The purpose of this policy is to provide guidelines for the allocation and use of computers for staff within the College.
This policy applies to all staff (employed and volunteers) of the College who are issued computers for work purposes, and all staff who bring their BYOD to the College.
The College: Eastern College Australia
Computer: Desktop, Mobile Phone, Smartphone, Tablet, Laptop, Portable storage device
BYOD: Bring your own devices are computers that are the property of the staff member used for the purpose of work that accesses College IT systems and is not owned or leased by the College. This includes but is not limited to desktops, mobile phones, smartphones, tablets, laptops, and portable storage devices.
Software: computer software is designed to assist end users to carry out useful tasks. Examples of software may include the Microsoft Office suite of products or smartphone applications such as Google Maps.
The College will seek to provide computers, monitors and accessories to staff members who require it as part of their job requirements. However, staff members who work 2 days per week or less or are sessional faculty will not be supplied with an individual computer by the college. Exceptions may be sought on rare occasions, but they must be approved by the Chief Operations Officer (COO). The College will provide either a desktop or a laptop to staff members dependent on work responsibilities and requirements.
The purchase of Computers will be governed by the following principles and guidelines:
- Preferred Vendors and Models: The IT department will manage computers based on preferred vendors and 2-3 different models to ensure compatibility, serviceability, and range. These preferred vendors and models will change from time to time, and staff are encouraged to make enquiries to the IT department regarding computer options.
- Exceptions for Apple Mac Computers: The College prefers not to provide Apple Mac computers (desktops or laptops) due to economic, manageability, and security reasons. However, given popularity of the product, the College can provide Apple Mac computers if specifically requested. Staff must speak to their supervisor and seek approval from the COO outlining the reasons for the use of Mac. As Apple Macs are typically more expensive, those wanting an Apple Mac will need to fund the gap balance of a standard College computer and the Apple Mac computer. For example, if the standard computer for the College is a $1,800 Lenovo laptop and the Apple Mac computer is $2100, then the balance between the Apple Mac model purchase and the Lenovo of $300 must be funded by the staff member. The asset and ownership of that laptop will remain with the College; however, upon disposal of the asset (e.g., past its usable life of 5 - 8 years) the staff member is eligible to purchase the laptop at market value and/or an agreed price. If the staff member resigns prior to the end of the usable life of the Apple Mac computer, the computer will remain the asset of the College unless otherwise negotiated with the IT department.\
- Replacement and Disposal of Computers: Computers will be replaced at the end of their usable lifespan, which is usually 5 years for a laptop and 5 – 8 years for a desktop. The usable life will be determined on a case-by-case basis by the IT department, but the minimum is 5 years. The IT department will perform heath checks on all College owned computers 1-2 times per year, to assess the usability of the device. This will be dependent on several factors which includes processing speed, model, usability, serviceability, and other factors. The IT department will be responsible for managing the replacement process. At the end of the usable period, it may be possible for the staff member to obtain the computer, although this is at the discretion of the IT department who needs to keep a fleet of laptops on hand as loaner machines and spares.
- Bring Your Own Device (BYOD): BYODs are required for staff members who work 2 days or less and all sessional staff members. BYODs pose increased risks to the College by way of cyber security, data breaches, malware etc and must be governed by extra principles:
- For staff members who work 2 days or more per week and would like to BYOD, BYODs must be approved by the IT manager in consultation with the staff member’s supervisor.
- To use a BYOD, staff members must first book an appointment with the IT department for initial set up and vetting. BYODs must be installed with mandatory software to ensure cyber security and management of other risks.
- By choosing to BYOD, the user gives consent for the College to interrogate such devices to ensure appropriate use, as defined by this policy to such extent that is does not breach privacy laws.
- The College will require that all devices (College Owned or BYOD) have Endpoint Protection Software (of the College’s choosing) installed on the device (by the College IT staff) for such devices to have direct access to the appropriate suite of College IT drives and files. For staff that use their BYOD but elect not to have Endpoint Protection Software (of the College’s choosing) installed on their device (by the College IT staff), access to College systems will be via Web Pages only and will be of necessity limited.
- The College will not reimburse BYODs or provide any payment for BYODs. The College is not responsible for any damage or loss that occurs to any BYODs.
- Given the large range of BYOD models and suppliers, limited support may be provided to assist the staff member in accessing College systems and services.
- The College may perform a remote wipe of College data to prevent unauthorised access.
- The College will not reimburse BYODs or provide any payment for BYODs.
Staff who choose to BYOD must:
- Ensure that the operating system, firmware and software are obtained from a credible and authorised source. Such software is required to be up to date with the latest security patches and versions installed to protect against cyber threats and system vulnerabilities.
- Install and utilise security solutions where available such as anti-viruses and firewalls.
- Not store highly sensitive and confidential data on their BYODs.
- Immediately notify the IT Department if any BYODs carrying College data is lost or stolen by emailing help@mst.edu.au
- Ensure the device supports password and/or pin authentication and is enabled for protection of data and misuse. The BYOD must also have automatic lock turned on.
- Loaner Computers: The College will maintain a minimum fleet of 3 spare loaner computers that can be borrowed in the event a staff member’s computer is not approved for use within the College, is not working, needs repair, lost, left at home, or in other emergency situations; however, priority will be given to users of College-provided computers.
- Decommissioning of Computers: To protect the College’s data, all storage media must be properly erased before being disposed of. However simply deleting or even formatting data is not enough. When deleting files or formatting a device, data are marked for deletion, but are still accessible until being overwritten by a new file. Therefore, special tools must be used to securely erase data prior to equipment disposal. Some methods of disposal to ensure that the information cannot practicably be read or reconstructed that the organisation may adopt include:
- When computers have reached the end of their useful life, they should be taken to the IT area for proper disposal.
- All data should be removed from equipment using disk sanitizing software that cleans the media overwriting every disk sector of the machine with zero-filled blocks.
- Employees must consult the IT area before disposing of any Computer that contains College material.
Disposal of IT hardware will be managed by the College IT Department and any funds derived from the sale or auction of such hardware will be returned to the College.
- Ownership of Computers: Computers issued to staff members remain the property of the College. Staff members are responsible for safeguarding the computer issued to them and for immediately reporting any loss, theft, or damage to the IT department. All College supplied computers must be returned to the IT Department or to their Supervisor upon termination or resignation unless otherwise agreed with the IT Department.
- Use of Computers: Staff members are expected to use their computer in accordance with the College’s acceptable use policy.
Policy Breach Consequences
Any College staff member identified as breaching the Computer policy (such as stealing or intentionally damaging IT equipment) or committing unlawful behaviour may be subject to disciplinary action, and / or criminal prosecution (see Termination of Employment policy). Corrective disciplinary action will depend on the severity of the situation and may include, but is not limited to one or more of the following as deemed appropriate by the College:
• counselling – which may be in conjunction with another disciplinary action
• transfer, reassignment of responsibilities or leave of absence
• verbal reprimand, written warning, probation, reclassification, suspension or termination.