1. The purpose of our policy
This policy outlines the principles under which Adelaide University manages the secure, ethical and lawful use of information technology systems and services across the institution.
It defines the governance responsibilities for promoting responsible user behaviour, protecting the University’s information technology (IT) facilities, managing digital risks, and safeguarding data security and privacy.
This policy provides authority to maintain the IT Acceptable Use Procedure.
Please read this in conjunction with the Cyber Security Policy and Information Governance Policy.
2. Who our policy applies to
This policy applies to the Adelaide University community.
3. Our IT acceptable use principles
3.1 Our use of IT is aligned to the University’s mission
2.1.1 Adelaide University’s IT facilities must be used to support learning, teaching, research, and approved administrative functions.
2.1.2 Limited, occasional personal use of university technology is permitted provided it is lawful, non-disruptive, does not incur costs, compromise security, or breach Adelaide University values.
3.2 We uphold and enforce standards of acceptable behaviour and use
Adelaide University IT users must not engage in behaviours including, but not limited to, the following:
3.2.1 harassment, discrimination, or offensive material
3.2.2 copyright infringement or plagiarism
3.2.3 impersonation, unauthorised access or account sharing
3.2.4 use of IT systems for personal profit, political campaigns or unlawful acts
3.2.5 use of unapproved desktop remote access software to gain remote access to Adelaide University IT systems.
3.3 We uphold the safeguarding of university systems
All users must secure the devices they use to access Adelaide University systems (whether University-owned or personal). This includes, but is not limited to, the following:
2.3.1 using complex passwords and enabling multi-factor authentication (MFA)
2.3.2 reporting suspected malware or unauthorised access immediately
2.3.3 there may be modes of authorised remote access which must use MFA.
Personal devices (for example, phones, laptops) may be used to access University systems only if the device meets minimum security standards as defined in the IT Acceptable Use Procedure, and if the user does not circumvent or attempt to circumvent network security.
3.4 We impose controls on third-party use
Access granted to third parties must:
3.4.1 be limited in time and purpose
3.4.2 be recorded and reviewed
3.4.3 be revoked promptly upon termination of engagement
3.4.4 require the third party to comply with the IT Acceptable Use Procedure.
3.5 We enforce our policy to ensure integrity and accountability
Breaches of this policy may lead to the following outcomes:
3.5.1 retraining or written warning
3.5.2 temporary suspension or referral to People and Culture or Student Experience and Success teams
3.5.3 disciplinary action, termination of access, contract termination, referral to legal counsel
3.5.4 escalation to law enforcement in cases involving suspected criminal conduct.
Access may be suspended to mitigate risk during investigation. Refer to the IT Acceptable Use Procedure, Student Code of Conduct and Staff Code of Conduct.
3.6 We monitor our IT systems to comply with legal obligations
Adelaide University monitors its IT systems for operational, compliance and security purposes. Monitoring is conducted in accordance with applicable legal obligations, including freedom of information and records management requirements under the Freedom of Information Act 1991 (SA) and the State Records Act 1997 (SA), and with the University’s privacy obligations as set out in the [Privacy Policy].
3.7 We require prompt reporting and response to data breaches
All users must immediately report any suspected data breach or security incident.
3.8 We ensure responsible use of Adelaide University communications
3.8.1 All users are expected to use Adelaide University communication services in a manner that upholds the integrity, security and reputation of the institution.
3.8.2 All communications will protect confidentiality, avoid reputational or legal risk, and comply with applicable legislation and Adelaide University policies. The use of Adelaide University email will support appropriate identity verification, preserve information security, and maintain auditability of official communications.
3.8.3 Emails and messages created using Adelaide University systems are official records and will be handled in accordance with privacy, records and FOI obligations, as outlined in the Cyber Security Procedure, the Records Management Procedure and the Information Governance Policy.
4. Definitions used in our policy
Please refer to our Adelaide University glossary for a full list of our definitions.
Acceptable use (IT) means the responsible, lawful, and appropriate use of university IT facilities for teaching, learning, research, administrative, or approved incidental personal purposes, in accordance with this policy.
Adelaide University community means a broad range of stakeholders who engage with Adelaide University and includes (but is not limited to) all students, staff, and non-staff members of Adelaide University including alumni, honorary titleholders, adjuncts, visiting academics, guest lecturers, volunteers, suppliers and partners who are engaging with and contributing to the work of Adelaide University.
Data breach means an information breach involving personal information or other confidential or sensitive data and may trigger obligations under privacy or security frameworks.
Information breach means the unauthorised access, disclosure, alteration, loss, or misuse of Adelaide University information, whether digital or physical.
IT Facilities means all information technology assets, infrastructure, devices, networks, platforms, and software systems that are owned, operated, or supported by Adelaide University.
Monitoring (IT) means the authorised observation, logging, or analysis of user activity and system performance to ensure compliance, security, operational integrity, and legal obligations.
Personal use (IT) means limited, non-commercial use of university IT facilities that does not interfere with university operations or violate this or any other university policy.
Security incident (IT) means any actual or suspected event that compromises the confidentiality, integrity, or availability of the University’s information, systems, or services. This includes, but is not limited to, unauthorised access, data breaches, denial-of-service attacks, malware infections, loss or theft of devices containing University data, and intentional misuse of IT facilities.
Third-party use (IT) means temporary or ongoing access granted to non-university personnel for the purpose of fulfilling university-related tasks.
5. How our policy is governed
This policy is categorised, approved and owned in line with the governance structure of Adelaide University and the offices and officers listed below.
Category | Description |
|---|---|
Policy category | Corporate |
Approving authority | Vice Chancellor and President |
Policy owner | Chief Information Officer |
Responsible officer | Chief Technology and Security Officer |
Effective from | 19 December 2025 |
Review date | 1 year after date this version is approved |
Enquiries | Interim Central Policy Unit/[Central Policy Unit] |
Replaced documents | None |