Governance

Policies and procedures

Policy No.
UP10/2
Function
Information Management
Authoring Organisational Unit
Information Technology - Central Unit
Date Approved
27/04/2010 Revised 10/03/2014
Next Review Date
10/03/2016
Approving Body
Vice-Chancellor

This document has procedures.
Show All | Hide All | Collapse

The University of Western Australia

University Policy on: Access to University Buildings and Electronic Systems by Staff and Visitors

Purpose of the policy and summary of issues it addresses:

The purpose of this policy is to state how University staff and visitors to the University are provided with access to University buildings and electronic systems.

This policy applies to all staff and students who are employed at the University in an official capacity and to visitors who require authorised access to University buildings and/or electronic resources.

This policy does not apply to visitors of the University's Libraries or any other publicly available facility of the University for which authorised access is not required.

Definitions:

Staff - Category 1 are employees of the University who are employed on an ongoing, part-time, contract, or casual basis and who receive remuneration from the University.

Staff - Category 2 are persons who are not Staff - Category 1 but who are granted access to University electronic resources by an Authorised Person. The criterion for a person to be granted Staff - Category 2 status is that the person must have a relationship with the University or be connected with the University in a manner that is considered to be important to the University. Examples are persons working in research centres and former staff who have a special relationship with the University (such as former office holders).

A Visitor is a person who is not a member of Staff - Category 1, nor a Staff - Category 2, but may be granted access to University buildings and/or electronic resources by an Authorised Person.

An Authorised Person is a member of Staff - Category 1 who has delegated authority (Band 5b or above) to grant access to University buildings and/or electronic resources.

Electronic systems are systems or applications that are accessed via the University electronic network. Examples are email systems and the internet.

Certifying Authority The role of the Certifying Authority is to guarantee that the individual granted access to University buildings and/or electronic resources is in fact who he/she claims to be. For staff of all categories, the Certifying Authority is Human Resources. For Visitors, the Certifying Authority is an Authorised Person.

Authentication is the validation of a user's identity by means of an authentication factor such as a username and password.

Access Control is the restriction of entry to buildings or the use of electronic systems.

Policy statement:

1 Categories

1.1 Category 1 staff may be granted permission by an Authorised Person to enter buildings and access electronic systems commensurate with their role at the University.

1.2 Category 2 staff may be granted permission by an Authorised Person to enter buildings and access electronic systems.

Procedure

Note

In some cases it is necessary to limit the access provided to category 2 staff. For example, University software licence agreements (such as Microsoft Windows and Microsoft Office) may limit use to employees of the University. Where access to electronic resources is required by Staff - Category 2, the Authorised Person permitting access should ensure that software licenses are provided where necessary. This can be ascertained by consulting their information technology Service Desk or support person in relation to software licensing beforehand. The University's Computer and Software Use Regulations must be adhered to by all users who are provided access to the University's electronic systems

1.3 Visitors may be granted entry to University buildings and/or access to electronic systems by an Authorised Person.

2 Access Control

2.1 Access to University buildings

The University Building Access Security system (Cardax) will be the repository for all details relating to the provisioning and de-provisioning of access to University buildings. The Manager, Security, will be the data custodian of all data stored in the University Building Access Security system.

2.2 Access to University electronic resources

There will be a two-stage process for provisioning/de-provisioning namely Certification/Authentication and Access Control. Certification/Authentication is a prerequisite for access control for all electronic resources.

2.2.1 The Certifying Authority for staff of both categories is Human Resources. Data relating to provisioning and de-provisioning of users will be stored in the University's authentication system (Pheme). The University Librarian and Director Information Management is the data custodian of all data stored in Pheme.

2.2.2 Access control to individual electronic systems (such as email, PeopleSoft, Alesco etc) will be granted by delegated authority. Rules relating to access control will be stored within these systems. The person responsible for these systems will be the data custodian of the access control data.

2.3 Campus card

All staff members are eligible for a University identity card. The characteristics of the card remain the same for Category 1 and 2 staff. Visitors who are granted access to University buildings will be issued with a University identity card which appears as a staff card but has the word VISITOR printed on it.

Related forms: (Link)

TRIM File No:

F31182

Contact position:

Information Services Policy Officer

Related Policies or legislation:

[ Show All Procedures | Hide All Procedures | Collapse Procedures ]