This document sets out the security, administration and internal rules which you should observe when communicating electronically or using the IT facilities provided by Providence Christian College (‘the College’). You should familiarise yourself with the terms of this Policy in order to minimise potential damage to you, your colleagues, students and the College, which may arise as a result of misuse of network or Internet facilities.

This Policy applies to all employees and contractors of the College.

College Property

  1. The College is the owner of copyright in all documents created by its employees and contractors in performing their duties.
  2. Staff issued computing devices remain the property of the College
  3. Staff issued devices must be returned to the College on the demand of College Leadership or other delegated authorities such as the IT Department. The reasons for demand include but are not limited to long service leave, staff departures or security concerns.

Data Storage

  1. The College uses Google Drive for staff to be able to store electronic documents.
  2. Documentation that is designed for use in collaboration with others, should be stored in Google Team Drives. Team Drives are set up by IT Administration and will reflect the structures and task groups within the College. The delegated leaders of these structures (Eg. Science Department) or task groups (Eg. IT Committee) will be responsible for the maintenance of the Team Drive to ensure that it is orderly and easy to use.
  3. Each Team Drive should have a minimum of two managers, one being the staff member responsible for the Drive and the other being that staff member’s line manager. Non-managers should normally be set to ‘Content Manager’.
  4. Documentation that is designed only for the use of the author should be stored in Google My Drive. It is the user’s responsibility to maintain the drive to ensure that it is orderly and easy to use.
  5. The sharing of documents should be done cautiously to ensure that the person being shared with has the authority to access the material and that appropriate access levels are set. If there is any doubt, the IT Department should be consulted.
  6. External media (Eg. USB Drives) must not be used to store or transport College data unless that drive is encrypted and authorised for use by the IT Department. Unauthorised USB devices will be accessible as ‘read only’ on all College Staff devices.
  7. College documents must not be stored on any unsanctioned Cloud storage service. If there is any uncertainty about this, the IT Department should be consulted.
  8. Due to the possibility of theft, loss or damage, staff must not store important data on a College provided device when there is not another copy on Google Drive.
  9. Where confidentiality, practicality or security necessitate, exceptions to these data storage policies may be made in consultation with the IT Manager.

Monitoring

  1. The College’s computer network is an administration and educational tool to be used primarily for carrying out the business of the College. You therefore have a responsibility to use these resources in an appropriate, professional and lawful manner.
  2. All messages on the College’s system will be treated as education or business related messages, which may be monitored. Accordingly, you should not expect that any information or document transmitted or stored on the College’s computer network or related cloud services will be private.
  3. You should also be aware that the College is able to monitor your use of the Internet while you are on the College campus. This includes the sites and content that you visit and the length of time you spend using the Internet.
  4. Documents will be archived or deleted by the College as it considers appropriate or as required by legislation.

Personal Use

  1. You are permitted to use the Internet and email facilities to send and receive personal messages, provided that such use is kept to a minimum and does not interfere with the performance of your work duties.
  2. However, you should bear in mind that any use of the Internet or email for personal purposes is still subject to the same terms and conditions as otherwise described in this Policy.
  3. In the case of shared IT facilities, you are expected to respect the needs of your colleagues and use the facilities in a timely and efficient manner.
  4. Excessive or inappropriate use of email or Internet facilities for personal reasons during working hours may lead to disciplinary action.
  5. Where staff use College facilities and a cost is incurred to the College (eg printing), this amount should be paid back to the College via Parent Services at the time of use.

Content

  1. Electronic correspondence should be treated in the same way as any other written correspondence. That is, as a permanent written record which may be read by persons other than the addressee and which could result in liability for the author or the College.
  2. You should never use the Internet for the following purposes:
    1. to abuse, vilify, defame, harass or discriminate (by virtue of gender, race, religion, national origin or other);
    2. to send or receive obscene or pornographic material;
    3. to injure the reputation of the College or in a manner that may cause embarrassment to your employer;
    4. to spam or mass mail or to send or receive chain mail;
    5. to infringe the copyright or other intellectual property rights of another entity; or
    6. to perform any other unlawful or inappropriate act.
  3. Communications that may seem harmless to you may in fact be highly offensive to someone else. You should be aware, therefore, that in determining whether an email falls within any of the categories listed above, or is generally inappropriate, the College will consider the response and sensitivities of the recipient of an email as well as the intention of the sender.
  4. If you receive inappropriate communication, you should keep the communication in case it is required for evidence and not forward it to anyone else. It would be appropriate for you to discourage the sender from sending further materials of that nature.
  5. Comments that are not appropriate in the workplace or College environment will also be inappropriate when sent by electronic communications. Messages can easily be misconstrued. Accordingly, words and attached documents should be carefully chosen and expressed in a clear, professional manner.
  6. You should be aware that, use of the College’s digital network in a manner inconsistent with this policy or in any other inappropriate manner, including but not limited to use for the purposes referred to in paragraph 4.3 of this policy, may give rise to disciplinary action, including termination of an employee’s employment or contractor’s engagement.

Privacy

  1. In the course of carrying out your duties on behalf of the College, you may have access to, or handle personal information relating to others, including students, colleagues, contractors, parents and suppliers. Electronic communication should not be used to disclose personal information of another except in accordance with the College’s Privacy Policy or with proper authorisation.
  2. The Privacy Act requires both you and the College to take reasonable steps to protect the personal information that is held from misuse and unauthorised access. We stress therefore, that you take responsibility for the security of your personal computer and not allow it to be used by an unauthorised party, which specifically includes anyone who is not an employee of the College.
  3. You will be assigned a username and you will also select a password to use the College’s network facilities. You should ensure that these details are not disclosed to anyone else. We require that you take steps to keep these details secure and ensure that your username and password are not kept in a manner that can be easily obtained by others.
  4. You will be required to change your password regularly. The regularity of the change will be determined by the College.
  5. You are required to either lock your screen or log-out when you leave your device unattended. This will avoid others gaining unauthorised access to your personal information, the personal information of others and confidential information within the College.
  6. In order to comply with the College’s obligations under the Privacy Act, you are required to use the blind copy (Bcc) option when sending emails to multiple recipients where disclosure of those persons’ email addresses will impinge upon their privacy.
  7. In addition to the above, you should familiarise yourself with the Australian Privacy Principles[1] (‘APPs’) and ensure that your use of electronic communication does not breach the Privacy Act or the NPPs. If you require more information on the Privacy Act and how to comply, please contact the ICT Administrator.

Distribution and Copyright

  1. When distributing information over the College’s computer network or to third parties outside the College, you must ensure that you and the College have the right to do so, and that you are not violating the intellectual property rights of any entity.
  2. If you are unsure of whether you have sufficient authorisation to distribute the information, we recommend that you contact the Teacher Librarian who is responsible for information provided to employees as it relates to the application of copyright legislation.
  3. In particular, copyright law may apply to the information you intend to distribute and must always be observed. The copyright material of any entity (for example, software, database files, documentation, cartoons, articles, graphic files, video files and downloaded information) must not be distributed without specific authorisation to do so.

Encryption and Confidentiality

  1. When email is sent from the College to the network server and then on to the Internet, the email message may become public information. Encryption will reduce the risk of third parties being able to read email and should be used in cases where you feel additional security is required. If you require more information in relation to encrypting messages, you should contact ICT Administrator.
  2. As mentioned above, the Internet and email are insecure means of transmitting information. Therefore, items of a highly confidential or sensitive nature should not be sent via email. You should note that there is always a trail and a copy saved somewhere.
  3. Communications sent over the Internet could be sent to the wrong address by mistake. Where outgoing email is important or urgent, you should verify that the recipient has received the email. If it is found that the message was sent to the wrong recipient, it must be reported to a line manager who will determine the appropriate response to the situation in light of the Australian Privacy Principles.
  4. You must ensure that all emails that are sent from your email address contain the College’s standard disclaimer message, which will read as follows:

This email and any files transmitted with it are confidential and intended solely for the use of the addressee. If you have received this email in error, please notify the system manager. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.

This message will be set to appear automatically on each outgoing email. Please contact IT if this feature is not working.

  1. It is easy to make an email appear to be from someone other than who the email appears to be from. Staff should take steps to verify the sender where there is any doubt. The College IT Department should be consulted if there is suspicion that the sender may not be authentic.
  2. Work related emails should be archived rather than deleted as they may be needed at a later date.
  3. You must not access any electronic information that you are not authorised for. If you become aware that you have access to information that you are not authorised for, you must report it to the IT Manager to have the access removed. In the case of an IT Administrator, it should be reported to their line manager.

Password Security

  1. Staff must not use the password required to access College digital resources to access any resouces provided by third parties.
  2. Staff passwords must comply with the complexity and security requirements set by the College.
  3. Passwords cannot be written down and left in or around work areas. Passwords may be written and kept in a private and secure location (Eg. wallet, purse or, personal journal) but must not be kept with the username.
  4. The College may change the password complexity and security requirements in keeping with accepted security practices. Staff will be notified in advance of any changes.
  5. Where a staff member’s account is deemed to have access to highly sensitive information or critical system functions, Two Factor Authentication (2FA) will be required.
  6. The IT Department will help staff with assistive technologies to maintain and manage passwords in a secure manner. Details of the recommended solution can be found at https://goo.gl/Z9nLjG.

Viruses and Malware

  1. All College systems will have antivirus software that automatically checks files for virus and malware activity. Staff must not attempt to circumvent the protections of the College systems in an attempt to access material that those systems have identified as possibly harmful.

Absence

  1. In cases where you are likely to be absent from work for any period of time, you should make arrangements for your emails to be accessible by the College or ensure that an ‘out of office reply’ is automatically set. This automatic reply will alert those trying to contact you that you are away from work and that important queries should be directed to a nominated colleague. If you require assistance in installing this feature, please contact the IT department.

Policy Updates

  1. This policy may be updated or revised from time to time. The College will notify you each time the Policy is changed. If you are unsure whether you are reading the most current version, you should contact the Principal.

General

  1. The terms and recommended conduct described in this Policy are not intended to be exhaustive, nor do they anticipate every possible use of the College’s email and Internet facilities. You are encouraged to act with caution and take into account the underlying principles intended by this Policy. If you feel unsure of the appropriate action relating to use of email or the Internet, you should contact the Principal.