|Approved by||Approved by the Vice-Chancellor|
|Date Regulation Took Effect|
|Last Approved Revision|
|Sponsor||Director, Information Technology Services|
1. In these regulations:
(a) 'University facility' shall mean every item and kind of computer equipment, computer software, network and related items and equipment provided by the University, whether or not owned by the University, and includes any items and equipment to which access is given by or through the University;
(b) 'non-University facility' shall mean any item and kind of computer equipment, computer software, network and related facility which is not provided by the University;
(c) 'facility' shall mean either University facility or non-University facility;
(d) 'University network' shall mean the University's central local area computer networks at the Dunedin, Christchurch, Wellington and Auckland campuses. University network does not include networks which are not connected to the central local area networks;
(e) a 'User' of a facility is any person who makes use of, or attempts to make use of, the facility;
(f) 'Controller', in relation to any University facility, means the person authorised by the University to control that University facility;
(g) a non-University facility, which is connected to the University network shall, for the purposes of these regulations, be considered a University facility. In this context 'Controller' will be the Director of Information Services or the Director's designated agent.
2. No User of a facility shall:
(a) use or attempt to use the facility so as to cause costs to be incurred by the University without the consent of the Head of Department concerned;
(b) use the facility or any part thereof to attempt to gain unauthorised access to any other facility, whether University controlled or not;
(c) use any University facility while masquerading as another user.
3. No User of a University facility shall:
(a) gain access or attempt to gain access to the University facility without authorisation as a user by the Controller;
(b) divulge a password or code enabling access to a University facility unless permitted to do so by the Controller;
(c) use the University facility in such a way as to contravene any requirements for its use notified by the Controller;
(d) if the University facility is connected to the University network, use the University facility in such a way as to contravene any requirements for network access and use as notified by the Director of Information Services or the Director's designated agent;
(e) obtain, modify or remove from the University facility any information to which they are not entitled to have access, nor attempt to perform these actions;
(f) use or attempt to use the University facility so as to cause costs to be incurred by any person or organisation without the consent of that person or organisation;
(g) use a University facility for the purpose of sending or attempting to send an obscene, abusive, fraudulent, threatening, or illegal message;
(h) display obscene, pornographic, lewd, or sexually harassing images or text;
(i) on or in connection with a University facility, use any software which has been unlawfully obtained;
(j) use any University facility in such a way as deliberately to interfere with the reasonable use by another person of that University facility, or any other facility.
4. No 'Controller' of a facility connected to the University network shall contravene any requirements for network access and use as notified by the Director of Information Technology Services or the Director's designated agent.
5. A User who is permitted to use a University facility shall take reasonable precautions to secure his or her passwords, accounts, software and data.
6. An employee of the University who uses a non-University facility in the course of his or her employment
(a) shall not use any software which has been unlawfully obtained;
(b) shall not use that facility in such a way as deliberately to interfere with the reasonable use by another person of any facility.
7. No User of the University network shall connect or attempt to connect equipment to the University network without authorisation from the Director of Information Technology Services or the Director's designated agent.
8. Any breach of regulations 2-7 of these regulations by a student member of the University shall be deemed to be a breach of the Disciplinary Regulations of the University.
9. Any person who, in the opinion of the Controller or the Director of Information Technology Services or the Director's designated agent, is engaged in misconduct in breach of regulations 2-7 may be immediately excluded from the use of the facility and may be immediately excluded from access to the University network. Exclusion of a student for more than one day when the student is using the facility for coursework shall be reported to the Head of the Department involved. Any exclusion for more than three days shall be reported to the Vice-Chancellor. Any person aggrieved by such an exclusion may appeal to the Vice-Chancellor or, if a student, to the Provost for the matter to be reviewed. The Vice-Chancellor or Provost may suspend the operation of an order for exclusion until the appeal has been heard and determined.
10. Any person who contravenes regulations 2-7 will be held liable for damages claims made against the University in relation to that contravention. Further, the person will be liable for the costs of detection and repair of breaches of facility security, damage to hardware, or other costs incurred by the University in dealing with the consequences of such contravention.
11. The Director of Information Technology Services may authorise a Security Auditor to act otherwise than in accordance with the University's Computer Regulations in order to carry out a security audit of the University network or part of it.