Comments

Document Feedback - Review and Comment

Step 1 of 4: Comment on Document

How to make a comment?

1. Use this Protected Document to open a comment box for your chosen Section, Part, Heading or clause.

2. Type your feedback into the comments box and then click "save comment" button located in the lower-right of the comment box.

3. Do not open more than one comment box at the same time.

4. When you have finished making comments proceed to the next stage by clicking on the "Continue to Step 2" button at the very bottom of this page.

 

Important Information

During the comment process you are connected to a database. Like internet banking, the session that connects you to the database may time-out due to inactivity. If you do not have JavaScript running you will recieve a message to advise you of the length of time before the time-out. If you have JavaScript enabled, the time-out is lengthy and should not cause difficulty, however you should note the following tips to avoid losing your comments or corrupting your entries:

  1. DO NOT jump between web pages/applications while logging comments.

  2. DO NOT log comments for more than one document at a time. Complete and submit all comments for one document before commenting on another.

  3. DO NOT leave your submission half way through. If you need to take a break, submit your current set of comments. The system will email you a copy of your comments so you can identify where you were up to and add to them later.

  4. DO NOT exit from the interface until you have completed all three stages of the submission process.

 

Information Technology - User Device Security Standard

Section 1 - Purpose

(1) The purpose of this standard is to:

  1. manage information security risks associated with user devices, and
  2. protect RMIT information and prevent unauthorised access.
Top of Page

Section 2 - Authority

(2) Authority for this document is established by the Information Technology and Security Policy.

Top of Page

Section 3 - Scope

(3) This Standard applies to all staff, researchers, contractors, visitors, and any other parties (collectively referred as “Users”) who have access to the IT assets of RMIT University and its controlled entities (“RMIT”). It is applicable for all devices (RMIT managed as well as non-RMIT managed devices that are used for the conduct of RMIT business) including but not limited to computers, laptops, tablets, phones, wearables, computer peripherals, and the internet of things.

Top of Page

Section 4 - Standard

Corporate (RMIT-Owned) Devices

(4) All devices and mobile services must be procured through Information Technology Services (ITS) using the approved mobile device process. ITS is responsible for maintaining a central register of devices.

(5) Device procurement must comply with the Business Expenses Policy as well as Procurement and Expenditure Policy.

(6) Cost centre managers are responsible for ensuring that devices and SIMs are returned by users when their engagement with RMIT terminates.

(7) Devices provided by RMIT remain the property of RMIT and can be revoked or reassigned as needed.

(8) RMIT has the rights to remove unauthorised or modified applications from devices and related content without notice or warning if it is deemed to be a security risk.

(9) RMIT may temporarily retain any device assigned to an individual to complete security or forensic investigation.

(10) RMIT may remotely lock, wipe, or reconfigure any device if it is deemed to be a security risk. 

(11) Damaged devices must be repaired at an authorised service agent nominated by ITS. Costs associated with the repairs are paid by the owning cost centre.

(12) Lost or stolen devices must be reported immediately via the ITS Service and Support centre.

(13) Authorised users requiring international roaming services on an RMIT device whilst travelling overseas must complete an international roaming request at least five (5) days prior to departure.

Using a Non-RMIT Managed Device

(14) Information generated by RMIT users relating to RMIT business or operations remains the property of RMIT and is accessible by authorised RMIT staff.

(15) RMIT reserves the right to disconnect a non-RMIT managed device and disable services to that device without notification if it is deemed to be a security risk.

(16) RMIT is not responsible for any damaged, lost or stolen non-RMIT managed device an RMIT user may choose to use while conducting RMIT business nor for non-RMIT data damaged or lost on that device.

(17) Activity within RMIT work related apps, tools and tasks being conducted on non-RMIT managed device may be tracked to meet the legal and regulatory requirements of RMIT.

(18) Users must use only authorised applications to interact with RMIT data, and to ensure that all software used for RMIT business is legally licensed. The use of illegally obtained or unapproved applications is strictly prohibited.

(19) Users must maintain a non-RMIT managed device compatible with RMIT’s published technical specifications (e.g. Hardening Standard) which will be updated by ITS as needed. Users should only use devices meeting these specifications to access RMIT network and data.

(20) When using a non-RMIT managed device (e.g. mobile or laptop) to access RMIT systems or data, users must:

  1. keep the operating system and applications up to date; most updates include security patches
  2. keep a current antivirus software version running 
  3. keep a screen lock enabled that uses a unique authentication method, PIN, pattern or fingerprint
  4. enable a ‘find my device’ capability and ensure it is usable if the device is lost or stolen
  5. use only Microsoft Office as the email client to access RMIT email
  6. change their RMIT account password immediately if their device is lost or stolen
  7. not store RMIT data locally on the device memory
  8. have hard disk encryption enabled. 

(21) Users must provide access to non-RMIT managed devices when notified that the device has been selected as in scope for e-discovery or if required for any investigation of a regulatory notifiable data breach or information security incident or litigation or if compelled by a court of law.