Part A: Preliminary
1. Purpose of policy
This policy defines client access to Information and Communication Technology (ICT) resources at the University, the periods of eligibility for this access and the types of resources that are to be accessible by each client.
2. Application of policy
This policy applies to all University clients including staff, students and other clients who, based on their relationship with the University, need access granted to University ICT resources.
Access to ICT systems that are identified as restricted within the ICT Security - Managerial Policy is subject to System Owner authorisation and procedures. Base level access as described in this policy is a prerequisite to gaining access to these restricted systems but the individual System Owners will determine the eligibility for access and the rules for provisioning. While references to these restricted systems are made within this document, refer to the ‘User Management Procedures’ for further details of each restricted system.
In this policy the follow definitions apply:
Provisioning means the provision of access to various ICT facilities to eligible individuals, as well as the removal of this access when eligibility lapses.
- Limited Access to the USC self service web systems USCCentral or USCStaff
- Student Access to web systems, student email, network drives, Student workstations and on-campus Internet access, as appropriate for students to facilitate their study
- Staff Access to web systems, the USC Portal, an email account, network drives, USC Staff and Student workstations and on-campus Internet access, as appropriate for staff to perform their duties.
Staff are defined as individuals who hold an active employment contract with the university and are present in the University’s Human Resources and Payroll System. Note: for the purpose of provisioning an individual who has recently had an active employment contract may also be considered as a staff member for a brief period after this contract has lapsed.
A Student is defined as an individual who has applied for, is currently studying, is having a break from study or has completed studies in a course of study provided at the University and are present in the University’s Student Information System.
An Affiliate is defined as an individual who has a bonafide relationship with the University for which approval has been gained to offer access to various ICT resources.
An Affiliation is defined as a group of affiliates linked by predefined eligibility criteria who have a bona fide relationship with the University requiring access to University ICT resources.
Part B: Policy
The University's information technology environment is dynamic, characterised by openness, creativity and free sharing of information, to the greater benefit of universities generally.
While facilitating this free and open environment Information Technology (IT) Services must adhere to various state and federal legislative requirements regarding information security and privacy and strive to be consistent with the Queensland Government’s Information Standard IS18 and the ISO/IEC 27001 standard. IT Services must also effectively manage the University’s investment in Information Technology.
For these reasons criteria must be established for the provisioning of services to the University community and procedures put in place for the effective management of this provisioning.
4.1 Staff provisioning
For the purpose of determining the rules for the provisioning of IT resources and to ensure timely access to necessary resources staff are categorised into 3 groups:
a) Ongoing and Fixed-term Staff
b) Casual Professional staff
c) Casual Academic staff.
4.1.1 Ongoing and Fixed-Term staff: The provisioning of IT resources will commence from the date an employment contract is received and entered into the HR/Payroll System, to a maximum of 7 calendar days prior to the official employment commencement date.
De-provisioning of IT resources will become affective from the day following their official employment termination date.
4.1.2 Casual Professional Staff: The provisioning of IT resources will commence from the date an employment contract is received and entered into the HR/Payroll System, to a maximum of 7 calendar days prior to the official employment commencement date.
De-provisioning of IT resources will become effective on the day following the official pay day when the staff member has not received wages payment for eight consecutive pay periods (i.e. fortnights).
4.1.3 Casual Academic Staff: The provisioning of IT resources will commence from the date an employment contract is received and entered into the HR/Payroll System, to a maximum of 30 calendar days prior to the official employment commencement date.
De-provisioning of IT resources and deletion of stored data for casual Academic staff will be delayed for a period of 4 calendar months after their official employment termination date.
Casual Academic staff can request an extension beyond four months, with the approval of a faculty Executive Dean or Cost Centre Manager. In all cases an application for extension must be received prior to the de-provisioning date and must provide an alternative de-provisioning date not extending beyond 12 months from the official termination date.
4.1.4 General conditions
Employment contracts are cumulative and staff will only be de-provisioned where they have no other current employment with the University or subject to any provisioning conditions inherent with another employment contract.
Subject to University policies on Intellectual Property and Copyright, terminating staff are responsible for retrieving copies of any data they wish to retain prior to their termination date. Data generated or stored in either the network drives or email system remains the property of the University. Supervisors of a terminating staff member who believes this data could be of benefit to the University can request access to this data by notifying IT Services within 14 days of the staff member’s termination date. After this date, personal data will be processed in a manner consistent with the University’s Information Management Framework – Governing Policy and future recovery may not be possible.
Certain groups of staff who have been identified as not requiring access to email and portal facilities, subject to the relevant cost centre manager’s approval, will be provided a Limited Access account (e.g. Events & Catering Casual staff and Practical Teaching Mentors & Coordinators). All other staff will be provided a full Staff Access account.
The de-provisioning of access to restricted Systems, including corporate applications, may commence earlier than the timeframes outlined above as determined by the relevant System Owners.
4.2 Student provisioning
For the purpose of determining the most appropriate rules for the provisioning of IT resources, students are categorised into two groups:- Current Students and non-active students. This later category includes applicants, alumni and students who have had some interruption to study (i.e. academic leave, abandonment or have faltered in attaining any qualifications.)
4.2.1 The student lifecycle
When a potential student expresses an intent to study at the university (either through QTAC or directly) they are entered into the Student Information System. The student is then tracked within the Student Information System and subject to the conditions set by the Academic Board, status information is applied to each student’s record. The status changes recorded in the Student Information System then determines the level of IT access with which they are provisioned.
When the University agrees to make a potential student an offer to commence study they are provided a Limited Access account allowing them to use our USCCentral web system for the purpose of accepting that offer and enrolling.
When that potential student accepts this offer they are provided a full Student Access account. This provides a USC student email account, network drive space, and access to the Internet, all subject to a quota system tailored to the particular career they have chosen. They also gain access to printing and Library facilities.
Note: access to the USC Portal and Learning Management System is subject to a student’s enrolment into courses with separate eligibility conditions as determined by the System Owner of the Learning Management System.
If a student is excluded (failed to meet academic requirements), Voluntarily Discontinues or Abandons their studies, access reverts back to Limited Access 30 days after the end of the semester or session in which they were last enrolled.
If a student is expelled access reverts back to Limited Access from the day after the effective date of this expulsion.
When a student completes their course of study access will revert back to Limited Access at the end of May in the year following their completion. Students studying for a Higher Degree by Research may request an extension beyond this date with the approval of the Director, Office of Research.
Students who have successfully completed a course of study are flagged for the provisioning of Systems specifically targeted for alumni as determined by the relevant System Owners and their credentials will remain active indefinitely for this purpose.
4.2.2 General conditions
Subject to University policies on Intellectual Property and Copyright, students are responsible for retrieving copies of any data they wish to retain prior to reverting back to a Limited Access account. After this date, personal data will be processed in a manner consistent with the University’s Information Management Framework – Governing Policy and future recovery may not be possible.
4.3 Affiliate provisioning
The process for approval for affiliations is described below.
A person wishing to gain access to IT resources for one or more persons not covered in previously established affiliations must apply for the establishment of such an affiliation from a Director of IT Services.
This application must include details such as:
- the purpose for which this affiliation should be established
- the rules for eligibility for membership to this affiliation
- the details of the IT resources required by this affiliation
- list of approved sponsors responsible for authorising membership
- authorisation from the relevant faculty Executive Dean or Cost Centre Manager.
Director, IT Services will be responsible for the approval of such affiliation requests.
All membership to these affiliations will be for a fixed term not exceeding 12 months. Applications for continued membership will be required each year in order to ensure continued access.
Each affiliate will require sponsorship from a Cost Centre Manager approved staff member who will be responsible for authorising membership and liaising between IT Services and the affiliate.
Each affiliate must provide current contact details and sufficient personal information in order to provide unique identification. (Note: Where the University provides on-campus internet access it must be able to provide positive identification and current contact details for each user under various state and federal Internet Service Provider Legislation.)
5. End user responsibility
All members of the University who have been provisioned with IT Resources will be bound by the various ICT policies and related University Policies regarding their use. Particular reference is made to adherence to the Acceptable use of ICT Resources – Governing Policy as well as the various Staff and Student Codes of Conduct.