Use of ICT services, facilities and devices policy (IS38)

Purpose

A range of government provided information and communication technology (ICT) services, facilities and devices are available to employees in order to fulfil their functions. The use and management of these resources imposes an obligation of responsibility and accountability. The purpose of this policy is to ensure the implementation of consistent policies and practices in the management of employee use of ICT services, facilities and devices. This policy should be read in conjunction with:

• Public Sector Commission's Use of the Internet and Email Policy
• Public Sector Commissions Private Email Use Policy
• Public Sector Ethics Act 1994
• Public Sector Act 2022
• Code of Conduct for the Queensland Public Service.

Policy statement

The use of government provided ICT services, facilities and devices is for officially approved purposes. Employee limited personal use of these resources may be made available to employees on a basis approved by the department's chief executive officer. All use and access must be able to withstand public scrutiny and/or disclosure.

Policy benefits

The implementation of this policy will:

• establish an accountable, open and transparent use of government resources, minimising instances of misuse
• reduce risks associated with public scrutiny in the use of government resources
• support an open, fair and transparent disciplinary process where rules are clearly articulated
• reduce departmental vulnerability to threats posed by inappropriate use which can potentially lead to legal liability.

Scope

Personal ICT services, facilities and devices are out of scope, however the access to and use of government provided ICT services, facilities and devices by these (e.g. accessing government email, Wi-Fi via a personal device) is in scope. Personal ICT services, facilities and devices which are authorised to be used for work purposes should be included in departmental Bring your own device (BYOD) policies.

Limited personal and professional use of social media is within the scope of this policy. Official use of social media is outside the scope of this policy and is addressed in the Principles for the official use of social media networks and emerging social media.

Applicability

This policy applies to all Queensland Government departments (as defined by the Public Sector Act 2022). Accountable officers (not already in scope of the Public Sector Act 2022) and statutory bodies under the Financial and Performance Management Standard 2019 must have regard to this policy in the context of internal controls, financial information management systems and risk management. Please see the Applicability of the QGEA for further information.

Policy requirements

Policy Requirement 1: Departments must implement policies addressing employee use and monitoring of ICT services, facilities and devices

Departments must develop and implement policies addressing employee use and monitoring of ICT services, facilities and devices, including clear definitions, comprehensive examples and permitted levels of authorised and unauthorised use.

Policy Requirement 2: Departments must ensure all employees are aware of, understand and acknowledge their responsibilities and policy obligations when using ICT services, facilities and devices

Departments must ensure that all employees are aware of, understand, acknowledge and have access to the relevant policies on use of ICT services, facilities and devices including their responsibilities.

Advice

The following documents provide advice on implementing this policy:

• IS38 implementation guideline
• Authorised and unauthorised use of ICT services, facilities and devices guideline
• Personal use of social media guideline
• Public wifi guideline

Issue and review

Issue date: 15 December 2015
Next review date: December 2017

This QGEA policy is published within the QGEA which is administered by the Queensland Government Customer and Digital Group. It was developed by the Department of Justice and Attorney-General, the Crime and Misconduct Commission, Crown Law, Public Sector Commission and Queensland Government Chief Information Office and approved by the Queensland Government Chief Information Officer.

Implementation

This policy comes into effect from the issue date.