ACCEPTABLE USE POLICY

Document Reference:
Document Owner:
Document Version:
Date Approved:
Next Review:

AP24
IT Manager
3.0
22/12/2011
22/12/2012

Purpose
The purpose of this document is to:
Explain iiNet's expectations and requirements regarding the acceptable use of iiNet's Information Systems
and Resources.
Encourage the optimum use of iiNet's Information Systems and Resources.

Policy Statement
1.0

iiNet will provide all employees and contractors with appropriate Information Systems and Resources in order
to fulfil their duties and responsibilities.

1.1

These systems and resources will be subject to 'Acceptable Use' conditions as determined, from time to time,
by the Company.

1.2

Failure to comply with this Policy may lead to disciplinary action.

1.3

This Policy applies to all employees and contractors who have or are given access to iiNet's Information
Systems and Resources (User).

1.4

By using iiNet's Information Systems and Resources the User agrees to comply with the conditions of this
Policy.

1.5

This Policy is not in any way incorporated as part of any industrial award or agreement entered into by iiNet,
nor does it form any part of any employee's contract of employment.

Definitions
Term
iiNet, we, our
and Company
Data
Information Systems

ITS
MP3
MPEG
PC
Problem Tracking
System (PTS)
Resources

Acceptable Use Policy

Definition
Means iiNet Limited and any Group Company.
Includes but is not limited to email, graphics, documents, applications and multimedia.
Means systems which are provided or maintained by iiNet's departments and includes but is
not limited to iiNet's hardware, software, network, network infrastructure, VPN, PC's,
servers, network drives, computer programs, internet, document storage systems and email.
Means Information Technology Services.
Means a compressed audio file for playback on PC.
Means a compressed audio and/or video file for playback on PC.
Means a personal computer which includes a desktop or a notebook / laptop computer
(including Apple Macs).
Means a system used by staff to record client interaction.
Means any other resources which are provided or maintained by iiNet's departments and
includes but is not limited to iiNet's telephones, mobile phones, photocopiers, fax machines,
all computer related equipment, stationary, postal resources, keys, cards and alarm codes.
Page 1 of 8

Rumba
SMTP
Standard Operating
Environment (SOE)
Streaming Media
SPOP3 / IMAPS

Means an accounts system used by staff to view client account details.

Means a method of sending email.
Means a standard desktop for PCs which consists of an operating system and a set of base
applications.
Means a continuous download of data producing audio and/or video.
Means a secure method of receiving email stored on a server.

Terms and Conditions

1.0

USE OF INFORMATION SYSTEMS AND RESOURCES

1.1

Confidentiality
(a)

1.2

1.3

The Information Systems and Resources that are made available to Users to perform their day to day
duties are often confidential or sensitive in nature and therefore are subject to the following
requirements:
(i)

iiNet's Information Systems and Resources must not be displayed, disclosed or made available to
any Unauthorised Person;

(ii)

Information regarding iiNet's Information Systems and Resources (eg location and functionality)
is not to be disclosed to any Unauthorised Person;

(iii)

Information contained in or displayed by iiNet's Information Systems and Resources must not be
disclosed to any Unauthorised Person unless the information is public knowledge or the User is
authorised to disclose it.

Personal Use
(a)

iiNet may collect information relating to the personal use of iiNet's Information Systems and Resources
by Users.

(b)

If personal use is permitted it is a privilege and must be lawful, proper, ethical and appropriate.

(c)

If personal use of iiNet's Systems and Resources impacts negatively on network performance, it may be
banned or blocked by iiNet.

Monitoring
(a)

iiNet's Information Systems or Resources may be monitored, audited and reviewed by iiNet at any time,
without prior notice, to ensure adherence to this Policy.

2.0

HARDWARE

2.1

Desktop or Notebook Computers

(a)

Desktop or notebook computers (PC) will be made available to Users who require them for their work.
Where the PC is a shared resource, Users will have roaming profiles enabled in order for their
documents and settings to be available from any machine upon logging in. All iiNet provided PCs are
subject to the following requirements:
(i)

The PCs must only be used by authorised Users;

(ii)

The PCs are provided for authorised use only;

Acceptable Use Policy

Page 2 of 8

2.2

The PCs are not to have their hardware specifications modified in any way, except as authorised
and carried out by an information technology services (ITS) delegated representative;

(iv)

The PCs are not to have their resources reallocated (repartitioning hard drives, swapping
components etc except as authorised and carried out by an ITS delegated technician.

Routers or Modems
(a)

2.3

(iii)

In certain cases, you may be provided with a network device such as a modem or router (ADSL or
otherwise) in order for you to work from a remote location or accomplish a specific task. All iiNet
provided network devices are subject to the following requirements:
(i)

The network device must only be used by the User for the purpose it was provided;

(ii)

In the case of a router or other configurable network device, ITS or Network Services may
configure it for you. If this does not occur, you are responsible for ensuring the device is
configured securely;

(iii)

You are responsible for the network device and must return it at the end of your employment
period or when it is no longer required for your ongoing work;

(iv)

If you lose or damage the network device, you may be liable for the cost of a replacement. This
will be at the discretion of your manager and/or the manager of the department owning the
network device;

(v)

If the network device supports remote administration or configuration, ITS must be provided, on
request, with means by which they can access it at any time.

Peripherals
(a)

Various peripherals, including but not limited to mice, keyboards, data storage devices and digital
cameras, will be provided to you where required. All iiNet provided peripherals are subject to the
following requirements:
(i)

Where a peripheral is provided with a PC (e.g. a mouse or keyboard) it is to remain with that PC.
It is not to be removed from that PC or swapped with other peripherals on other PC unless
authorised by ITS;

(ii)

Where a peripheral is used for reading or writing data, you are permitted to provide your own
media for accessing personal data;

(iii)

Authorised tablet devices and mobile phones (including PDAs and smartphones) and USB storage
devices are permitted for use on iiNet's PCs;

(iv)

You must not connect any non-iiNet peripherals to iiNet's PCs unless explicitly authorised by ITS
or the OHS committee. This includes keyboards, mice, and wireless/Bluetooth devices;

(v)

Audio headphones connecting to the speaker/line output of iiNet PCs are permitted, however
headphones connecting via USB must be explicitly authorised by ITS.

3.0

SOFTWARE

3.1

Operating System

Acceptable Use Policy

Page 3 of 8

(a)

3.2

(i)

ITS will apply security patches on an ongoing basis;

(ii)

No modifications should be made to the operating system unless authorised by ITS.

Applications
(a)

3.3

ITS will provide a Standard Operating Environment (SOE) for all PCs, consisting of an operating system
and a set of base applications. The operating system is subject to the following requirements:

The SOE will include antivirus software and a base set of applications, depending on the requirements of
the User's department. ITS may authorise the installation of additional software (eg Visio) if required.
The installed applications (both SOE components and authorised applications) are subject to the
following requirements:
(i)

ITS will configure the software to automatically download updates or apply approved updates;

(ii)

No modifications to the applications (other than required user configuration) should be made
unless authorised by ITS;

(iii)

The applications are provided for that PC only. They may not be transferred to another PC
without ITS authorisation;

(iv)

No additional software should be installed, except as authorised by ITS;

(v)

No additional software should be run on the PC (from the network, storage media [including USB]
or otherwise), except as authorised by ITS.

Data
(a)

Users wishing to access, store and use any Data on their PC must comply with the following
requirements:
(i)

Any Data, which is illegal or unsuitable for the work place is not to be viewed or stored on an
iiNet supplied PC. This includes (but is not limited to) any material which might be considered
offensive, defamatory, obscene, derogatory, pornographic, discriminatory, insulting or violent to
another person;

(ii)

Generally Data on the desktop is not backed up. Additionally, the PC may be re-imaged at any
time as required by ITS. It is your responsibility to ensure that an up to date copy of any
important Data is stored on a network share which is backed up;

(iii)

If confidential Data is copied to a PC it is your responsibility to ensure the data is not distributed
to, nor accessed by, any Unauthorised Persons;

(iv)

Under no circumstance should confidential data, including customer information and cardholder
data, be moved or copied to non-iiNet supplied PCs, or stored on removable media such as USB
memory, optical disks or portable hard drives;

(v)

Client data (including but not limited to email, directory contents and account details) should be
accessed only if required for operational purposes, as required by law, or as requested by the
client or an authorised representative of the client;

(vi)

User data (including but not limited to email, directory contents and account details) should be
accessed only if required for operational purposes, as requested by the User's manager with the
departments Executive approval, or as required by law;

Acceptable Use Policy

Page 4 of 8

3.4

3.5

Where client or User data must be accessed due to operational requirements, every effort should
be made to access no more than is absolutely necessary to resolve the operational issue or
comply with the request;

(viii)

Any client or User data which is accessed for any reason must not be disclosed to any other
person, except as dictated by operational requirements or the authorised requestor.

Multimedia Files
(a)

MP3, MPEG or other multimedia format files, unless owned or licensed by iiNet, are not to exist on any
piece of iiNet Limited hardware unless authorised by a departmental manager, or where temporarily
stored by a provided application (e.g. Temporary Internet files stored by Internet Explorer).

(b)

You may play your own multimedia files stored on personal Compact Discs (or other media) on iiNet
hardware subject to the approval of your manager. Additional software above the SOE will not be
provided to achieve this purpose.

License Keys
(a)

3.6

(vii)

Where ITS provide licensed software (for example the operating system and The MS Office suite of
applications), a license key will be provided or entered. These license keys are subject to the following
requirements:
(i)

License keys are provided by ITS for software running on iiNet owned hardware only;

(ii)

Only ITS supplied License keys are to be used on iiNet owned hardware;

(iii)

Where software is acquired which is not covered by the SOE and you install the software, you are
responsible for returning original media and license keys to ITS;

(iv)

Where software (license or benefit) is provided for Home Use by iiNet or a third party (by virtue
of an agreement between iiNet and the third party), then it is your responsibility to ensure the
uninstall of software or the revocation of the benefit upon termination of employment with
iiNet.

Desktop Security
(a)

All Users are required to either log out or lock their desktops when leaving their desktops unattended.

(b)

All Users must not (attempt to) circumvent desktop security and/or management systems.

4.0

NETWORK

4.1

Local Area Network

(a)

ITS will provide and maintain the network by which your PC connects to iiNet's Local Area Network
(LAN). The network is subject to the following requirements:
(i)

Only equipment supplied or authorised by ITS is to be connected (directly or via another network
device) to the LAN;

(ii)

No hubs or switches are to be connected to unless authorised by ITS or Network Services;

(iii)

The LAN and devices connected to it may be audited at any time, without prior notice, to ensure
adherence to this policy.

Acceptable Use Policy

Page 5 of 8

4.2

Wireless Network
(a)

4.3

(i)

Only equipment supplied or authorised by ITS is to be connected to the iiwired wireless network;

(ii)

The iiguest wireless network provide internet access only and is designed to be used for
contractors, vendors and other people who require internet access;

(iii)

The wireless networks are monitored for inappropriate use.

Passwords
(a)

4.4

ITS will provide and maintain the wireless networks to allow wireless connection of enabled devices. The
network is subject to the following requirements:

You will be allocated at least two passwords, an access password and a services password. Additional
system passwords may be disclosed to you if your role requires it. Passwords are subject to the
following requirements:
(i)

Passwords must be secure, consisting of a combination of lower case letters, upper case letters,
numbers and punctuation characters;

(ii)

Passwords used to access networks or systems which handle credit card data must not be shared;

(iii)

The access and services passwords must be significantly different;

(iv)

The access and services passwords must be changed every 2 months;

(v)

The access and services passwords must not be re-used within a twelve month period from the
time of changing;

(vi)

The access and services passwords must be kept secure. They must not be written down or
stored in clear text;

(vii)

The access and services passwords must not be disclosed to any other person;

(viii)

Passwords may be audited at any time, without prior notice, to ensure adherence to this policy;

(ix)

If you suspect that either of your passwords have been compromised, you must change it
immediately and notify ITS of the possible compromise;

(x)

You are accountable for all access made with the use of your username/password and should
make all possible effort to ensure security.

Email
(a)

Email will be provided for staff and authorised users. Your email is subject to the following
requirements:
(i)

Your email must not be forwarded to any external (non-iiNet) email address or mailbox;

(ii)

Your email must not be stored on any external (non-iiNet) server;

(iii)

Your email must not be disclosed (in part, in full or in summation) to any Unauthorised Person,
unless the information is public knowledge, or the User is authorised to disclose it;

Acceptable Use Policy

Page 6 of 8

4.5

4.6

4.7

(iv)

Your email must not be accessed from outside iiNet's LAN, except via the VPN, through a secure
web-mail facility, or where securely stored on a local PC;

(v)

Personal use of your email is permitted provided it is reasonable and appropriate;

(vi)

iiNet has the right but not the obligation to monitor your email to ensure you are complying with
this requirement.

Streaming Media
(a)

iiNet reserves the right to ban or block streaming media, either specifically or in its entirety, if it impacts
negatively on network performance.

(b)

iiNet supplied PCs may be audited at any time, without prior notice, to ensure adherence to this policy.

Internet
(a)

It is accepted that Users may need to access the internet as part of performing their day to day duties.
However usage of the internet must be lawful, proper, ethical, and appropriate and must not breach this
requirement in any way whatsoever.

(b)

iiNet may monitor internet usage to ensure you are complying with this requirement.

Virtual Private Network

(a)

In order for Users to be able to check their email from home or access iiNet systems, a limited level of
Virtual Private Network (VPN) access is provided to Users.

(b)

It is understood that some Users may require additional VPN access, either to work from a remote
location, or other work requirements. As such, an additional VPN access level is available:
(i)

(c)

On-call access is for Users who need to access servers and network devices should faults be
lodged, or maintenance be required.

All VPN usage is subject to the following requirements:

(i)

PCs or other devices used to access the VPN must not have any remotely accessible services
running;

(ii)

All Users using the VPN on their own personal PCs or other devices are required to install and
securely maintain an Internet firewall and virus protection software, at their own expense, and to
follow other sound practices to keep their VPN client system(s) secure against unauthorised
access;

(iii)

Whilst connected to the VPN, PCs are to only be used by authorised users.

5.0

MISCELLANEOUS

5.1

Printers / Photocopiers / Faxes

(a)

iiNet provide and maintain Resources such as printers, photocopiers and faxes for users to use in order
to perform their day to day duties. Personal use of these Resources is subject to the discretion of the
User's manager.

(b)

iiNet reserves the right to ban or block personal use of such Resources if it impacts negatively on their
performance.

Acceptable Use Policy

Page 7 of 8

5.2

5.3

Stationery / Postal Resources

(a)

Administration provides and maintains Resources such as stationery, couriers and a postal service for all
Users to use in order to perform their day to day duties. Personal use is not allowed without explicit
approval from the User's manager. Users should expect to pay for the Resources they personally use.

(b)

iiNet reserves the right to ban or block personal use of such Resources without notice.

Telephones
(a)

5.4

Where a desk or mobile phone is provided for work purposes, personal use of said phone is subject to
the discretion of the staff members manager.

Keys / Cards / Alarm Codes

(a)

You may be provided with keys (including DKS or MIL keys), cards and/or alarm codes for access to
certain areas of the iiNet premises as required by your daily duties. All keys, cards, and alarm codes are
subject to the following requirements:
(i)

The keys and/or cards are your responsibility. If lost, you may be held responsible for the cost of
a replacement, at your managers discretion;

(ii)

The keys and/or cards are not to be lent to anyone, unless authorised by your manager;

(iii)

You must ensure that any doors requiring an access key or card are closed behind you, to ensure
no unauthorised access to a secure area;

(iv)

If you use your key or card to let any other person into a secure area which that person would
not otherwise have access to, you are responsible for ensuring that the person is not left
unattended unless authorised by their manager;

(v)

The keys or cards should not be left unattended in a public location outside of the secure area;

(vi)

Alarm codes are not to be disclosed to anyone else, unless authorised by your manager;

(vii)

If a key or card is lost or misplaced or if an alarm code is compromised, you must ensure that
your manager, and the manager of the area which may have been compromised, are notified
immediately;

(viii)

Use of and security of keys and/or cards and alarm codes may be audited at any time, without
prior notice, to ensure adherence to this policy.

Acceptable Use Policy

Page 8 of 8