Governance

Policies and procedures

Policy No.
UP07/43
Function
Technology And Telecommunications
Authoring Organisational Unit
Information Technology - Central Unit
Date Approved
27/02/2002 Revised 05/03/2003
Next Review Date
01/02/2015
Approving Body
Academic Council

The University of Western Australia

Save this template to the preferred folder on your network drive. 

Note: You must save the template each time you want to write a policy to ensure that you are using the most recent version of the template.

You can use the show/hide button on your toolbar (this looks like a paragraph mark) to hide or show instructions in the template.  If clicking on this button does not work, please go to Tools - Options - View - and un-tick “hidden text” before trying again.

Note: Please do not type or paste over instructions.

(A comprehensive set of instructions is also provided on the Template and Instructions page of the University Policies website.)

To include text in the template, except in the Definitions section, place your cursor at the end of the relevant section heading provided or at the end of the relevant instructions and press “Enter” before beginning to type or pasting in text.  To include text in the definitions section place your cursor immediately under the heading before beginning to type.

Note: If you are pasting in text you must save it as plain text first so that you do not import any additional styles into the policy document.

Formatting styles are embedded in this template and can be found in a drop-down menu on your toolbar.  Note: Please do not add to or alter the styles.  It is recommended that styles be applied once text is finalised.  Apply a style by highlighting the text and clicking on the appropriate style from the drop-down list.

If you require a numbered heading style within the policy text, please use Heading 4 from the drop-down styles list.  This will automatically apply a number to the heading and each time you use the Heading 4 style the next sequential number will be applied automatically. 

Styles 1.1 (Style 1), 1.1.1 (Style 2), and 1.1.1.1 (Style 3) are available for the body of the text.  To reduce complexity, it is recommended that numbering below the level of 1.1.1.1 be avoided.  Bullet points can be used for lists if required.  The list bullet style is available from the styles drop-down list.

Note: If you press “Enter” after a heading provided in the template or after a set of instructions the Normal, Policy style will automatically be applied.

Note: Please do not use tabs in your document.  

University Policy on: Use of Email

Overtype “Policy Name” with the name of the policy.  This must convey specifically, accurately and succinctly what the policy addresses eg Award of Honours, Study Leave.

Purpose of the policy and summary of issues it addresses:

The purpose of this policy is to outline the principles of and responsibilities for the use of University email systems. The policy includes requirements for email record-keeping, disclosure, security, etiquette and mailing lists.

This must be in Normal, Policy style.

Provide a brief summary of the reasons for the policy and issues it addresses.  This section is designed to stand alone.  The aim is to provide the reader with enough information to make a decision about whether or not this is the policy they are looking for.  It must not be longer than 200 words. 

Example 1

This policy defines the nature and purpose of study leave provisions for academic staff and sets out eligibility criteria and other conditions that apply.

Example 2

This policy seeks to rationalise the award of honours across the University by addressing such issues as: entry standards, course content and structure, supervision, assessment, examination, grades, classifications, benchmarking and the maintenance and provision of documentation relating to these matters.  It is based on resolutions of the Academic Board flowing from the 1999 report of the Honours Working Party.

Definitions:

ARMS – the Archives and Record Management Services at the University of Western Australia.

TRIM Total Records and Information Management, the official Records and Electronic Management System for the University.

Place your cursor immediately under the definitions heading to get the definitions style.

Policy statement:

The University provides email accounts to staff and students primarily for the purpose of conducting UWA business. While some private use may be acceptable, the email system may not be used for private gain or commercial purpose. Users should be aware of accepted etiquette in using the email system and must be mindful of privacy, security and archival responsibilities.

The following principles define the underlying rules for the provision of email services.

1. The University provides email primarily for conducting UWA business.

1.1 All communications undertaken using the University email system are regarded as official records and should comply with Appendix A.

1.2 All emails of consequence should be properly filed and safeguarded, as outlined in the University’s Record Keeping Plan.

1.3 Emails can be stored as records electronically on TRIM. Access is required and can be requested through ARMS.

1.4 University email accounts are not be used for private gain or commercial purpose (except where duly authorised).

1.5       Some private use of the University email system may be tolerated.

2. Users should note that email privacy cannot be guaranteed and email security cannot be fully ensured.

2.1 Users of email should understand that there are some circumstances in which the contents of their email may be disclosed to others: it may be accidental; incidental to the investigation of a technical problem; or deliberate and conscious.  All actions resulting in such disclosure must comply with Appendix B.

2.2 Emails should not be used for highly sensitive or confidential information, unless appropriate action is taken to secure the contents against disclosure, alteration or forgery. The University encourages users to be aware of the degree of privacy and security that are attached to email transmissions, and urges users to take appropriate measures in minimising risk of disclosure or alteration. Instruction for securing email transmissions are set out in Appendix C.

3. Users of the University email system are required to adhere to codes of conduct and etiquette.

3.1 The content and use of email must comply with the University’s Computer and Software Use Regulations, its Policy on Discrimination and Harassment, the UWA Code of Ethics and Code of Conduct and other applicable policies, regulations and laws.

3.2 Users are encouraged to follow UWA email etiquette as outlined in Appendix D.

3.3 Mailing lists should be set up and used appropriately, conforming with Appendix E.

Appendix A: Treating email as official University records

Given that emails will typically be official University records, the following should be observed:

a.  All important email communications should be kept.

b.  Significant emails should not be stored long-term on personal computer filing systems as operating systems may change or users may leave the position.  

c.  Significant emails should be electronically filed on TRIM where they can be stored and indexed for ready access to authorised people. Alternatively they can be printed out and stored in a regular filing system or archived with ARMS.

d.  Email should be well managed with intelligent use of folders (e.g. name folders the same as you would for word processing headings). Consideration should be given to automatic diversion of email with certain subjects into associated folders.

e.  A preserved email should contain sufficient information on originator, recipient and subject and should include the date and time of the communication. Make sure the Subject field contains an appropriate heading.

f.  Encrypted email should be decrypted before it is filed (it may be best to print it out and file it in the same way as for other confidential printed material).

g.  Email should not be preserved longer than is necessary; it may subject the holder to legal vulnerabilities. But records should only be deleted in accordance with guidelines advanced by the University Archivist.

h.  Broadcast email should not be preserved, except by the originator if he or she feels it has worth. Broadcast email originating outside the University which is worth preserving should be saved by the most senior person receiving a copy.

i.  Ensure arrangements are in place for handling email when staff are on leave or otherwise absent.

j.  In general, apply the following in consideration of email preservation:

*  if sent by a member of UWA, then the sender is responsible for preserving it (where applicable);

* attachments should be filed with the message;

* many emails have only temporary value (e.g. setting up a meeting time), so should not be preserved beyond the time to which they relate;

* if the email has the same standing as a paper document which would previously have been filed, then it should be preserved;

* it should be preserved if it records University business, records a decision or precedent, or if someone will need it in future.

Appendix B: Disclosure of electronic material

There will be occasions when electronic material including email, computer files and other may be seen by someone other than the owner or intended recipient. There are several scenarios in which electronic material may be disclosed. These scenarios follow:

Disclosure types

i.  Email is sent accidentally to the wrong person. (This can happen when replying to a list rather than to an individual, by mistyping an email address, or when a system malfunction occurs.)

ii.  Files are seen accidentally by the authorised person of an IT facility in the course of monitoring network traffic or computer system behaviour. (In this scenario it would not normally be the contents of the email that is being examined, but the file location, storage, volume, integrity etc.)

iii.  Files are seen or examined by the authorised person of an IT facility in the course of investigating a systems malfunction or suspected malfunction. (In this scenario it could be that only fragments of files are seen and the owner’s identity may not be known. Part of this investigation may involve a search for the owner.)

iv.  A member of the University is absent and unreachable and University business is impeded. A colleague may require access to the absent member’s files.

v.  The files of a specific individual are examined in the course of investigating some breach or suspected breach of Regulations by that individual.

vi.  Other situations in which files are disclosed.

The following governs the actions of anyone who views another’s computer files under such conditions.

1 For all types of disclosure

All members of the University, including authorised persons who possess special privileges in connection with certain computer or network systems under their control, must treat the email and file contents of others as strictly confidential. This applies equally to any accidental disclosure of content. Exceptions apply where the content clearly indicates that public viewing is expected, or in special circumstances as outlined below.

2. For type (i) disclosure

Anyone who receives an email in error should notify the owner (if known) and should treat content as strictly confidential.

3. For types (ii) and (iii) disclosure

a.  In usual circumstances, only authorised persons for a particular IT facility may undertake this activity. Such persons have delegated authority to undertake this activity upon appointment: either outlined in their duty statement or as an implicit part of duties.

b.  Authorised persons must agree to abide by the confidentially agreement requirement outlined in point 1 above.

c.  Where someone other than an authorised person as outlined in (a) above has reason to carry out such work, the Head of Department or equivalent must provide explicit authority. If the work is carried out in emergency conditions, the Head must be notified as soon as possible thereafter.

d.  Duly authorised persons for particular IT facilities should confine investigations to those facilities except where explicitly invited by another Head to undertake activity in that Head’s department or unit.

e.  For type (ii) and (iii) disclosure it would not normally be necessary for relevant authorised persons to notify the owner of the material, if indeed the owner can be identified at all. Authorised persons are expected to use their discretion and only need notify the owner where the circumstances seem to warrant it.

4. For type (iv) disclosure

a.  In the situation of an absent member, the Head of Department or equivalent of the absent person must give explicit permission for the examination of computer files by another staff member or authorised person.

b.  Detailed records of files examined or copied must be kept, and the absent University member must be notified as soon as possible on their return.

c.  Every reasonable effort must be made to contact the absent University member before this action is taken and such efforts should be continued until the member has been located or has returned.

5. For type (v) disclosure

a.  In the situation where there is reason to believe that certain email or other electronic material may infringe University Regulation or other applicable laws or policies, or in the pursuit of some other suspected infringement, then only the Registrar (in the case of students) or the Senior Deputy Vice-Chancellor (in the case of staff and others) may authorise the email or computer files of an individual to be examined, with or without the knowledge of the individual in question.

b.  The authorised person examining computer files must keep full records of all files examined and copied, in addition to names of others who have viewed or who have been sent the files.

c.  In this situation, the normal procedures applicable to such suspected misconduct investigations will be observed.

d.  No investigation of this kind may be prolonged unduly.

e.  In circumstances where some external authority has required the disclosure (eg. the police, acting with proper authorisation), then the above procedures will be modified to comply with the normal procedures applicable to such actions.

f.  If a suspected case of infringement that requires urgent action is brought to the attention of authorised persons, they may undertake a preliminary examination of the user’s files in order to determine if there is sufficient evidence to warrant a full investigation as provided for in (a) to (e) above. The procedures for obtaining authorisation for this preliminary investigation should follow those set out in (a) above, but if a timely response cannot be obtained from the relevant authority, then the authorised person's Head of Department or equivalent, or that person's delegate, may give authorisation.

g.  Note that section 5 still pertains to the qualified privilege that applies to the correspondence and files of employee Unions.

6. For type (vi) disclosure

In all other cases where accidental or intentional disclosure may occur, then action should be taken which is in keeping with the principles set out in the above five cases.

Appendix C: Securing email transmissions

The University strongly urges all users of email to observe the following to ensure that an appropriate level of security is applied to all their email.

a.  Users should not expect that their emails are any more certain of being delivered than regular mail.

b.  Users should realise that ‘clear text’ email messages may be seen by people other than the intended recipient; they should regard the privacy of email messages as only moderately better than that of a postcard.

c.  Users should be aware that it is possible for hackers to forge email, making it appear to originate with others, so should treat all email with some degree of circumspection.

d.  Notwithstanding the above, all members of the University are expected to treat other people's email (and other computer files) as strictly confidential, except as provided for below, and except where the context clearly indicates that the email is for general viewing (e.g. by being posted to an open mailing list or newsgroup).

e.  Users should be encouraged to abide by generally-accepted ‘netiquette’ for all email (see Appendix D.)

f.  If reliance in any serious way upon any email or upon its integrity is required, then use must be made of encryption and digital signatures; both these are extremely reliable, and are now widely available (eg PGP encryption and signatures).

g.  Email which is to be archived must not be in encrypted form. Generally speaking, it is best to print it out and submit it for filing in the same way as for normal printed confidential information.

Appendix D: Email Etiquette

Email is an invaluable tool for our daily communication needs and the ease of delivering messages efficiently is apparent. Whether used formally or informally there is a standard of etiquette that should be observed by users to maintain an accepted level of clarity, respect and professionalism.

1. Daily routines and housekeeping

a.  Check mail regularly.

b.  If an email calls for a reply, try to reply promptly. Should the email take some time to formulate, send an acknowledgement, so the sender is not left wondering if the email ever reached its intended recipient.

c.  Conversely, never assume that simply because a message has been sent, it has been read.

d.  All members of the University are expected to treat others’ emails as strictly confidential, except where it is clearly indicated that the email is for general viewing.

e.  Develop an orderly filing system for any email messages to be retained and delete unwanted messages.

f.  Make arrangements for email to be forwarded when absent, or set up an automatic ‘out of office’ message.

2. Writing and sending messages

a.  Make sure that the subject field of the message is meaningful and reflects the subject matter.

b.  Always be mindful of how emails are expressed, especially if emotionally driven at the time of composition. Email can often lack cues and clues that convey the sense in which it is to be taken; wrong impressions can easily be conveyed. Emoticons can sometimes be useful in conveying sentiment, but use them sparingly.

c.  Write with professionalism, clarity and try to avoid long sentences.

d.  Try to keep messages brief. A long document should be prepared in a more appropriate form (e.g. as a Word document) and sent as an attachment.

e.  Do not send or forward chain mail, viruses, hoaxes or spam. You should also avoid including personal information such as credit card details or passwords.

f.  Attach your full name and email signature with your first communication.

3. Other people’s messages – quoting, replying, forwarding

a.  Do not extract and use text from someone else’s message without acknowledgement. This is plagiarism.

b.  Make sure the originator has given permission (explicitly or implicitly) for their email to be passed on – emails are also subject to copyright law.

c.  Do not misrepresent someone by making changes to their message and then passing it on without making it clear where changes have been made.

d.  When forwarding a message, ensure only the relevant attachments are included.

e.  When replying to a message, ensure the recipient(s) are correct – sometimes you might inadvertently reply to a group when you meant it for the originator only.

f.  Use cc: only when it’s important for copied in recipients to know about the contents.

g.  Use bcc: when you are including a list of recipients who should remain private.

4. Appropriate use

a.  Email is regarded as official University correspondence and should always be used appropriately as all correspondence reflects on the reputation of the University.

 b.  Always remain courteous and professional.

Appendix E: Mailing lists

The following applies to the establishment, management and use of electronic mailing lists within the University.

a.  Any member of staff may set up a mailing list for any purpose associated with their employment.

b.  Any student may set up a mailing list for any purpose associated with their membership of the University, subject to the approval of the Director of Information Services.

c.  No person may be added to a mailing list without their permission (except where provided for below).

d.  Each person creating a mailing list is responsible for defining and publicising its purpose, for monitoring and moderating the general content of postings and general behaviour of members, for monitoring membership, for ensuring the original purpose of the mailing list is not widely abused, for ensuring membership is primarily drawn from members of the University (but see (h) below), for passing on responsibility for the list should they cease to belong to the University, and for closing the list down when it has fulfilled its purpose.

e.  If postings on any list are found to contravene the University's Computer and Software Use Regulations, or other applicable Law, Regulation or Policy, then the mailing list will be shut down pending resolution of the contravention.

f.  The University centrally may set up mailing lists comprising certain sets of staff and/or students, for the purpose of general University communications, without the permission of members. These lists fall into 2 categories – those intended for official communications, and those intended for more general, informational communications. Any request by a member to be removed from the general category must be agreed to. Only if a member has good reason (as judged by the Registrar) may they request removal from the official category. Only approved postings may be made to these central, official lists, consistent with guidelines laid down by the Registrar.

g.  Faculties and other units may set up lists comparable to these central, official lists, which may operate in comparable fashion at that level.

h.  Normally, membership of mailing lists set up using University facilities should be confined to members of the University (including official visitors). Individuals who have some association with the University are exempted from this restriction. Temporary mailing lists for conferences or similar activities which are organised by the University or members of the University are permitted, provided they are the responsibility of a member of the University, have been approved by the relevant Head of Department or equivalent, and comply with other Rules on use of University facilities (e.g.  clause 5 of this Use of Email Policy). The same guidelines apply to more permanent mailing lists set up for professional societies or similar.

Policy or Procedure?

Policies are statements of the principles1 which govern decision-making.

Procedures are the functional steps used to implement policies.

1 Principles in this context are to be understood as being both broad and detailed.

The policy statement makes clear the intent of the policy.  It must be written in clear, precise and direct language.  Short sentences are preferable.  Any specialist words or acronyms must be defined at the beginning of the statement.  (A guide to writing styles will be available soon.)

If the policy includes procedural elements you will need to identify these as Procedures by including this word above the relevant text.  The procedures style from the styles drop-down list must be applied to the whole of the procedures text, including the word Procedures.  Note: Administrative procedures can be approved by the relevant Director.

Related forms: (Link)

Provide links to any forms associated with the policy (eg Approved Leave form) and/or to information on on-line submission.

Note: Forms are a means through which policy is processed, not made.  Forms must reflect policy and must not be used to create policy.

TRIM File No:

UP07/43

Insert the appropriate TRIM file number.  All policies must have a TRIM file for storing information relating to policy development and other related information.  Note this is not the policy number.  Apply for a TRIM file number at http:/intranet.uwa.edu.au/page/38742

Contact position:

Information Services Policy Officer

State the name of the position that is to be contacted for any queries regarding the policy, eg University Secretary.  Note: As this will link through to the University’s Contact Directory, the position name must be given exactly as it appears in that directory.

Related Policies or legislation:

Computer and Software Use Regulations

http://calendar.publishing.uwa.edu.au/latest/partd/compandsoftwareregs

Policy on Discrimination and Harassment

http://www.hr.uwa.edu.au/equity/inclusive-campus-culture/harassment

UWA Code of Ethics and Code of Conduct

http://www.hr.uwa.edu.au/policies/policies/conduct/code

University Record Keeping Plan

http://www.archives.uwa.edu.au/information_about/uwa_record_keeping_plan

                                                                     

Provide details of, and, if appropriate, web links to, other policies, legislation or committee resolutions that relate to the subject of the policy, if known, eg Statute(s), University General Rule(s).  If unsure what these might be, try one or more of the following:

Conduct a search on TRIM.

Make an enquiry to Archives and Records.

Seek help from staff in the relevant section. 

If related policies are stored in University Policy format on the University Policies site, please provide the relevant policy number(s). 

Switch off the instructions by clicking the hide/show button on your toolbar.

Check the content of the document for clarity and accuracy.

Submit the document to the relevant position or body for approval.

When the document is approved -

if the policy does not already have a University Policy number, apply for one by completing the form at http://intranet.uwa.edu.au/archives/new_university_policy_number (Control and click to follow the link.)

include the University Policy number in the relevant table box in the template; and

complete the relevant approval date and any other table boxes at the end of the template that have not yet been completed.

Save the document in Filtered HTML format to a convenient location on your network drive (Go to File – Save As and select Web Page, Filtered from the drop-down list under the filename box.)

Apply the style-checker as follows:

Go to the following URL http://www.admin.uwa.edu.au/policytidy (Control and click to follow the link.)

Browse to find the policy document you have saved in Filtered HTML.

Hit “Submit” to bring up the preview of the converted document.

Check for errata and mis-processed characters.

Once the document is correct, click on “Download Document” to download the document to the preferred folder on your network drive.

Appropriate Director emails (rorett@admin.uwa.edu.au) the policy to University Records for storing in TRIM and publishing on the University Policies website.