notices
19. For the purpose of these Rules, a notice or communication that is hand delivered or sent by security post to a person at a place shown in the records of the University as the person's:
(a)semester address; or
(b)work address; or
(c)permanent home address;
is regarded as having been given to the person on the date on which the notice was hand-delivered or, if it is sent by post, on the date on which it would, in the ordinary course of post, have been delivered to the person.
Reporting to Council
20. The Director must make an annual report to Council containing a statement setting out the number of times suspension has occurred under subrule 13 (1) in the year to which the report relates.
0
0
0