App ITS is pleased to announce the approval and publication of a new suite of University IT policies. The new policies define the rules that will ensure the secure use and implementation of all University IT resources.
The implementation of the new policies will further improve the University’s compliance with the Commonwealth Privacy Act (1988), specifically the new Australian Privacy Principles (APP’s) relating to taking reasonable steps to ensure the protection of personal information. These policies have undergone an extensive consultation and review process post development during 2014 which involved stakeholders from ITS, the Faculties and Professional Portfolios.
Compliance with the new policies is mandatory for all staff, students and third parties with access to University IT systems effective immediately.
What policies were approved?
The approved policies include:
- Information Security Policy (replaces the existing ICT Security Policy)
- IT Acceptable Use Policy (replaces the existing ICT Acceptable Use policy)
- IT Asset Management Policy
- Secure Mobile Computing Policy
- IT Disaster Recovery Policy
- IT Application Development and Acquisition Policy
- Identity & Access Management Policy
- Mobile Services Policy
How can I ensure I comply with the policies?
Compliance with the new policies is mandatory for all staff, students and third parties with access to University IT systems. To ensure you comply with the new policies:
- The Information Security Policy brings into effect the Information Classification Framework (ICF). The ICF provides direction for the identification, labelling and handling of digital information based on its value to Flinders University. The ICF is applicable to all types of information including administrative, research and teaching and learning;
- Changes to the IT Acceptable Use Policy now includes specific explanation around personal use of IT resources including internet and phone services;
- The new requirements defined in the IT Application Acquisition and Development Policy now mean that ITS Security Services must be engaged to perform formal security reviews of all new applications and cloud hosted services that are used to store any University data.
For more information on each of the new policies and the information classification it is recommended that staff review the new ITS Security Services website which includes the latest information about security threats and the latest scam emails. (http://www.flinders.edu.au/its/essentials/its-security/its-security_home.cfm)
Can I expect formal training or awareness?
An awareness strategy is being established and an awareness program will be rolled out from early 2015. This awareness includes mandatory online training for all staff. In addition, new staff induction content will soon be updated to reference the new policies and responsibilities. Further information about the timing of this training will be provided in early 2015.
What if I need more information?
ITS security and policy information is now available at the new ITS Security Services website. If more specific information is needed please contact ITS Security Services (ictsecurity@flinders.edu.au).