Comments

Document Feedback - Review and Comment

Step 1 of 4: Comment on Document

How to make a comment?

1. Use this Protected Document to open a comment box for your chosen Section, Part, Heading or clause.

2. Type your feedback into the comments box and then click "save comment" button located in the lower-right of the comment box.

3. Do not open more than one comment box at the same time.

4. When you have finished making comments proceed to the next stage by clicking on the "Continue to Step 2" button at the very bottom of this page.

 

Important Information

During the comment process you are connected to a database. Like internet banking, the session that connects you to the database may time-out due to inactivity. If you do not have JavaScript running you will recieve a message to advise you of the length of time before the time-out. If you have JavaScript enabled, the time-out is lengthy and should not cause difficulty, however you should note the following tips to avoid losing your comments or corrupting your entries:

  1. DO NOT jump between web pages/applications while logging comments.

  2. DO NOT log comments for more than one document at a time. Complete and submit all comments for one document before commenting on another.

  3. DO NOT leave your submission half way through. If you need to take a break, submit your current set of comments. The system will email you a copy of your comments so you can identify where you were up to and add to them later.

  4. DO NOT exit from the interface until you have completed all three stages of the submission process.

 

Information Security - IT Security Audit Authorities Procedure

Section 1 - Summary

(1) This Procedure ensures the integrity and stability of the University’s computing and network environment, Information Technology (IT) will regularly conduct audits on systems at Victoria University.

Top of Page

Section 2 - HESF/ASQA/ESOS Alignment

(2) HESF: 2.1 Facilities and Infrastructure, 3.3 Learning Resources and Support and 7.3 Information Management.

Top of Page

Section 3 - Scope

(3) This Procedure applies to all staff, students, contractors, visitors and other authorised users of Information and Communication Technology (ICT) facilities and services.

(4) University-owned ICT computers and devices.

(5) Personal (BYOD) equipment and devices located on University premises.

Top of Page

Section 4 - Definitions

(6) Nil.

Top of Page

Section 5 - Policy/Regulation

(7) See the Information Security Policy.

Top of Page

Section 6 - Procedures

Part A - Summary of Roles and Responsibilities

Roles Responsibility
Director / Senior Manager
a. Inform IT staff involved in an audit of their responsibilities under the Information Security policy and associated procedures.
b. Maintain a record of all IT Security audits conducted.
c. Provide authorisation of IT Security audits to be conducted as required.
IT Staff a. Adhere to the Information Security Policy and associated procedures when conducting IT security audits.

Procedures

(8) Information Technology Services (IT) staff have the authority to conduct a security audit on any system at Victoria University (VU). 

(9) IT security audits may be conducted on all computers and communication devices owned or operated by the University as well as any computer and communications devices that are present on the University premises, but may not be owned or operated by the University.

(10) IT Security audits may be conducted to:

  1. Ensure integrity, confidentiality and availability of information and resources.
  2. Investigate possible security incidents to ensure conformance to the University's security policies and procedures.
  3. Investigate possible violations of laws applicable in the State of Victoria, the Commonwealth of Australia and any international jurisdiction in which Victoria University (VU) conducts operations.
  4. Ensure the University complies with relevant legislation.
  5. Monitor user or system activity where there is a legitimate concern that one or more of the above conditions is not being met.
  6. Ensure university resources are used appropriately and for work-related purposes in accordance for work-related purposes in accordance with IT Appropriate Use and Appropriate Workplace Behaviour Policy and associated procedures.
  7. Facilitate the recovery of corporate information stored on individual desktop PCs, Laptops or devices etc.
     

(11) Prior to conducting an audit, personnel performing the IT security audit must be aware of the relevant state, federal and international laws that may be pertinent to their investigation.

(12) Authorisation to conduct an IT security audit must be obtained as required according to the authority requirements for the type of security audit to be performed.

  1. Authorisation to conduct an IT security audit can be obtained from:
    1. Director, ITS Security and Risk Assurance or delegate;
    2. Deputy Vice-Chancellor Enterprise and Digital or delegate; or
  2. Security audits that involve access to confidential material require an audit brief to be prepared for sign-off by the Chief Digital Officer and Executive Director Campus Services or delegate.

(13) Any access as required will be granted to authorised personnel for the purpose of performing an audit. This access may include:

  1. User-level and/or system-level access to any computing or communications device;
  2. Access to information (electronic, hardcopy, etc.) that may be produced, transmitted or stored on VU equipment or premises;
  3. Access to work areas (labs, offices, cubicles, storage areas, etc.);
  4. Access to interactively monitor and log the traffic on VU networks.

(14) A record of all IT security audits will be maintained by the IT Security Office and made available when required to a University Lawyer or Privacy Officer. If required, a final report detailing the outcome of the IT security audit is to be completed.

Top of Page

Section 7 - Supporting Documents and Information

(15) Nil.