F/1.1 Data and digital resources allocation

Policy Owner	Vice-President (Digital) and Chief Digital Officer
Approval Date	21/04/2023
Approval Authority	Vice-Chancellor and President
Date of Next Review	30/04/2026

1.1.1 Purpose
1.1.2 Application
1.1.3 Roles and responsibilities
1.1.4 Framework for allocation of information and communications technology resources and services
1.1.5 Use of QUT data and digital resources and services
1.1.6 Provision of resources and approved defined roles
1.1.7 Acquisition of information and communications technology and software licensing agreements
1.1.8 Computer software, including applications
1.1.9 Cloud services
1.1.10 Definitions
1.1.11 Delegations
Related Documents
Modification History

1.1.1 Purpose

The purpose of this policy is to outline the university’s framework for the provision, acquisition and use of data and associated digital resources. This framework supports QUT’s digital strategy, broader university objectives, and enhances QUT’s role as a university of technology.

Top

1.1.2 Application

This policy applies to:

• any person creating, managing, using and/or otherwise granted access to QUT’s information, data and/or any associated digital systems or services, including information systems, communications, and technology (ICT)
• procurement of data and/or digital capabilities for any QUT activity, subject to the point below
• any person connecting a device to QUT’s network.

This policy does not apply to circumstances when the digital investment is third party funded and where apart from researcher use or subject matter expertise, QUT has no input, i.e. the systems are not built by, connected to, funded by, and/or use QUT systems or services.

Top

1.1.3 Roles and responsibilities

Position	Responsibility
Service area lead and service area owner	defines the service strategy, ensuring buy-in and consistent application of same determines and develops resources and capability levels across the dimensions of people, and ensures processes and systems support that service(s)
System owner	is accountable to manage the use, and protection of an IT system, normally an application or online service. The system may support one or many QUT functions or services.  The system owner is responsible for system support, upgrades, and for implementing the system’s roadmap, including consultation with service owners who may be affected by, and/or requesting, the change may be responsible for implementing controls and functionality required for the appropriate management of information assets within their system, but is not responsible for the management of the information asset supports systems including availability in line with agreed service levels, upgrades, and implementing the system’s roadmap, including consultation with service owners who may be affected by, and/or requesting, the change
Infrastructure owner	ensures infrastructure meets the continuity, capability, and capacity requirements of QUT, including underpinning platforms, infrastructure and services plus infrastructure supplied by third parties, (e.g. cloud services, telecommunications)
Users of data and digital resources	use data and digital resources in accordance with the requirements of this policy
Vice-President (Digital) and Chief Digital Officer	approves procedures and changes to QUT’s digital ecosystem in line with policy commissions and approves digital strategies, plans, protocols, standards, procedures, roadmaps and supporting guidance to ensure digital capabilities support QUT’s strategic objectives and address operational imperatives provides information, data and analytical capabilities to support QUT decisions provides centralised digital services across QUT
Digital Transformation Advisory Group (DTAG )	advises the Vice-Chancellor and President on defining and realising the university's digital ambition provides guidance and recommendations on the development of a digital portfolio, which supports the university’s digital ambition recommends the portfolio of digital initiatives to inform the annual and long-term planning and budget needs to deliver upon the university’s digital ambition consults with, and seeks endorsement from, the University Executive Committee where a proposed investment exceeds $10M balances risk and opportunities with investments of scale ensures planned outcomes and benefits are efficiently realised and harvested ensures continuous improvement and rejuvenation of the digital change process within the social, environmental, community and business context of the university The terms of reference can be accessed from the DTAG SharePoint site (QUT staff access only)

Top

1.1.4 Framework for allocation of information and communications technology resources and services

Digital enablement, and where applicable transformation of education, research, student management and enabling functions is a key goal for the university. This commitment includes the provision of access to a range of information resources and services provided through the university's information technology infrastructure.

The university has a responsibility to ensure that data and digital resources are aligned with its business and deliver value to the organisation through the appropriate allocation of resources, adequate assessment of security and mitigation of risk. Performance must also be measurable.

To appropriately allocate these resources, and address security and other risks, the university has established a process by which access to corporate physical and virtual information resources and infrastructure is granted.

When investing in digital capabilities QUT is to follow the requirements outlined in the Digital Investment Portfolio Lifecycle (QUT staff access only).

Top

1.1.5 Use of QUT data and digital resources and services 

Data and digital systems, services and facilities provided by the university both on and off campus may only be used in support of QUT's teaching, research, administration and service activities.

QUT's commitment to professionalism, ethical practices, equity, and social accountability implies a duty of care in relation to the use of ICT resources and services.  Finite resources are applied to information facilities, and their use for university purposes must not be diminished by use for other purposes.  QUT also values the trust provided to it when students, staff and other stakeholders provide QUT with their information.  For this reason, information is strictly controlled to reflect its intended purpose as agreed by the provider at the time of provision.

The University’s expectations for appropriate management and use of its data, information and associated digital resources are detailed in various University policies.

Top

1.1.6 Provision of resources and approved defined roles

QUT allocates access to information and technology services and resources based on approved defined roles in accordance with the Data and information asset management policy (F/1.9).

Rights to use the digital resources and services of the university are non-transferable, unless specifically authorised by the Vice-President (Digital) and Chief Digital Officer.  Access to most services and resources will cease at the end of a person's relationship with the University (e.g. upon graduation or cessation of employment etc).  Exceptions to this de-provisioning of access are approved by the Vice-President (Digital) and Chief Digital Officer and can be sought via the Digital Workplace (QUT staff access only).

The university permits members of the public to use information technology systems and facilities subject to the provisions of the Telecommunications Act 1997 (Cth) and relevant commercial and licensing agreements.

Charges may apply for use of digital resources and services in accordance with QUT’s user charging policy (G/8.1).

Top

1.1.7 Acquisition of  information and communications technology and software licensing agreements

Expenditure of funds on digital resources and/or digitally enabled capabilities should be aligned with QUT's planning processes and priorities, including the Capital Management Plan (CMP).

Where applicable, project notifications, proposals and plans must be prepared and approved for expenditure on projects and/or business change initiatives in accordance with QUT budgeting and forecasting requirements (QUT staff access only).

Acquisition of ICT and software licences must be considered in the broader context of QUT's Digital Strategy according to protocols and standards approved by the Vice-President (Digital) and Chief Digital Officer.  Where necessary, the Vice-President (Digital) and Chief Digital Officer may specify that the activity to which the acquisition relates, must be added to the Digital Project Register, to address risk and to ensure that the project to which the acquisition relates is managed appropriately.

Subject to compliance with the above, acquisitions may be approved by relevant officers up to the officer's expenditure limit. The Register of Authorities and Delegations (QUT staff access only) provides further details.

 

Top

1.1.8 Computer software, including applications

When software, including applications, is built or sourced in support of QUT end user operations, e.g. research, education or professional service delivery,  the software must be registered in QUT’s corporate systems register or QUT’s software catalogue (QUT staff access only), plus acquired and used in accordance with the Copyright policy (F/5.1) and the Copyright Act 1968 and any licence or agreement that permits QUT to use the software.

Top

1.1.9 Cloud services

The university’s objective is to increase productivity, agility and support enhanced innovation.  Used correctly cloud-based services allow QUT to rapidly acquire, process and store information plus provide access to a range of applications and algorithms that support this objective.

For these reasons QUT has taken a “cloud-right” approach when considering any investment in new ICT services and when replacing any existing ICT services, in particular highly commoditised services, whenever the cloud services:

• are fit for purpose and based on QUT’s principles of sustainable procurement (G/5.3 Procurement)
• represent value for money (G/5.3 Procurement)
• provide adequate management of risk to information and ICT assets as defined by the QUT Risk Management Framework (QUT staff access only).

The QUT Guidelines for Cloud Computing (QUT staff access only) provide further information regarding cloud concepts, the procurement of cloud services and offshore data hosting and processing.

Top

1.1.10 Definitions

Digital refers to the use and management of data, information, communications, and technology to enable delivery of university services and for the fostering of innovation and enabling strategic change through transformation.

Infrastructure refers to digital technologies used to run systems, store or process data, including software, hardware, firmware, and networks, regardless of who owns and manages the infrastructure, i.e.. includes cloud infrastructure and platforms. This definition encompasses all the devices, networks, protocols and procedures that are employed in the telecoms or information technology to foster interaction amongst different stakeholders .

Information, communications and technology (ICT) resources includes:

• infrastructure, equipment, software, and facilities including technologies such as computers, smart phones, the Internet, broadcasting technologies, and telephony
• all networks, hardware, software and communication services and devices owned, leased, or used under licence by QUT including academic and administrative systems and cloud providers
• any web pages under QUT’s management (including content on third party web providers) and/or hosted on QUT’s ICT resources.

System refers to an application program or application software, that being a computer program designed to carry out a specific task other than one relating to the operation of the computer itself, typically to be used by end-users.  This includes software as a service.

Top

1.1.11 Delegations

Refer to Register of Authorities and Delegations (VC017, VC212) (QUT staff access only).

Top

Related Documents

MOPP D/3.1 Intellectual property
MOPP F/1.2 Information security
MOPP F/1.4 Webpages and servers
MOPP F/1.5 Email
MOPP F/1.9  Data and information asset management
MOPP F/1.11 Acceptable use of information and communications technology resources
MOPP F/3.2 Social media
MOPP F/5.1 Copyright
MOPP F/6.1 Records governance
MOPP F/6.2 Information privacy
MOPP G/5.3 Procurement
MOPP G/8.1 User charging
QUT Guidelines for Cloud Computing (QUT staff access only)
QUT Information and Data Asset Register (QUT staff access only)
QUT Risk Management Framework (QUT staff access only)
QUT Service Delivery Framework (QUT staff access only)
Telecommunications Act 1997 (Cth)
Telecommunications (Interception and Access) Act 1979 (Cth)
Copyright Act 1968 (Cth)

Top

Modification History

Date	Sections	Source	Details
21.04.23	All	Vice-Chancellor and President	Periodic review - revised policy to include responsibilities of Digital Transformation Advisory Group
26.07.22	All	Vice-Chancellor and President	Revised to update position title from Chief Information Officer to Vice-President (Digital) and Chief Digital Officer
17.03.21	F/1.1.9	Chief Information Officer	Revised to include terminology update consistent with the Cloud Foundations project (cloud-first to cloud-right)
15.09.18	All	Vice-Chancellor and President	Revised and simplified policy to include new sections on computer software and cloud services
09.12.16	F/1.1.3, F/1.1.4, F/1.1.5	Enhancing the Student Experience REAL Difference Change Manager	Revised policy to include REAL Difference initiative, approved name change for division, Division of Technology, Information and Learning Support to Division of Technology, Information and Library Services and position title, Deputy Vice-Chancellor (Technology, Information and Learning Support) to Deputy Vice-Chancellor (Technology, Information and Library Services) - effective 03.01.17
29.10.15	F/1.1.3, F/1.1.4	Vice-Chancellor	Revised policy to reference the new policy F/1.9 Corporate information asset management
15.07.14	F/1.1.3, F/1.1.4	Director, Information Technology Services Department	Revised policy to include reference to D/3.1 Intellectual property policy as per audit/review 2009/42 recommendations and clarify data custodians
06.07.14	F/1.1.5	Executive Director, Finance and Resource Planning	Policy revised to embed the Project Proposal Framework
23.08.13	All	Deputy Vice-Chancellor (Technology, Information and Learning Support)	Periodic review - minor editorial changes only
27.09.11	All	Vice-Chancellor	Policy revised to include information from repealed F/1.9 Telecommunications policy
15.09.10	All	Governance Services	Policy revised to reflect repeal of Information Facilities Rules
02.09.09	F/1.1.2	Deputy Vice-Chancellor (Technology, Information and Learning Support)	Periodic review - minor editorial changes only
19.03.08	F/1.1.2	Vice-Chancellor	Revised policy to include reference to Schedule 1 of Information Facilities Rules as policy applying to all staff and students, and to indicate that QUT routinely logs network activity (incorporates former policy B/8.7 Acceptable Use of Information Facilities)
08.06.07	F/1.1.5	Vice-Chancellor	New policy relating to acquisition of information technology and software licensing agreements, consistent with amendment to Schedule of Authorities and Delegations (endorsed by Vice-Chancellor’s Advisory Committee 04.04.07)
07.06.06	All	Vice-Chancellor	Revised policy (removed references to library resources - now in new policy F/1.8, amended references to resource provision roles and responsibilities) (endorsed by Information Technology Advisory Committee 19.04.06)
07.10.04	F/1.1.3	Secretariat	Editorial (revised committee name - Information Technology Advisory Committee, approved by Vice-Chancellor 07.10.04)
08.07.04	F/1.1.3	Secretariat	Editorial (deleted reference to Information Technology Strategic Governance Committee, disbanded June 2004, and replaced with reference to new Information Technology and Library Resources Committee)
15.01.04	All	Vice-Chancellor	New policy; replaces I/2.1 and I/2.4

Top