Document Comments

Bulletin Board - Review and Comment

Step 1 of 4: Comment on Document

How to make a comment?

1. Use this Comment Icon to open a comment box for your chosen Section, Part, Heading or clause.

2. Type your feedback into the comments box and then click "save comment" button located in the lower-right of the comment box.

3. Do not open more than one comment box at the same time.

4. When you have finished making comments proceed to the next stage by clicking on the "Continue to Step 2" button at the very bottom of this page.

 

Important Information

During the comment process you are connected to a database. Like internet banking, the session that connects you to the database may time-out due to inactivity. If you do not have JavaScript running you will recieve a message to advise you of the length of time before the time-out. If you have JavaScript enabled, the time-out is lengthy and should not cause difficulty, however you should note the following tips to avoid losing your comments or corrupting your entries:

  1. DO NOT jump between web pages/applications while logging comments.

  2. DO NOT log comments for more than one document at a time. Complete and submit all comments for one document before commenting on another.

  3. DO NOT leave your submission half way through. If you need to take a break, submit your current set of comments. The system will email you a copy of your comments so you can identify where you were up to and add to them later.

  4. DO NOT exit from the interface until you have completed all three stages of the submission process.

 

Bring Your Own Device (BYOD) Policy

Section 1 - Audience

(1) This Policy applies to all users who wish to use their own personal device to access the digital environment of the University of Newcastle (University) or its controlled entities.

(2) This Policy is supplemented by standards, procedures, and guidelines which should be read in conjunction with this document.

Top of Page

Section 2 - Scope

(3) This Policy applies to any personal device used to access University digital assets and platforms, including:

  1. University networks and connectivity solutions;
  2. University platforms, such as but not limited to ServiceNOW and M365;
  3. Software as a Service (SaaS) solutions which contain University data, or provide a service for the University;
  4. digital storage solutions;
  5. digital information and data; and
  6. any other digital asset(s).
Top of Page

Section 3 - Purpose

(4) This Policy provides users the opportunity to user their own personal technology devices to access the University's digital environment. Such devices are referred to as BYOD (bring your own device) throughout the Policy.

(5) The purpose of this Policy is to:

  1. establish the requirements for the use of BYOD for study or work to access University systems and data;
  2. ensure that University systems and data are protected from cyber security threats and non-compliance with relevant laws and regulations; and
  3. establish the responsibilities of BYOD owners and the University's rights.
Top of Page

Section 4 - Definitions

(6) In the context of this document, the following definitions apply:

  1. “application” or “app” means computer software designed to assist end users to carry out tasks;
  2. “Bring Your Own Device” or “BYOD” means any electronic device owned, leased, or operated by an employee, contractor, affiliate or student of the University which is capable of storing data and connecting to a network, including but not limited to mobile phones, smartphones, tablets, laptops, personal computers and netbooks;
  3. “data” means a set of characters or symbols to which meaning is or could be assigned (AS/NZS ISO30300:2020 – Section 3.2.4). The Council of Australasian University Directors of Information Technology (CAUDIT) defines data as a set of facts, representing a specific concept or concepts. Value is added to data when they are combined and presented to users within a context, turning them into meaningful information to support business decisions and enable operational decisions. That is DATA + CONTEXT = INFORMATION;
  4. “minimum requirements” means the minimum hardware, software or general operating requirements of a BYOD;
  5. “Mobile Device Management” or “MDM” means a solution which manages, supports, secures and monitors mobile devices;
  6. “personal data” refers to a users own (personal) data that is stored on a device;
  7. “wipe” or “wiping” refers to a security feature that renders the stored data on a BYOD inaccessible.  Wiping may be performed locally or remotely via a University solution or by a system administrator;
  8. “impossible travel” refers to a cybersecurity detection method that flags login attempts from geographically distant locations within an unrealistically short period of time that may indicate potential account compromise by an attacker.
Top of Page

Section 5 - General Principles

(7) The University permits the use of BYOD’s to provide flexibility, particularly for staff and students, and especially for those who require custom devices to undertake teaching, learning and research.

(8) The decision to provide BYOD access is based on risk and compliance requirements, which are subject to change.

(9) BYOD access is provided at the discretion of the University and can be revoked at any time and for any reason.

(10) University data stored, processed or communicated via a BYOD is and remains the property of the University.

(11) The University and users of BYOD’s understand and accept the conditions under which BYOD access is granted.

(12) Offline access to digital assets and applications which are classified as Restricted or Highly Restricted may not be available.

Top of Page

Section 6 - Requirements for BYOD Owners

(13) This Policy should be read in conjunction with the Digital Technology Conditions of Use Policy.

(14) University data accessed via BYOD must remain on University systems and University data must not be stored on BYOD or personal accounts.

(15) BYOD owners are responsible for:

  1. implementing the security controls required by the University as a pre-requisite for access to University networks, systems and data;
  2. the damage, loss or theft of their devices should it occur;
  3. the cost of a BYOD, including the device, maintenance, mobile and data charges, software licenses (outside of University specific applications), and insurance;
  4. their personal data on their BYOD, including any loss or corruption, and for separating their personal data from University sytems and University data;

(16) If a BYOD that is used to access University digital assets or applications is lost or stolen, the BYOD owner is responsible for immediately reporting the loss or theft to the DTS Service Desk on 02 4921 7000 (or 17000 as an internal call).

Top of Page

Section 7 - The University’s Rights

(17) The University reserves the right to reject BYOD usage that does not meet the University's cyber security and legal requirements.

(18) Cyber security controls required on any BYOD include, but are not limited to:

  1. automatic screen lock;
  2. device pin codes, password or biometric login;
  3. endpoint protection;
  4. encryption of data in storage;
  5. backups;
  6. current vendor-supported operating systems;
  7. up-to-date systems and applications; and
  8. authentication to University networks, systems and data.

(19) The University reserves the right to remotely wipe University native application data from any BYOD in the event of a suspected or actual compromise, including the loss or theft of a BYOD; and if the BYOD owner ceased employment, affiliation, or studies with the University.

(20) The University reserves the right to change requirements for BYOD access including the maturity of security controls required.

(21) When using University networks, the University may restrict access to high-risk websites and services. This restriction does not extend to non-University networks.

(22) The University may assess and monitor any BYOD for malware and vulnerabilities.

(23) The University may prevent screen capture or similar functions of restricted and high-restricted University data from the BYOD.

(24) The University will not access or monitor personal use of a BYOD (unless required for a formal investigation and permitted by law).

(25) Compromised BYODs must be restricted from accessing University networks, systems and data.

(26) The University may monitor the location from which a BYOD signs into identify unusual activity, such as impossible travel.

(27) The University may push and remove data associated with University applications to and from a BYOD to enhance its security or manageability.

(28) The University has a right to inspect University data held on a BYOD.

(29) The University may request an inspection of a BYOD in the owner’s presence prior to them leaving the University to confirm there is no University data stored on the BYOD.

Top of Page

Section 8 - Enforcement

(30) Non-compliance with the provisions of this Policy may result in actin under the University's policies, Staff Code of Conduct, Student Code of Conduct or relevant enterprise agreement / employment contract and may also result in referral to a statutory authority and/or agency.

(31) The Chief Digital & Information Officer (or their nominee) is responsible for monitoring the use of the University's digital assets to measure compliance with this Policy.

(32) Where a user has been found to fail to comply with this Policy or any other of the University's IT policies, procedures, manuals, or guidelines, an authorised delegate may withdraw, suspend, restrict or limit that user’s access to a University computing or communications facility.