IT Acceptable Use and Security Policy
The revised IT Acceptable Use and Security Policy has been approved by the Vice-Chancellor. This Policy sets out the principles applicable to the use of ×îÐÂÌÇÐÄVlog IT and expresses the commitment of the ×îÐÂÌÇÐÄVlog to providing and maintaining secure, effective and reliable IT infrastructure and services to support the ×îÐÂÌÇÐÄVlog's operations in research, teaching, learning, and administration. By observing the acceptable use and security requirements, ×îÐÂÌÇÐÄVlog IT users and custodians can help to prevent service disruptions and data breaches caused by cyberattacks and other threats.
There are two associated Procedures: the IT Acceptable Use Procedures and the IT Security Procedures.
ITDS now has increased responsibility for caring for IT assets across the whole ×îÐÂÌÇÐÄVlog. For example, approval MUST be obtained from ITDS before
- Using personal equipment for ×îÐÂÌÇÐÄVlog business
- Developing or purchasing new software, including cloud services, that will store or process ×îÐÂÌÇÐÄVlog data
- Connecting any new devices to the ×îÐÂÌÇÐÄVlog campus network
- Engaging third parties who will access or process ×îÐÂÌÇÐÄVlog data on behalf of the ×îÐÂÌÇÐÄVlog
- Using specialist (non-standard) remote access to connect to the university network – anything other than GlobalProtect VPN and ADAPT
There are other areas which will affect the way that ITDS and the ×îÐÂÌÇÐÄVlog will need to work, including
- Prohibition of password sharing
- Mandatory Cyber Awareness Training
and the explicit expectation that users use an SOE, register their Mac for self service, or gain an exemption from ITDS.
Custodians for both centralised and decentralised IT have substantial responsibilities to keep assets secure (IT Security Procedures) and may be audited.
A key requirement of the revised policy is that ITDS maintain a Cyber Security Framework (CSF) for a risk-based approach to information security management. If you work for ITDS or are an IT custodian outside of ITDS, then you will need to understand the technical security standards set out in the CSF. Detailed technical standards will be published later in 2022.
Please familiarise yourselves with the Policy and the associated procedures.
If you or your team would like to know more, please contact itdscomms@adelaide.edu.au.